The Gazette (Montreal) October 6, 2001 Saturday
Cyberspies and saboteurs: Hackers on the payroll of U.S. security agencies
By ALEX ROSLIN
As U.S. Defence Secretary Donald Rumsfeld unleashes a "shadow war" of covert special-forces operations against terrorist Osama bin Laden, he is sending into action many high-tech warriors who have neither guns nor grenades, and whose combat missions won't take them anywhere near Afghanistan. Their brand of fighting goes by the innocent-sounding term of "computer network exploitation." Most people would simply call them computer hackers.
But unlike rebellious teenagers sitting at their bedroom computers, these hackers work for intelligence agencies and have advanced training in computer science, math and cryptology.
No government agency in Canada or the U.S. has acknowledged that it employs hackers to break into computers. That information is secret because the targets of "computer exploitation" are not just terrorists like bin Laden and hostile states. The targets can just as easily be citizens at home, trade negotiators and diplomats from friendly countries, or foreign businessmen bidding against a domestic company. In this exclusive Gazette report, some of North America's top intelligence, military and computer experts talk about how government hackers are transforming the Internet into a tool for spying and warfare. They say U.S. spy agencies, and very likely Canadian ones too, have been hacking into computers for years.
Right now, they say, hacking plays an important role in President George W. Bush's war against bin Laden and his supporters.
While this tool is limited by the fact that there are few computers in Afghanistan, where bin Laden is said to be hiding, it may prove critical in tracking down his bank accounts and business fronts around the world, said intelligence expert Jon Concheff, who spent 21 years in the U.S. Special Forces.
Hacking, he said, "is a logical and critical adjunct to the revivified campaign against terrorism."
Canada's military says it wants to engage in hacking, too. In June, one of Canada's top commanders in "computer operations," Colonel Randy Alward, announced that the Canadian Forces want to include hacking in their military arsenal. Under the policy, military hackers would be trained to disable communication systems, destroy electronic information and plant destructive computer viruses.
But experts caution that hacking is a dangerous and unpredictable new tool.
"I think this is perilous. I'm more worried about what states are doing than Mafiaboy," said Ron Deibert, a University of Toronto professor who studies the Internet and has been an external examiner on computer warfare at the Canadian Forces College in Toronto. (Mafiaboy is a Montreal teenager who pleaded guilty this year to hacking into U.S. Web sites.)
"When we talk about information warfare, people don't see it applies to them," said Robert Garigue, a retired Canadian Forces lieutenant-commander, now the Bank of Montreal's vice-president (information security). "But it does. We've created this social space (on the Internet), and conflict is moving into it. Every decision you make is mediated by computer. In that sense, the computer layer becomes very powerful when you can manipulate it."
- - -
Computer spying couldn't have been born in a prettier place. Nestled into the side of Colorado's majestic 4,300-metre-high Pikes Peak, Schriever Air Force Base lies where the rolling plains meet the eastern wall of the Rockies. The facility controls all of the U.S. Defence Department's classified satellites, and is home to President George W. Bush's National Missile Defence project.
In July 1994, the base saw a history-making demonstration by Kevin Ziese, a computer scientist in the newly created U.S. Air Force Information Warfare Centre. The top brass was out in force as Ziese showed how to hack into a computer system.
He refused to say what he broke into ("I don't feel comfortable going into details"), but it is clear the exercise impressed the generals. "Once you see a demonstration of how to break into a computer system, it doesn't take a rocket scientist to realize it has an offensive capability," he said.
Shortly after, the U.S. military created its first organized information warfare program to train super-hackers. One of their jobs would be computer exploitation, stealing sensitive information and leaving enough secret back doors so they can sneak back into a computer.
Ziese refused to provide details of U.S. hacking operations, but likened them to clandestine special-forces missions now employed in Afghanistan. "I would draw an analogy between computer exploitation and special-forces exploitation. There are clearly cases where (sending in) the special forces makes good sense, but they would be relatively few. This would be equally true for computer exploitation," he said.
"Their job is to dig up what's in computers (of groups) that hold views that may be harmful to the U.S.," said Hal Gershanoff, editor of the Journal of Electronic Defense, a Norwood, Mass.-based monthly published by the Association of Old Crows, a group of experts in computer warfare.
In bin Laden's case, U.S. government hackers don't have many targets in Afghanistan, but they could break into computers of his businesses, wealthy associates and followers elsewhere, said Winn Schwartau, an information-warfare expert who advises the U.S. Defence Department. As well, they could target banks that haven't agreed to collaborate with the U.S. by freezing terrorist-linked accounts. "It would be really stupid of us not to do a computer network attack into their systems," he said.
Government hackers can also have a more destructive mission - attacking or manipulating sensitive computer networks. This quickly becomes computer warfare - what the media sometimes calls cyber-warfare. Most experts are loath to discuss such operations, but they said hackers can bring a country to its knees and cause as much damage as nuclear weapons - shutting down power grids, air-traffic control, emergency services and telecommunications.
Ironically, this means hacking is a double-edged sword for countries like Canada and the U.S., which are far more vulnerable to being attacked themselves than low-tech opponents like bin Laden.
- - -
The U.S. Special Forces soldiers sent into Afghanistan to hunt down bin Laden are packing more than rifles and survival gear. They went armed with high-tech communications links that would feed them the latest intelligence from the U.S. National Security Agency. The NSA is so secret that its existence wasn't even acknowledged until the 1970s. It's thought to have a budget of over $11 billion a year and to employ more people than the CIA and FBI combined.
The NSA's job - like that of its Canadian sister agency, the Communications Security Establishment - is to collect signals intelligence (SIGINT in spy lingo) by filtering through rivers of local and international phone calls, faxes, satellite transmissions and E-mail.
Their role was defined by the digital age. Now, instead of passively waiting around to catch messages in the sky - known as midpoint collection - they could reach through the airwaves right into a computer - endpoint collection. Some dub it HACKINT. Intelligence historian James Bamford calls it the "the most profound change in the history of signals intelligence."
"Throughout most of its history, the NSA has been considered as a support organization to war fighters. But what the NSA is saying now is they won't play the support role. They will play an active role," said Bamford, author of Body of Secrets: Anatomy of the Ultra-Secret National Security Agency.
"They will be on the front line in taking offensive actions."
Bamford said much of the NSA's "endpoint collection" is being done through a hyper-secretive agency called the Special Collection Service, based in Beltsville, Md.
The service was set up in the late 1970s to combine the physical penetration skills of the CIA with the technical expertise of the NSA, and is jointly run by both agencies, said Washington, D.C., intelligence analyst John Pike. "It's the black-bag, breaking-and-entering, Mission Impossible-type agency."
The only inside account of this agency comes from a Canadian, Mike Frost, a retired veteran of the Communications Security Establishment. In his 1994 book Spyworld, Frost said the mysterious U.S. service, known to insiders as College Park, specializes in secret missions from U.S. embassies abroad.
- - -
Experts say U.S. spies have secretly engaged in HACKINT for years with little public debate. Ironically, its biggest critics are military strategists.
"There is a big question (in government circles) as to how far it should go," said Roger Molander, a former member of the U.S. National Security Council, now a computer-warfare expert at the RAND Corp., a think-tank close to the Pentagon and U.S. intelligence agencies. A major concern is that government hacking blurs the lines between peace and war, he said. "If you get caught mapping out the critical infrastructure of an important power grid in an escalating crisis, people might view it as an act of war."
Daniel Kuehl, a professor specializing in computer warfare at the Pentagon's National Defence University, agreed. "State vs. state espionage is an accepted part of statecraft. But what if I insert a program in an air-defence system? What line have I just crossed? Nobody knows. Have we gone to war? None of the old measures apply here. This environment has all kinds of borders we don't understand yet."
Another big unknown is the spin-off of government hacking. An attack on one country or terrorist group could bring down computers in other parts of the world, like a computer virus spinning out of control. "After one (computer warfare) exercise, we reacted, 'Oh my God, how many systems did we take out?' " said Robert Garigue, the former Canadian Forces lieutenant-commander. "It's a very difficult weapon to use. It's not as simple as the Americans make it out to be. Have you any understanding of what the cascading effects are? It is a naive belief to think we can partition this off so we won't be affected."
Tiit Romet, a scientist formerly employed by Canada's Department of National Defence who helped develop military information-operations strategy, painted a worrisome scenario. "We could show the vulnerabilities of the power grid of country X. If we get into a conflict - say we want to disrupt the power network in some cities, maybe black out hospitals - that's where the ethical questions come in. What happens if kids get killed?"
Another problem is that hackers have to conceal their identity by invading neutral machines - like those of a university - and launch an attack through them. This raises the prospect of spies indiscriminately breaking into civilian machines and turning them into unwitting hacking devices.
"It's one thing if you're the CIA and you bribe someone to give you information. It's another thing if you are actually invading common (Internet) carriers to do it. The end result is the same, but you have to penetrate an awful lot of systems that are commonly used," said James Bamford, the intelligence historian. "The question gets raised, 'Where will they do it next? What restrictions are there?' "
Just as troubling, say experts, is the lack of public scrutiny and legal restrictions. "The people doing it don't like to admit they are doing it. I don't think there has been any (Congressional) oversight at all," said Peter G. Neumann, an eminent Silicon Valley computer scientist and privacy expert who has testified to Congress on computer security. "It's a very delicate business. You're on the tip of the iceberg here."
Copyright 2001 Southam Inc.