Offensive Information Warfare, Intelligence Gathering and Direct Action Operations Using Red Teams - Part 1

About a year ago I wrote a paper entitled Offensive Information warfare, Intelligence Gathering and Direct Action Operations Using Red Teams, I posted the table of contents in the blog a while ago.

That paper haven't seen the light of the day, yet. However many people asked about this so I decided to write a six part article about this that will provide the basic ideas on each part of the paper.

I was debating whether to allow comments on these posts or not, but I'm going to leave them off.

The posts will follow the table of contents. They will be devided as follow:

  • Part 1: intro
  • Part 2: the concept
  • Part 3: team structure
  • Part 4: activities
  • Part 5: proof of concept
  • Part 6: conclusion

So, let's get down to it.

Part 1: Intro

What is a Red Team? History, use in the military and civilian worlds, modern use.

Historically, a red team was a group of military personnel playing the role of adversaries, the role of the enemy or opposing force team (“RED”), agaist the friendly forces team (“BLUE”). With time, the red teams mission and capabilities evolved and they turned into a force tasked with challenging the security posture of military bases, outposts and other targets. See Red Cell.

During the late 80s and early 90s, corporations in general and high-tech companies in particular sought a way to test their security posture and see whether they were vulnerable to attacks they didn’t account or plan for. The early civilian red teams were mostly information/computer security professionals mixed with physical security experts and they were mainly focused on what was then possible with the technology of the day. The organization’s policies were reviewed but this was not the focus of the red team exercises (red teaming).

Today red teams have evolved and are an important force in the security world. Both government and private organizations use red teams not only to test the current state of their physical and digital security but also to continuously challenge the plans, defensive measures and security concepts/policies. These exercises result in a better understanding of possible adversaries and help to improve counter measures against them and future threats. A key aspect of the red team operations today is the adversarial way of thinking, the Red Team Mindset. Red team members think outside the box; they are not bothered by rules or laws. They look at a problem from multiple perspectives at the same time, often probing the sides of a problem - or solution - that was never considered. Today, different government organizations and Fortune 500 companies use red teams to analyze and poke holes in a plan or concept of operation at pre-design, design, and final phases. In some cases, red teams are used to try to analyze a competitor’s point of view. Red teams recognize contingencies and bring them to the forefront of analysis by asking the right questions and challenging underlying assumptions.

In short, the goal of a red team is to enhance decision making. The Red Team Mindset seeks to apply this view of the world to planning and problem solving. They, the red teams, also help test the readiness of the quick reaction teams, CSIRT and CERT, of the security departments and of the security engineers in the digital world. Combining all the qualities of a red team and adding the fact that a red team is a great natural recon/surveillance tool, a good team can provide SOF units with much more than just adversarial services. They can provide SIGINT, COMMINT and sometimes HUMINT capabilities in the field.