Federal Internet Law & Policy
An Educational Project
CyberWar Dont be a FOOL; The Law is Not DIY

Derived From: Air Force works to defend cyberspace, too AFCYBER

In 2003, the White House published "The National Strategy to Secure Cyberspace," a document that presents cyberspace security as a subset of Homeland Security and outlines a wide range of initiatives to "protect against the debilitating disruption of the operation of information systems for critical infrastructures and, thereby, help to protect the people, economy, and national security of the United States."

One of those initiatives calls for the government to "improve coordination for responding to cyber attacks within the U.S. national security community."

The Air Force answered that call in December 2005 when it announced its new mission statement: To deliver sovereign options for the defense of the United States of America and its global interests -- to fly and fight in air, space and cyberspace. 

Derived From: 24th Air Force Press Release June 2009

The Air Force activated its cyber-focused numbered Air Force, the 24th Air Force, during a ceremony here today.

Gen. C. Robert Kehler, Air Force Space Command commander, presided over the ceremony to activate the NAF, handing the command to Maj. Gen. Richard E. Webber, as the first commander of the 24 AF dedicated to cyberspace.

"Today we activated the newest numbered Air Force," General Kehler told local media representatives after the ceremony. "Through the 24 AF, our service will present a full spectrum of cyberspace capabilities vital to the joint warfighter.

"Air Force Space Command has been designated the lead Air Force command for cyberspace," he added. "By activating 24 AF, the Air Force now has an operational unit to present cyberspace forces to the joint community."

The activation of 24 AF under AFSPC is a major milestone in the combination of space and cyberspace operations within one command. The 24 AF will provide combat-ready forces trained and equipped to conduct sustained cyber operations, fully integrated within air and space operations.

"We're going to have three wings to do that - the 688th Information Operations Wing, the 67th Network Warfare Wing, and we're going to create a third wing, the 689th [Combat Communications Wing] out of the 3rd and 5th Combat Communications Groups," General Webber said.

"If you look at all the wings, we're all properly constituted," General Webber added. "We will cover everything it takes to build and create a network - whether that's in a fixed location in the United States or overseas, or in a deployed location where you're communication challenged. We'll create the domain, operate within that domain, and defend that domain."

AFSPC as the lead Air Force major command for space and cyberspace capabilities and as the component MAJCOM to United States Strategic Command, provides the management-level headquarters functions of organizing, training and equipping.

"I think we will look back at some point and we will all point to this day as the beginning of something focused in our Air Force," General Kehler said. "What we've done today is taken another step ... now there needs to be room for much discover as we go forward."

The 24 AF will provide combatant commanders with critical cyber component capabilities, ensuring a key element of joint and combined operations toward its global mission.

Agencies / Offices


Hague Convention (V) respecting the Rights and Duties of Neutral Powers and Persons in Case of War on Land. The Hague, 18 October 1907.

Federal Activity



Russia v Georgia



India v. Pakistan

"Another example is India and Pakistan engaging in a cyber protest caused by national and ethnic difference.  After a cease-fire in the Kashmir Valley hackers took it upon themselves to continue the hostilities.  In 2000, pro-Pakistan hackers defaced more than 500 Indian web sites.  Conversely, only one known Pakistani site was hacked by the Indians.  ... The group G-Force Pakistan was the most active group claiming involvement in the events." - NIPC, Cyber Protests:  The Threat to the US Information Infrastructure p. 5 (Oct 2001)

September 11, 2001

China - US

"One high profile incident occurred in May 1999 after the United States accidentally bombed the Chinese embassy in Belgrade, Yugoslavia during the NATO air campaign.  US web sites were defaced in the name of china and massive email campaigns were executed to gain sympathy and support for the Chinese cause.  Government web sites were primarily targeted.  The US Departments of Energy and the Interior, and the National Park Service all suffered web page defacements.  In addition, the White House web site was taken down for three days after it was continually mail bombed.  This action was relatively unorganized in fashion, short in length, and affected a small number of US sites.

 "Pro Chinese hackers also acted against Taiwan during the Taiwanese presidential elections in August and September 1999.  Cyber protects and hacktivists compromised 165 Taiwanese web sites, mainly defacing them, over the two month period.  Their ultimate goal, as it was stated, was to negatively affect and bring own Taiwan's infrastructure.  Among the targeted sites were electricity, economic institutions, telecommunications, and air traffic control.  Although teams began to develop and organize near the end of the operations, the damage was relatively light, similar to the attacks on US sites earlier in the year.   Importantly, strategic targeting and some organization of forces became accepted strategies for future protests and hacks.  These hackers are likely to become more organized and more successful in future incidents.

 "In late April and early May 2001 Pro-Chinese hacktivists and cyber protesters began a cyber assault on US web sites.  This resulted from an incident in early April where a Chinese fighter was lost at sea after colliding wide a US naval reconnaissance airplane.  It also coincided with the two-year anniversary of the Chinese embassy bombing by the United States in Belgrade and the traditionally celebrated May Day and Youth Day in China.  Led by the Honkers Union of China (HUC), Pro-Chinese hackers defaced or crashed over 100 seemingly random web sites, mainly .gov, and .com, through DoS attacks and similar exploits. Although some of the tools used were sophisticated, they were readily available to both sides on the Internet.

"Many defacements of US sites included posting pictures of the dead Chinese pilot Wang Wei and profane messages calling for the downfall of the United States.  Pro-United States hackers responded with similar defacements, messages, and damage on 300 Chinese web sites.  Of interest is that some pro-Chinese hackers violated hacker etiquette by wiping some compromise servers.  The rule of thumb is to deface or crash a web site but to leave the information intact, otherwise it is considered bad form."  - NIPC, Cyber Protests:  The Threat to the US Information Infrastructure (Oct 2001)

  • Official: 'Massive' Damage to China From Hacking, Wash Post 9/12/2007
  • China denies Pentagon cyber-raid, BBC 9/4/2007
  • China seen seeking to hack U.S. systems, MSNBC 4/26/02
  • Report: U.S. Expecting Chinese Hack Blitz, Newsfactor 4/26/02
  • Worries of Cyberattacks on U.S. Are Aired, Wash Tech 4/26/02
  • Chinese Hack U.S. Computer Systems, MSNBC 4/26/02
  • Red Alert Over Digital Warfare On The Net, BWO 5/1/01
  • It's an All-Out Cyber War as U.S. Hackers Fight Back at China, Fox 5/1/01
  • Is This World Cyber War I?, Wired 5/1/01
  • Chinese Hackers May Launch Anti-U.S. Cyber Attacks, Reuters 4/27/01
  • Feds Warn Of China May Day Attacks On U.S. Sites, CNN 4/27/01
  • China Sounds Fresh Hacking Alarm, Reuters 5/4/01
  • US Facing Chinese Cyber Blitz, BBC 5/3/01
  • US And Chinese Hackers Trade Blows, BBC 5/1/01
  • Hackers Hit California Offices' Web Sites, LA Times 5/1/01
  • Chinese hackers launch week long cyber attack, Nando 5/1/01
  • Experts Yawn Over US-China Hacker War, Newsbytes 5/1/01
  • Chinese Hackers Launch Web-Site Attacks, Washtech 5/1/01
  • Businesses warned of Chinese hackers' planned 'strike', Nando 4/27/01
  • NIPC warns companies of Chinese hacker threat, CW 4/27/01
  • Israel - Palestine

    "In October 2000, Israeli and Palestinian hackers engaged in adversarial hacking when the prolonged peace talks between the two groups broke down.  During this difficult time, hackers seized the opportunity to attack web sites belong to the opposition.  Starting October 6, 2000, 40 Israeli web sites and at least 15 Palestinian web sites suffered defacements at the hands of opposing hackers.  This coincided, of course, with physical violence in the region.  It was also a problem for US based web sites.  US web sites will often fall victim, regardless of their lack of proximity or involvement in the events.  For example, several US sites were hacked by pro-Palestinian hacktivits, including the take down of a lobbyist group web site.  The hackers then posted group membership information and credit card numbers.  This activity did little to affect the United States as a whole although it illustrates how a seemingly unrelated event can potentially affect US sites.

    "The level of sophistication ranged from low level activity using simple defacement to coordinated, relatively sophisticated attacks such as potential root access penetrations.  Several hacking tools were developed specifically for this engagement.  Any type of attack was considered during this time, including perpetration of viruses, DoS attacks with email bombing, and sustained, amplified pinging attacks.  Web sites containing these various hacking tools were readily available for download to anyone who wanted to join the action.

    "Pro-Palestinian hackers hit any type of Israeli site that they were able to compromise, many times defacing them with messages such as, "Free Palestine" or "Free Kashmir."  FloodNet software was a major tool used by the Israelis.  The cyber protesters simply visited a site and FloodNet would repeatedly send requests to the targeted server.  This type of virtual sit-in is a popular form of a DoS attack.  Many of these attacks were successful as servers were bombarded and went down repeatedly.  Targets included ethnic specific organizational web sites and those of financial institutions to disrupt the infrastructure.  Ecommerce sites crashed and there was an economic impact reflected in Israeli markets.  It was, however, the root access attempts that were the most dangerous for the defenders.  Hackers who can gain root access to sites give them unlimited freedom to do whatever they wish.  This is the highest level of penetration possible although no successful root access penetrations were reported.

    "These events attracted a wide variety of hackers eager to join the fight.  Both sides were well-organized and used reconnaissance and intelligence gathering techniques to maximize their effectiveness.  Even outside hacking groups, such as G-Force Pakistan, joined forces with the Palestinians to lend a helping hand.  This is increasingly common.  Some outside groups join an effort because they have similar political or ethnic motivations, however, this is not always the case.  Some groups participate in hacks simply for the desire to hack or the publicity, not out of a sense of loyalty."
    - NIPC, Cyber Protests:  The Threat to the US Information Infrastructure (Oct 2001)

  • Israel Blocks Palestinian ISP, Wired 7/17/02
  • Mideast strife echoed online, Nando 4/22/02
  • Middle East Conflict Spills Into Cyberspace, Register 4/17/02
  • Israel under hack attack, BBC 4/17/02
  • Israel's Seminar On Cyberwar Jan 10 wired
  • Mideast cyberwar hits U.S. Nov 3, 2000 usatoday
  • Israelis Hackers Vow To Defend Nov 15, 2000 wired
  • FBI: Mideast Hackers May Strike U.S. Sites Nov 2, 2000 cnet
  • Hackers target U.S. pro-israel site Nov 3, 2000 mercurycenter
  • Mideast cyberwar hits U.S. Nov 3, 2000 usatoday
  • Mideast Trouble Spills Into Cyberspace Oct 31, 2000 abcnews
  • FBI: Mideast cyberwar could reach U.S. Oct 31, 2000 usatoday
  • Israeli government, army Web sites crash after hostile hits Oct 26, 2000 cnn
  • Serbia
  • Internet unites Kosovo foes, BBC 4/22/02
  • 'Serb hackers' on the rampage BBC 4/14
  • Japan
    "Recently, Japan has been targeted twice in online protests.  During the first week of April, 2001, pro-Korean hackers attacked Japanese organizations responsible for the approval of a new history textbook.  The textbook glossed over atrocities committed by Japan during World War II and the occupation of China and South Korea.  The perceived reluctance of Japan to accept responsibility for its actions triggered these events.  The main participants in this incident were Korean University students, who used email bombs in a DoS attack.  The students crashed several web sites, including Japan's Education Ministry, Liberal Democratic Party and the publishing company responsible for the textbook.  These attacks were neither long lasting nor were they largely organized.

    "In Early August 2001, Pro-Chinese hackers targeted Japanese web sites after Japan's Prime Minster visited a controversial war memorial, the Yasukuni Shrine.  In a brief period of time, hackers defaced several web sites belonging mainly to Japanese companies and research institutes.  This indicates the continuing willingness of pro- Chinese hackers to use cyberspace and hacking tools as a platform for protests and cyber civil disobedience, as well as for displaying a strong sense of patriotic nationalism."  --- NIPC, Cyber Protests:  The Threat to the US Information Infrastructure (Oct 2001)




  • U.S. leads in launch of cyberattacks, CNET 1/28/02
  • Rights Group Decries Internet Guerilla Warfare, Newsfactor 9/6/02
  • Mock Cyberwar Fails To End Civilization, Register 8/14/02
  • S. Korean Activists Plan Cyber Attack Vs. U.S., USAToday 7/17/02
  • The Coming Of The CyberWar, Newsfactor 5/17/02
  • Cyberattack Could Result In Military Response, USA Today 2/15/02
  • Sen. Wyden Proposes Volunteer Tech Guard, Wash Tech 12/10/01
  • Tech warning: we are at war, ZDNet 12/14/01
  • Bush taps Clarke as cyberdefense chief, CW 10/1/01
  • Will hacking become the new warfare?, CNET 6/21/01
  • Cyberspace: The next battlefield, USA Today 6/19/01
  • Potential Cuban cyberattacks alarm U.S. officials, USAToday 5/16/01
  • Cyberwars: Real-World Conflict On Web, Smart Business 2/16/01
  • Feds Say Fidel Is Hacker Threat, Wired 2/9/01
  • © Cybertelecom ::