Hacker Calls CIA Stupid

Ray Van Eng (09/23/96) 

Big news. The U.S. Central Intelligence Agency web site was being broken into by some cyber graffiti artist who have made his/her mark on the home page of the CIA (http://www.odci.gov/cia) by changing it to read the Central Stupidity Agency. Another part of the message also tell the spy agency to "Stop Lying". This happened on Wednesday night September 18, 1996 and by the next day the web site was closed for repair.

The story has such news significance that it was being reported in numerous local and national TV stations in the U.S. and likely in many parts of the world.

This is not the first time that a major U.S. government agency web site has been vandalized in cyberspace. Just last month, the web site for the Department of Justice (DOJ) suffered a similar fate. Apparently, the hackers are unhappy with the way the government is handling such issues as freedom of speech and right to privacy.

Among the items that the undesirable visitors have left behind are nude photos, swastikas and messages that read "Free speech in the land of the free?", "Privacy in a state of wiretaps and government intrusion?" and others.

Public reactions to the DOJ incident are mixed. Some praised the hackers for taking matters in their own hands in protest of the government's inability in dealing with regulating Internet content, especially given the controversy surrounding the Communications Decency Act.

Others says that these questionable actions by a small group of individuals would draw bad publicity and obscure the efforts by legitimate freedom fighters who are seeking to deal with the matter in a more open and honorable manner. Still others fear that the government may be provoked to take an even tougher stand in monitoring the activities on the Internet.

Of course, what is important here that concerns us all is that if the CIA, one of the country's top wizard in espionage and computer technology failed to defend itself and was one-upped by some hackers, how can we as common folks running a business who have web sites on the Internet be immune to the attacks of someone who is willing to give it a shot.

Hackers do not have to inside the system as in the case of the CIA and DOJ in order to claim victory or cause damages. Many malicious ways can be devised to bring your web server to a halt and the information on how to do that is freely available on the Internet. We won't name those web sites for ethical reasons. We do not think that those people deserve publicity for offering products that may have a detrimental effect on the Internet community as a whole.

In any case, let's take a look at the "denial of service" syndrome. Here, someone could program a computer to send out continuos log-on requests with false return addresses to a server. The server would reply with an acknowledgment but could never locate the user. Typically, the server would keep the connection open for a minute or so before closing it and when that happens more phony calls would arrive. Eventually, other legitimate users could not log on because all the bandwidth is being assigned to serve the prankster.

This is precisely what happened to Daniel Sleator, a computer science professor at Carnegie Mellon University who also run the subscription based Internet Chess Club.

Can the culprit be caught? That would be close to impossible. Because professor Sleator would have to work his way backward by going to the closest router (a machine that directs data) where the message came from and ask the operator there to track the message to its closest router and in turn ask someone there to trace the call. The process could go on down a very long chain. By the time the origin may be identified, that person may have already moved to another location altogether. It is an endless cat and mouse chase.

So can we protect ourselves from such terrorist attacks? There is no easy way to do it. That is the view of Stephen Hansen, computer security officer at Stanford University. He warned everyome, "Any organization that isn't very tightly firewalled off is potentially vulnerable, and even those who are firewalled off-- they may have to worry as well."

In the aftermath of the CIA mishap, officials for the agency stated that national security is in no way compromised since the web site was not linked in any way to the mainframe computer network that holds important classified information.


Indeed. The most important data that an organization has should be stored in a computer that is not connected to any open network or any network at all, period. At least the CIA is smart about that.


E-Mail