April 22nd, 2009
06:56 PM ET

The spies who wear sweatpants

[cnn-photo-caption image=http://i2.cdn.turner.com/cnn/2009/US/04/21/pentagon.hacked/art.jsf.lockheed.jpg caption="The F-35 Joint Strike Fighter's self-diagnostic system was compromised by hackers, officials say."]

David Gewirtz | BIO
Editor-in-Chief, ZATZ Publishing

It used to be spying was hands-on. To turn someone into an Aldrich Ames, you had to tempt them with money or revenge or ideology, promise them sex or catch them at it. Today's spies are less like a real-life James Bond and more like Lewis Skolnick from "Revenge of the Nerds".

Today's master spies don't wear tuxedos and play baccarat. Instead, they wear sweatpants and play Halo (and, hopefully, shower at least a few times each week). And while old-school spies were trained in all sorts of physical feats, from high-altitude skydiving to deep-sea scuba, today's master spy's most physical activity is walking back from the fridge while balancing a drink and a snack.

James Bond had a license to kill. Today's spies are geeks who can write code and they could well be far more dangerous than any Cold War spymaster ever was.

Stolen fighter jet plans

Yesterday, CNN producers Mike Mount and Eric Marrapodi published an article about an apparent theft of ultra-confidential Pentagon information on the U.S. military's hottest new advanced fighter jet. They reported that not only had thousands of documents been stolen over the last few years, but spies got into the U.S. Air Force's air traffic control system and were able to see where our military aircraft were at any given time, while actually in flight.

If true, this information might also have included real-time location information for strategic assets like Air Force One and Nightwatch, the Boeing E-4B that's America's airborne mobile National Command Authority command post, the aircraft that's intended to run the country in the event of nuclear war.

And how did spies get access to all this information?

Through the Internet, of course.

This is just one of an uncomfortably large number of intrusion reports that seem to stream in on an almost daily basis. Spies aren't just accessing our confidential military information, but secrets from our most innovative companies, and even financial information right off our family computers.

Most often it's an independent security analyst of some kind who breaks this news and it's really hard to tell whether self-promotion or patriotism motivates the releasing of these reports - and whether they're, in fact, true. We keep hearing about China and the former Soviet Bloc nations as key players in these compromises, and they're undoubtedly in the game.

Unfortunately, because all of this relates to confidential information, getting true confirmation, rather than hearsay, is almost impossible. But given how challenging it is to fully secure any network and some of the lax security procedures we're seeing in some network operations, it's entirely likely that many compromises like those reported have actually taken place.

We're also getting reports about chip replacements where counterfeit or flawed computer chips that are winding up in military avionics,. That, too, is well within the bounds of probability because we don't control every stage of the supply chain for many of these systems. Some of those systems use components used in consumer products as well as military products.

Was an intrusion like Mount and Marrapodi reported possible? Absolutely. Is it likely? Definitely. Can we do better to protect ourselves? Yes, but sometimes that means we have to impose restrictions that contractors might not like, and we're always depending on the weakest link.

For the Pentagon and its contractors to truly secure their systems, they'd need to cut themselves off from the outside world, at least electronically. They could never, ever connect to the Internet. No employee or contractor could ever be allowed to bring electronic devices like laptops, BlackBerrys or iPods into a secured facility from the outside world. And no employee or contractor could be allowed to do any work from home.

It's an interesting paradox because the Internet provides enormous efficiencies to government and military operations. But because the Internet connects everyone to everyone, our super-secret government networks are only a few hundred milliseconds away (in data travel time) from the flying fingers of our enemies' uber-geeks.

All it takes is one small security hole, one mis-configured network device, one motivated employee working from home on the same computer his teenager uses to download music, one laptop brought into a secret location with a virus or worm on it, or one disgruntled or opportunistic worker funneling data to the enemy on purpose.

So how do we protect ourselves?

First, of course, we close every security hole we can find and we educate employees and contractors on how to avoid bad practice. You'd be surprised how far that will actually get us in making things more secure.

Then, we innovate. You've heard the term "arms race". We've been competing in various arms races with our enemies ever since we were a country. And we usually won. Just as our enemies would gain an advantage, we'd come up with a better weapon, a better strategy, or a better counter-attack. America is very, very good at one-upping our enemies. As "they" gain access to our networks, we need to make the information they get old news.

Next, we investigate. Although it sometimes seems like our nerdy intruders are covering their path, almost every network activity leaves a trail that an equally nerdy forensic investigator can track down.

And then we fight back. After all, if our networks are only a few hundredths of a second away from their geeks, their networks are only a few hundredths of a second away from ours. And we grow our geeks good and smart here in America.

There's one other factor to keep in mind: the human factor. Just because our enemies might get information about how a certain aircraft is built - and even, possibly, develop some tactics to counter it - we still have the men and women in our military. Never, ever underestimate the ability of our pilots to fight and fly, our maintenance crews to fight and fix, and our generals and admirals to fight, formulate, plan, scheme, and strategize.

As a nation, we may not be all that good at exit strategies, but beating the living heck out of our enemies is something America does very, very well.

And let that be a warning to those spying geeks in faraway lands with strange sounding names. Annoy America's military too much and that explosion you hear in your living room might not be just coming from your Xbox.

Follow David on Twitter at twitter.com/davidgewirtz.

Editor’s note: David Gewirtz is Editor-in-Chief, ZATZ Magazines, including OutlookPower Magazine. He is a leading Presidential scholar specializing in White House email. He is a member of FBI InfraGard, the Cyberterrorism Advisor for the International Association for Counterterrorism & Security Professionals, a columnist for The Journal of Counterterrorism and Homeland Security, and has been a guest commentator for the Nieman Watchdog of the Nieman Foundation for Journalism at Harvard University. He is a faculty member at the University of California, Berkeley extension, a recipient of the Sigma Xi Research Award in Engineering and was a candidate for the 2008 Pulitzer Prize in Letters.

Filed under: 360° Radar • David Gewirtz • Global 360°
soundoff (One Response)
  1. suntak

    It appears to me that most spies can read your emails from the air or read your check books from mid air...look at the elements who can ever watch us undress in our bathrooms to shower.. the stars which shine by the thousands are lower than where airplanes can fly & gather all the data and photography they care to. who would be concern about spies who wear sweats & eat donuts in the kitchen.
    If, we can control spacecrafts from here with cameras, think about what we can do from up there! I believe we are being spied upon from the air and not so much by our computers...every computer manufacture embed a micro chip inside each PC to give a count and location where each computer ever made is located. The owners name and address, phone number..nothing we have including our bodies are hidden. Is that smart? Internet are connecting with Global sites so our enemies can send us viruses, but mainly our enemies are usually next door to us, hacking away. Enjoyed the article a computer is a control tool..my computer has been hacked since 2003
    and I bet your is too...suntak

    April 23, 2009 at 8:02 am |