Theft of Computer Software-A National Security Threat, Komputer, More Hacking

[ Pobierz całość w formacie PDF ]
December 1989FBI 1.THEFT OF COMPUTER SOFTWARE: A NATIONAL SECURITY THREATByWilliam J. CookAssistant U.S. AttorneyChicago, IL-- Between July and September 1987, a Chicagoyouth attacked AT&T computers at Bell Labs inIllinois and New Jersey, at a NATO missilesupport site in North Carolina, and at RobbinsAir Force Base in Georgia, stealing softwareworth $1.2 million and causing $174,000 worthof damage. (1)-- In October 1988, Scotland Yard arrested anEnglish attacker who had broken into over 200military, corporate, and university computersin the United States and Europe. Theindication was that he planned to extort moneyfrom one of the victim corporations. (2)-- In November 1988, a college undergraduateplanted a computer virus that temporarilydisabled 6,000 computers on the U. S. Armyresearch computer network (ARPANET). (3)As evident by these accounts of computer piracy, computer-aidedattacks on Government and corporate networks are becoming morenumerous and sophisticated. While estimates vary, computer industrysources indicate that computer-related crime (including softwaretheft) annually costs U.S. companies as much as $5 billion per year,with each incident costing approximately $450,000. (4) Moreimportantly, however, the infiltration and theft of computer files isa growing Federal crime problem, since many such actions jeopardizethe security and defense of the United States.This article gives a brief overview of the theft and illegalexport of computer software. It also details steps taken by the U.S.Government to protect national security and defense information withthe intent of curtailing and hopefully eliminating the occurrence ofsuch actions in the future.INTERNATIONAL COMPUTER HACKERSWhile most computer attacks are committed by hackers who are notagents of foreign government, the growing attention of Eastern Blocgovernments to hackers indicates that these nations clearly recognizethe benefits of using them to expose openings in U.S. computernetworks.In March 1989, it was disclosed that West German hackerssponsored by Eastern Bloc intelligence agencies had beensystematically searching for classified information on Governmentcomputers throughout the United States through a weakness in acomputer network at a California university. (5) The followingmonth, Canada expelled 19 Soviet diplomats for wide-ranging espionageoperations to obtain Canadian defense contractor information formilitary and commercial purposes. (6) And in December 1988, a searchwarrant filed by U.S. Customs agents in Chicago disclosed that aconfederate of the Yugoslav Consul- General in Chicago was using ahacker to attack defense contractors by remote access in order tosteal computerized information. According to the affidavit, theinformation obtained by the hacker was subsequently smuggled out ofthe United States in diplomatic pouches with the help of the Counsel-General.Public access information and published reports reflect thatSoviet efforts to obtain technical information are not an illusion.A major daily newspaper reported that the Soviet Union was activelyfostering hacker-to-hacker ties between the Soviet internationalcomputer club and computer firms and hackers in the United States,Britain, and France. (7) Another newspaper account told of the SovietUnion setting up programmers in Hungary and India for the purpose oftranslating and converting U.S. origin software to the format ofSoviet and Warsaw Pact country machines. (8) Then in March 1989, amember of the Soviet military mission in Washington, DC, was arrestedand expelled from the United States for attempting to obtaintechnical information about how U.S. Government classifiedinformation is secured in computers. (9)The Soviet's main targets are U.S. Government agencies, defensecontractors, and high-tech companies and are purportedly backed by a$1.5 billion annual "procurement" budget. Further, Soviet satellitecountries have become very active in the Soviet high technologyprocurement effort. For the past several years, Hungarian,Bulgarian, Yugoslavian, and Polish intelligence officers and theiragents have participated in the high-tech theft effort, along withagents from Vietnam, North Korea, and India. (10) Also, Cuban andNicaraguan intelligence officers are using front companies in Panamato obtain U.S. technology. (11)News accounts suggest that these efforts are successful; 60-70%of the technology is obtained, while 90% of nonclassified hightechnology data is acquired. More than 60% of the stolen technologycomes from the United States. (12)As a result, the U.S. technological "lead" over the Soviets hasgone from 10-12 years in 1975 to 4-6 years in 1985. (13) And thesavings to the Soviets has been impressive. In 1978 it has beenestimated that the Soviet Union saved $22 million in research anddevelopment costs by stealing U.S. technology; the following year,they saved $50 million. (14) Between 1976 and 1980, the Sovietaviation industry alone saved $256 million in research anddevelopment because of stolen U.S. technology. (15) Moresignificantly, much of the stolen technology is critical to thenational security and defense of the United States.PROTECTING TECHNICAL DATAIn 1984, the U.S. Department of Commerce placed expanded exportcontrols on computer software as part of its general protection oftechnical data deemed vital to the national defense and security ofthe United States. However, export control in this realm is anenormous challenge since modern technology allows the criminal tosteal restricted software stored on Government and corporatecomputers by remote access from a personal computer anywhere in theworld. Literally, an international border becomes established wherea telephone line plugs into the computer modem.OBSERVATIONSSeveral observations can be reached from this mosaic.Obviously, U.S. taxpayers are subsidizing the modernization of theSoviet military establishment. And it is more economical for theSoviets to steal U.S. technology than to fund and develop their ownresearch and development capabilities. More importantly, however,the United States needs to do a better job protecting its technology.As noted previously, in response to the Soviet "tech-threat,"the United States and other countries expanded controls onhigh-technology computer software by placing them on the CommodityControl List or Munitions List. Commerce Department and StateDepartment licensing officers require that validated export licensesand end-user assurances are obtained before software named on theselists are exported. Both the Commerce and State Departmentsroutinely call in Defense Department personnel to analyze theseexport requests.Prosecution for illegally exporting computer data and softwarecan be brought under several sections of the U.S. Code. (16)However, before prosecution under these sections can be successful,several areas must be developed in the computer industry and the lawenforcement community.o Corporations should consider placing exportcontrol warnings on sensitive softwareprograms, which would clearly assist U.S.efforts to enforce national export laws thatrequire defendants have specific knowledge ofexport restrictions when they export thecomputer data.o Federal agents need to become oriented to thecomputer industry and computers to overcomecomputerphobia.o Corporate and Government hiring must be donewith great care when the employees will haveaccess to computer networks or trash fromcomputer centers.o Computer security specialists and systemsadministrators must be alert to internalunauthorized access and external hackerattacks and the potential ramifications ofactivities. They must also be aware that themodem plug-in on one of their computers couldbe the international border in the exportviolation and that computerized log recordsmay be the only evidence of espionage of"tech-theft."o Federal agents and computer securityprofessionals must recognize the need forrapid mutual cooperation and communication,with security professionals providingbackground information on the attackedcomputer network and assisting with Federalinvestigations and search warrant efforts.CONCLUSIONIt is folly to assume that U.S. industry can continue to makesufficient research and development advances each year to ensure thatthe United States keeps an edge on Warsaw Pact countries. Thesecountries continue to rob the United States of advanced technologicalinformation critical to the defense and security of this country.The taxpayers and consumers writing the checks for Government andprivate sector technological research and development deserve acoordinated Federal law enforcement and computer industry responsethat recognizes software and computer-related engineering as one ofour country's greatest resources.FOOTNOTES(1) ComputerWorld, February 20, 1989.(2) Sunday Telegraph, October 23, 1988.(3) The Boston Globe, November 14, 1988.(4) ComputerWorld, April 3, 1989.(5) Hamburg Ard Television Network, March 2, 1989; see also, CliffStoll, "Stalking the Wiley Hacker," Communications of the ACM, May1988.(6) Reuters, June 28, 1988.(7) The Washington Post, January 2, 1989.(8) The New York Times, January 29, 1988.(9) Reuters, March 9, 19... [ Pobierz całość w formacie PDF ]

  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • shinnobi.opx.pl

    •