Surveillance or Security?: The Risks Posed by New Wiretapping Technologies (31 page)

The theft of $9 million and the theft of records from 130 million credit
and debit cards is no small potatoes. There have surely been many more
such attacks that have not been publicly reported, some of which may
have had higher losses. Financial institutions are particularly loath to be
public about such intrusions. Citibank's 1995 example shows why. It was
the victim of such a theft, with numbers that seem small today: all but
$400,000 of the $10 million taken was recovered.89 But when news of the
theft became public, Citibank's competitors tried to win the bank's largest
accounts, claiming they would provide better security.

Despite the seriousness of such financial crimes, the effects have been
limited in scope. The attacks have been against single systems, not against
the financial network. The latter would have had devastating consequences,
the former, much less so.

Because of its vulnerability to cascading failures, the power grid faces
greater risk than the financial system. Cascading failures have nothing to
do with network communication and are simply a way to protect electrical
equipment. When loads suddenly surge around the power grid, generators
and transmission equipment drop off to prevent overloading. Thus it can happen that a small overload in one part of the network can lead to a
cascading series of failures. This is what occurred during the 2003 blackout
in parts of the Northeast and upper Midwest in the United States and in
almost all of Ontario, Canada.

The problem started with a generator shutdown at First Energy in
central Ohio, followed by the failure of an alarm and logging system in
the First Energy control room. As transmission lines heated up during the
day and came in contact with overgrown trees, they shut down; at this
point, First Energy could have averted a blackout by dropping service
around Cleveland and Akron. It did not do so and so more transmission
lines failed, causing a major transmission line to fail. It was a hot summer
day with high power demands, and the sudden failure of the main transmission lines led to "unsustainable burdens" on nearby lines. The failure
followed.90 At least some of the cause was due to a failure of monitoring
systems.91

A set of simultaneous attacks against multiple sites could lead to a very
serious situation. Currently the capability for mounting such an attack is
probably only within nation-states and not with nonstate actors. There is
evidence that other nations are, at a minimum, exploring the possibilities.
According to a 2009 Wall Street Journal article, the control systems of the
U.S. power grid have already been penetrated by cyberspies. These attackers
are believed to have left behind software that could presumably be activated at a later date.92 The lack of an attack is thus due, not to lack of
capability, but to lack of incentive. Any attack of this sort on the United
States would be counterproductive to the nation-state that mounted it.

Therein lies the key to understanding the threats to critical U.S. infrastructure that arise from the vulnerabilities in communications networks.
Attackers fall into four types: hackers; nonstate actors, including terrorists
and criminals; insiders; and nation-states. Hackers and terrorists are capable
of mounting disruptive DDoS attacks.93 There has certainly been interest
since at least 2001 by members of Al-Qaeda in using the Internet to
attack the dams and water supply in the United States,94 but neither the
hackers nor the terrorists currently have the skill to use the IT network to
mount a sustained attack against critical infrastructure. The CIA believes
that in the short term, terrorists will focus on traditional methods of creating havoc, though the agency anticipates growing cyberthreats in the
future.95 Both insiders and nation-states, however, have the capability to
inflict major damage to critical infrastructure through exploiting the vulnerabilities in communications networks. It is to these two groups that I
now turn.

7.4 Insider Attacks

In the late 1980s, Soviet intelligence officers who were secretly supplying
the CIA with information began disappearing. The first hint of a problem
occurred in May 1985, when a CIA source was abruptly recalled to Moscow;
then in June 1985, a meeting between a source and a CIA officer was
thwarted by the KGB, the Soviet secret police.96 The CIA began investigating and thought the source of information might be CIA agent Edward Lee
Howard, who had indeed been supplying the USSR with information since
early 1985. When KGB colonel Vitaly Yurchenko defected to the United
States, Howard was in danger of being exposed, and he fled97 the United
States. But U.S. "assets" continued to vanish.

One Moscow source was arrested for espionage.98 Another, based in
London, was called to Moscow and arrested. A third, arrested in Budapest,
was forcibly taken to the KGB's Moscow headquarters.99 Two more were
recalled from Washington and were arrested, tried, and executed. Agent
after agent disappeared. Over twenty operations were compromised,10° but
only some of these could be laid to Howard.101 It took the CIA and the FBI,
which was brought into the case much later, six years before they began
seriously looking at Aldrich Ames, a CIA counterintelligence officer. Ames,
with access to information identifying essentially every U.S.-controlled
double-agent operation,102 was the consummate insider. He was in a position to completely compromise the CIA's Soviet efforts, which is exactly
what he did.

Insiders are trusted individuals with access to sensitive information
within an organization. Even outsiders who gain insider access do not have
the same role as insiders, for they lack the trust relationship with the
organization that genuine insiders have. That gives insiders the ability to
seriously disrupt an organization:

• The master insider spy was Kim Philby, who rose to a high position
within British intelligence while actually being a Soviet agent. He was part
of a group called the "Cambridge Fivei103 who were recruited while students at Cambridge University in the 1930s. A few years later Philby
claimed to have changed his allegiance and said he was no longer a
member of the Communist Party; he was hired as a British intelligence
officer in 1940. In 1944 Philby was made responsible for combating Soviet
subversion in Western Europe. In that capacity he knew the identities of
British intelligence agents and had access to hundreds of classified documents. In his role as double agent, Philby betrayed many Western agents
to the Soviets. He was later appointed British intelligence liaison officer to the CIA and FBI, a highly sensitive post giving him access to vast amounts
of information about U.S. intelligence. It was through this that he was able
to warn his fellow Soviet spies, Guy Burgess and Donald Maclean, of official
suspicions about them. Both men fled the United Kingdom in 1951 and
defected to the USSR. Philby followed a little over a decade later when his
activities were finally uncovered.

• Beginning in 1979, FBI agent Robert Hanssen spied for the Soviets for
twenty-two years. Like Ames, he exposed U.S. moles to the Soviets. He
revealed the existence of a rather expensive NSA/FBI tunnel built underneath the Soviet embassy in Washington for surveillance purposes, which
became worthless after Hanssen's revelation. Hanssen gave the Soviets
information on U.S. plans for continuity of operations after a nuclear
attack as well as extensive information on U.S. MASINT (Measurement and
Signals Intelligence), specifying the technical means for determining
source, emitter, and sender of signals. Because Hanssen served in the FBI's
counterintelligence unit, he was able to check the FBI automated systems
to make sure that he remained undetected.lo4

• Between 1977 and 1986, an unknown researcher at Fairchild Semiconductor supplied huge amounts of data covering corporate research and
business plans-as much as 160,000 pages-to the Japanese consulate in
San Francisco. Fairchild was badly weakened as a result, needing U.S. government help to fight a 1986 attempted takeover by Fujitsu."'

• Research chemist Gary Min began working at DuPont in 1995. In late
2005, he gave notice that he was leaving to work for a competitor. DuPont
discovered that in the previous four months, Min had downloaded tens of
thousands of abstracts and documents from the company database, fifteen
times more than anyone else in the company. This covered DuPont's
products as well as emerging research. Almost all of the downloaded material was unrelated to Min's research at DuPont. Much of it was found on
computer disks, a laptop, and various papers at Min's home during a search
by FBI and Department of Commerce agents. The Department of Justice
estimated the fair market value of the work Min had taken at $400
million 106

As these cases begin to illustrate, insider attacks can be exceedingly difficult
to counter. Insiders know your system: they know where the important
data lies, what the auditing procedures are. As a National Research Council
report observed, insider attacks are "particularly pernicious.""'

Motivation for insider attack varies. Insiders may turn against their
organization for ideological reasons. Ames's motivation was pure greed: he
received much of a promised $2 million for his efforts before he was arrested. Personal grievance, revenge, and ego are among the main reasons
that insiders in the financial sector have betrayed their organizations.108
Finally, some insiders are just lured in. First they hand over relatively
innocuous material. Then they go farther in order not to have the initial
leak revealed.109

Arranging to get inside information out is much easier to arrange than
it used to be. Once one had to plan ahead, sneaking documents out, surreptitiously photocopying papers at night and on weekends, bringing
cameras to do the work. But the Internet allows one to accomplish virtually
what had been difficult to do physically. Techniques for information transmittal encompass employee email (including the use of steganography to
hide the data within other data, especially photographs); portable storage
devices, especially USB sticks, but also disks and smart phones; and the use
of personal webmail at work. Insider abuse appears to account for slightly
under half of all types of security problems.10

The increased ability of insiders to accrete and surreptitiously release
information has not escaped organized crime's notice.111 For many years
insider attacks on banks were one-off operations, and the insider operated
on his own or with a few accomplices."' Now such robbery can be done
from afar. An increasingly common tactic has been for the criminal group
to use an insider to transfer sensitive data. Meanwhile the criminal group
is itself in a location where prosecution is difficult. Financial institutions
report that the temptation for employees to steal sensitive personal information has sharply increased."'

Insider attacks on IT infrastructure are particularly threatening to
society. In a world in which electronic communications has replaced faceto-face meetings, to electronically eavesdrop is to know all that is occurring: every political intrigue, every love scandal, every newspaper scoop,
every plan of every sports coach and business leader. It is unclear if the
unauthorized 2004-2005 wiretapping of senior members of the Greek
government involved insiders, but it appears insiders were involved in the
wiretapping scandal at Telecom Italia, in which six thousand people were
targeted over a period of ten years (1996-2006). Dossiers on the personal,
financial, and business dealings of politicians, financiers, businesspeople,
bankers, journalists, and even judges were amassed, in part through massive
wiretapping at Telecom Italia.114 Collection on such a vast scale is astounding; it means that at least one in a thousand Italians was wiretapped... and
that no business arrangement or political deal was truly private. As of this
writing, the case is still in trial. It seems that money, including the use of
the information for blackmail, was at least part of the motivation here.

Protecting against insider attacks has become more difficult with the
shifting boundaries of inside and outside. Outsourcing extends the traditional corporate boundaries, making company resources and information
accessible to third-party processors, company partners, and vendors. This
process lowers company loyalty, further increasing the risk of insider attack.116

One might expect a different situation when boundaries are strikingly
clear, but the cases of Ames, Hanssen, and various others show that even
U.S. law enforcement and national-security agencies are not immune to
insider attack. A review ordered in the wake of Hanssen's espionage found
"a pervasive inattention to security.""' Five years later, another government review concluded that ongoing FBI information-security weaknesses
still left the bureau "vulnerable to insider threats.""' Protecting against
insider threats is simply not easy to do.

Criminal groups are not the only type of large organizations that might
exploit insiders for gain; terrorist groups and nation-states also have the
resources and capabilities to do so. While there is no evidence that terrorist
groups have successfully used insiders, we know that nation-states have
employed insiders in their cyberexploits against the United States. They
have used a host of other tools as well.

7.5 Attacks by Nation-States

In 1981 a senior KGB officer, Vladimir Vetrov, handed to French intelligence a veritable treasure trove of documents detailing Soviet strategy for
acquiring Western scientific and technical information.119 While much
material the Soviets acquired came from publicly available documents, the
most useful information was stolen. It was estimated the USSR was acquiring technical expertise at about 1 percent of the cost it took the West to
develop the work.12' The technology transfer in radar, computers, machine
tools, and semiconductors was so complete, it was as if "the Pentagon had
been in an arms race with itself."121 Much of the spying was done by capitalizing on scientific exchanges between Soviet and Western scientists.
There were hundreds of Soviet case officers and agents involved in this
effort, which used joint Soviet-U.S. collaborative working groups in agriculture, civil aviation, nuclear energy, oceanography, computers, and the
environment to aid the Soviet espionage.122 Another major source for
Western scientific and technical information was the Soviet Union's
Eastern European allies.12s