Aug. 27, 1999
By James Gordon Meek
WASHINGTON (APBNews.com) -- Who are America's cyberenemies? Don't ask the White House, it doesn't know -- but it insists they're out there.
Watchdogs and experts in the computer security field say there is a real threat of hostile hackers penetrating sensitive government and private computer systems, and intrusions are detected constantly.
But they also say the government hasn't determined who the attackers are, what they want, where they operate or when they will hit -- and officials do not deny that fact.
A problem of identification
Federation of American Scientists security analyst John Pike told APBNews.com that part of the problem is that it's very difficult to track hackers. "Unlike hydrogen bombs, which are hard to hide, information-attack ability is not readily detectable," he said. "We're usually talking about some people in a room with a few terminals and a [high-speed Internet] connection."
Once an attack is perpetrated, he added, "It's a lot easier to detect [someone penetrating] than attribute the source."
Who is the enemy?
Janus Associates of Stamford, Conn., also provides security to both private sector and classified government computer apparatuses. Company President Pat Fisher said fending off hackers is a common occurrence for her clients. And yet, "The government doesn't know where the threat will be coming from," she said.
Jeffrey Hunker, the White House Senior Director for Critical Infrastructure, told APBNews.com, "There are a number of hostile nations developing, or that have developed, cyberattack capabilities, in several instances aimed directly at the U.S."
Hunker cited Russian and Chinese officials who claim that their countries have encouraged computer-hacking initiatives. He emphasized that President Clinton believes the nation is vulnerable to cyberassaults because of its dependence on high technology and wants to prevent damaging intrusions.
But as for identifying a specific threat, or zeroing in on organized groups that have genuine potential for cyberterrorism, that's apparently still a mystery.
Most intrusions are of 'oops' variety
For Utah computer security consultant Drew Williams, the vulnerabilities of computer systems to cyberspace saboteurs was demonstrated during a presentation to a new client.
Williams' company, Axent Technologies of Rockville, Md., provides online security for both private sector and government networks, including the Treasury Department, the Internal Revenue Service and the Defense Information Agency. Recently, Axent placed newly developed intruder detection software on a major telecommunications company's operational system to demonstrate its capabilities.
"Within 30 seconds, our guy came back and said to the client, 'Somebody's about to shut down your phone lines for four states,'" Williams told APBNews.com.
With 4.5 million phone lines about to flat line, "This particular telco would have taken it right in the shorts," he said.
In this case the intruder wasn't a terrorist but an employee. The "sabotage" wasn't intentional, either. It was an accident, and it was prevented before calamity ensued.
In fact, Williams said "oops" incidents make up a vast majority of the threat to computer systems. Company and government insiders trip over sensitive computer systems all the time without realizing the potential gravity of their actions, he said.
Clinton plan under fire
But accidents aren't what worry the White House and the FBI's National Infrastructure Protection Center (NIPC). It's that smaller percentage of cases where the intrusion is deliberate, the damage or theft real, and the consequences incalculable.
In July, civil libertarians went apoplectic over a draft proposal by the Clinton administration's Office of Transnational Threats, where Hunker works. Their plan called for the creation of a new program called the Federal Intrusion Detection Network (Fidnet).
If ever implemented, Fidnet could give authorities, including the FBI, access to nonmilitary networks and, eventually, some private computer networks to scout for serious penetrations by cybersavvy criminals, terrorists or foreign governments hoping to steal information or cause damage to the nation's critical infrastructure.
Critical infrastructure is the power grid, telephone lines, air traffic control and financial networks and many other vital computer links that keep the country wired together.
In the draft Fidnet document, a message by Clinton said, "Where once our opponents relied exclusively on bombs and bullets, hostile powers and terrorists can now turn a laptop computer into a potent weapon capable of doing enormous damage."
Terrorists prefer bombs
American University Middle East expert Laura Drake told APBNews.com the best state-sponsored hackers are in Israel -- an ally known to spy on the United States -- which trains them for government-intelligence gathering.
Drake said elsewhere in the region computers are scarce and often obsolete, and Islamic extremists have not switched to cyberterrorism from conventional methods.
Bombings result in provocative pictures in the media that demonstrate terrorists' political resolve to extricate Americans from their homeland.
They want people to see "explosions and dismembered bodies on television," Drake said, "rather than go after some unseen computer system, which isn't visible."
While terrorists and foreign powers may not have fully exploited the potential of cyberterrorism and cybertheft, Fisher said it only takes one cybersavvy terrorist to wreak havoc on a computer system.
A well-executed assault could bring down financial markets or the Federal Aviation Administration's computerized air traffic control system.
"When terrorists realize [cyberterrorism] is easier and cheaper than bomb-making, they'll turn to that, and we'd better be prepared."
What are they after?
Fisher said penetrations occur regularly at her clients' sites, but it's often difficult to figure out just what the hackers are after.
"Sometimes you don't know," she said, conceding also that none of her clients have definitively traced the origin of a single attacker.
Forget terrorists and rogue nations -- the U.S. should concentrate on "Trojan horses," human intelligence assets placed inside a company or federal agency, said Williams of Axtent.
"I don't believe the major battles are going to be across the ocean; they're going to come from within," he said.
An 'electronic Pearl Harbor'?
The recent debate over the Fidnet proposal began in July when Jim Dempsey, an electronic surveillance expert at the Center for Democracy and Technology, alerted reporters to the White House proposal. After civil liberties groups blasted the initiative, the administration retreated.
Congressional leaders weren't thrilled with the plan, either, and nixed $2 million in seed money requested by the FBI, according to The New York Times.
Dempsey told APBNews.com that monitoring the networks isn't the right approach to security anyway.
"Why not close the holes? Why not make that the priority? This is the cyber equivalent of leaving your car unlocked and sitting on your porch waiting for somebody to try to steal it."
But Dempsey also dismissed the fundamental assumption that there could ever be an "electronic Pearl Harbor," as some have warned. He said the cyberthreat has been hyped excessively.
"The FBI is an all-time grand champion of taking advantage of the perceived crisis du jour to enhance its authority and budget."
NIPC officials at the FBI did not respond to questions submitted in writing by APBNews.com.
'Paranoia is a healthy motivator'
A former Justice Department official with direct knowledge of the Clinton administration's counterterrorism policy told APBNews.com the government is capitalizing on America's fears over faceless enemies in cyberspace.
The government source, who requested anonymity, said, "They're doing it because they know paranoia is a healthy motivator in preparing for the worst."
The source also said the FBI is "gearing up" to deal with the cybertheft as much as cyberterrorism, but said the bureau has seen little evidence of any serious thievery.
Fisher said the government is not being overly paranoid. "If anything, they should be a little more paranoid," she said.
Williams agreed federal authorities need to get up to speed on the cyberthreat.
Government workers are ignorant
As one example, he said Hunker gave out his personal "eop.gov" (Executive Office of the President) e-mail address while addressing hundreds of computer outlaws attending July's DefCon 7.0 hacker convention in Las Vegas.
The danger of giving away seemingly harmless information like private email aliases is that hackers can use them to gain access to mail servers and sensitive information.
Hunker admitted he gave the hackers his e-mail address but said it was an attempt to give them a voice in policy making.
White House computer security has been upgraded in recent years along with physical security enhancements.
Fear is good for security business
The faceless threat of cyberterrorism has been very good for business. Companies specializing in this service now number in the hundreds.
"There is benefit to be gained by the sense of paranoia," Dempsey said. "We are now seeing the cyberterrorism boomlet on the private sector and government sides."
Williams said the mystique over digital threats ranging from cyberterrorism to the Y2K millennium bug has created a thirst that security providers want to quench.
"It's almost like pornography -- appealing to the prurient interests of the human species," he said. "For every [security firm] that dies, three more crop up."
James Gordon Meek is an APBNews.com staff writer in Washington (james.meek@apbnews.com).
©Copyright 1999 APB Multimedia Inc. All rights reserved.