Chat Room Penetrates CIA Net

[William Knowles <wk () C4I ORG>]

http://washingtonpost.com/wp-dyn/articles/A64444-2000Nov11.html

By Vernon Loeb
Washington Post Staff Writer
Sunday, November 12, 2000; Page A10

The CIA is investigating 160 employees and contractors for exchanging
"inappropriate" e-mail and off-color jokes in a secret chat room
created within the agency's classified computer network and hidden
from management.

CIA spokesman Bill Harlow said the willful "misuse of computers" did
not "involve the compromise of any classified information."

But the probe, nearing completion, involves employees at all levels of
the agency, including some senior managers, and most likely will
result in at least a few firings, agency officials said.

"The serious thing for us is people willfully misusing the computer
system and trying to hide what they were trying to do," said one
intelligence official. "If they were doing this with the KGB's
computer system, we'd be giving them medals. Sadly, it was ours."

The House and Senate intelligence committees have been briefed about
the secret chat room, which CIA investigators discovered while
performing routine security checks, according to Harlow.

"Investigators uncovered evidence of long-term misuse involving
multiple violations of CIA computer regulations," Harlow said.

An internal notice sent to all employees in May said, "This activity
has apparently been taking place for some time and involves the use of
unauthorized chat rooms and data bases in an apparent willful misuse
of the agency's computer networks. Indeed, it appears that this group
went to great lengths to conceal these actions. . . . Any attempts to
alter or delete information on agency computer networks related to
this investigation . . . could amount to a violation of federal
criminal law."

Since then, all 160 employees and contractors who participated in what
officials describe as an "invitation only" communications channel have
been interviewed and given five days to explain their conduct in
writing.

Several officials, including members of the Senior Intelligence
Service, a cadre of career officers at the upper reaches of the civil
service system, have been suspended with pay for the past six months
while senior CIA officials try to determine what punishment is
appropriate.

Robert D. Steele, a former CIA case officer with extensive ties to the
agency, declined to name any of those involved but described two of
the most senior officials under investigation as "innovative,
out-of-the-box, unconventional thinkers--these are essentially the
hackers of the CIA, in the most positive sense of the word."

One Capitol Hill source who has been briefed on the probe said it
involves "some pretty clever people who know how to use computers
creatively." The source said he thought the employees involved showed
"bad judgment" and added that CIA officials have responded
appropriately.

But one recent CIA retiree with knowledge of the probe said employees
who face disciplinary action and even dismissal have been investigated
far more aggressively than former CIA director John M. Deutch, who
admitted drafting top-secret cables on unsecure home computers and was
stripped of his CIA security clearances last year.

"Most of the employees involved are likely to have a letter of
reprimand placed in their personnel file, which will quash their
chances for promotion for at least a year and may adversely affect
future assignment prospects," the CIA veteran said.

The former officer said that by giving those under investigation only
five days to respond to the charges against them, the CIA has
"effectively denied them the opportunity to seek legal counsel,"
because lawyers typically must wait for months to obtain security
clearances necessary to represent agency personnal.

The former officer also said he doubts whether employees under
investigation really were exchanging "secret" communications, because
all senior CIA managers have a software program called "Shadow" that
enables them to "remotely monitor every keystroke that their employees
make."

"It seems highly suspicious that all of those supervisors, not to
mention the numerous component network administrators and security
personnel, were unaware over a period of years of illicit computer
usage by a group of 160 personnel," the former officer said.

A CIA official responded that employees under investigation were
operating beyond the normal reach of computer systems administrators.
"These people were technically adept, and they went to great lengths
to ensure that their efforts were not known to systems administrators.
There are ways of monitoring things--if you know there is something to
be monitored."

In some of the e-mails reviewed by investigators from the CIA's Center
for Security, the official said, those involved even wrote messages to
the effect that, "If they ever catch us doing this, we'll be fired."

The investigation is only the latest in a series of incidents
involving misuse of computers at the CIA. Deutch's home computer
security violations, discovered by CIA security officials when Deutch
stepped down as director in December 1996, triggered a firestorm on
Capitol Hill this year after a classified report by the CIA's
inspector general was leaked to the media.

The report concluded that CIA Director George J. Tenet and other
senior officials did not adequately investigate and punish Deutch's
security violations. The report also concluded that Deutch exposed
highly classified intelligence to hacker attacks by drafting memos on
three unsecure home computers linked to the Internet.

In November 1996, one month before Deutch's violations were
discovered, a CIA senior intelligence analyst was found to have
written a document with the highest level of classification on his
home computer, which was connected to the Internet. As in Deutch's
case, members of the analyst's family had access to the computer.

The analyst was demoted in rank and salary, given a letter of
reprimand barring raises for two years, and suspended without pay for
a month. After the suspension, the analyst's clearances were restored,
and he retired from the agency a year later.

Another CIA employee alleged in a lawsuit filed last year by Roy
Krieger, an Alexandria lawyer, that she was disciplined for a "major
lapse of CIA security" after the CIA sold 25 laptop computers at
public auction "while still containing Top Secret information on their
respective hard drives."

The employee's complaint alleged that the security lapse was not
detected until months later, when a private purchaser reported finding
classified files in one of the computers.


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".