http://www.techtv.com/cybercrime/digitaldisputes/story/0,23008,3338661,00.html By Jack Karp October 2, 2001 In March of 1999, Chris Wiest was dishonorably discharged from the United States Air Force Academy after being convicted by a military court of "illegally accessing a computer system and causing damage." Wiest's court-martial and discharge stemmed from the fact that Wiest had been using his Air Force computer to access Internet Relay Chat (IRC), an application that allows multiple users to chat interactively with one another through a single server. But because of security concerns, the Air Force Academy had prohibited the use of IRC among its cadets. Wiest admits he chose to do it anyway. "I made a decision that, yes, I'll do this and I'll accept the risks that go with it and, if I get caught, I am quite sure that I will be out on the tour pad marching some tours and paying the consequences for the choice of my actions," Wiest told "CyberCrime." But Wiest didn't end up marching tours. He ended up out of the Air Force, largely because the IRC program he was using had been set up illegally on a North Carolina Internet company's hacked servers. Wiest insists that he was not the one who set up the program and that someone else had simply given him the passwords. Despite the fact that the Air Force could find no evidence that Wiest had hacked the servers and that the Air Force's own investigators agreed that Wiest probably was not the hacker, Wiest was still dismissed from the service. Representatives from the Air Force Academy won't say exactly why Wiest was discharged, citing the pending legal case. But Drew Fahey, a former officer with the Air Force's Office of Special Investigations who investigated Wiest on the hacking charges, stands by the decision. "To be an officer in the Air Force requires utmost integrity and then honesty," Fahey said. "And he just did not portray that to me whatsoever." Hackers for hire? But that's not the tack US military and government personnel have been taking at recent hacking conventions such as Def Con, where "Meet the Fed" events have become regular recruiting sessions. "I think the objective of us coming and having a 'Meet the Fed' panel is to give folks who haven't crossed the line yet a positive alternative," Jim Christy, of the Office of the Assistant Secretary of Defense for Command, Control, Communications, and Intelligence, said at Def Con 9, held in Las Vegas this past July. "There's a whole lot of talent, but the talent can be misused, and the government and private sector can all use the talent." In recent years, representatives of the Air Force, the Department of Defense, and the Federal Computer Incident Response Team have all made their way to Def Con and other hacker gatherings in an attempt to turn hackers into recruits. At last year's Def Con 8, then-Assistant Secretary of Defense Arthur Money told attendees, "If you are extremely talented, and you are wondering what you'd like to do for the rest of your life, join us and help us educate our people." Money confessed to the assembled hackers that the Department of Defense (DOD) had been victimized 22,124 times by hackers in 1999, costing the department $25 billion. The large amount of damage was a result, according to government representatives, of the government's inability to recruit qualified technical staff. Money talks One of the biggest reasons the government has had difficulty hiring qualified technical workers is financial, Money admitted while speaking at Def Con 8. The financial rewards of working for the government are not as high as of working for a high tech security firm. But Dick Schaefer, director of infrastructure and information assurance for the DOD, was quick to add that "we have got some of the most sophisticated toys in the world. If you would like to get access to those toys and become part of a very elite team, we would like to talk to you." The government is backing up its recruiting attempts with money. A recent scholarship program sponsored by the National Science Foundation will award $8.6 million to 200 students studying computers at schools such as Carnegie Mellon, Purdue, Iowa State, and even the Naval Postgraduate School in exchange for those students agreeing to work as computer security professionals for the government after graduation. And, not satisfied with its recruiting efforts at home, the US government is looking abroad for hacking help as well. In April, "The Moscow Times" confirmed reports that US diplomats had tried to hire a Moscow hacker to break into Russia's Federal Security Service's network. The 20-year-old hacker, identified as "Vers," said he was asked to copy, alter, and delete files in exchange for $10,000. Vers instead went to the Russian government and told officials about the diplomats' offer. So why is the government suddenly being so aggressive in recruiting hackers? To find out, read part two of our story. Allies Out of Adversaries It makes sense that the government is now looking to create allies out of the hackers it has sometimes seen as adversaries. In the last few years, government and military websites have become the target of an embarrassingly high number of successful hacks. In 1998, two teenage boys from Cloverdale, California, were caught breaking into Pentagon and DOD computers. In 1999, a 19-year-old from Green Bay, Wisconsin, was arrested and charged with hacking into the Army's computer system, and another 19-year-old from Shoreline, Washington, was sentenced to 15 months in prison after pleading guilty to hacking the websites of NATO, the US Information Agency, and then-Vice President Al Gore. A group calling itself Masterz of Downloading took down both the FBI's and Senate's homepages that same year. And, according to attrition.org, a website that once documented and archived high-profile hacks, government sites successfully attacked so far in 2001 include those of the Federal Highway Administration, the Department of Health and Human Services, the Federal Law Enforcement Training Center, and the US Navy Fleet & Family Support Center. But teen-age hackers are the least of the government's concerns. It's international terrorists and foreign nations that really have government computer personnel worried, according to Air Force Lieutenant General Michael Hayden, who heads the National Security Agency. Last year, while speaking at a computer security conference in Baltimore, Hayden announced that cyberspace would become the next major military battlefield. And there have already been several "battles" illustrating his point. In 1999, Army General Henry Shelton, chairman of the Joint Chiefs of Staff, disclosed to reporters from the Reuters news service that the United States had tried to mount electronic attacks on Serbian computer networks during the NATO air campaign over the province of Kosovo. In 2000, as tensions and violence were on the rise in the Middle East, civilian hackers on both the Israeli and Palestinian sides of the conflict began defacing government and commercial websites, including websites belonging to US companies and nonprofit organizations with ties to Israel. And after a US spy plane collided with a Chinese fighter jet this past April, several US-based websites were allegedly hacked by Chinese hackers. "I would rather have my attention focused on what rogue states are doing to us than being harassed seven times a day figuring out what some guy is doing to us," Money said about trying to recruit hackers to help the government ward off such threats. Keeping recruits in check But the government may have a harder time than it expects keeping the hackers it recruits in check. Just this past May, an Air Force airman was arrested in Korea for hacking into approximately 50 Korean websites. The 24-year-old airman first class, who was stationed at Osan Air Base, was caught by Korea's National Police Agency Cyber Terror Response Center while hacking at his girlfriend's home in the Gyeonggi Province of Korea. And last year, the CIA admitted that it was investigating 160 employees who had allegedly created and participated in a secret chat room they had hidden deep inside the bowels of the CIA's computers. The chat room, which was built by the agency's own computer personnel, existed for between five and 10 years before being discovered. Four CIA employees and nine CIA contractors were disciplined for the security breach and had their security clearances revoked, making them unemployable by the CIA. Another 18 employees received letters of reprimand, and many of them were suspended without pay for periods ranging from five to 45 days. Former Air Force Academy cadet Chris Wiest received a far more drastic punishment than a 45-day suspension, however, when he was charged with hacking into a company's servers to set up an unauthorized IRC chat room. Wiest, who still denies the allegations, was convicted of the lesser charge of "illegally accessing a computer system and causing damage" and discharged from the Air Force. His conviction, if not overturned on appeal, may bar him from ever becoming a lawyer, a goal he has been pursuing since his discharge. "I think an objective, reasonable person will conclude there's been an injustice," said Frank Spinner, Wiest's defense attorney. "This is a case about ineptitude on the part of the Air Force in trying to figure out what computer hacking is." Wiest is currently appealing his conviction. But whether he wins or loses, the government will have to learn a lot more about hacking if it intends to continue to recruit hackers into its ranks. For now, Chris Wiest is a casualty of that learning process. "I remember being terrified, absolutely terrified," Wiest said about his trial and discharge. "And especially, you know, this is all I was doing. I was chatting. The rest of this is ridiculous." This article is based on original reporting by "CyberCrime" segment producer Scott Pearson. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Oct 03 2001 - 02:19:23 PDT