The Terrorists Are Winning the Cyber War

In the Internet Age, when communications speed across national boundaries in nanoseconds, terrorist groups are winning the cyberspace battle, say intelligence and security experts.

Terrorists hide their communications with encryption software. They set up Web sites to help raise money for their operations. Computer hackers break into U.S. government networks to research possible targets.

Meanwhile, federal agencies that have spent billions on computer surveillance of terrorists and the nations that harbor them continue to struggle both with outdated technology and a flood of data to process.

Last week, former President George Bush criticized the nation’s intelligence agencies for focusing too heavily on high-tech operations, rather than developing human spies in foreign terrorist groups.

One problem is that America’s intelligence agencies are frozen in time, said Jeffrey Hunker, until recently a member of the National Security Council. The National Security Agency, the largest and most secretive spy shop, vividly demonstrates the problem, Hunker and other experts say.

The NSA operates spy satellites and gathers information from radio, microwave, television, telephone and Internet signals outside the United States. Despite a history of technical prowess that allowed it to crack secret codes of dozens of nations, the NSA is falling behind America’s adversaries, experts say. The NSA “is far more . . . resistant to change than most” agencies because of internal power struggles, said Stewart Baker, the NSA’s general counsel from 1992 to 1994.

Now the agency says it is spending billions of dollars to update aging computer networks and cryptographic tools. But experts say the NSA’s sheer bulk and bureaucracy raise questions about its ability to keep up with technology’s breakneck pace.

For three days last year the NSA’s entire computer system went down because of antiquated, overloaded software linking its vast array of computers, listening devices and satellites. Lt. Gen. Michael Hayden, NSA’s director, said the agency went “brain dead.” Fortunately for national security, the NSA kept the shutdown secret until the networks were up and running again.

Another problem is that lifetime employment at the agency and relatively low pay discourage technologically savvy workers from joining, Baker said. The NSA’s budget has also been slashed--perhaps by one-third--over the past decade. Managers have responded by attempting to preserve existing jobs, which led to hiring freezes and delays in purchasing new equipment. “Their budgets have tended to preserve people over research and technology,” Baker said.

As a result, the NSA has lagged behind trends that have remade intelligence gathering, including:

* Fiber optics: Increasingly, data and voice communication, from phone calls routed over the Internet to computer networking transmissions, flow on beams of light along fiber-optic cables. Unlike eavesdropping on conventional copper phone lines or microwave towers, these glass fiber lines must be physically tapped to collect information.

* Software encryption: This coding renders computer text messages virtually unreadable, except by the intended recipient. It is widely available on the Internet.

The FBI says that Osama bin Laden--accused mastermind of the attacks on the World Trade Center and the Pentagon--and other terrorist groups routinely encrypt communications.

Last week, some politicians called for a ban on strong encryption. Too late, said Tim Belcher, chief technology officer of Riptech, a security firm in Alexandria, Va. “Banning strong encryption would prove as ineffective as shutting down Napster,” he said.

* Internet support: Terrorists have become so confident that they sponsor Web sites to solicit funds from supporters worldwide. Two such Internet-savvy groups, Pakistan-based Harkat Ul Moujahedeen and Lebanon’s Hezbollah, have been linked to Bin Laden.

* Information overload: Each day the NSA reportedly captures a greater volume of data than is held by the Library of Congress. The FBI has attempted a similarly ambitious program, code named Carnivore, to collect communications traffic over Internet service provider networks. But intelligence agencies have trouble interpreting this flood of information. “There aren’t enough human beings to look at the data,” said Bruce Schneier, chief technology officer of Counterpane Internet Security, a security consulting company in San Jose.

Despite these problems, there have been some victories against terrorism. Hunker credits U.S. spy agencies with thwarting planned terrorist actions, which he numbered “in double digits” over the last decade. But he concedes that last week’s tragedy represents a staggering intelligence failure.

Some politicians have questioned whether laws designed to protect civil liberties--which also inhibit investigators from aggressively pursuing suspects online--should be changed. For example, agencies with the most technology resources, the CIA and the NSA, are prohibited from nearly all domestic spying.

“When the rules were enacted, that was pre fax machine,” Baker said. “International communications all occurred on [conventional phone] circuits and you knew where they started and where they ended. . . . We don’t live in that world anymore.”

The Bush administration is asking for expanded powers and is adding funds to track down terrorism suspects.

Some FBI antiterrorism agents have strong technology skills, but the bureau has only about 200 tech specialists, who must handle the full spectrum of cyber crime.

But resources alone are not the answer, experts say. “People think all we need to do is pour $40 billion into counterterrorism and this problem will be solved. Wrong,” said Hunker, dean of the Heinz School of Public Policy Management at Carnegie Mellon University.

Some say that better cooperation between law enforcement and the private sector, or within government agencies, would help more than increased domestic surveillance or fatter budgets.

For Tom Talleur, that point became painfully clear in 1998, when computer hackers tapped into a NASA Jet Propulsion Laboratory computer in Pasadena and accessed data about the commercial air traffic system.

“The FAA had to shut down communications for several live flights going on at the time,” said Talleur, then chief of NASA’s cyber-crime unit.

This intelligence could have told hackers the configuration of GPS navigation satellites and allowed them to jam the system during a war, he said.

The hackers were also searching for information on Stealth aircraft--where the planes were located and how they operated in difficult weather situations--Talleur added. “Why break into a classified [Defense Department] system when there is an unclassified system at another agency [with] 60%” of the same material? he asked.

JPL declined to comment.

Talleur worked for the NASA inspector general’s office. But because NASA officials did not understand the implications of the hack, they refused to allow him to install an “intercept box”--needed to track the hackers immediately, Talleur said.

“By the time they let us do that, a week later, the intruders were long gone,” he said. Talleur eventually traced the hackers to computers in the Persian Gulf area.

The episode was extreme but is hardly isolated.

The Defense Department acknowledges hundreds of successful cyber attacks on its networks in recent years. The networks of most public agencies are replete with such security holes, experts say.

“Most of the hacks we’ve seen have been the equivalent of breaking and entering,” causing limited damage, said Brian Dunphy, who left the Defense Department’s network security unit last year to work for Riptech.

No computer hacker has yet shut down an electrical grid or opened a dam.

“But our nation’s critical infrastructure is both connected to public networks and vulnerable,” he added. “It’s open to terrorists, operating from anywhere in the world, with the motivation and skills to wreck havoc.”