Hacker Calls CIA Stupid
Ray Van Eng (09/23/96)
Big news. The U.S. Central Intelligence Agency web site was being
broken into by some cyber graffiti artist who have made his/her mark on
the home page of the CIA (http://www.odci.gov/cia) by changing it to read
the Central Stupidity Agency. Another part of the message also tell the
spy agency to "Stop Lying". This happened on Wednesday night
September 18, 1996 and by the next day the web site was closed for repair.
The story has such news significance that it was being reported in numerous
local and national TV stations in the U.S. and likely in many parts of
the world.
This is not the first time that a major U.S. government agency web site
has been vandalized in cyberspace. Just last month, the web site for the
Department of Justice (DOJ) suffered a similar fate. Apparently, the
hackers are unhappy with the way the government is handling such issues
as freedom of speech and right to privacy.
Among the items that the undesirable visitors have left behind are nude
photos, swastikas and messages that read "Free speech in the land
of the free?", "Privacy in a state of wiretaps and government
intrusion?" and others.
Public reactions to the DOJ incident are mixed. Some praised the hackers
for taking matters in their own hands in protest of the government's inability
in dealing with regulating Internet content, especially given the controversy
surrounding the Communications Decency Act.
Others says that these questionable actions by a small group of individuals
would draw bad publicity and obscure the efforts by legitimate freedom
fighters who are seeking to deal with the matter in a more open and honorable
manner. Still others fear that the government may be provoked to take an
even tougher stand in monitoring the activities on the Internet.
Of course, what is important here that concerns us all is that if the CIA,
one of the country's top wizard in espionage and computer technology failed
to defend itself and was one-upped by some hackers, how can we as common
folks running a business who have web sites on the Internet be immune to
the attacks of someone who is willing to give it a shot.
Hackers do not have to inside the system as in the case of the CIA and
DOJ in order to claim victory or cause damages. Many malicious ways can
be devised to bring your web server to a halt and the information on how
to do that is freely available on the Internet. We won't name those web
sites for ethical reasons. We do not think that those people deserve publicity
for offering products that may have a detrimental effect on the Internet
community as a whole.
In any case, let's take a look at the "denial of service" syndrome.
Here, someone could program a computer to send out continuos log-on requests
with false return addresses to a server. The server would reply with an
acknowledgment but could never locate the user. Typically, the server would
keep the connection open for a minute or so before closing it and when
that happens more phony calls would arrive. Eventually, other legitimate
users could not log on because all the bandwidth is being assigned to serve
the prankster.
This is precisely what happened to Daniel Sleator, a computer science professor
at Carnegie Mellon University who also run the subscription based Internet
Chess Club.
Can the culprit be caught? That would be close to impossible. Because professor
Sleator would have to work his way backward by going to the closest router
(a machine that directs data) where the message came from and ask the operator
there to track the message to its closest router and in turn ask someone
there to trace the call. The process could go on down a very long chain.
By the time the origin may be identified, that person may have already
moved to another location altogether. It is an endless cat and mouse chase.
So can we protect ourselves from such terrorist attacks? There is no easy
way to do it. That is the view of Stephen Hansen, computer security officer
at Stanford University. He warned everyome, "Any organization that
isn't very tightly firewalled off is potentially vulnerable, and even those
who are firewalled off-- they may have to worry as well."
In the aftermath of the CIA mishap, officials for the agency stated that
national security is in no way compromised since the web site was not linked
in any way to the mainframe computer network that holds important classified
information.
Indeed. The most important data that an organization has should be stored
in a computer that is not connected to any open network or any network
at all, period. At least the CIA is smart about that.
E-Mail
© Copyright Ray Van Eng 1996 - 1999. All rights reserved.