Spying And Sabotage by Computer

By JAY PETERZELL

In early 1981, National Security Agency officials working at an intelligence facility in suburban Washington made an alarming discovery: someone had made off with a sizable haul of classified information. The thief did not jimmy open a window at the well-guarded site; instead, he gained access to a "secure" cable leading into the facility and was able to trespass electronically. NSA officials believed the breach was the work of an East bloc spy agency.

If so, it was not the only one. A previously undisclosed series of high-tech espionage coups have been achieved by both sides. "Foreign intelligence services have gained access to classified information in U.S. computers by remote means," a former senior Government computer expert told TIME. "And we have done the same thing to them."

Last week the U.S. arrested and then expelled a Soviet military attache for allegedly trying to steal details of computer-security programs. The incident, as well as the arrest earlier this month of three West German computer hackers suspected of spying for the Soviet Union, highlighted the extent to which rival intelligence agencies are scrambling to devise ways to penetrate one another's security systems.

A number of current or former officials say U.S. intelligence agencies have had considerable success in penetrating classified military computer systems in the Soviet Union and other countries. The rule, explains one expert, is that "any country whose sensitive communications we can read, we can get into their computers." Breaches of some Soviet computers were done not by cracking codes but by physically breaking into Soviet military facilities, sources said.

Both the NSA and CIA have also "experimented" with the disruption of other nations' computers by infecting them with viruses and other destructive programs, according to some sources. But there is said to be concern in the intelligence community that these disruption operations could go too far and lead to retaliation.

The military's growing reliance on linked computer networks for battle management and command and control increases the danger of catastrophic sabotage by a hostile insider. That's why some U.S. security officials lie awake at night imagining scenarios like these:

-- An enemy agent in the Pentagon sends a computer virus through the World- Wide Military Command and Control System, which U.S. commanders would rely on in wartime for information and coordination. The virus sits undetected. When hostilities begin, the agent sends a message that triggers the virus, erasing everything in the system.

-- A different virus is introduced into NATO's logistics computers. Triggered just as the Soviet army marches into West Germany, the virus alters messages so that all allied supplies are sent to the wrong places. By the time the mistake is corrected a day or two later, key parts of NATO's defense line have collapsed.

Officials differ about the likelihood that such sabotage could be carried off. But the damage that can be caused by a virus was dramatically illustrated last November, when computer hacker Robert Morris injected a bug into an unclassified Defense Department computer network, Arpanet. The virus reproduced wildly and brought research computers nationwide to a halt. "If someone at NORAD ((North American Aerospace Defense Command)) wanted to do what Robert Morris did at Arpanet, he could cause a lot of damage," says Stephen Walker, former Pentagon director of information systems. A retired senior military computer-security expert goes even further: "The potential for offensive use of viruses is so great that I would have to view the power and magnitude as comparable with that of nuclear or chemical weapons."

With all this in mind, the Government has in recent years stepped up efforts to ensure that all sensitive computers that have links to other systems are adequately protected by encoding equipment. In addition to guarding against assaults by hostile intelligence agencies, this improved encryption program appears to have ended, at least for now, the ability of amateur computer hackers to breach secure military systems.

The KGB does, however, consider hackers an asset in its search for weak points. The West German hackers arrested last month are believed to have broken into some 30 unclassified U.S. defense computers and tried to enter 420 others. According to Clifford Stoll, a computer expert at Harvard who followed their activities for almost a year, they seemed to be assembling a "map" of links between U.S. defense computers and systematically seeking out "unauthorized gateways" into classified systems. Such gateways are created when a computer user has access to both secure and unclassified networks and is careless about keeping them separate. The hackers never did get access to classified information. The reconnaissance they gave the Soviets cannot be fully exploited until the KGB recruits an insider with access to a computer at one of the installations on the hacker's map.

In other words, as in Reilly: Ace of Spies, there is no substitute for a man on the scene. The relative success of computer-security officials in frustrating outside attacks has turned attention to the more serious threat from insiders -- people who have authorized access to defense computers and who sell their services to a foreign government. Such an agent could do enormous damage, either as a spy or a saboteur. "There is a threat, and it's real," says Donald Latham, a former Assistant Secretary of Defense who had | primary responsibility for computer security.

NSA has figures that make the insider threat look soberingly real. An agency log of cases involving computer crime or computer espionage showed that up to 90% of known security breaches are the work of corporate or Government insiders. A 1981 study by NSA security officials estimated that 1 out of every 15,000 military computer key operators had sold or given away classified information in the previous 20 years. Since the military has more than 100,000 key operators at any one time, it could expect to have more than half a dozen security breaches.

Because the military operates many computers at what is called system high, in which all users are cleared for the highest level of information the network possesses, a sophisticated insider who became a spy would have considerable access. The spy could transmit information to a less closely watched part of the network -- or to an outsider -- without appearing to do so by using what is known as a covert channel. This involves signaling the secret message the agent wants to send in binary code by making minute changes in the speed or the order in which the "bits" of other, entirely innocent messages are transmitted. According to Walker, covert channels have been found that are capable of carrying as much as 1 million bits of information per second. Walker and other experts say they know of no cases in which U.S. covert channels were actually used.

Some steps have been taken to deal with the problem of malicious insiders. "We have put protective mechanisms into systems that are very, very closely held so that very few people know something is keeping track," says Donald Latham. Walker and others now in the private sector are also working to develop "trusted systems" designed to make sure that users obtain only information they are entitled to see and do only things they are authorized to do.

Advocates say such systems will allow computers to be linked in more useful ways without endangering security. Says Walker: "The lack of trusted computer systems is the largest impediment to the effective use of computers in the U.S. today." Until such systems are developed and put in place, computer networks will continue to be at risk -- although the threat cuts both ways. "If you believe the Soviet Union can get into our systems and change them at will," asks a former senior Government expert, "what do you think they think we can do to them?" In the hidden world of computer espionage, the battle may just be gearing up.