Surveillance or Security?: The Risks Posed by New Wiretapping Technologies (58 page)

76. (p. 157) USA PATRIOT Act of 2001, §1016(e).

77. (p. 157) U.S. Department of Homeland Security, National Infrastructure Protection
Plan (Washington, DC: U.S. Department of Homeland Security, 2006), 3.

78. (p. 157) U.S. Department of Justice, Juvenile Computer Hacker Cuts Off FAA Tower
at Regional Airport (March 18, 1998), http://www.justice.gov/criminal/cybercrime/
juvenilepld.htm.

79. (p. 158) Committee on Science and Technology for Countering Terrorism,
National Research Council, Making the Nation Safer: The Role of Science and Technology
in Countering Terrorism (Washington, DC: National Academies Press, 2002), 141.

80. (p. 158) Committee on Science and Technology for Countering Terrorism,
National Research Council, Making the Nation Safer, 141.

81. (p. 158) Markus Brandle and Martin Naedle, "Security for Process Control Systems:
An Overview," IEEE Security and Privacy 6, no. 6 (November/December 2008): 26.

82. (p. 159) The disruption of others, such as food supply, would create a national
crisis that would play out over a much longer period of time.

83. (p. 159) National Infrastructure Protection Center, Highlights, vol. 3-02 (June 15,
2002): 5.

84. (p. 159) "Sources: Staged Cyber Attack Reveals Vulnerability in Power Grid,"
CNN, September 26, 2007.

85. (p. 159) In January 2008 the U.S. government acknowledged that attacks had
occurred in an unnamed foreign country.

86. (p. 160) U.S. Department of Justice, Office of Public Affairs, Alleged International
Hacking Ring Caught in $9 Million Fraud (November 10, 2009); U.S. District Court,
Northeastern District of Georgia, Atlanta Division, United States v. Viktor Pleshchuk,
Sergei Tsbrikov, Hacker 3, Oleg Covelin, Igor Grudijev, Ronald Tsoi, Evelin Tsoi, and
Mikhail Jevgenov, Defendants, Criminal Indictment 1-09-CR-491 (November 10,
2009), 3-5.

87. (p. 160) Kevin Poulsen, "Card Processor Admits to Large Data Breach," Wired,
January 20, 2009, http://www.wired.com/threatlevel/2009/01/card-processor/.

88. (p. 160) U.S. Department of Justice, Office of Public Affairs, Alleged International
Hacker Indicted for Massive Attack on U.S. Retail and BankingNetworks (August 17, 2009).

89. (p. 160) Saul Hansell, "Citibank Fraud Case Raises Computer Security Questions," New York Times, August 19, 1995.

90. (p. 161) U.S.-Canada Power System Outage Task Force, Final Report on the August
14, 2003 Blackout in the United States and Canada: Causes and Recommendations
(April 2004), 45.

91. (p. 161) U.S.-Canada Power System Outage Task Force, Final Report, 65.

92. (p. 161) Gorman, "Electricity Grid in U.S. Penetrated by Spies," Wall Street Journal
(April 8, 2009).

93. (p. 161) Hackers were employed in the DDoS attack on Georgia.

94. (p. 161) Barton Gellman, "Cyber-Attacks by Al Qaeda Feared," Washington Post,
June 27, 2002.

95. (p. 161) U.S. General Accountability Office, testimony before the Subcommittee
on Emerging Threats, Cybersecurity, and Science and Technology, Committee on
Homeland Security, House of Representatives, "Critical Infrastructure Protection:
Multiple Efforts to Secure Control Systems Are Under Way, but Challenges Remain,"
September 2007, 13.

96. (p. 162) U.S. Congress, Senate, Senate Select Committee on Intelligence, An
Assessment of the Aldrich H. Ames Espionage Case and Its Implications for U.S. Intelligence, Part One, (Washington, DC: Government Printing Office, November 1, 1994).

97. (p. 162) Howard had been under twenty-four-hour-a-day watch by the FBI. With
his wife driving, he jumped out of his car as it rounded a turn. Howard's wife then
pushed a dummy into Howard's seat, fooling the watchers (Tim Weiner, David
Johnston, and Neil A. Lewis, Betrayal: The Story of Aldrich Ames, an American Spy
(New York: Random House, 1995), 53).

98. (p. 162) U.S. Congress, Senate, An Assessment of the Aldrich H. Ames Espionage Case.

99. (p. 162) Weiner, Johnston, and Lewis, Betrayal, 74.

100. (p. 162) One CIA source described the Soviets "wrapping up our cases with
reckless abandon" (Senate, An Assessment of the Aldrich H. Ames Espionage Case).

101. (p. 162) U.S. Congress, Senate, An Assessment of the Aldrich H. Ames Espionage Case.

102. (p. 162) U.S. Congress, Senate, An Assessment of the Aldrich H. Ames Espionage Case.

103. (p. 162) The five were Kim Philby, Donald Maclean, Guy Burgess, John Cairncross, and Anthony Blunt. Maclean, Burgess, and Philby defected to the USSR, while
Blunt, who was unmasked in 1979, served as director of the Courtauld Institute in
London. British intelligence discovered Cairncross's spying in 1951 but he was never
prosecuted, and his activities were not made public until many years later.

104. (p. 163) Hanssen was uncovered only when his voice was recognized on a tape
during an investigation of another agent.

105. (p. 163) Interagency OPSEC, Intelligence Threat Handbook (2004), 39-40.

106. (p. 163) U.S. Department of Justice, U.S. Attorney's Office, District of Delaware,
Guilty Plea in Secrets Case, February 15, 2006.

107. (p. 163) Dam and Lin, Cryptography's Role, 32.

108. (p. 164) Marisa Reddy Randazzo, Michelle Keeney, Eileen Kowalski, Dawn
Cappelli, and Andrew Moore, Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector, Technical Report CMU/SEI-2004-TR-021 ESC-TR-2004-021 (Pittsburgh, PA: Software Engineering Institute, Carnegie, Carnegie Mellon, June 2005).

109. (p. 164) See, for example, Schweizer, Friendly Spies, 169-172.

110. (p. 164)According to annual surveys conducted by the Computer Security
Institute, between 2004 and 2008, insider attacks account for 44 to 59 percent of
all security incidents (Robert Richardson, 2008 CSI Computer Crime & Security Survey,
New York: Computer Security Institute, 2008, 15).

111. (p. 164) This is not the only place in which organized crime has entered the
picture. Organized crime has also begun more sophisticated attacks on data. The
theft at RBS involved decrypting the stolen data. Another type of attack involves
targeting "transient" data. Typically, if stored data are at all sensitive, it will be
encrypted, while data in transient storage is not encrypted. Criminals have been
targeting the data in transient storage, which is more difficult to access (Verizon
Business RISK Team, Verizon Business, 2009 Data Breach Investigations Report, 22).
Verizon reports that such malware is increasingly customized. The customization
requires a major investment in time, money, and expertise, but the potential gains
make it worth it to organized crime.

112. (p. 164) Dam and Lin, Cryptography's Role, 470.

113. (p. 164) Dan Schutzer, "Research Challenges for Fighting Insider Threat in the
Financial Services Industry," in Salvatore J. Stolfo, Steven M. Bellovin, Shlomo
Hershkop, Angelos D. Keromytis, Sara Sinclair, and Sean W. Smith, eds., Insider Attack
and Cyber Security: Beyond the Hacker (New York: Springer, 2008), 215.

114. (p. 164) Piero Colaprico, "'Da Telecom dossier sui Ds' Mancini parla dei
politici," La Repubblica, January 26, 2007.

115. (p. 164) The number is surely higher. As Supreme Court Justice Louis Brandeis
observed in 1928, "Whenever a telephone line is tapped, the privacy of the persons
at both ends of the line is invaded and all conversations between them upon any
subject, and, although proper, confidential and privileged, may be overheard"
(Olmsted v. United States, 476; emphasis added). Many people were undoubtedly
wiretapped who were not among the 6,000.

116. (p. 165) Schutzer, "Research Challenges," 215.

117. (p. 165) U.S. Department of Justice, Commission for Review of FBI Security
Programs, A Review of FBI Security Programs (Washington, DC: U.S. Department of
Justice, March 2002), 1.

118. (p. 165) U.S. General Accountability Office, Information Security: FBI Needs to
Address Weaknesses in Critical Network (Washington, DC: U.S. General Accountability
Office, April 2007), 19.

119. (p. 165) Richelson, Jeffrey, A Century of Spies (Oxford: Oxford University Press,
1995), 377.

120. (p. 165) Interagency OPSEC, Intelligence Threat Handbook (2004), 32-33.

121. (p. 165) Matthew French, "Tech Sabotage during the Cold War," Federal Coinputer Week, April 26, 2004, 2.

122. (p. 165) French, "Tech Sabotage during the Cold War," 3.

123. (p. 165) Richelson, A Century of Spies, 378.

124. (p. 166) William Safire, "The Farewell Dossier," New York Times, February 4, 2004.

125. (p. 166) Years later Glenn Gaffney, Deputy Director for National Intelligence
for Collection, Office of the Director of National Intelligence, observed that "you
don't have to corrupt any information to corrupt all of it.... Just the fact that your
adversary has been present in your system makes the entire system suspect" (James
Gosler, "Counterintelligence: Too Narrowly Practiced," in Jennifer Sims and
Burton Gerber, eds., Vaults, Mirrors, and Masks: Rediscovering U.S. Counterintelligence
(Washington, DC: Georgetown University Press, 2009), 193-194).

126. (p. 166) Walter Pincus, "Russian Spies on Rise Here; Administration Worried
about `Aggressive' Economic Espionage," Washington Post, September 21, 1999.

127. (p. 166) These data come from CNNIC, whose survey methods are disputed
("China Statistics and Related Data Information and Links," ChinaToday.com,
http://www.chinatoday.com/data/data.htm#int). Since CNNIC numbers tend, if
anything, to be high, and the report I am citing says that by 1997 0.62 million
Chinese were Internet users, I believe "under a million" is accurate.

128. (p. 166) Nathan Thomborough, "Inside the Chinese Hack Attack," Time Magazine,
August 25, 2005, http://www.time.com/time/nation/article/0,8599, 1098371,00.html.

129. (p. 166) Nathan Thornborough, "The Invasion of the Chinese Cyberspies (And
the Man Who Tried to Stop Them)," Time Magazine, August 29, 2005, 4.

130. (p. 167) Dawn Onley and Patience Wait, "Red Storm Rising," Government Coinputer News, August 17, 2006, 3.

131. (p. 167) Peter Warren, "Smash and Grab, the Hi-Tech Way," Guardian, January
19, 2006.

132. (p. 167) Oak Ridge National Laboratory, "Potential Identity Theft," http://
www.ornl.gov/identitytheft.

133. (p. 167) Bryan Krekel, Capability of the People's Republic of China to Conduct Cyber
Warfare and Computer Network Exploitation, prepared for the U.S.-China Economic
and Security Review Commission, 2009, 72-74.

134. (p. 167) One researcher, Shishir Nagaraja, was from Cambridge University.

135. (p. 167) Information Warfare Monitor, Munk Center for International Studies,
University of Toronto, Tracking Ghostnet: Investigating a CyberEspionage Network (Toronto:
Munk Center for International Studies, University of Toronto, March 29, 2009), 40.

136. (p. 167) This included the ministries of Bangladesh, Barbados, Bhutan, Brunei,
Iran, and Latvia (Information Warfare Monitor, Tracking Ghostnet, 43).

137. (p. 167) This included the Indian embassies to Belgium, Serbia, Germany, Italy,
Kuwait, the United States, and Zimbawe (Information Warfare Monitor, Tracking
Ghostnet, 40).

138. (p. 167) Information Warfare Monitor, Tracking Ghostnet, S.

139. (p. 167) Information Warfare Monitor, Tracking Ghostnet, 31-32.

140. (p. 168) Information Warfare Monitor, Tracking Ghostnet, 28.

141. (p. 168) Shishir Nagaraja and Ross Anderson, "The Snooping Dragon: SocialMalware Surveillance of the Tibetan Movement," University of Cambridge Computer Laboratory, UCAM-CL-TR-746 (Cambridge: University of Cambridge Computer
Laboratory, March 2009), S.

142. (p. 168) Nart Villineuve, Breaching Trust: An Analysis of Surveillance and Security
Practices on Chinas Toin-Skype Platform, Information Warfare Monitor (Toronto:
Munk Center for International Studies, University of Toronto, October 1, 2008).

143. (p. 168) Krekel, Capability of the People's Republic of China, 6.

144. (p. 168) James Mulvenon, "Chinese Defense Agencies and the 'Digital Triangle'
Paradigm," Statement before the U.S.-China Economic and Security Review Commission Hearing on "China's Proliferation and the Impact of Trade Policy on Defense
Industries in the United States and China" (Washington, DC: July 12, 2007), 2-3.
http://www.uscc.gov/pressreleases/2007/agenda/07-07-12-13agenda.php.

145. (p. 168) Kevin O'Brien, "Upstart Chinese Telecom Company Rattles Industry
as It Rises to No. 2," New York Times, November 30, 2009.

146. (p. 168) The quote is from Information War by Zhu Wenguan and Chen Taiyi
and is in Timothy L. Thomas, "China's Electronic Long-Range Reconnaissance,"
Military Review, November/December 2008, 48.

147. (p. 168) Thomas, "China's Electronic Long-Range Reconnaissance."

148. (p. 168) Thomas, "China's Electronic Long-Range Reconnaissance," 49-50.

149. (p. 168) Thomas, "China's Electronic Long-Range Reconnaissance," 50.

150. (p. 168) David Barboza, "Hacking for Fun and Profit in China's Underworld,"
New York Times, February 1, 2010.

151. (p. 169) Krekel, Capability of the People's Republic of China, 38-39.

152. (p. 169) Mak did so for over twenty years. He was aided by his younger brother,
who immigrated to the United States in 2001 (Office of the National Counterintelligence Executive, Annual Report to the Congress on Foreign Economic Collection and Industrial Espionage, FY08, July 23, 2009, 5). The espionage stopped with the men's
arrest in 2005. The quality of the operational methods-data, encrypted and hidden
within other files, indirect flights to China, use of code words during conversations-demonstrated expert tradecraft and was a strong indication of government
involvement in the espionage.

153. (p. 169) Keith Epstein and Ben Elgin, "Network Security Breaches Plague
NASA," Business Week, November 20, 2008.

154. (p. 169) Confidential source.

155. (p. 169) Onley and Wait, "Red Storm Rising," 1.

156. (p. 169) Owens, Dam, and Lin, Use of Cyberattack Capabilities, 198.