[ISN] Arrests key win for NSA hackers

From: William Knowles (wk@private)
Date: Wed Apr 07 2004 - 07:22:20 PDT

  • Next message: InfoSec News: "[ISN] Last draft released for security guide"

    Globe and Mail Update 
    Apr. 6, 2004 
    A computer hacker who allowed himself to be publicly identified only 
    as ''Mudhen'' once boasted at a Las Vegas conference that he could 
    disable a Chinese satellite with nothing but his laptop computer and a 
    The others took him at his word, because Mudhen worked at the Puzzle 
    Palace -- the nickname of the U.S. National Security Agency facility 
    at Fort Meade, Md., which houses the world's most powerful and 
    sophisticated electronic eavesdropping and anti-terrorism systems.
    It was these systems, plus an army of cryptographers, chaos theorists, 
    mathematicians and computer scientists, that may have pulled in the 
    first piece of evidence that led Canadian authorities to arrest an 
    Ottawa man on terrorism charges last week.
    Citing anonymous sources in the British intelligence community, The 
    Sunday Times reported that an e-mail message intercepted by NSA spies 
    precipitated a massive investigation by intelligence officials in 
    several countries that culminated in the arrest of nine men in Britain 
    and one in suburban Orleans, Ont. -- 24-year-old software developer 
    Mohammed Momin Khawaja, who has since been charged with facilitating a 
    terrorist act and being part of a terrorist group.
    The Orleans arrest is considered an operational milestone for this 
    vast electronic eavesdropping network and its operators. But Dave 
    Farber, an Internet pioneer and computer-science professor at 
    Carnegie-Mellon University in Pittsburgh, said the circumstances are 
    also notable because it will be the first time that routine U.S. 
    monitoring of e-mail traffic has led to an arrest.
    "That's the first admission I've actually seen that they actually 
    monitor Internet traffic. I assumed they did, but no one ever admitted 
    it," Mr. Farber said.
    Officials at the NSA could not be reached for comment. But U.S. 
    authorities are uniquely positioned to monitor international Internet 
    and telecommunications traffic because many of the world's 
    international gateways are located in their country. And once that 
    electronic traffic touches an American computer -- an e-mail message, 
    a request for a website or an Internet-based phone call, for instance 
    -- it is routinely monitored by NSA spies.
    "Foreign traffic that comes through the U.S. is subject to U.S. laws, 
    and the NSA has a perfect right to monitor all Internet traffic," said 
    Mr. Farber, who has also been a technical adviser to the U.S. Federal 
    Communications Commission.
    That's what happened in February, when NSA officers at Fort Meade 
    intercepted a message between correspondents in Britain and Pakistan, 
    The Sunday Times reported. The contents of that message have not been 
    revealed, but are significant enough that dozens of intelligence 
    officials were mobilized in Britain, Canada and the United States.
    The intelligence officers at Fort Meade rely on a sophisticated suite 
    of supercomputers and telecommunications equipment to analyze millions 
    of messages and phone calls each day, looking for certain keywords or 
    traffic patterns.
    Internet traffic is chopped up into small chunks called packets, and 
    each individual package is then routed over the Internet, to be 
    reassembled at the recipient's end. The packet is wrapped in what 
    computer scientists sometimes refer to as the envelope. And just as 
    the exterior of a regular piece of mail contains important addressing 
    information, so does the envelope of a digitized packet. These bits of 
    information are called headers, and they can be valuable to 
    investigators as well. 
    Headers typically contain generic descriptions of the packet's 
    contents, in order to let computers make better decisions about how to 
    route the packet through the Internet. E-mail traffic gets a lower 
    priority than Internet video traffic, for instance.
    Headers also pick up the numeric or Internet Protocol (IP) address of 
    all the computers a packet touches as it travels from its originating 
    machine all the way to its destination. Every computerized device 
    connected to the Internet has its own unique IP number.
    Investigators could program their supercomputers to flag packets of 
    information that met certain criteria, such as a certain IP number, a 
    certain traffic pattern or a certain kind of content. As soon as a 
    packet is flagged, investigators would apply for warrants to assemble 
    the packets and read the messages' contents.
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    Help C4I.org with a donation: http://www.c4i.org/contribute.html
    ISN mailing list
    Sponsored by: OSVDB.org

    This archive was generated by hypermail 2b30 : Wed Apr 07 2004 - 09:21:09 PDT