Forwarded From: phreak moi <hackerelite@deathsdoor.com>
http://www.wired.com/news/news/politics/story/15643.html
Cyber Terror Arsenal Grows
by Niall McKay
8:32 a.m. 16.Oct.98.PDT
When Federal agents raided the home of an 18-year-old cracker in Irvine,
California, this past summer, they were looking for a cyber terrorist.
"The FBI woke me up with a gun to my head one morning," said the cracker,
who calls himself Chameleon. "We sat for seven hours being interrogated
while they were going through my computer stuff."
Agents suspected the youth of selling US military secrets to Khalid
Ibrahim, believed to be a member of the Pakistani terrorist group
Harkat-Ul-Ansar.
"I went to my post-office box one morning, and there was US$1,000 with a
number to call in Boston," said Chameleon.
Chameleon, who spoke to Wired News on the condition of anonymity, said
that while he did cash the check from Ibrahim, he considers himself a
computer enthusiast, not a terrorist. Ibrahim was allegedly seeking maps
of US government computer networks that Chameleon had obtained on his
travels through the Net.
"But I never called and I didn't pass any information to Ibrahim," he
said.
A Job For NIPC
Chameleon's case, which was confirmed by the FBI, is tailor-made for the
newly established National Infrastructure Protection Center. NIPC is
designed to fend off threats to the nation's banks, transportation
networks, power and water resources -- and, in Chameleon's case, military
networks.
By employing the collective muscle of several intelligence and law
enforcement agencies, NIPC (pronounced "nip-see") can conduct
investigations that would normally be beyond the scope of a single agency.
For example, in Chameleon's case, NIPC may have asked the CIA to gather
information on Ibrahim overseas, dispatched FBI agents to keep him under
surveillance at home, then have its own computer analysts monitor and
analyze Internet data.
Security experts warn that there is a clear distinction between kids that
crack Web sites for fun and cyber terrorists trying to cause serious
damage. But for Michael Vatis, an associate director of the FBI who's
serving as NIPC's director, the distinction is irrelevant.
"The trouble is that when an attack occurs we have no way of knowing if
this is a kid in middle America or a serious foreign threat," said Vatis.
"Whether [the attacks] come from a disgruntled employee, a hacker trying
to show his skills, or an information warrior trying to get access to
sensitive military information, we are here to prevent attacks on the
nation's infrastructure."
Vatis would not comment on any case under investigation by NIPC. Chameleon
wasn't as reticient, however. In his account on the computer security site
AntiOnline, he said that the FBI had been watching his house, tapping his
phone, and monitoring his Internet connections for months.
Chameleon said that federal agents even had transcripts of Internet chat
conversations between him and Ibrahim, who is allegedly based in New
Delhi, India.
The Big Stick
Attorney General Janet Reno established NIPC in February with $US64
million from Congress. With NIPC growing fast, Vatis is seeking additional
funding in this year's budget.
When fully staffed, NIPC will employ 125 at the FBI headquarters in
Washington, and another 300 to 400 around the country. The center will
also run a multimillion dollar computer system that will house a massive
national infrastructure security database.
While full details of the database are not available, the FBI outlined
plans last March to establish InfraGuard, an intrusion detection reporting
program. Institutions and private companies can use the program to report
security incidents to the FBI.
The center will also serve as the nation's security adviser, instructing
both government and private institutions on security and software
purchases, according to Vatis.
"We need to be able to communicate in real time with other agencies and we
need to be capable of sophisticated analysis and display of information,"
Vatis said.
While NIPC's underlying strength may be its ability to tap into the
resources of the nation's intelligence and law enforcement agencies, it
will also work closely with private industry.
"At least half of our staff will come from the Secret Service, National
Security Agency, CIA, NASA, Department of Defense, state and local law
enforcement, Department of Treasury, Department of Energy, and the
Department of Transportation," said Vatis.
"We will also be backed up with equipment and expertise from the Lawrence
Livermore National Labs."
The center can mobilize staff from any of these agencies to respond to a
cyber terrorism threat and have a message on the President's desk within
10 minutes, Vatis said.
"The president is totally supportive of what we are trying to achieve
here," said Vatis.
An Ounce of Prevention
Vatis is on call 24 hours a day. Should a cyber attack be reported by a
local FBI field office or detected by NIPC, he will coordinate the
mobilization and deployment of the response team.
But the point is still to prevent an attack, not respond to one.
"We try to detect attacks before they occur, analyze the information, and
alert the victim," said Vatis. "We don't have the ability to
counterattack. That would typically be a task for the other bodies, such
as the army or air force."
NIPC also helps guard against a variety of real-world threats to the
national infrastructure, ranging from biological warfare to terrorist
attacks.
"There is a broad range of responsibilities but we are focusing on the
cyber attacks," Vatis said.
The Department of Defense reports that its Web sites experience in the
neighborhood of 60 cyber attacks every week.
However, many believe that this figure is conservative. In a recent speech
at the Georgia Institute of Technology in Atlanta, CIA Director George
Tenet said that in 1995 alone the Defense Department had been attacked
250,000 times.
Others think that the 1995 figure is inflated. Until recently, for
example, the government is believed to have classified routine requests to
open telnet connections -- the network equivalent of knocking on a locked
door -- as "attacks."
"Unfortunately, cyber threats are a difficult intelligence target," Tenet
said. "They are cheap, they require little infrastructure, and the
technology required is dual use. In short they are exceptionally easy to
conceal."
Lying in Wait
One Department of Defense site, the Naval Surface Warfare Center, is
attacked about 40 times per week, according to Stephen Northcutt, the
center's head of intrusion detection.
"If we really want to catch the people attacking our sites we need to
employ some pretty sophisticated Internet forensics," said Northcutt, who
will visit NIPC's headquarters next week.
In practice, this process would involve installing surveillance sensors on
high-profile Web sites that are commonly targeted by crackers. That
information could be stored and later analyzed.
"If a bank is robbed at 2 p.m., the police will go back and examine the
videotape and see who had been casing the joint that morning," said
Northcutt. "Well, it's the same with the Internet. When a hacker breaks
into a site and steals information, it's likely that he has been in casing
the joint before."
But Net surveillance is a daunting task. In Ibrahim's case, for example,
it is believed that he is based in India because he appears to be
accessing the Internet using an ISP in New Delhi.
But experts point out that he could be based anywhere and gaining access
through a pirated Internet account. Crackers commonly trade information
on these pirated Unix shell accounts through Internet Relay Chat channels.
Chameleon Changes His Color
In the meantime, Chameleon has not been charged with any crime, and has
since put down his hacking tools to become a security consultant.
"I was in the wrong place at the wrong time," he said. "If it was to
happen again I would hand the money over to the FBI. But I needed to grow
up, I guess."
John Vranesevich, a security specialist and founder of AntiOnline,
welcomes NIPC but suggests that the government should create awareness
campaigns about the dangers of cracking in the same way it conducts drug
awareness campaigns.
"Some of these guys that are hacking the Pentagon's Web site are just kids
and it's a game to them," said Vranesevich. "Chameleon is a talented
programmer and I don't believe he knew that he would get caught up with
terrorists."
Members of The L0pht, a Boston-based group of network security
specialists, agree. "NIPC seems like a good idea really," said a L0pht
member calling himself Space Rogue.
"I am actually surprised that a major cyber attack has not already taken
place."
But Space Rogue also accuses Washington of indulging in unwarranted
hysteria. "There are two [Internet] buzzwords in government right now:
pedophile and terrorist.
"And any law or any measure taken against these two groups seems be
condoned by the public," he said. "It's the '90s equivalent of McCarthy's
stand against communism. We need to distinguish between hackers and cyber
terrorists."
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Fri Oct 16 19:08:06 1998