|
The extraordinarily well-intentioned and creative fathers
and mothers of the Grid have made it, in effect, extraordinarily
easy for any adolescent hacker with “zero understanding
of the consequences” to march right in and have
their way with the Grid. The words are those of Chris
Wysopal, Vice-President of Research and Development,
@ Stake — another highly respected computer security
firm.
In March of 2004 the TeraGrid, which links some of
the most powerful supercomputers in the nation, was
hacked.
The first claims about the hack of the Grid and the
supercomputers had it that no data was compromised,
no computers “broken” and damage limited
to being an inconvenience. A “second” look
however might afford one a more jaundiced conclusion.,
since after those first pronouncements, there has been
a deliberate shutdown of information about the hack
and the “inconvenience.”
After the initial break-ins, according to early reports,
some computers began to act erratically “after
the intruders installed so-called ‘rootkits’
or programs that allow the malicious hacker to disguise
his or her presence; the hack also allowed the gathering
of information like user names and passwords from the
compromised system,” wrote Paul Roberts, IDG News
Service “As many as 20 institutions [around the
nation] were targeted...[which] prevented some researchers
from using the grid for up to five days,” wrote
Brian Krebs for ecommercetimes.com. Privately, people
with serious hacking or computer security experience
were not much impressed with the computer skills of
those who hacked the Grid. They had, after all, been
“caught.” And “elite” or Master
Hackers don’t get nailed.
Into the information void, leapt computer security
fear-mongers, like Russ Cooper, the so-called “chief
scientist” for a computer security company called
TruSecure. Cooper told gullible news reporters at E-Commerce
Times and the Washington Post that using the power of
the supercomputers, hackers could have launched an attack
capable of disabling large portions of the Internet.
Scary, end-of-world stuff — only it’s not
true. The Internet cannot be disabled — slowed
down a tad, maybe, one section slightly wounded for
a brief time, but not disabled. Cooper was engaging
in pure fearmongering, that just might and frighten
folks into buying TruSecure anti-hacker software.
Instead of calmly, dispassionately explaining to the
media (and to the equally fellow clueless computer security
systems administrators) what had happened and how, the
feds instead ordered everyone to shut up, to become
ostriches. On the count of three, everyone stick your
heads in the sand!
Effectively silenced were the following: University
of Chicago computer scientists Ian Foster — called
“the Father of the Grid” who, prior to the
hacking, had agreed to an interview, Sangtae Kim, the
Division Director of the Shared Cyberinfrastructure
a division of the National Science Foundation, the agency
that pours millions of dollars into building the Grid.
Kim spoke very briefly and then told me to contact Peter
Beckman of Argonne National Labs, the Chief architect
of the TeraGrid who Kim said was handling all press
information. Not surprisingly Beckman failed to return
calls or e-mails.
Finally Charlie Catlett, Executive Director of TeraGrid
wrote and said “the last round of [media] coverage
was very disruptive from the standpoint of dealing with
the security investigation.” Giving Catlett, the
benefit of the doubt, he likely means that computer
security folks on the Grid should be focusing on determining
what went wrong and how they can close vulnerabilities
and keep them closed, rather than focusing on the media.
Still, the public has the right to know that those entrusted
with securing the Grid are doing an adequate job and
silence isn’t the correct answer.
Those orders for silence most likely came from the
feds — the FBI (who have a most
dismal track record in catching such hackers) and the
office of the National Cyber Security division of the
Information Analysis Infrastructure Protection office
at the U.S. Department of Homeland Security with its
newly appointed director, Amit Yoran.
The “heat” to ‘catch’ these
hackers is intense, even more than that brought by the
New York Times in 1998 when the paper’s web page
was hacked and “owned” for several days.
A hacking group, calling themselves “Hacking for
Girlies” (HFG) was angry over what they righteously
believed was biased reporting by the Times and reporter,
John Markoff who covers the hacker beat.
Despite enormous pressure by the Times to catch HFG,
the FBI failed completely. Six months later reporter
Adam Penenberg, then working for Forbes, embarrassed
the Times and the FBI by meeting with members of HFG,
Master Pimp and Slut Puppy, who gleefully told of their
excellent
adventure in cyberspace.
In all likelihood, Master Pimp and Slut Puppy, as well
as their helpers Sidekick Slappy and Daddy Sweetcakes,
tossed the computers for hacking the Times into the
East River or some watery grave — the forensic
evidence of the hack lost forever. One can assume the
“success” of the HFG hack was not lost on
those who later hacked the Grid.)
The New CyberCzar
He’s Amit Yoran sometimes referred now as “the
most powerful man in cyberspace.” Yoran, much
respected, is a West Point graduate. He served as a
cryptology specialist, and after a few years, he, along
with his West Point graduate brother Elad, started their
own cybersecurity business, Riptech. Four years later
they were bought out by Symantec, another cybersecurity
firm, for a tidy $145 million.
Knowledgeable but cynical people in the computer security
field, give Yoran high marks for really having a clue
about the complexity of issues. He does not have a reputation
as a blowhard or hiding from reality. Which makes the
person down the hall from him, all the more curious,
considering the fact that Yoran should have more than
a passing interest in communicating concerns that this
nation’s super-important, super-vital, supercomputers
and Grid/TeraGrid are vulnerable to attack. One would
assume the director of the National Cyber Security Division
in the Department of Homeland Security would want to
talk to the press about these concerns and plans. Wrong.
Down the hall from Yoran is his press information officer
Donald Tighe who intercepts, (blocks) calls to Yoran
from the press.. Tighe, according to his bio, worked
for Florida Secretary of State Katherine Harris as her
Communications Director, the same Katherine Harris who
oversaw Florida voters, while serving as George W. Bush’s
Florida campaign chairman, the same Katherine Harris
who wound up accused of stealing Florida for Bush.
Tighe, during his service for Harris, later admitted
to drafting partisan political documents on office computers
— a “computer abuse” of a special
kind. So who hired Tighe for that critical position
at the Department of Homeland Security? Tighe refused
to respond to several to phone calls which sought confirmation
about his work for Harris and his computer abuse. What
is surprising is that someone with that kind of record
of double-dealing works as the press information chief
for the Director of Office of the National Cyber Security
division of the Information Analysis Infrastructure
Protection at the U.S. Department of Homeland Security.
Curiouser and curiouser.
People who know Yoran suspect he’s unaware of
Tighe’s background record. Washington insiders
speculate that the office of Homeland Security has,
in part, become a dumping ground for Bush stalwarts
who can’t be placed elsewhere. One certainly hopes
that part of the money isn’t being spent to support
Press Information office holder Donald Tighe to grind
out partisan anti-Kerry press releases. Inquiring minds
want to know.
David Shaw, Pulitzer Prize winner and Los Angeles Time
media critic in an April column
this year righteously complained about the lack of critical,
substantive, in-depth coverage of “anti-terrorism
preparations” — which fits directly into
Department of Homeland Security “tasking.”
Shaw’s right on target. Exactly what the hell
is the DHS doing with its (FY) 2004 $41.347 billion
budget,
a $3.2 billion increase over $38.1 billion in FY 2003?
It certainly doesn’t seem that millions of dollars,
to say nothing about billions, went to supporting the
security of this nation’s vital “homeland”
Supercomputers and TeraGrid.
Protecting the Homeland? Reporters should start covering
the DHS and its “anti-terrorists preparations”
in the old City News Bureau Chicago-style: “Your
mother says she loves you, chum? Check it out!”
This reporter intends on doing exactly that —
with or without assistance from DOCNCSDIAFPUSDHS –the
Press Information Officer for the Director of Office
of the National Cyber Security Division of the Information
Analysis Infrastructure Protection at the U.S. Department
of Homeland Security.
You
can reach the writer at lzkoch@comcast.net.
|
