THE CRIMINAL CAF IN CYBERSPACE

THE CRIMINAL CAFÉ IN CYBERSPACE

Not long ago, if a terrorist wanted to cause a blackout in, say, New York, it would have taken some work. He or she might have packed a truck with explosives and sent it careening into a power plant. Or he or she might have sought a job as a utility worker so he or she could sabotage the electrical system. But now, intelligence experts say, it’s possible for a trained computer hacker to darken Gotham from the comfort of home or a cybercafé (at a coffee house). Worse, his other home might be as far away as Tehran, Iran. Worse yet, he or she may enjoy the full backing and technical support of a foreign government.

In a closed briefing to Congress, the CIA reported that at least a dozen countries, some hostile to America, are developing programs to attack other nations’ information and computer systems. China, Libya, Russia, Iraq, and Iran are among those deemed a threat, sources later declared. Reflecting official thinking, no doubt, the People’s Liberation Daily in China notes that a foe of the United States only has to mess up the computer systems of its banks by hi-tech means. This would disrupt and destroy the U.S. economy. Although the specifics are classified, a new National Intelligence Estimate reports at least one instance to date of active cybertargeting of the United States by a foreign nation.

Officials are worried because so much of America’s infrastructure is either driven or connected by computers. Computers run financial networks, regulate the flow of oil and gas through pipelines, control water reservoirs and sewage treatment plants, power air traffic control systems, and sustain telecommunications networks, emergency services, and power grids. All are vulnerable. An adversary capable of implanting the right virus or accessing the right terminal can cause massive damage.

In 1996, a Swedish hacker wormed his way through cyberspace from London to Atlanta to Florida, where he rerouted and tied up telephone lines to 11 counties, put 911 emergency service systems out of commission, and impeded the emergency responses of police, fire, and ambulance services. There have been many domestic cyberattacks as well. The number of pending FBI cases involving computer crimes (a category that includes computer infrastructure attacks and financial crimes) increased from 128 in 1996 to about 880 in 2001.

In 1997, intelligence officials got a glimpse of what’s possible during an information-warfare exercise named “Eligible Receiver.” The secret war game began with a set of written scenarios in which energy and telecommunications utilities were disrupted by computer attacks. In one scenario, the attackers targeted the 911 emergency phone system by telling Internet users there was a problem with the system. The scenario posited that people, driven by curiosity, would phone 911 and overwhelm the system.

“Eligible Receiver” culminated when three two-person “red teams” from the National Security Agency actually used hacker techniques that can be learned on the Internet to penetrate Department of Defense computers. After gaining access to the military’s electronic message systems, the teams were poised to intercept, delete, and modify all messages on the networks. Ultimately, the hackers achieved access to the DoD’s classified network (see sidebar, “Espionage By Keystroke?”) and, if they had wished, could have denied the Pentagon the ability to deploy forces. In another exercise, the DoD found that 74% of test attacks on its own systems went undetected.

Forget about signal sites and dead drops (like the recent FBI Russian mole case of suspected spy Robert Phillip Hanssen). The classic tropes of the spy game have gone the way of the Model T. When an FBI computer jock finally hacked his way into Aldrich Ames’s personal computer a few years ago, investigators were dumbfounded by the number of secrets he’d purloined from the CIA—hundreds of stolen documents and classified reports. FBI brass called Ames the worst case of treason in U.S. history.

But the preceding could be peanuts compared to the Wen Ho Lee case. Government officials confirmed that scientist Wen Ho Lee suspected of stealing classified data from a secret weapons laboratory downloaded reams of classified nuclear weapons information from a high-security computer system to one that could be accessed with relative ease.

Actually, reams don’t begin to describe the dimensions of it. The FBI is talking about millions of lines of computer code here, data bits gathered during the course of 50 years of research and more than 2,000 nuclear tests—information that shows how the nation’s most sophisticated nuclear weapons work. With a few simple computer strokes, in other words, someone made America’s national-security crown jewels available to any reasonably sophisticated person in possession of a computer, a modem, and the file names under which the information was stored. It is flabbergasting. There’s just no other word for it.

The someone in question is Wen Ho Lee, a Taiwan-born scientist employed, until recently, at the Department of Energy’s weapons laboratory in Los Alamos, New Mexico. Lee was dismissed from his job in 1999 for security breaches after it was disclosed that he was the subject of an FBI espionage investigation. Prosecutors have not charged Lee with spying, and he has asserted his innocence. But when FBI agents searched Lee’s computer after his dismissal, officials say, they discovered that he had transferred an incredibly large amount of nuclear data from the Energy Department’s high-security computers to the more accessible network, dumped the information under bogus file names, then tried to erase the evidence from his hard drive. The transfers occurred between 1983 and 1995, but accelerated in 1994 and 1995, when Los Alamos began installing a new system designed to impede such transfers. He was really racing right there at the end.

The evidence gathered to date does not show that the security breach resulted in damage on a massive scale. But it is huge nonetheless. The FBI is still investigating whether anyone accessed the data from the low-security network to which Lee transferred the information. Some officials say that may never be known for sure.

Like every espionage investigation, the Lee case is rife with peculiarities. Lee first came under suspicion in 1996, after the CIA obtained a document showing that China’s military had obtained classified information about the size and shape of America’s newest miniaturized nuclear warhead, the W-88. The FBI was slow to investigate Lee, in part because Lee’s wife was working as a confidential informant for the bureau. But there were other problems. When agents in the FBI’s Albuquerque field office pressed for a search warrant in Washington, lawyers at the Justice Department rebuffed the request. The Foreign Intelligence Surveillance Court has almost never rejected a search warrant request, and bureau officials indicate the rejection here was unwarranted. In any case, by that time the damage was done.

In 1998, the FBI raided the homes of two California high school sophomores. Their hacker assaults on the Pentagon, NASA (which was very easy), and a U.S. nuclear weapons research lab were described as “the most organized and systematic attack” on U.S. computers ever discovered. To make the Pentagon attack hard to trace, the hackers routed it through the United Arab Emirates. A teenage hacker in Israel directed them.

To help industries fend off hacker attacks, both foreign and domestic, the government has created the National Infrastructure Protection Center, to be staffed by 458 people from the FBI, other agencies, and industry. Recent events make clear that tighter defenses are needed. In 1997, a 13-year-old boy with a home computer disabled control-tower communications at a Worcester, Massachusetts, airport for nine hours. The loopholes the teenager exploited have been closed. But no computer environment is totally secure. Preventing hacker attacks is like a never-ending journey. You will never get to your destination.

Chinese Cyber Criminal Cafe Hacktivists Spin a Web of Trouble at Home

In the university district of Beijing, a bunch of 20-year-olds calling themselves the “Web Worms” slouch around in an apartment stacked with old issues of PC magazine. Chinese computer networks are so easy to break into nowadays. Ninety-three (93%) percent of them are not secure.

From the moment in 1995 that a commercial Internet provider first gave Chinese citizens access to the Web, the government has tried to maintain what some cybersurfers derisively call “the Great Firewall of China.” This elaborate control system is supposed to block sites that the Communist Party considers morally or politically degenerate, from Penthouse to Amnesty International and CNN. But with a few simple tricks, ordinary Internet users are now making a mockery of the Great Firewall, tapping easily into forbidden foreign sites.

Sabotage

Sophisticated hackers, meanwhile, are breaking into sensitive Chinese computers (see sidebar, “Cyberspace Incidents on the Rise in China”). Members of the Hong Kong Blondes, a covert group, claim to have gotten into Chinese military computers and to have temporarily shut down a communications satellite last year in a “hacktivist” protest. The ultimate aim is to use hacktivism to ameliorate human rights conditions.

Intelligence and security experts are warning foreign firms in China of a growing threat of Internet-related crimes, government surveillance, and loss of proprietary data. But some U.S. companies said they view those threats as exaggerated.

The latest warning comes from a report published in 2000 by a network security firm founded by two former U.S. Navy intelligence officers. The report, released by Dublin, Ohio-based LogiKeep Inc., cautions companies that the government-controlled Internet environment in China could put the integrity of their networks at risk.

The most important consideration is that, in one way or another, the government is involved in the operation, regulation, and monitoring of the country’s (China) networks. As a result of this and other factors, such as tensions with Taiwan, U.S. companies could see an increase in scans, probes, and attacks that could be aimed at gaining technical information.

But representatives from companies with major operations in China indicate that they have never had problems and don’t plan to run scared now. The companies discount most of the alarmist reports.

The real focus of their control efforts is what the Chinese call “black and yellow,” or political and pornographic material. How serious an issue economic espionage is depends on who you are and what business you’re in. And economic espionage isn’t unique to China.

Nevertheless, there are other companies who are not convinced that the Chinese government is overtly (or, for that matter, covertly) engaging in corporate espionage via the Internet. Yet, U.S. intelligence experts warn that China’s vast intelligence-collecting apparatus has a voracious appetite for any U.S. technology that could help speed the People’s Republic’s military modernization and boost the country’s economy. That puts high-tech vendor companies particularly at risk.

Businesses operating in China are up against a national government that has essentially unlimited resources and a long track record of industrial and economic espionage. The government runs every business in China; any effort to develop intelligence and promote those industries is a national effort. Scans, probes, and attacks against U.S. firms in China are statistically confirmed and growing, and could be Chinese tests of offensive information warfare tactics or the work of Chinese virus writers.

The U.S. firms that may be at the greatest risk of losing proprietary data include companies that have set up development laboratories in China. But those companies, eager to gain a foothold in China’s burgeoning IT market, don’t necessarily share the fears of intelligence experts.

Nonetheless, there are more controls in place in China than in some other countries, but they have not been put in place to foster espionage. Although the Chinese view controls and regulations as necessary to facilitate an orderly Internet market and to protect the country from subversion and other Internet crimes, the controls are partially the result of political rigidity and bureaucratic inertia.

Human nature is the same everywhere in the world. The thought that there are lots of people with time on their hands to explore what the 20 million Internet users in China are doing is totally impractical.

Free speech also is proliferating. A political journal called Tunnel (http://www.geocities.com/SiliconValley/Bay/5598) is said to be edited secretly in China and sent by e-mail each week to an address in the United States, where it is then e-mailed anonymously back to thousands of Chinese readers. Big Reference (http://www.ifcss.org) is another on-line challenge to the authorities. One recent issue extolled individualism and paid tribute to the mother of a student killed when troops crushed the pro-democracy protest in Tiananmen Square in 1989.

The Internet provides not only speed and efficiency but also cover. If you tried to do a traditional newsletter promoting democracy in China, you’d surely get arrested. If only the authorities were smart enough to realize what’s going on, all the political activities on the Internet would really have them scared.

Perhaps they are smart enough. New regulations introduced in 1997 imposed stiff penalties (including jail sentences) for using the Internet to damage state interests, spread rumors, or publicly insult others. Nonetheless, China’s wired population has grown to 4.408 million, according to government figures. Although that is a tiny portion of an overall population approaching 3 billion, China’s Internet users are virtually by definition the country’s most educated and modern elite. To watch over them, a new force of more than 500 “Internet security guards” has been assigned to patrol computer networks at state companies and ministries. What the Chinese government is really afraid of is political infiltration. The government’s goal is to have a security guard in every work unit.

Perhaps most worrisome to the authorities, young Chinese are using the Net to coordinate political campaigns. On August 17, 1998, Indonesia’s independence day, hackers in China broke into Indonesian government Web sites and posted messages protesting violence against ethnic Chinese there. Chinese security officials ignored the demonstration until it reached the streets. That day, about 200 students rallied outside the Indonesian Embassy, carrying photographs of rape and murder victims that they had downloaded from the Web. The incidents weren’t written up in the Chinese news, but were posted on the Web.

Recently, the government has taken even more drastic action. In Shanghai, a computer engineer named Lin Hai faces charges of inciting the overthrow of state power by providing 60,000 e-mail addresses to Big Reference. And at the end of 2000, the publishers of Tunnel went into hiding.