¿ìè¶ÌÊÓÆµ

Hackers come in from the cold: Governments should spend less money on spies in trench coats and more on computer hackers in anoraks. Or so says a former CIA officer

The lot of the Western spy is not a happy one. The great security organisations
that grew fat on the Cold War and the threat from the Eastern bloc face
a bleak future. Now that the Soviet Union and Warsaw Pact have fallen apart,
governments are questioning the function and funding of these organisations.
Even more worrying, the traditional agent has a rival.

In 1991 the US Marine Corps, the land forces of the US Navy, ordered
a new computer system for intelligence gathering. The system was based on
modern computer technology with 54 powerful desktop computers networked
to two fileservers used for storing data. But Robert Steele, the senior
civilian working on the installation of this system, says that while the
five-year project cost $10 million, it produced useful answers to fewer
than half of the questions that it was asked. The CIA supplied the information
for the computer’s database, which included minute detail on the Soviet
Union, but little else.

Separated by glass partitions from the supersecret Marine Corps system
sat a cheap personal computer. It was connected to Internet – the computer
network which links over 2 million computers in universities, companies
and homes all over the world. The original purpose of the lone PC was to
link into specific commercial databases, however, it soon became apparent
to the Corps analysts who used the system that much of the information they
needed was readily accessible over Internet.

Steele now fervently promotes the value of accessing the vast amount
of information floating around the world’s computer networks. Under the
banner of Open Source Solutions (OSS), a non-profit-making educational corporation,
he organised a conference earlier this month in Washington DC on ‘National
Security and National Competitiveness’. The event attracted speakers ranging
from US intelligence officials, a former head of the Japanese national broadcasters
NHK, computer hackers and recently retired high-ranking members of the KGB.

Steele used the conference to win support for the National Knowledge
Foundation, a body to be funded by the US government to the tune of $1 billion
dollars a year, which would nurture a distributed intelligence community.
Steele is still considered an insider in the intelligence community. He
spent five years working for the CIA in Central America and works for various
Marine Corps colleges throughout the US. But he passionately opposes the
cult of secrecy: ‘too much useful information is wrapped in a cement overcoat,
courtesy of a petrified security system’, he says.

Networking

Instead, Steele wants to see the intelligence agencies spending less
on spies and more on computer technology and hackers – people who are expert
at finding their way around the Internet and exploring the computers connected
to the network. To this end he is proposing a radical ‘Adopt a Hacker’ scheme.
Far from the cloak-and-dagger image of the CIA, this will allow companies
and agencies to hire a ‘hacker’ who, under close supervision, will test
the security of an organisation’s computer systems, or gather information
from outside sources using the Internet. As Steele points out: ‘The intelligence
community is coming back with an answer in two days which is classified,
while the electronic librarian is coming back in forty-five minutes, on
the same day, with an answer which is unclassified.’

Further recognition of the potential of electronic information gathering
came from Paul Wallner, who is in charge of open source investigation at
the CIA. During the conference, he announced that the agency was setting
up a computer network for the myriad of organisations in the US intelligence
community to share information. Intelligence officers at the conference
said that rivalry between the different services and incompatible computer
systems have so far prevented any significant sharing. The 700-plus intelligence
officers at the conference were just ‘waking up to the fact that the information
revolution has happened while they weren’t looking’, according to John Perry
Barlow, who campaigns for open access to computer communications as president
of the Electronic Frontier Foundation based in Cambridge, Massachusetts.

Well over 15 million people already use Internet, by far the largest
and most famous of the international networks. Academics, in particular
those working in the fields of computer science, high-energy physics and
molecular biology, exchange ideas and transfer papers to referees over Internet.
Commercial companies also use Internet connections to help their employees
keep in touch with colleagues, and an increasing number of individuals access
the network from their homes.

Although there has been no coherent strategy for spying over the network,
consultants at the Washington conference claim that the US Department of
Defense already intercepts and stores all material passing over the Internet.
However, as one consultant pointed out: ‘The trouble is, they (US Department
of Defense) don’t understand what they are looking at.’ Finding your way
round Internet can be hard work . . . Imagine that in order to use a telephone,
you had to take part in a treasure hunt for clues to the location of scattered
fragments of the phone book.

To gain access to information held on computer at the US National Institutes
of Health (NIH), for example, the first step is to find the ‘address’ of
the computer – like buildings on a street, computers on the Internet have
a unique address. There are various software programs freely available on
the Internet that help the keen network user get this information, if they
work through a long-winded list of clues. When the address is not in the
publicly available lists, the really determined user could inspect the tables
of information used to route electronic mail messages from one computer
to another.

Once connected to the NIH computer, it becomes clear that there is a
very thin line between authorised and unauthorised use of a system. There
is a directory of files on the NIH computer named ‘public’. But when someone
tries to extract information from this file, the message: ‘Please do not
be here’ appears.

People who choose to ignore such messages are often labelled ‘computer
hackers’. Although the media image of a hacker is the lonely teenager intent
on writing programs designed to destroy the world’s data, hackers see themselves
as people with logical skills, and the commitment to discovery needed to
navigate the Internet. They are also keen to ensure information remains
publicly available, which may mean some interesting cultural conflicts emerge
from Steele’s ‘Adopt-a-Hacker’ scheme.

Free information

When Patrick Kane, a hacker at the conference, was asked what he would
do if while he was trawling through databases for economic intelligence
on chemical processes he discovered unreported hazards to the public? ‘I’d
do my best to make the information public,’ he said. If there is a hacker’s
credo, it’s that ‘information wants to be free’. In fact, Emmanuel Goldstein,
editor of hackers’ magazine 2600, thinks this kind of assignment would
be ‘a contradiction in terms . . . there’ll be resentment by hackers of
anyone trying to control them, whether they’re told they mustn’t go into
a particular computer system or that they must’.

The potential customers are much keener. ‘Bring in a hacker, a person
who wants to test the limits of the technology? Sure. Better to have them
on your side,’ says William Ardent, who works in counterintelligence at
the US Army’s Aberdeen Proving Ground in Maryland. Steele says: ‘Most hackers
I know never really wanted to violate the law, and would be thrilled that
someone might respect them enough to pay for their services. I will stake
my reputation on the trustworthiness and character of the hackers I know.’

Intelligence agencies have always used open sources wherever possible.
According to Norman Wood, a retired Lieutenant General, the most keenly
and widely read document in the Pentagon is the ‘Early Bird’ compilation
of the previous day’s media. Back in the 1960s at the Strategic Air Command,
which controls US nuclear forces, he would check intelligence reports against
the news services from Reuters, Associated Press and the Soviet agency TASS.
The conference was told that the KGB did the majority of its research into
US military capabilities by a careful reading of public sources. And when
Perry Barlow visited CIA headquarters recently, he found agents watching
the four CNN TV channels.

What is new is Steele’s proposal that, as intelligence agencies increasingly
move to providing assessments of threats to specific countries’ economies
or even environments, they should become more open. They have some way to
go. Steele has met British (and other European) government and military
officials, and ‘found them uniformly interested in the idea of converting
NATO . . . into an information alliance’. But the Foreign office still
refused to comment on whether MI6 was attending the OSS conference.

It is, however, clear that the potential uses of the Internet for national
security purposes go well beyond the more efficient compilation of reports.
With electronic communications, it is possible to benefit from a person’s
expertise without them leaving their home. So the ‘our German rocket scientists
are better . . . ‘ competition that was played out between the US and the
Soviet Union in the 1950s could, in the next decade, come down to ‘we have
better electronic mail addresses than you do’.

More from ¿ìè¶ÌÊÓÆµ

Explore the latest news, articles and features