The Terrorists Are Winning the Cyber War

[InfoSec News <isn () c4i org>]

http://www.latimes.com/technology/la-000075202sep19.story?coll=la%2Dheadlines%2Dtechnology

By CHARLES PILLER and DAVE WILSON, TIMES STAFF WRITERS
September 19, 2001 

In the Internet Age, when communications speed across national
boundaries in nanoseconds, terrorist groups are winning the cyberspace
battle, say intelligence and security experts.

Terrorists hide their communications with encryption software. They
set up Web sites to help raise money for their operations. Computer
hackers break into U.S. government networks to research possible
targets.

Meanwhile, federal agencies that have spent billions on computer
surveillance of terrorists and the nations that harbor them continue
to struggle both with outdated technology and a flood of data to
process. Last week, former President George Bush criticized the
nation's intelligence agencies for focusing too heavily on high-tech
operations, rather than developing human spies in foreign terrorist
groups.

One problem is that America's intelligence agencies are frozen in
time, said Jeffrey Hunker, until recently a member of the National
Security Council. The National Security Agency, the largest and most
secretive spy shop, vividly demonstrates the problem, Hunker and other
experts say.

The NSA operates spy satellites and gathers information from radio,
microwave, television, telephone and Internet signals outside the
United States. Despite a history of technical prowess that allowed it
to crack secret codes of dozens of nations, the NSA is falling behind
America's adversaries, experts say. The NSA "is far more . . .
resistant to change than most" agencies because of internal power
struggles, said Stewart Baker, the NSA's general counsel from 1992 to
1994.

Now the agency says it is spending billions of dollars to update aging
computer networks and cryptographic tools. But experts say the NSA's
sheer bulk and bureaucracy raise questions about its ability to keep
up with technology's breakneck pace.

For three days last year the NSA's entire computer system went down
because of antiquated, overloaded software linking its vast array of
computers, listening devices and satellites. Lt. Gen. Michael Hayden,
NSA's director, said the agency went "brain dead." Fortunately for
national security, the NSA kept the shutdown secret until the networks
were up and running again.

Another problem is that lifetime employment at the agency and
relatively low pay discourage technologically savvy workers from
joining, Baker said. The NSA's budget has also been slashed--perhaps
by one-third--over the past decade. Managers have responded by
attempting to preserve existing jobs, which led to hiring freezes and
delays in purchasing new equipment. "Their budgets have tended to
preserve people over research and technology," Baker said.

As a result, the NSA has lagged behind trends that have remade
intelligence gathering, including:

* Fiber optics: Increasingly, data and voice communication, from phone
  calls routed over the Internet to computer networking transmissions,
  flow on beams of light along fiber-optic cables. Unlike
  eavesdropping on conventional copper phone lines or microwave
  towers, these glass fiber lines must be physically tapped to collect
  information.

* Software encryption: This coding renders computer text messages
  virtually unreadable, except by the intended recipient. It is widely
  available on the Internet.

The FBI says that Osama bin Laden--accused mastermind of the attacks
on the World Trade Center and the Pentagon--and other terrorist groups
routinely encrypt communications.

Last week, some politicians called for a ban on strong encryption. Too
late, said Tim Belcher, chief technology officer of Riptech, a
security firm in Alexandria, Va. "Banning strong encryption would
prove as ineffective as shutting down Napster," he said.

* Internet support: Terrorists have become so confident that they
  sponsor Web sites to solicit funds from supporters worldwide. Two
  such Internet-savvy groups, Pakistan-based Harkat Ul Moujahedeen and
  Lebanon's Hezbollah, have been linked to Bin Laden.

* Information overload: Each day the NSA reportedly captures a greater
  volume of data than is held by the Library of Congress. The FBI has
  attempted a similarly ambitious program, code named Carnivore, to
  collect communications traffic over Internet service provider
  networks. But intelligence agencies have trouble interpreting this
  flood of information. "There aren't enough human beings to look at
  the data," said Bruce Schneier, chief technology officer of
  Counterpane Internet Security, a security consulting company in San
  Jose.

Despite these problems, there have been some victories against
terrorism. Hunker credits U.S. spy agencies with thwarting planned
terrorist actions, which he numbered "in double digits" over the last
decade. But he concedes that last week's tragedy represents a
staggering intelligence failure.

Some politicians have questioned whether laws designed to protect
civil liberties--which also inhibit investigators from aggressively
pursuing suspects online--should be changed. For example, agencies
with the most technology resources, the CIA and the NSA, are
prohibited from nearly all domestic spying.

"When the rules were enacted, that was pre fax machine," Baker said.
"International communications all occurred on [conventional phone]
circuits and you knew where they started and where they ended. . . .
We don't live in that world anymore."

The Bush administration is asking for expanded powers and is adding
funds to track down terrorism suspects.

Some FBI antiterrorism agents have strong technology skills, but the
bureau has only about 200 tech specialists, who must handle the full
spectrum of cyber crime.

But resources alone are not the answer, experts say. "People think all
we need to do is pour $40 billion into counterterrorism and this
problem will be solved. Wrong," said Hunker, dean of the Heinz School
of Public Policy Management at Carnegie Mellon University.

Some say that better cooperation between law enforcement and the
private sector, or within government agencies, would help more than
increased domestic surveillance or fatter budgets.

For Tom Talleur, that point became painfully clear in 1998, when
computer hackers tapped into a NASA Jet Propulsion Laboratory computer
in Pasadena and accessed data about the commercial air traffic system.

"The FAA had to shut down communications for several live flights
going on at the time," said Talleur, then chief of NASA's cyber-crime
unit.

This intelligence could have told hackers the configuration of GPS
navigation satellites and allowed them to jam the system during a war,
he said.

The hackers were also searching for information on Stealth
aircraft--where the planes were located and how they operated in
difficult weather situations--Talleur added. "Why break into a
classified [Defense Department] system when there is an unclassified
system at another agency [with] 60%" of the same material? he asked.

JPL declined to comment.

Talleur worked for the NASA inspector general's office. But because
NASA officials did not understand the implications of the hack, they
refused to allow him to install an "intercept box"--needed to track
the hackers immediately, Talleur said.

"By the time they let us do that, a week later, the intruders were
long gone," he said. Talleur eventually traced the hackers to
computers in the Persian Gulf area.

The episode was extreme but is hardly isolated.

The Defense Department acknowledges hundreds of successful cyber
attacks on its networks in recent years. The networks of most public
agencies are replete with such security holes, experts say.

"Most of the hacks we've seen have been the equivalent of breaking and
entering," causing limited damage, said Brian Dunphy, who left the
Defense Department's network security unit last year to work for
Riptech.

No computer hacker has yet shut down an electrical grid or opened a
dam.

"But our nation's critical infrastructure is both connected to public
networks and vulnerable," he added. "It's open to terrorists,
operating from anywhere in the world, with the motivation and skills
to wreck havoc."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.