THE SUPER CYBER PROTECTION AGENCIES

 < Day Day Up > 



Some might call it paranoia, but the U.S. government is growing increasingly worried that foreign infiltrators are building secret trapdoors into government and corporate networks with the help of foreign-born programmers doing corporate work—their regular jobs. A CIA (or Super Cyber Protection Agency (SCPA) as they are called now) representative recently named Israel and India as the countries most likely to be doing this because they each handle a large amount of software repair not done by U.S.-born workers. According to the CIA, the two countries each have plans to conduct information warfare, and planting trapdoors wherever they can would be a part of that.

As previously explained, information warfare is a nation’s concerted use of network hacking, denial-of-service attacks or computer viruses to gain access to or disrupt computer networks, now the heart of modern society in terms of banking, telecommunications and commerce.

HERF Guns Work

Though still secretive about the practice, nations are also building futuristic radio-pulse devices (popularly called High Energy Radio Frequency (HERF) guns) that can disrupt or destroy electronics in networks, cars, airplanes and other equipment by sending an energy beam at them. A homemade version of a HERF gun successfully disrupted a PC and a digital camera during a recent demonstration at a session of an Infowar conference. This conference typically draws a large crowd of government spooks and high-tech strategists from around the world.

Israel and India are key suspects for planting software backdoors in American systems. Russia is also viewed as a threat because it has defensive and offensive information warfare programs underway. Cuba and Bulgaria are working on computer-virus weapons. Israel has already hacked its way into U.S. computer systems to steal information about the Patriot missile.

In the 21st century, information weapons are displacing the threat of nuclear war. The U.S. can’t allow the emergence of another area of confrontation. Russia is calling for cyberdisarmament.

The first step in the cyberdisarmament process is to get the nations of the world to discuss the issue openly. Russia recently requested that the United Nations ask member countries to recognize the threat and state their views on it.

The U.S. Department of Defense has complained in meetings with Congressional subcommittees that it has seen severe network-based attacks coming from Russia. Congress has become convinced that there’s a big problem—and not only with Russia. Information warfare is now viewed by the CIA as a bigger threat than biological or nuclear weapons. Thus, new hacking tools, such as one called nmap, make it very hard to be sure where a network-based attack is originating because the tool makes it easy for the attacker to spoof his identity.

Easy to Make

But more than traditional hacker techniques constitute infowar. A new genre of high-energy radio-pulse weapons that disable electrical flows are under development in government labs around the world. People are spending a lot of money on cyberweapons.

But how easy is it for terrorists or other criminals to build their own homemade HERF guns? That has been a topic of many debates, but recently, a California-based engineer, David Schriner, demonstrated that it’s not very hard.

Schriner, president of Schriner Engineering and a former engineer at the Naval Air Warfare Center, hooked up a 4-foot parabolic antenna powered by ignition coils and parts from a cattle stun gun during one Infowar session. People with pacemakers were asked to exit the room.

With not much more than $600 in parts, he directed a 300-MHz pulse at a computer running a program. Blasted in this manner from 10 feet away, the computer went haywire and a digital camera twice that distance away was affected.

It’s high school science, basically. This kind of threat becomes better understood through research. The computer industry is going to have to sit up and take note. It’s going to cost an extra nickel or dime to put a shield in a computer where it’s needed.

Rollout of Corporate Cybercrime Program

Recently, the FBI (or the other super cyber protection agency) officially announced the formation of its InfraGard program, a cybercrime security initiative designed to improve cooperation between federal law enforcement officials and the private sector (after completing the process of setting up InfraGard “chapters” at its 56 field offices). The National Infrastructure Protection Center (NIPC), an FBI affiliate that’s based at the agency’s headquarters in Washington, started the InfraGard program in 1996 as a pilot project in the Cleveland area. The last local chapter, comprised of information security experts from companies and academic institutions, was put in place in December, 2000, in New York.

According to FBI officials, InfraGard offers companies an intrusion-alert network based on encrypted e-mail messages plus a secure Web site for communicating with law enforcement agencies about suspicious network activity or attacks. The program allows law enforcement and industry to work together and share information regularly, including information that could prevent potential intrusions into the U.S. national infrastructure.

However, the NIPC has been criticized in the past for what some have called a fundamental inability to communicate with the rest of the national security community. The problem, according to sources, has been that the FBI treats all potential cybercrimes as law enforcement investigations first and foremost—a stance that effectively bars access to information by other government security agencies.

The timing of the announcement may be a sign that the FBI is jockeying for budget influence in the new Bush administration. The InfraGard program hasn’t had much of an effect on corporate users thus far.

It seems like the different chapters are very personality-driven. But the FBI hasn’t really institutionalized InfraGard or funded it to be anything very meaningful. The general feeling is that it is all input to the FBI and no output from them.

The InfraGard announcement is one of several rather belated efforts by the outgoing Clinton administration to create new security structures. For example, ex-President Clinton, before leaving office, also announced a plan to better coordinate federal counterintelligence efforts—a move partly aimed at improving the response of super cyber protection agencies such as the FBI and the CIA to information security attacks against companies.

However, InfraGard’s prospects could still be very much in question during George W. Bush’s administration. All of these initiatives could die if the Bush administration wants to place its own imprint on the issues or simply decides to take a different tack. These new programs will have a better chance of survival if they can demonstrate that they’re already accomplishing useful objectives.

The FBI plans to expand and perfect InfraGard as it goes forward. But more than 600 businesses have already signed up to participate in the program, and the FBI is still getting applications daily from companies that want to be part of a chapter.

Finally, InfraGard does have its supporters. The program has had a beneficial impact because it lets companies share information on security vulnerabilities without creating the levels of hysteria that usually accompany highly publicized reports of hacking attacks and other cybercrimes.

It’s actually working. There’s an awful lot of industry support behind it. And there are no indications that the Bush administration is pro-crime.



 < Day Day Up > 



Computer Forensics. Computer Crime Scene Investigation
Computer Forensics: Computer Crime Scene Investigation (With CD-ROM) (Networking Series)
ISBN: 1584500182
EAN: 2147483647
Year: 2002
Pages: 263
Authors: John R. Vacca

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net