SENATE JUDICIARY SUBCOMMITTEE ON TECHNOLOGY AND THE LAW HEARING ON COMPUTER VIRUSES
Document Type:
Collection:
Document Number (FOIA) /ESDN (CREST):
CIA-RDP92M00732R000400140004-5
Release Decision:
RIFPUB
Original Classification:
K
Document Page Count:
18
Document Creation Date:
December 27, 2016
Document Release Date:
April 7, 2014
Sequence Number:
4
Case Number:
Publication Date:
May 15, 1989
Content Type:
REPORT
File:
Attachment | Size |
---|---|
![]() | 721.97 KB |
Body:
r'sCP1 n C.)
Declassified and Approved For Release 2014/04/07: CIA-RDP92M00732R000400140004-5
FILE
SENATE JUDICIARY SUBCOMMITTEE ON TECHNOLOGY AND THE LAW
Hearing on Computer Viruses
May 15, 1989
10;00 a.m., SD-226
WITNESSES
Panel I
William Sessions, Director, Federal Bureau of Investigations
William A. Bayse, Assistant Director of Technical Services
Division, FBI
Kenneth Walton, Deputy Assistant Director of Criminal
Investigative Division, FBI
Panel II
Clifford Stoll, Computer Astronomer at Harvard-Smithsonian
Center for Astrophysics
Declassified and Approved For Release 2014/04/07: CIA-RDP92M00732R000400140004-5
Declassified and Approved For Release 2014/04/07: CIA-RDP92M00732R000400140004-5
Ut.S. SENATOR PATRICK LEAHY
VERMONT
OPENING STATEMENT
BY SENATOR PATRICK LEAHY
Hearing on Computer Viruses
May 15, 1989
Good morning. I am very pleased to welcome our witnegses:
Director Sessions, his FBI experts on computer crime investigation,
Mr. Walton and Mr. Bayse, and Mr. Stoll, a Space Scientist at the
Harvard-Smithsonian Center for Astrophysics. Mr. Stoll is best known
for tracking down the West German spy who used computer networks to
get into the computers at the Lawrence Berkeley Laboratory. I am
delighted to have all of you with us.
As we move into the hi-tech age, we become increasingly
reliant on computers for research, communications, and data storage
and retrieval. Research is collaborative -- just look at how
discoveries were made in superconductivity. As a nation, we cannot
afford data that scientists cannot trust. We cannot afford to have
scientists refusing to use computer networks to share their
discoveries, and thus, advance technology.
Press accounts have focused attention on the alarming number
of new techniques -- computer viruses, worms and Trojan horses -- that
can secretly enter computers. Their names belie their insidious
nature. Hidden programs can destroy or alter data, or, as we saw with
the November INTERNET worm, they can hopelessly clog computer
networks.
Some of these incidents are malicious. And make no mistake,
we will bring the full force of the law to bear on those cases.
Other incidents may reveal genius and creativity rather than
malice. These cases pose different, and, in some ways, more difficult
policy questions for Congress, for schools and universities, for law
enforcement and for American businesses using computers.
The sophistication and ease some American kids demonstrate
using computers never cease to amaze me. We cannot unduly inhibit
that inquisitive thirteen-year-old who, if left to experiment today,
may, tomorrow, develop the telecommunications or computer technology
to lead the United States into the 21st century. He represents our
future and our best hope to remain a technologically competitive
nation.
But, trespassing, breaking and entering, and stealing are
against the law. They have always been against the law because they
are contrary to the values and principles that society holds dear.
That has not and will not change.
Today I am
American principles
privacy of others --
the rest of us.
glad to say that hackers are on notice that basic
-- principles about respect for the property and
apply to young geniuses, just as they apply to
Just as a kid who enters another's property is trespassing,
or who goes into another's home is breaking and entering,
or who takes another's apple is stealing,
so, too, a hacker who manipulates or destroys the computer program of
another -- or who renders it inoperable -- is breaking the law. As a
society, we cannot tolerate that.
Director Sessions points out that the
it, either. The Bureau treats the creators of
same way it treats other criminals. I want to
the resources to continue to fight this plague
computer networks.
FBI will not tolerate
disruptive viruses the
be sure the Bureau has
on our nation's
To do that, we in Congress must start with an understanding
of the threat posed by viruses, worms and other potentially
destructive programs. And we must do all we can to promote a culture
of compliance among computer professionals and to encourage creativity
within the context of ethical norms, for all computer users.
Declassified and Approved For Release 2014/04/07: CIA-RDP92M00732R000400140004-5
Declassified and Approved For Release 2014/04/07: CIA-RDP92M00732R000400140004-5
U.S. Department of Justice
Federal Bureau of Investigation
Office of the Director
Washington. D.C. 20535
OPENING STATEMENT
OF
WILLIAM S. SESSIONS
DIRECTOR
FEDERAL BUREAU OF INVESTIGATION
BEFORE AN
OPEN SESSION OF THE
SUBCOMMITTEE ON TECHNOLOGY AND THE LAW
COMMITTEE ON THE JUDICIARY
UNITED STATE SENATE
WASHINGTON, D.C.
MAY 15, 1989
91/ IDOJ
Declassified and Approved For Release 2014/04/07: CIA-RDP92M00732R000400140004-5
Declassified and Approved For Release 2014/04/07: CIA-RDP92M00732R000400140004-5
??6
THANK YOU, MR. CHAIRMAN, FOR THE
OPPORTUNITY TO BE HERE TODAY TO PRESENT THE FBI'S
VIEWS ON THE ISSUE OF COMPUTER VIRUSES.
ACCOMPANYING ME THIS MORNING ARE TWO OTHER
REPRESENTATIVES FROM THE FBI, WHOSE TECHNICAL
EXPERTISE CAN GREATLY ASSIST THIS COMMITTEE. THEY
ARE THE ASSISTANT DIRECTOR OF OUR TECHNICAL
SERVICES DIVISION, AL BAYSE, WHO IS EXTREMELY
Ii
KNOWLEDGEABLE ABOUT COMPUTERS AND VIRUSES, AND
DEPUTY ASSISTANT DIRECTOR KEN WALTON, OF OUR
CRIMINAL INVESTIGATIVE DIVISION. MR. WALTON CAN
DETAIL OUR INVESTIGATIVE EXPERIENCES WITH VIRUSES
AND OTHER COMPUTER CRIMES. MY PURPOSE IN BEING
HERE TODAY IS TO INDICATE TO THIS COMMITTEE THE
POTENTIAL SERIOUSNESS OF COMPUTER VIRUSES AND TO
ASSURE THE AMERICAN PEOPLE THAT THE FBI IS
ACTIVELY INVOLVED IN THE INVESTIGATION OF COMPUTER-
RELATED CRIMINAL ACTIVITY.
THE COMMITTEE REQUESTED THAT WE PROVIDE
COMMENTS ON THE 'FBI'S EXPERIENCE IN THE
INVESTIGATION. OF COMPUTER VIRUSES AND OTHER
COMPUTER CRIME. BEFORE I ADDRESS THIS QUESTION,
LET ME PUT THE ISSUE OF COMPUTER-RELATED CRIME IN
PERSPECTIVE. NOT LONG AGO, COMPUTER EQUIPMENT AND
Declassified and Approved For Release 2014/04/07 : CIA-RDP92M00732R000400140004-5
.4 Declassified and Approved For Release 2014/04/07: CIA-RDP92M00732R000400140004-5
PROGRAMMING LANGUAGE WERE SO FOREIGN TO THE AVERAGE
PERSON THAT THEN-EXISTING COMPUTER SECURITY WAS
LARGELY ADEQUATE TO ADDRESS THE EXISTING THREAT.
NETWORKS, BULLETIN BOARDS, AND INSTANTANEOUS GLOBAL
COMMUNICATIONS AMONG MULTIPLE COMPUTER USERS WERE
MUCH LESS COMMON THAN THEY ARE TODAY.
THE EVOLUTION OF TECHNOLOGY, HOWEVER, HAS
MADE COMPUTER LITERACY AND ACCESSIBILITY
COMMONPLACE. THIS HAS GIVEN OPPORTUNITIES FOR
COMPUTER-RELATED CRIMINAL ACTIVITY TO ALMOST
EVERYONE, FROM EXPERIENCED CRIMINALS TO TEENAGE
"HACKERS." THE MASS MARKETING OF PERSONAL
COMPUTERS, THE SIMPLIFICATION OF PROGRAMMING, AND
THE ACCESSIBILITY OF PRE-PACKAGED SOFTWARE HAVE
BEEN INSTRUMENTAL IN INTEGRATING THE COMPUTER INTO
EVERYDAY LIFE. THESE SAME ADVANCES, HOWEVER, HAVE
ALSO INCREASED SUBSTANTIALLY THE THREAT OF
COMPUTER-RELATED CRIMES.
THE FBI HAS FOUND THAT COMPUTER CRIME IS
OFTEN ONE OF THE MOST ELUSIVE CRIMES TO
INVESTIGATE. IT MAY BE INVISIBLE. IT HAS NO
GEOGRAPHIC LIMITATION, AND THE ENTIRE TRANSACTION
MAY LAST LESS THAN A SECONL. IT CAN ALSO THREATEN
THE INTEGRITY AND RELIABILITY OF SENSITIVE
2
Declassified and Approved For Release 2014/04/07 : CIA-RDP92M00732R000400140004-5
. Declassified and Approved For Release 2014/04/07 : CIA-RDP92M00732R000400140004-5
COMPUTER SYSTEMS. DESPITE A GROWING INTEREST IN
THE PROBLEM, A CONSISTENTLY APPLIED AND UNIVERSALLY
ACCEPTED DEFINITION OF COMPUTER CRIME HAS NOT YET
BEEN AGREED UPON BY THOSE CONCERNED WITH LAW
ENFORCEMENT IN THIS AREA. THE FBI HAS FOUND THAT
MANY COMPUTER CRIMES ARE MUCH LIKE TRADITIONAL
CRIMES; THE CRIMINAL USES A COMPUTER AS THE
INSTRUMENT OF THE OFFENSE INSTEAD OF THE FORGER'S
PEN AND FRAUDULENT DOCUMENTS. OTHER ACTIVITIES,
HOWEVER--SUCH AS UNLEASHING DESTRUCTIVE VIRUSES--
ARE UNIQUE TO COMPUTERS. ALL HAVE THE POTENTIAL
FOR CAUSING GREAT FINANCIAL LOSS OR DENIAL OF
SERVICE IN A MATTER OF SECONDS OR FOR CAUSING
DESTRUCTIVE EFFECTS THAT CAN LAST FOR DAYS, WEEKS
OR MONTHS.
IN 1982 AND 1983, THE FBI VOICED CONCERN
ABOUT PROBLEMS IN THE APPLICATION OF TRADITIONAL
CRIMINAL STATUTES TO COMPUTER TECHNOLOGY. IN
OCTOBER 1984, THE COMPUTER FRAUD AND ABUSE ACT WAS
SIGNED INTO LAW. ONE ASPECT OF THAT ACT
CRIMINALIZED UNAUTHORIZED ACCESS TO COMPUTER
SYSTEMS, COMMONLY REFERRED TO AS "HACKING." IN
1986, THIS LAW WAS AMENDED AND EXPANDED IN SCOPE TO
INCLUDE "FEDERAL INTEREST COMPUTERS." THESE ARE
DEFINED AS COMPUTERS USED EXCLUSIVELY BY FINANCIAL
3
Declassified and Approved For Release 2014/04/07: CIA-RDP92M00732R000400140004-5
Declassified and Approved For Release 2014/04/07: CIA-RDP92M00732R000400140004-5
INSTITUTIONS OR THE UNITED STATES GOVERNMENT, DR
COMPUTERS THAT ARE ONE OF TWO OR MORE COMPUTERS
LOCATED IN DIFFERENT STATES AND USED IN COMMITTING
AN UNDERLYING OFFENSE. THE ACT PROVIDES CRIMINAL
SANCTIONS FOR CERTAIN PROSCRIBED ACTS, FOR
INTENTIONALLY ACCESSING A COMPUTER WITHOUT
AUTHORIZATION, AND FOR EXCEEDING AUTHORIZED ACCESS.
THE PROSCRIBED ACTS ARE THOSE INVOLVING TAKING,
ALTERING, DAMAGING, OR DESTROYING INFORMATION
AFFECTING THE OPERATION OF THE COMPUTER BY THE
UNITED STATES GOVERNMENT, OR COMMITTING FRAUD AND
OBTAINING ANYTHING OF VALUE.
THE COMPUTER FRAUD AND ABUSE ACT ALSO
PROVIDED ANOTHER COMPUTER-ORIENTED CRIMINAL STATUTE
TO PROSECUTE THIS TYPE OF CRIME. THE COMPANION
STATUTE ADDRESSES FRAUD AND RELATED ACTIVITY IN
CONNECTION WITH ACCESS DEVICES. PRIOR TO THE
PASSAGE OF THESE LAWS, COMPUTER-RELATED CRIMES,
AND, FOR THAT MATTER, THE VAST MAJORITY OF CASES
,MEETING FEDERAL PROSECUTIVE GUIDELINES HAVE BEEN
PROSECUTED UNDER THE FRAUD BY WIRE STATUTE. IN
ADDITION, OTHER STATUTES HAVE BEEN PASSED RECENTLY
THAT ADDRESS THE ISSUE OF COMPUTER-RELATED CRIME.
THESE CONCERN MALICIOUS MISCHIEF RELATING TO
COMMUNICATIONS LINES, STATIONS OR SYSTEMS, AND
4
Declassified and Approved For Release 2014/04/07 : CIA-RDP92M00732R000400140004-5
Declassified and Approved For Release 2014/04/07: CIA-RDP92M00732R000400140004-5
INTERFERENCE WITH THE OPERATION OF A SATELLITE.
OTHER STATUTES ADDRESS THE MANUFACTURE,
DISTRIBUTION, POSSESSION, AND ADVERTISING OF WIRE,
ORAL, OR ELECTRONIC COMMUNICATION INTERCEPTING
DEVICES AND PROHIBITED AND UNLAWFUL ACCESS TO
STORED COMMUNICATIONS. ALL OF THESE FEDERAL
VIOLATIONS ARE WITHIN THE PRIMARY JURISDICTION OF
THE FBI, AND ALL RECOGNIZE -VARIOUS ASPECTS OF
? ELECTRONIC AND COMPUTER CRIMINALITY., .
IN THE CONTEXT OF OUR INVESTIGATIVE
RESPONSIBILITIES, WE HAVE FOUND THAT EXISTING
FEDERAL STATUTES ARE GENERALLY ADEQUATE WHEN THE
COMPUTER-RELATED CRIMINAL ACTS PARALLEL COMMON LAW
CRIMES SUCH AS EMBEZZLEMENT, FRAUD, THEFT, AND
DESTRUCTION OF PROPERTY. WHILE COMMON LAW CONCEPTS
OF ? THEFT INVOLVE A. TAKING AWAY OF PROPERTY,
HOWEVER, IT SHOULD BE NOTED THAT WITH COMPUTERS,
'INFORMATION CAN BE STOLEN WITHOUT THE OWNER OF THAT
INFORMATION BEING AWARE OF THE THEFT OR WITHOUT
INTERFERING WITH HIS ABILITY TO USE THE
INFORMATION. RECENT LEGISLATION CRIMINALIZING
UNAUTHORIZED ACCESS IN CONJUNCTION WITH ONE OF
THESE OFFENSES HAS ALSO BEEN EFFECTIVE. EXISTING
CRIMINAL STATUES, HOWEVER, ARE NOT SPECIFIC ON THE
QUESTION OF WHETHER UNAUTHORIZED ACCESS IS A CRIME
5
Declassified and Approved For Release 2014/04/07 : CIA-RDP92M00732R000400140004-5 -
Declassified and Approved For Release 2014/04/07: CIA-RDP92M00732R000400140004-5
a WHERE NO THEFT OR DAMAGE OCCURS, AND THERE IS WO
STATUTE SPECIFICALLY ADDRESSING VIRUSES. CURRENT
CRIMINAL STATUTES, BY AND LARGE, ADDRESS THE ISSUE
OF COMPUTERS AS THE VEHICLE OF THE CRIME. AS MORE
SENSITIVE INFORMATION BECOMES STORED IN COMPUTERS
AND AS GOVERNMENT AND INDUSTRY BECOME MORE
DEPENDENT UPON THE PROPER FUNCTIONING OF
COMPUTERS, WE HAVE SEEN AN INCREASE IN CRIMES IN
WHICH THE COMPUTER OR COMPUTERIZED INFORMATION IS
THE TARGET OF THE CRIME. COMPUTER VIRUSES PRESENT
ONE SUCH EXAMPLE.
ON THE SUBJECT OF VIRUSES, THE FBI REGARDS
A COMPUTER VIRUS AS ANY COMPUTER PROGRAM NOT
READILY DISCERNIBLE TO THE USER THAT HAS THE
CAPACITY TO INFECT OTHER COMPUTER SYSTEMS BY
RECREATING ITSELF RANDOMLY OR CAUSING SOME OTHER
SPECIFIC ACTION IN SOME PRE?DETERMINED
CIRCUMSTANCE. A VIRUS IS USUALLY PLACED INA
SYSTEM BY A PERSON WHO HAS AUTHORIZED ACCESS, BUT
IT CAN BE PLACED BY A "HACKER." IT MAY OR MAY NOT
CAUSE DAMAGE, DESTRUCTION, OR UNAUTHORIZED ACCESS.
COMPUTER VIRUSES DIFFER IN EFFECT DEPENDING ON THE
INTENT, AND SOMETIMES THE COMPETENCE, OF THE
DESIGNER. THE EFFECT CAN RANGE FROM BEING NEARLY
HARMLESS TO BEING DEVASTATING, CAUSING COMPLETE
6
Declassified and Approved For Release 2014/04/07: CIA-RDP92M00732R000400140004-5
Declassified and Approved For Release 2014/04/07: CIA-RDP92M00732R000400140004-5
SHUTDOWNS OF SYSTEMS AND THE MASSIVE DESTRUCTION Iv
DATA. CLEANING UP THE AFTERMATH COULD COST MORE
THAN THE DAMAGE TO THE SYSTEM. VIRUSES CAN BE
TRANSMITTED BY INFECTED SOFTWARE, THROUGH NETWORKS,
OR FROM REMOTE LOCATIONS. WITH TODAY'S
TECHNOLOGY, VIRUSES CAN BEGIN THE INFECTIOUS
PROCESS FROM A HOME PERSONAL COMPUTER, AN OFFICE,
AN ACADEMIC INSTITUTION, OR FROM ALMOST ANYWHERE IN
THE WORLD.
EXPERTS IN THIS FIELD HAVE FOUND THAT THE
MOTIVES FOR CREATION OF VIRUSES INCLUDE
INTELLECTUAL CURIOSITY, DESIRE FOR PUBLICITY OR
NOTORIETY, DELIBERATE DENIAL OF SERVICE AND
INDUSTRIAL OR OTHER SABOTAGE OF COMPUTER SYSTEMS
AND DATA BANKS. VIRUS CREATORS RANGE FROM YOUNG
STUDENTS WHO FAIL TO ANTICIPATE THE CONSEQUENCE OF
CREATING AND TRANSMITTING A VIRUS TO DISGRUNTLED
EMPLOYEES AND OTHERS WHO CLEARLY INTEND A MALICIOUS
ACT. VIRUSES ARE EASY TO CREATE AND PROPAGATE,
REQUIRE LITTLE EXPERTISE, AND MAY BE NEARLY
IMPOSSIBLE TO PREVENT OR DETECT.
VIRUSES ARE OFTEN DIFFICULT TO TRACE AND
ARE FREQUENTLY NOT DISCOVERED UNTIL IT IS TOO LATE
TO PREVENT THE INTENDED HARM. INVESTIGATION MAY BE
7
Declassified and Approved For Release 2014/04/07 CIA-RDP92M00732R000400140004-5
Declassified and Approved For Release 2014/04/07 : CIA-RDP92M00732R000400140004-5
COMPLICATED BY THE MANY PERMUTATIONS VIRUSES CAN
UNDERGO AND BY THE WIDESPREAD GEOGRAPHIC AREAS
INVOLVED. VIRUSES ARE FREQUENTLY DESIGNED TO
PREVENT DETECTION. IN ADDITION, SOMETIMES THE
OWNERS OF THE SYSTEMS ARE MORE CONCERNED WITH
REPAIRING THE DAMAGE THAN WITH PROSECUTION OF THE
OFFENDER. BECAUSE A VIRUS MAY CAUSE ONLY A SMALL
AMOUNT OF DAMAGE TO MANY DIFFERENT USERS, NO SINGLE
USER MAY CONSIDER THE EVENT SIGNIFICANT ENOUGH TO
REPORT IT.
THE FBI'S INVESTIGATIONS OF COMPUTER-
RELATED CRIMES GENERALLY HAVE BEEN SUCCESSFUL, BUT
OUR INVESTIGATIVE EXPERIENCE WITH COMPUTER VIRUSES
HAS BEEN LIMITED. QUITE FRANKLY, THE FBI HAS ONLY
CONDUCTED CRIMINAL INVESTIGATIONS OF VIRUSES ON TWO
OCCASIONS. ONE EXAMPLE OF A RECENT SUCCESS IS THE
FBI INVESTIGATION OF A YOUNG COMPUTER HACKER WHO
WENT BY THE ALIAS "SHADOW HAWK." THIS 18-YEAR-OLD
SUCCESSFULLY ENTERED COMPUTERS OWNED AND OPERATED
BY AT&T AND THE UNITED STATES GOVERNMENT. HE WAS
ABLE TO COPY OVER A MILLION DOLLARS IN PROPRIETARY
SOFTWARE, CAUSING SUBSTANTIAL DAMAGE IN THE
PROCESS. HE WAS PROSECUTED UNDER THE CRIMINAL
Declassified and Approved For Release 2014/04/07: CIA-RDP92M00732R000400140004-5
fr
Declassified and Approved For Release 2014/04/07: CIA-RDP92M00732R000400140004-5
STATUTE I JUST MENTIONED (THE COMPUTER FRAUD AND
ABUSE ACT) AND SENTENCED IN FEBRUARY OF THIS YEAR.
I WOULD LIKE TO DISCUSS BRIEFLY OUR
EFFORTS TO ENSURE THAT THE FBI HAS THE NECESSARY
EXPERTISE TO ADDRESS COMPUTER CRIME EFFECTIVELY.
THE DEVELOPMENT BY OUR INVESTIGATORS OF EXTREMELY
SPECIALIZED EXPERTISE IN COMPUTER TECHNOLOGY IS IN
FACT NOT OUR GOAL. WE ALREADY HAVE PERSONNEL WITH
ADVANCED DEGREES IN ENGINEERING AND COMPUTER
SCIENCES WHO CLEARLY HAVE THE NECESSARY EXPERTISE
AND CAPABILITY. WE HAVE HUNDREDS OF COMPUTER
LITERATE INVESTIGATORS AND THE TECHNICAL PERSONNEL
TO ASSIST THEM. WE UTILIZE BOTH INTERNAL AND
EXTERNAL TRAINING AND HAVE ACCESS TO THE MOST
ADVANCED EXPERTISE IN OTHER GOVERNMENT AGENCIES,
PRIVATE SECTOR COMPUTER FIRMS, AND EDUCATIONAL
INSTITUTIONS. OUR STRATEGY IS TO EMPLOY A TEAM
APPROACH TO VIRUS AND OTHER COMPUTER CRIME
INVESTIGATIONS, UTILIZING INDIVIDUALS FROM VARIOUS
DISCIPLINES. WE BELIEVE AN INVESTIGATIVE TEAM
TAILORED TO THE THREAT BEING ADDRESSED IS THE BEST
APPROACH. THE PROBLEMS I FORESEE FOR THE FBI
RELATE NOT TO THE LEVEL OF EXPERTISE BUT TO THE
NUMBER OF EXPERTS AND THE RESOURCES WE WILL HAVE TO
9
Declassified and Approved For Release 2014/04/07: CIA-RDP92M00732R000400140004-5
Declassified and Approved For Release 2014/04/07: CIA-RDP92M00732R000400140004-5
.DEPLOY IF THIS POTENTIALLY EXPLOSIVE NEW AREA of
COMPUTER ACTIVITY CONTINUES TO EXPAND.
THE FBI HAS DEVELOPED UNIQUE AND
SPECIALIZED TRAINING FOR ITS AGENTS AND OTHER LAW
ENFORCEMENT PERSONNEL. SINCE 1976, THE FBI HAS
OFFERED SPECIALIZED TRAINING FOR INVESTIGATORS OF
COMPUTER-RELATED CRIMES AT OUR ACADEMY IN QUANTICO,
VIRGINIA. WE EMPLOY THREE LEVELS ,OF TRAINING FOR
COMPUTER CRIME INVESTIGATORS: 1) AN AWARENESS
LEVEL, 2) A COMPREHENSIVE LEVEL, AND, 3) A
SPECIALIST LEVEL. TO DATE, APPROXIMATELY 520 FBI
SPECIAL AGENTS, AS WELL AS NUMEROUS LOCAL AND
FOREIGN LAW ENFORCEMENT OFFICERS, HAVE GRADUATED
FROM AN INTENSIVE THREE-WEEK COURSE. WE HAVE
TRAINED OVER 250 INVESTIGATORS FROM OTHER AGENCIES
IN ONE WEEK SCHOOLS AND HAVE TAKEN OUR INSTRUCTION
INTO LOCAL COMMUNITIES, WHERE WE HAVE DELIVERED
TRAINING TO OVER 1,400 STATE AND LOCAL LAW
ENFORCEMENT OFFICERS. IN ONLY THE? LAST THREE
FISCAL YEARS, 220 SPECIAL AGENTS AND OVER 600 LOCAL
OFFICERS HAVE RECEIVED THIS TRAINING. THESE
COMPUTER-RELATED SCHOOLS ARE PROVIDING THE SKILLS
THAT OUR AGENTS AND OTHER LAW ENFORCEMENT OFFICERS
NEED IN THIS HIGHLY TECHNICAL ARENA.
10
Declassified and Approved For Release 2014/04/07: CIA-RDP92M00732R000400140004-5
Declassified and Approved For Release 2014/04/07: CIA-RDP92M00732R000400140004-5
IN ADDITION, PERSONNEL AT QUANTICO ARE IN
THE FOREFRONT OF RESEARCH EFFORTS ON COMPUTER
SECURITY, THE NATURE AND IMPACT OF VIRUSES, AND
RELATED MATTERS. WE ARE EVEN DEVELOPING BEHAVIOR
PROFILES OF COMPUTER "HACKERS."
LAW ENFORCEMENT ASIDE, THE SECURITY OF
COMPUTER SYSTEMS RESTS WITH THE DESIGNERS OF
HARDWARE, THE COMPOSERS OF SOFTWARE AND THE OWNERS
OF COMPUTERS. VERIFYING THE AUTHENTICITY OF THE
SOFTWARE BEING USED TO REDUCE VULNERABILITY TO
COMPUTER VIRUSES IS ONE MAJOR STEP THAT CAN
CONTRIBUTE TO COMPUTER SECURITY. SUCCESSFUL
PROSECUTIONS WILL ALSO HAVE A DETERRENT EFFECT.
BUT ULTIMATELY, ENHANCEMENTS TO SECURITY WILL BE
REQUIRED TO CURB THE SPIRALING INCREASE IN COMPUTER
CRIME.
THERE MUST ALSO BE A BALANCE BETWEEN THE
BENEFITS DERIVED FROM EDUCATIONAL EXPERIMENTATION
AND THE FREE FLOW OF INFORMATION, ON THE ONE HAND,
AND THE NEED TO PREVENT CRIMINAL ACTIVITY HAVING
THE POTENTIAL FOR MILLIONS OF DOLLARS IN DAMAGE ON
THE OTHER. ONCE THE BALANCE TIPS TO CRIMINAL
ACTIVITY, THE FBI INTENDS TO PURSUE VIGOROUSLY
11
Declassified and Approved For Release 2014/04/07 : CIA-RDP92M00732R000400140004-5
y Declassified and Approved For Release 2014/04/07: CIA-RDP92M00732R000400140004-5
THOSE WHO VIOLATE FEDERAL LAW THROUGH THE CREATrON
AND INTRODUCTION OF VIRUSES.
REMARKS.
MR. CHAIRMAN, THAT CONCLUDES MY FORMAL
12
Declassified and Approved For Release 2014/04/07: CIA-RDP92M00732R000400140004-5
Declassified and Approved For Release 2014/04/07: CIA-RDP92M00732R000400140004-5
The Subcommittee on Technology and the Law
of the Senate Judiciary Committee
Written Statement of Clifford Stoll
Harvard - Smithsonian
Center for Astrophysics
Cambridge, MA 02138
617/495-7147
The twenty scientists using my computer share common interests -- we're
trying to solve fundamental questions of the universe. Elsewhere in my
building, are other. computers, for secretaries, scientists, and technicians. All
of us are lincced together through a Local network.
This network lets us share data, programs, news, and gossip. A student
on another floor writes a paper using data that I send to her. She, in turn,
mails progress reports to our department head. We post announcements of
meetings and parties over our network.
Our local computer network forms a neighborhood of people working
together.
We talk with the outside world through a dozen other networks. The
Internet, once called the Arpanet, lets us talk to researchers across the country.
Thanks to this system, it takes a minute to send a message from Los Angeles
to New York. From my desk, I can run programs in Berkeley, Boston, or
Bangor. By communicating over the computer networks, we collaborate in
projects which are impossible in isolation.
These wide area networks are communities ? no less real than those in
the rest of society.
Our cities and towns are tied together by streets, roads, state highways; and
the interstates. Similarly, our communities of computers are linked through
local, regional, and national networks. Our highways transport food and . ,
equipment; our networks transport ideas. The Internet is probably the most
important thoroughfare created over the past twenty years.
The networks and highways have the same headaches: too much traffic,
expensive maintenance, and figuring out who will pay for them.
Declassified and Approved For Release 2014/04/07: CIA-RDP92M00732R000400140004-5
Declassified and Approved For Release 2014/04/07: CIA-RDP92M00732R000400140004-5
Unknown to this penetrator, while he was breaking into computers, we
were monitoring him and tracing his connections. At first, it was difficult to
get the attention of federal law enforcement agencies -- not many front line
investigators have technical training. Later, with the help of the FBI's
Alexandria Virginia Field Office, and the Air Force Office of Special
Investigations, we ultimately traced the intruder back to Hannover, West
Germany.
To track down this person, we planted bogus information about a
fictitious SDI network in our computer. He swallowed the bait ? copying
those files into his Hannover computer. Our trace complete, we thought our
job was done. But three months later, we received a letter from someone in
Pittsburgh, PA, asking for more information about our SDI networks.
From this, we determined that someone in Hannover was systematically
collecting sensitive information, and selling it for cocaine and money to
Soviet Bloc agents. They, in turn, likely hired a representative in Pittsburgh
to validate the data and to extract additional information.
Catching this spy took a year of full time effort. While he was reaching
into our computers, I lost a year of astronomy research. Worse -- much
worse -- a thief was stealing information from our nation's computers.
This woke me up. Our networks -- the very lifeblood of our computer
community -- were being exploited for espionage. That this attempt failed
was only a fortuitous accident. I wonder how many times others have
succeeded.
Computer Viruses
Computer viruses are sections of code which .duplicate themselves into
ordinary programs. Usually, they propagate by infecting programs run 911
personal computers. Once a program is infected, it will infect any computer
that runs that program. Viruses spread by interchanging programs, either by
floppy disk or by copying to electronic bulletin boards.
Some viruses are benign. They merely spread themselves without
interfering with the program's normal operation. More often, though,
viruses have malicious side effects -- erasing your files or corrupting your
data.
Declassified and Approved For Release 2014/04/07: CIA-RDP92M00732R000400140004-5
Declassified and Approved For Release 2014/04/07: CIA-RDP92M00732R000400140004-5
The job wasn't made any easier by the writer of the virus. The program
was purposely hidden, written to obscure itself and its mechanisms. The
writer exploited not one, but several weaknesses in the Unix software,
making it difficult to understand and tough to control.
As one of the early discoverers of the virus, I contacted appropriate
authorities. At 4 AM EST, I called the Network Operations Center and
described the problem; at 6:30AM, I called the National Computer Security
Center, and numerous systems managers around the country.
The antidotes and patches to counteract the virus were developed entirely
at academic institutes, especially the University of California at Berkeley and
MIT. No governmental organization unwound the virus or published
patches. Academics responded immediately -- and voluntarily -- to this
national need.
How much damage was done? Early on, about 6000 computers were
estimated to be infected. Based on my own survey, between 2000 and 3000
computers were hit by the Internet worm. Published estimates of $90 million
in damages are grossly overblown and self-serving; I estimate the loss at less
than one million dollars -- still, a significant loss.
Conclusion
How do I view these incidents? As a harmless prank? As a cute college
trick to razz programmers?
Hardly. If someone disabled several thousand cars for an afternoon,
would it be considered a harmless prank? Yet my computer costs the same as
a car, and it's essential for my job. For two days, I couldn't work.
Or might this virus be a useful way to raise our consciousness of
computer security? A quaint attempt to tell us to secure our computers?
We don't thank burglars for reminding us that our houses are insecure.
Nor do we thank someone for teaching us that our computers can be
wrecked. There are more ethical ways to spread the word.
Yet how should we react? One response is to slam doors, and build
barriers against outsiders. This will make it tougher for the virus-writers.
It'll also make life difficult for those who need to exchange information.
Declassified and Approved For Release 2014/04/07: CIA-RDP92M00732R000400140004-5