From: John Young <jya@pipeline.com>
Date: Thu, 25 Jun 1998 05:40:34 -0700 (PDT)
To: cypherpunks@toad.com
Subject: CIA 4 Nags: Hackers Crypto Y2K Foreigners
Message-ID: <199806251240.IAA05050@dewdrop2.mindspring.com>
MIME-Version: 1.0
Content-Type: text/plain


June 24, 1998
CIA Head Forsees Better Hackers
Filed at 5:43 p.m. EDT
By The Associated Press

WASHINGTON (AP) -- Intrusion into government computers 
will become increasingly more sophisticated and better 
organized and is likely to involve hostile nations, CIA 
Director George Tenet told lawmakers Wednesday. 

"Potential attackers range from national intelligence 
and military organizations, terrorists, criminals, 
industrial competitors, hackers and disgruntled or 
disloyal insiders," Tenet told the Senate Governmental
Affairs Committee. "We know with specificity of several 
nations that are working on developing an information 
warfare capability." 

While Tenet did not identify the countries, committee 
Chairman Fred Thompson, R-Tenn., who received a classified 
briefing on Tuesday, named some of them. Citing published 
reports, Thompson said China, Russia, Libya, Iraq and Iran 
and at least seven other countries are developing 
information warfare programs. 

The challenge facing U.S. intelligence will be to detect 
attacks on U.S.computers and information systems by 
organized or individual hackers. In some cases, Tenet said, 
disruptive intrusions orchestrated by hostile states may 
be disguised as amateurish efforts by individual hackers. 

"Our electric power grids and our telecommunications 
networks will be targets of the first order," Tenet said. 
"An adversary capable of implanting the right virus or 
accessing the right terminal can cause massive damage." 

The shift of the computer hacker problem from individuals 
and terrorist groups to governments is only beginning, 
Tenet said, but he added, "Down the line we are going to 
encounter more and it will be more organized." 

Tenet cited one case, without naming it, of a foreign 
government targeting the United States for intrusion into 
information systems. 

Sen. Joseph Lieberman, D-Conn., asked if the U.S. 
government is taking steps to develop its own offensive 
hacking capability to disrupt adversaries and to serve as 
a deterrent for computer-based attacks. 

"We're not asleep at the switch in this regard," Tenet 
replied. 

Air Force Lt. Gen. Kenneth Minihan, head of the National 
Security Agency, said it was not going too far to think in 
terms of an "electronic Pearl Harbor," a well-organized 
assault on the United States based on strikes aimed at 
electronic information systems. 

The most sensitive information centers, such as CIA and 
Pentagon classified files, are heavily guarded against 
such intrusion and, in most cases, are fenced off from 
Internet-type transfers. The problems are more likely to
arise in less well-guarded areas such as financial 
networks or industrial control centers. 

"They're not going to attack our strengths," Minihan said. 

A key area of vulnerability within the intelligence 
community, Tenet said, is the possibility of a disloyal 
or disgruntled employee wreaking havoc with CIA computers. 
Another scenario stems from the difficulty the CIA is
encountering finding enough software specialists to grapple 
with the "Year 2000" problem, caused by computers not being 
programmed to recognize the shift in the calendar from 1999 
to 2000. 

Most of the contractors available to help the agency, Tenet 
said, would use foreigners, affording "an easy opportunity 
to come in and see how your system works and what your 
vulnerabilities are." 

The running debate over the availability of increasingly 
sophisticated encryption technology, which scrambles messages 
and data from unauthorized intrusion, also poses a worry, 
Tenet said. 

Unless the computer industry and the government find a 
legislative compromise, the government could fall victim to 
hackers able to hide their own actions in impenetrable 
encryption codes. It may take a major computer-hacker 
incident to create the political pressure needed to allow
the government the "recovery" power to access encrypted 
databases. 

"There is a train wreck waiting to happen unless we deal 

with the recovery aspect of the encryption debate," Tenet 
said. 

------