Well placed persons within the government concur that the NSA, who is responsible for guiding the country through the current computer crisis, is ideally suited for managing the situation. Even agencies who have in the past been critical of the super- secret NSA are praising their preliminary efforts and recommenda- tions to deal with the emergency.
In a several page document issued by the NSA, a series of safe- guards is outlined to protect computers against many of the threats they now face. In addition, the NSA has asked all long distance carriers to, effective immediately, deny service to any digital communications until further notice. Despite high marks for the NSA in other areas, many of their defensive recommenda- tions have not been so well received.
"We are actually receiving more help from the public BBS's and local hacker groups in finding and eradicating the viruses than from the NSA or ECCO," said the Arnold Fullerman, Vice President of Computer Services at Prudential.
AT&T is also critical of the government's efforts. "The Presi- dential Order gives the NSA virtual control over the use of our long distance services. Without the ability to transmit digital data packets, we can expect a severely negative impact on our first quarter earnings . . ." While neither AT&T nor the other long distance carriers indicated they would defy the executive decree, they did say that their attorneys were investigating the legality of the mandate.
The NSA, though, was quick to respond to criticism. "All the NSA and its policies are trying to achieve is a massive reduction in the rate of propagation of the Homosoto Viruses, eliminate fur- ther infection, so we can isolate and immunize as many computers as possible. This will be a short term situation only." De- tractors vocally dispute that argument.
AT&T, Northern TelCom and most telephone manufacturers are taking additional steps in protecting one of Homosoto's key targets: Public and Private Branch Exchanges, PBX's, or phone switches. They have all developed additional security recommendations for customers to keep Phone Phreaks from utilizing the circuits without authorization. Telephone fraud alone reached an estimat- ed $14 Billion last year, with the courts upholding that custom- ers whose phones were misused are still liable for all bills. Large companies have responded by not paying the bills and with lawsuits.
The NSA is further recommending federal legislation to mitigate the effects of future computer attacks. They propose that com- puter security be required by law.
"We feel that it would be prudent to ask the private sector to comply with minimum security levels. The C2 level is easy to reach, and will deter all but the most dedicated assaults. It is our belief that as all cars are manufactured with safety items such as seat belts, all computer should be manufactured with security and information integrity mechanisms in place. C2 level will meet 99% of the public's needs." A spokesman for ECCO, one of the emergency computer organizations working with the NSA explained that such security levels available outside of the highest government levels range from D Level, the weakest, to A Level, the strongest.
It is estimated that compliance with such recommendations will add no more than $50 to the cost of each computer.
The types of organizations that the NSA recommend secure its computers by law is extensive, and is meeting with some vocal opposition:
Companies with more than 6 computers connected in a network or that use remote communications.
Companies which store information about other people or organiza- tions.
All Credit Card merchants.
Companies that do business with local, state or federal agencies.
The entire Federal Government, regardless of data classification.
All publicly funded organizations including schools, universi- ties, museums, libraries, research, trade bureaus etc.
Public Access Data Bases and Bulletin Boards.
"It is crazy to believe that 45 million computers could comply with a law like that in under 2 years," said Harry Everett, a Washington D.C. based security consultant. "In 1987 Congress passed a law saying that the government had to protect 'sensitive but unclassified data' to a minimum C2 level by 1992. Look where we are now! Not even close, and now they expect to secure 100 times that many in one tenth the time? No way."
Another critic said, "C2? What a joke. Europe is going by ITSEC and they laugh at the Orange Book. If you're going to make security a law, at least do it right."
NSA also had words for those computers which do not fall under the umbrella of the proposed legislation. Everyone is strongly urged to practice safe computing.
* * * * *
Tuesday, January 26
St. Louis, Missouri
"I'm sorry sir, we can't find you in the computer," the harried young woman said from behind the counter.
"Here's my boarding pass," he said shoving the small cardboard pass into her face. "And here's a paid for ticket. I want to get on my flight."
"Sir, there seems to be a complication," she nervously said as she saw at least another hundred angry people behind the irate customer.
"What kind of complication?" he demanded.
"It seems that you're not the only one with a ticket for Seat 11 D on this flight."
"What's that supposed to mean?"
"Sir, it seems that the flight has been accidentally overbooked, by about 300 people."
"Well, I have a ticket and a boarding pass . . ."
"So do they, sir."
Delta and American and Northwest and USAir were all experiencing problems at every gate their airlines serviced. So was every other airline that used the National Reservation Service or Saber. Some flights though, were not so busy.
"What kind of load we have tonight, Sally?" asked Captain David Clark. The American red-eye from LAX to Kennedy was often a party flight, with music and entertainment people swapping cities and visiting ex-wives and children on the opposite coast.
"Light," she replied over the galley intercom from the middle of the 400 seat DC-10.
"How light?"
"Crew of eleven. Two passengers."
By midnight, the entire air traffic system was in total chaos. Empty airplanes sat idly in major hubs awaiting passengers that never came. Pilots and flight crews waiting for instructions as take-offs from airports all but ceased. Overbooking was so rampant that police were called into dozens of airports to re- store order. Fist fights broke out and despite pleas for calm from the police and the airlines, over 200 were arrested on charges of disorderly conduct, assault and resisting arrest. Tens of thousands of passengers had confirming tickets for flights that didn't exist or had left hours before.
Arriving passengers at the international airports, LAX, Kennedy, San Francisco, Miami were stranded with no flights, no hotels and luggage often destined for parts unknown. Welcome to the United States.
The FAA had no choice but to shut down the entire air transporta- tion system at 2:22 A.M.
* * * * *
Wednesday, January 27
National Security Agency
Fort Meade, Maryland
"Did you get the President to sign it?"
"No problem. Public opinion swung our way after yesterday."
"And now?"
"Essentially, every long and short distance phone company works for the Federal Government.."
"Tell me how it works."
"We have lines installed from the 114 Signal Transfer Points in every phone district to a pair of Cray-YMP's at the Fort. Every single AT&T long distance phone call goes through these switches and is labeled by an IAM with where the call came from and where it's going. What we're looking for is the high usage digital lines. Including fax lines. So the phone company is kind enough to send us a list of every call. We get about seven million an hour."
"We can handle that?"
"We have enough to handle ten times that."
"I forget about the international monitors. That's millions more calls a day we listen to."
"Yessir. The computers go through every call and make a list of digital calls. Then we
get a list of all billing records and start crunching. We compare the high usage digital lines with the phone numbers from the bills and look for patterns. We look to see if it's a private or business line, part of a private PBX, hours and days of usage, then who owns the line. Obviously we eliminate a great many from legitimate businesses. After inten- sive analysis and profile comparison, we got a a few thousand candidates. What we decided to look for was two things.
"First, we listen to the lines to make sure it's a computer. If it is, we get a look at the transmissions. If they are encrypt- ed, they get a red flag and onto the Hit List."
"The President bought this?"
"We told him we'd only need the records for a short time, and then we would dispose of them. He agreed."
"What a sucker. Good work."
* * * * *
Friday, February 12
New York City Times
Computer License Law Possible?
by Scott Mason
Senator Mark Bowman's proposed legislation is causing one of the most stirring debates on Capital Hill since the divisive decision to free Kuwait militarily.
The so-called "Computer License Law" is expected to create as much division in the streets and homes of America as it is polit- ically.
The bill calls for every computer in the country to be registered with the Data Registration Agency, a working component of the Commerce Dept. The proposed 'nominal fees' are intended to insure that the technology to protect computer systems keeps up with other computer technology.
Critics, though, are extremely vocal in their opposition to a bill that they say sends a strong message to the American people: We don't trust you. The FYI, Freeflow of Your Information says that passage of the Computer License Law will give the federal government the unrestricted ability and right to invade our privacy. Dr. Sean Kirschner, the chief ACLU counsel, is consid- ering a lawsuit against the United States if the bill passes. Kirschner maintains that " . . .if the License Law goes into effect, the streets will be full of Computers Cops handing out tickets if your computer doesn't have a license. The enforcement clauses of the bill essentially give the police the right to listen to your computer. That is a simple invasion of privacy, and we will not permit a precedent to be set. We lost too much freedom under Reagan."
Proponents of the bill insist that the low fee, perhaps only $10 per year per computer, is intended to finance efforts at keeping security technology apace with computer technology. "We have learned our lesson the hard way, and we now need to address the problem head on before it bites us again." They cite the example of England, where televisions have been licensed for years, with the fees dedicated to supporting the arts and maintaining broad- casting facilities.
"Does not apply," says Dr. Kirschner. "With a television, there isn't an issue of privacy. A computer is like an electronic diary, and that privacy must be respected at all costs."
"And," he adds, "that's England, not the U.S.. They don't have freedom of the press, either."
Kirschner vowed a highly visible fight if Congress " . . .dares to pass that vulgar law . . ."
* * * * *
Monday, February 15
Scarsdale, New York
"ECCO reports are coming in."
"At this hour?" Scott said sleepily.
"You want or no?" Tyrone Duncan answered with irritation.
"Yeah, yeah, I want," Scott grumbled. "What time is it?"
"Four A.M. Why?"
"I won't make the morning . . ."
"I'm giving you six hours lead. Quit bitching."
"O.K., O.K., what is it?"
"Don't sound so grateful."
"Where the hell are you?" Scott asked sounding slightly more awake.
"At the office."
"At four?"
"You're pushing your luck . . ."
"I'm ready."
"It looks like your NEMO friends were right. There are bunches of viruses. You can use this. ECCO received reports of a quar- ter million computers going haywire yesterday. There's gotta be ten times that number that haven't been reported."
"Whose?"
"Everybody for Christ's sake. American Gen, Compton Industries, First Life, Banks, and, this is almost funny, the entire town of Fallsworth, Idaho."
"Excuse me?"
* * * * *
Thursday, February 25
TOWN DISAPPEARS
By Scott Mason
The town of Fallsworth, Idaho is facing a unique problem. It is out of business.
Fallsworth, Idaho, population 433, has a computer population of 611.
But no one in the entire incorporation of Fallsworth has ever bought or paid for a single piece of software or hardware.
Three years ago, the town counsel approved a plan to make this small potato farming community the most computerized township in the United States, and it seems that they succeeded. Apparently the city hall of Fallsworth was contacted by representatives of Apple Computer. Would they like to be part of an experiment?
Apple Computer provided every home and business in the Fallsworth area with a computer and the necessary equipment to tie all of the computers together into one town-wide network. The city was a pilot program for the Electronic City of the future. The residents of Fallsworth were trained to use the computers and Apple and associated companies provided the township beta copies of software to try out, play with and comment on.
Fallsworth, Idaho was truly the networked city.
Lily Williams and members of the other 172 households in Falls- worth typed out their grocery lists on their computer, matching them to known inventories and pricing from Malcolm Druckers' General Store. When the orders arrived at the Drucker computer, the goods just had to be loaded in the pick up truck. Druckers' business increased 124% after the network was installed.
Doctors Stephenson, Viola and Freemont, the three town doctors modem'ed prescriptions to Baker Pharmacy so the pills were ready by the time their patients arrived.
Mack's Messengers had cellular modems and portable computers installed in their delivery trucks. They were so efficient, they expanded their business into nearby Darbywell, Idaho, population, 5,010.
Today, Fallsworth, Idaho doesn't use its computers. They lie dormant. A town without life. They forgot how to live and work and play and function without their computers. Who are the slaves?
The viruses of Lotus, of dGraph. The viruses of Freedom struck, and no one in the entire town had registration cards. The soft- ware crisis has left Fallsworth and a hundred other small test sites for big software firms out in the digital void.
Apple Computer promised to look into the matter but said that customers who have paid for their products come first . . .
* * * * *
Friday, March 5
FBI Building, Federal Square
Tyrone Duncan was as busy as he had ever been, attempting to coordinate the FBI's efforts in tracking down any of the increas- ing number of computer criminals. And there were a lot of them at the moment. The first Copy-Cat computer assaults were coming to light, making it all that much more difficult to isolate the Foster Plan activities from those other non-coordinated inci- dents.
Tyrone, as did his counterparts in regional FBI offices nation- wide, created teams of agents who concentrated on specific areas of Homosoto's assault as described by the Spook. Some special- ized in tracing missing electronic funds, some in working with the phone company through the NSA. More than any other goal, the FBI wanted desperately to locate as many of the invisible agents that the Spook, Miles Foster, had told Homosoto to use. Tyrone doubted they would catch anywhere near the 3000 or more he was told that were out there, but at this point any success was welcome.
FBI agents toiled and interviewed and researched sixteen and eighteen hours a day, seven days a week. There hadn't been such a blanket approval of overtime since the Kennedy assassination. The FBI followed up the leads generated by the computers at the NSA. Who and where were the likely associates of Homosoto an
d Foster?
His phone rang the private line that bypasses his secretary startling Tyrone from the deep thought in which he was immersed. On a Saturday. As the voice on the other end of the phone ut- tered its first sound, Tyrone knew that it was Bob Burnson. Apparently he was in his office today as well.
"Afternoon, Bob," Tyrone said vacantly.
"Gotcha at a bad time?" Burnson asked.
"No, no. Just going over something that may prove interesting."
"Go ahead, make my day," joked Burnson.
"I know you don't want to know . . ."
"Then don't tell me . . ."
"But Mason's hackers are coming through for us."
"Jeez, Ty," whined Bob. "Do you have to . . ."
"Do you know anybody else that is capable of moving freely in those circles? It's not exactly our specialty," reprimanded Tyrone.
"In theory it's great," Bob reluctantly agreed, "but there are so damn many exposures. They can mislead us, they're not profes- sionals, and worst of all, we don't even know who they are, to perform a background check."
"Bob, you go over to the other side . . . playing desk man on me?"
"Ty, I told you a while ago, I could only hang so far out before the branches started shaking."
"Then you don't know anything." Tyrone said in negotiation. Keep Bob officially uninformed and unofficially informed. "You don't know that NEMO has helped to identify four of the black- mailers and a handful of the Freedom Freaks. You don't know that we have gotten more reliable information from Mason's kids than from ECCO, CERT, NIST and NSA combined. They're up in the clouds with theory and conjecture and what-iffing themselves silly. NEMO is in the streets. A remote control informer if you like."
"What else don't I know?"
Terminal Compromise Page 64