Saturday, March 18, 2006

Hacked To Death, New Notes On the New Terrorism

HackerTapping away on a keyboard, deep within the maze of a Muslim city, Omar has just walked in to Homeland Security’s documents archives. No mask or gun needed, not even a fake passport. He's not sweating, he's calm, eating hummus and drinking a Coke. It's not yet noon in the Middle East.


Impossible? Alarming? Certainly a posit to make one perk up and pay attention, as we debate the constitutional aspects of tapping phone conversations and ignore the institutional aspects of computer security in shambles.


In an equal-opportunity lack of concern, this administration ignores both.


Strangely, there doesn’t seem to be much of a constituency for either. One wonders why the flaming liberals of whom we hear so much aren’t dominating Sunday talk shows with rants over rights to privacy, but they're quiet. Equally, it’s amazing that Bush's Republican base hasn’t frantically dialed-in to Rush Limbaugh, raging over hacked security, the innermost workings of our government laid bare.


Is everyone out to lunch, before the lunches themselves become illegal?


BushchertoffWhat’s going on over at Homeland Security, where they got an F for the 3rd straight year on their computer protection grade? Mike Chertoff’s been there for just over a year and Omar’s apparently still able to log in. Homeland Security is our national fire-wall, in charge of cyber-security for the entire government.


Doesn’t it make you just a little bit nervous that the guys who screw up absolutely everything they touch, have their finger in the computer-security dike?


According to the House Government Reform Committee, who hands out the Oscars every year for such things, the departments of


  • Defense

  • State

  • Energy

  • Agriculture (all that corn at risk)

  • Health and Human Services

  • Transportation

  • Veterans Affairs

all get failing grades, unchanged inexcusably from their year-ago reviews.


ReptomdavisRep. Tom Davis chairs that committee and has been known to worry that America may face a cyber Pearl Harbor. Tom is a savvy guy and he doesn't know how something that most businesses take as gospel, just seems to continue to elude Mike Chertoff. Can you imagine the mischief Omar can wreak on the innards of the United States government, if he has the keys to State and Defense?


Homeland Security was absolute priority number one after 9-11 and money has been shoveled at it. Somehow or another, the Congress and the people and the administration thought that something useful was being done over there, other than periodic color-tagged warnings. Apparently not.


It’s more than occasionally amazing to me that government hasn’t just fallen over into the streets, in a cloud of brick-dust.


Securing tens of thousands of computers in thousands of offices, most of them on systems incompatible to one another and each accessing varying degrees of sensitive to top-secret files, would seem to be a priority worthy of attention. And it probably is, just three or four notches below the preening of imagery. Imagery has been shot down in flames. One can only cringe at what must be the condition of security.


I wonder what Mike Chertoff actually does every morning, after he’s hung up his coat and sat down to a morning doughnut?


The National Science Foundation, General Services Administration, Environmental Protection Agency and Department of Labor, during the same period, brought their grades up from B’s and C’s to straight A’s. Does Mike have anyone's phone number over there?


CybercrimeCoinciding with news of continuing failures, is the stunningly scary news about ‘keylogging’ programs that suck up everything typed on the keyboards of infected computers. The Russian mafia is into this activity big-time, in fact they mostly invented it, grabbing personal identities, account and PIN numbers for various kinds of bank and credit-card theft.


But imagine (if you are Stephen King) the opportunity to wade around in the slush and muck of the Defense and State departments.


I accessed a web site that boldly offers such software for sale. www.ratsystems.org is based in Russia, their use of English is a bit awkward, but 650 euros will get you in the game. A virtual (no pun intended) boutique of additional hacker-wear is there for the downloading. A Google-search of keystroke software brings up over four million pages.


The beauty of these various versions of hacker software is that once you’re in, you’re in. No one knows you’re there. No need to worry about building access (we do that very well in this country), code-restricted doors, stumbling over a wastebasket in the dark or a flashlight battery that's run down. Sit back, have some more hummus and Coke, light up a Marlboro and rest assured that access to drop-down menus of supposedly secure information is but a click away. Can’t get the access you want? Unexpectedly blocked by access-code?


Hop aboard another computer. Like a bus, there’ll be one along in a minute.
__________________________________________________



For more comments on Washington at work, see my personal web site.