Domestic Spying Program Could Aid Terrorists, Experts Say;Domestic Wiretapping Could Pose 'An Awesome Risk' to National Security


The double-edged sword of an extensive domestic spying system comes
home to rest. If you create it and it works, someone could turn
traitor or infiltrate the system and turn your Big Brother into a
turncoat. As one who has ever had a "secure" system made or installed
by NSA or one of its service units I have a feeling that it not only
could be compromised but that it would be compromised.


Domestic Spying Program Could Aid Terrorists, Experts Say
Domestic Wiretapping Could Pose 'An Awesome Risk' to National Security
By JUSTIN ROOD

Feb. 1, 2008--

Although the Bush administration calls it a vital weapon against
terrorism, its domestic wiretapping effort could become a devastating
tool for terrorists if hacked or penetrated from inside, according to
a new article by a group of America's top computer security experts.

The administration has said little about the program except to defend
it against charges it amounts to illegal spying on U.S. citizens. When
news of the program broke in 2006, then-White House spokesman Scott
McClellan called the program a "limited" effort "targeted at al Qaeda
communications coming into or going out of the United States."

But documents submitted in an ongoing court case indicate the program
involves data centers at major telecommunications hubs that siphon off
and analyze billions of bytes of Americans' emails, phone calls and
other data.

By diverting the flow of so much domestic data into a few massive
pools, the administration may have "[built] for its opponents
something that would be too expensive for them to build for
themselves," say the authors: "a system that lets them see the U.S.'s
intelligence interests...[and] that might be turned" to exploit
conversations and information useful for plotting an attack on the
United States.

The Office of the Director of National Intelligence referred a request
for comment on the article to the interagency National
Counterterrorism Center, which directed calls to the National Security
Agency, which reportedly runs the program. The NSA declined to comment
for this story.The White House referred calls to the NSA.

The article, slated to appear in an upcoming issue of the journal IEEE
Security & Privacy, was written by six experts from Sun Microsystems,
Columbia University, Princeton University, the University of
Pennsylvania and California-based research giant SRI International.

The data centers for the classified program are reportedly housed in
"secure" rooms within telecommunications hubs around the country, and
connect to operations buried within the NSA's highly classified
facilities. But judging by past breaches, the authors conclude this
system could be compromised also  from within or outside.

In 2004, hackers cracked a wiretapping function on a Greek national
cell phone network. For 10 months, they intercepted conversations by
the country's prime minister and its ministers of defense, foreign
affairs and justice, and roughly 100 other officials and parliament
members, the authors note. The hackers were never caught.

"Although the NSA has extensive experience in building surveillance
systems, that does not mean things cannot go wrong," the authors
state. "When you build a system to spy on yourself, you entail an
awesome risk."

Just as dangerous is the possibility that an insider could access the
system undetected, according to the experts. Poorly-designed
surveillance technology used by the FBI relies on a "primitive" system
to track people who use the operation to wiretap phone conversations,
the authors say, creating what they call a "real risk" of an insider
attack.

They note that convicted spy Robert Hanssen, one of the most
destructive moles in the bureau's history, exploited similar
weaknesses to steal information and follow the investigation into
himself on FBI computers without leaving a trail.

Last August, a federal judge ruled the program was unconstitutional.
The administration is appealing the decision. The Senate is currently
considering a White House-backed effort to retroactively immunize
telecommunications companies which have participated in the program
from civil suits, several of which have been filed since the program
came to light. The legislation, the authors say, would allow the
program to continue without ensuring proper oversight, accountability
and security, creating "a long-term risk."



http://abcnews.go.com/Blotter/story?id=4224513&page=1
.

Relevant Pages

  • RE: Why Easy To Use Software Is Putting You At Risk
    ... I do agree that the additions and changes to Solarius will make it more secure and that this is good. ... Why Easy To Use Software Is Putting You At Risk ... instead I would say that the view that security is ... Four Construction Workers Died after Crane Collapse in Toledo, ...
    (Security-Basics)
  • Fascist America, in 10 easy steps - a chilling warning.
    ... And, argues Naomi Wolf, George Bush and his administration ... national security and is now ruling by decree. ... initiated today in the United States by the Bush administration. ... passed the Military Commissions Act of 2006 - the president has the ...
    (soc.culture.scottish)
  • Re: BIDEN: "2008 and the Stakes for Americas Security"
    ... "2008 and the Stakes for America's Security" ... I want to thank a few people for making this event possible: President ... After eight years of the Bush Administration, ...
    (sci.military.naval)
  • RE: Why Easy To Use Software Is Putting You At Risk
    ... Why Easy To Use Software Is Putting You At Risk ... Four Construction Workers Died after Crane Collapse in Toledo, ... The first issue to address is yes you found a vulnerability and it was ... a Security Discussion board, that is what we do here. ...
    (Security-Basics)
  • More food for thought
    ... Basic Risk Analysis ... I have taken a position that the professional security community in general ... has and will continue to fail because they are operating under the same ... storing those backups safely offsite in a secure location on a daily basis. ...
    (comp.security.misc)