[ISN] For NASA Whiz Kid, Busting Hackers Isn't Rocket Science

From: mea culpa (jerichoat_private)
Date: Sat Aug 29 1998 - 03:52:21 PDT

  • Next message: mea culpa: "Re: [ISN] For NASA Whiz Kid, Busting Hackers Isn't Rocket Science"

    Forwarded From: Brook Powers <lwpowersat_private>
    
    For NASA Whiz, Busting Hackers Isn't Rocket Science 
    
    By Kathy Sawyer
    Washington Post Staff Writer
    Friday, August 28, 1998; Page A23 
    
    There's a new sheriff at NASA. 
    
    Possibly the youngest GS-14 at the space agency, 23-year-old Dan Ridge has
    become a computer crimebuster for NASA Inspector General Roberta L. Gross. 
    While the other agents "have to wear guns and bulletproof vests and get to
    work at 6:30 a.m.," he said, "I don't have to wear a gun, I get to wear
    jeans, and I don't come in before 10."
    
    Gross and other NASA officials hail Ridge as the whiz who built a
    "smaller, cheaper, better, faster" computer system  based on a design
    called Beowulf  to detect computer intrusions agency-wide. Beowulf is so
    good, they say, that NASA is touting it to the rest of the government, to
    universities, to law enforcement and virtually any organizations with big
    computational needs and small budgets.
    
    "We brought over a 23-year-old genius and he built us a computer system
    for $56,000," Gross said with a big smile. It is almost embarrassingly
    cheap, she added, noting that such a concept isn't even on the screen of
    some huge departments, which automatically budget millions for such an
    operation. "We all love him."
    
    Ridge, in turn, loves his job. But there is a touch of culture shock.
    "It's very, very strange," he said. "There's nobody here like me. . . .
    I'm probably the only civil servant around here who was not alive for any
    of the moon landings."
    
    He confessed to feeling mild discomfort recently when he found himself
    giving seminars  to 100 scientists and engineers in a lecture hall at
    Caltech, for example, and to a group at Edwards Air Force Base working on
    NASA's next-generation space plane, the X-33. "It's really something, to
    be the only one with no PhD, hoping the question of my degree doesn't come
    up."
    
    Actually, he got so caught up in his computer work, he confessed, that he
    has neglected to graduate from the University of Maryland, where he had
    switched from aerospace engineering (his father's field) to computer
    sciences. A senior, he has just a few more credits to go, when he can find
    the time. But for now he's working 12 or more hours a day for NASA.
    
    Ridge has been enlisted in a war on the sort of crimes many people still
    associate with bored but harmless teenage nerds. But experts say hacker
    attacks on federal agencies have increased in frequency and
    sophistication, keeping pace with the remarkable progress in information
    technology. The number of people who use the Internet, as well as the
    volumes of data seized as evidence of crimes, have exploded in recent
    years, making it ever more difficult to maintain an open flow of
    information and yet guard against criminal  or terrorist  intruders.
    
    In the most alarming recent intrusion involving NASA, the Pentagon and
    other government assets, Ehud Tenenbaum, an 18-year-old Israeli who called
    himself "Analyzer," was arrested in March for allegedly orchestrating an
    unprecedented assault that, officials said, could have disrupted global
    military communications.
    
    "Bells are going off all of a sudden about how vulnerable we are," said
    Thomas J. Talleur, who heads the IG's advanced technology programs. And if
    a technology-oriented agency such as NASA has been slow in confronting the
    problems, Talleur added, "what about everybody else?"
    
    When Gross became NASA's IG in 1995, she was concerned that its
    information systems, which include vital communications with the manned
    space shuttle and other spacecraft, lacked adequate security. NASA was one
    of the four government agencies that founded the Internet and it is the
    agency with the most broadly distributed worldwide connections. Moreover,
    the agency is leading the government in a move toward paperless electronic
    contracting, and will soon channel all its communications through a single
    Internet address.
    
    So in May 1996, Talleur said, the office created a small computer crime
    unit with a staff of 15 to cover the whole country. Its targets include
    hacker attacks on Internet, telephone or space systems; and crimes
    involving theft of advanced technology, trade secrets and personal
    electronic identities.
    
    A few years ago, a computer hard drive seized in a crime would typically
    carry the equivalent of 50,000 pages of text. Now, the agents might
    routinely seize 5 million to 50 million pages worth of data as evidence in
    a single case. They needed something that could conduct high-speed
    searches of huge data sets at very low cost.
    
    The unit's strategy for "leveraging our scarce resources," he said, was to
    adapt the technology NASA uses for scientific pursuits to its own
    non-scientific operations, following the agency's stated philosophy of
    doing things faster and better for less. 
    
    Talleur found Ridge at NASA's Goddard Space Flight Center in Greenbelt
    three years ago. Still a student, Ridge had started work on the Beowulf
    concept under the guidance of advisers Thomas Sterling, now at Caltech,
    and Donald Becker, a contract scientist in Goddard's Center of Excellence
    in Space Data and Information Sciences. Their aim was to develop a
    software "infrastructure"  that would reduce the cost of scientific
    applications, Becker said. 
    
    "Besides transitioning our entire work force into the next century,"
    Talleur said, "we wanted this to be a model for how you fight computer
    crime. . . .  Frankly, it doesn't get any cheaper than this."  "We're
    disappointed to lose him," Becker said of Ridge. "But it's a real credit
    to the IG's office that they hired him."
    
    Ridge had started reading aerospace trade magazines when he was 10 years
    old, doing filing chores for his dad, he recalled. When he was in high
    school, his father grilled him on technical issues as if he were on a game
    show. As a college student, working on Beowulf, Ridge installed the system
    in his room and other students would pay him $10 "so they could do their
    homework on it."
    
    Talleur said, "I think when Dan cried as a baby, his father must have put
    not a bottle but a motherboard in his mouth."
    
    This year Talleur made him an offer he couldn't refuse: GS-14, jeans, his
    own hours. Who could resist? "I get to participate in their world without
    a lot of the baggage they have to carry," Ridge said. As a result, he is
    free to work 12 hours a day at headquarters, then carry his laptop to the
    officers club at a nearby military base where he can work some more,
    undisturbed, into the night. The exception is on Thursday evenings, when
    he crews on Becker's J-24 in the regular Annapolis sailboat races.
    
    The IG's new Beowulf system resides in a secure room, kept chilled and
    dim, on the eighth floor of NASA headquarters here. Not much bigger than a
    large bookcase, the cabinet contains 25 machines ordered "off the shelf."
    
    To create Beowulf, the NASA team adapted a powerful, freely available and
    easily customized operating system known as LINUX (similar to the more
    familiar UNIX) to work in a massively parallel environment. Several
    machines work on parts of the job at the same time, getting it all done
    much faster than a single processor  even one with more total power 
    could accomplish. This modest cluster can analyze 2.4 gigabytes per
    second, and the power of the cluster can be greatly multiplied by adding
    more machines. Ridge adapted the Beowulf system to monitor the space
    agency's computer system for telltale signs of hacker intrusions once
    suspicious activity has been reported. For example, hackers sometimes
    route their messages through Romania to try to avoid detection.
    
    Ridge wears a SkyPage beeper on his hip. It chirps whenever there is an
    intrusion, or suspected intrusion, in a NASA system. It goes off daily, he
    said. The agents are on 24-hour alert, and just yesterday had to take off
    for Goddard to deal with a case.
    
    Though he owns a couple of cars, including a 1977 Fiat convertible he
    likes to work on, Ridge recently moved to an apartment in Southwest, just
    four blocks from his NASA office, to minimize his commute. Said Gross, "He
    brought his girlfriend in and I said, 'Take him to a movie, get him a
    life!' "
    
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:02:40 PDT