* subscribe at http://techPolice.com

 Firing (and Hiring) Hackers

The Air Force kicks out a cadet for an alleged incident of hacking. But meanwhile, 
military and government officials are trying to recruit hackers left and right.

By Jack Karp - Copyrightę 2001 TechTV LLC. All Rights Reserved.


In March of 1999, Chris Wiest was dishonorably discharged from the United States Air 
Force Academy after being convicted by a military court of "illegally accessing a 
computer system and causing damage."

Wiest's court-martial and discharge stemmed from the fact that Wiest had been using 
his Air Force computer to access Internet Relay Chat (IRC), an application that allows 
multiple users to chat interactively with one another through a single server. But 
because of security concerns, the Air Force Academy had prohibited the use of IRC 
among its cadets.


Wiest admits he chose to do it anyway.


"I made a decision that, yes, I'll do this and I'll accept the risks that go with it 
and, if I get caught, I am quite sure that I will be out on the tour pad marching some 
tours and paying the consequences for the choice of my actions," Wiest told 
"CyberCrime." (TECH TV)


But Wiest didn't end up marching tours. He ended up out of the Air Force, largely 
because the IRC program he was using had been set up illegally on a North Carolina 
Internet company's hacked servers. Wiest insists that he was not the one who set up 
the program and that someone else had simply given him the passwords. Despite the fact 
that the Air Force could find no evidence that Wiest had hacked the servers and that 
the Air Force's own investigators agreed that Wiest probably was not the hacker, Wiest 
was still dismissed from the service.


Representatives from the Air Force Academy won't say exactly why Wiest was discharged, 
citing the pending legal case. But Drew Fahey, a former officer with the Air Force's 
Office of Special Investigations who investigated Wiest on the hacking charges, stands 
by the decision.


"To be an officer in the Air Force requires utmost integrity and then honesty," Fahey 
said. "And he just did not portray that to me whatsoever."


Hackers for hire?


But that's not the tack US military and government personnel have been taking at 
recent hacking conventions such as Def Con, where "Meet the Fed" events have become 
regular recruiting sessions.


"I think the objective of us coming and having a 'Meet the Fed' panel is to give folks 
who haven't crossed the line yet a positive alternative," Jim Christy, of the Office 
of the Assistant Secretary of Defense for Command, Control, Communications, and 
Intelligence, said at Def Con 9, held in Las Vegas this past July. "There's a whole 
lot of talent, but the talent can be misused, and the government and private sector 
can all use the talent."


In recent years, representatives of the Air Force, the Department of Defense, and the 
Federal Computer Incident Response Team have all made their way to Def Con and other 
hacker gatherings in an attempt to turn hackers into recruits. At last year's Def Con 
8, then-Assistant Secretary of Defense Arthur Money told attendees, "If you are 
extremely talented, and you are wondering what you'd like to do for the rest of your 
life, join us and help us educate our people."


Money confessed to the assembled hackers that the Department of Defense (DOD) had been 
victimized 22,124 times by hackers in 1999, costing the department $25 billion. The 
large amount of damage was a result, according to government representatives, of the 
government's inability to recruit qualified technical staff.


Money talks


One of the biggest reasons the government has had difficulty hiring qualified 
technical workers is financial, Money admitted while speaking at Def Con 8. The 
financial rewards of working for the government are not as high as of working for a 
high tech security firm. But Dick Schaefer, director of infrastructure and information 
assurance for the DOD, was quick to add that "we have got some of the most 
sophisticated toys in the world. If you would like to get access to those toys and 
become part of a very elite team, we would like to talk to you."


The government is backing up its recruiting attempts with money. A recent scholarship 
program sponsored by the National Science Foundation will award $8.6 million to 200 
students studying computers at schools such as Carnegie Mellon, Purdue, Iowa State, 
and even the Naval Postgraduate School in exchange for those students agreeing to work 
as computer security professionals for the government after graduation.


And, not satisfied with its recruiting efforts at home, the US government is looking 
abroad for hacking help as well. In April, "The Moscow Times" confirmed reports that 
US diplomats had tried to hire a Moscow hacker to break into Russia's Federal Security 
Service's network. The 20-year-old hacker, identified as "Vers," said he was asked to 
copy, alter, and delete files in exchange for $10,000. Vers instead went to the 
Russian government and told officials about the diplomats' offer.


So why is the government suddenly being so aggressive in recruiting hackers? To find 
out, read part two of our story.


Allies Out of Adversaries

It makes sense that the government is now looking to create allies out of the hackers 
it has sometimes seen as adversaries. In the last few years, government and military 
websites have become the target of an embarrassingly high number of successful hacks.


In 1998, two teenage boys from Cloverdale, California, were caught breaking into 
Pentagon and DOD computers. In 1999, a 19-year-old from Green Bay, Wisconsin, was 
arrested and charged with hacking into the Army's computer system, and another 
19-year-old from Shoreline, Washington, was sentenced to 15 months in prison after 
pleading guilty to hacking the websites of NATO, the US Information Agency, and 
then-Vice President Al Gore. A group calling itself Masterz of Downloading took down 
both the FBI's and Senate's homepages that same year. And, according to attrition.org, 
a website that once documented and archived high-profile hacks, government sites 
successfully attacked so far in 2001 include those of the Federal Highway 
Administration, the Department of Health and Human Services, the Federal Law 
Enforcement Training Center, and the US Navy Fleet & Family Support Center.

But teen-age hackers are the least of the government's concerns. It's international 
terrorists and foreign nations that really have government computer personnel worried, 
according to Air Force Lieutenant General Michael Hayden, who heads the National 
Security Agency. Last year, while speaking at a computer security conference in 
Baltimore, Hayden announced that cyberspace would become the next major military 
battlefield.


And there have already been several "battles" illustrating his point. In 1999, Army 
General Henry Shelton, chairman of the Joint Chiefs of Staff, disclosed to reporters 
from the Reuters news service that the United States had tried to mount electronic 
attacks on Serbian computer networks during the NATO air campaign over the province of 
Kosovo. In 2000, as tensions and violence were on the rise in the Middle East, 
civilian hackers on both the Israeli and Palestinian sides of the conflict began 
defacing government and commercial websites, including websites belonging to US 
companies and nonprofit organizations with ties to Israel. And after a US spy plane 
collided with a Chinese fighter jet this past April, several US-based websites were 
allegedly hacked by Chinese hackers.


"I would rather have my attention focused on what rogue states are doing to us than 
being harassed seven times a day figuring out what some guy is doing to us," Money 
said about trying to recruit hackers to help the government ward off such threats.


Keeping recruits in check


But the government may have a harder time than it expects keeping the hackers it 
recruits in check. Just this past May, an Air Force airman was arrested in Korea for 
hacking into approximately 50 Korean websites. The 24-year-old airman first class, who 
was stationed at Osan Air Base, was caught by Korea's National Police Agency Cyber 
Terror Response Center while hacking at his girlfriend's home in the Gyeonggi Province 
of Korea.


And last year, the CIA admitted that it was investigating 160 employees who had 
allegedly created and participated in a secret chat room they had hidden deep inside 
the bowels of the CIA's computers. The chat room, which was built by the agency's own 
computer personnel, existed for between five and 10 years before being discovered. 
Four CIA employees and nine CIA contractors were disciplined for the security breach 
and had their security clearances revoked, making them unemployable by the CIA. 
Another 18 employees received letters of reprimand, and many of them were suspended 
without pay for periods ranging from five to 45 days.


Former Air Force Academy cadet Chris Wiest received a far more drastic punishment than 
a 45-day suspension, however, when he was charged with hacking into a company's 
servers to set up an unauthorized IRC chat room. Wiest, who still denies the 
allegations, was convicted of the lesser charge of "illegally accessing a computer 
system and causing damage" and discharged from the Air Force. His conviction, if not 
overturned on appeal, may bar him from ever becoming a lawyer, a goal he has been 
pursuing since his discharge.


"I think an objective, reasonable person will conclude there's been an injustice," 
said Frank Spinner, Wiest's defense attorney. "This is a case about ineptitude on the 
part of the Air Force in trying to figure out what computer hacking is."


Wiest is currently appealing his conviction. But whether he wins or loses, the 
government will have to learn a lot more about hacking if it intends to continue to 
recruit hackers into its ranks. For now, Chris Wiest is a casualty of that learning 
process.


"I remember being terrified, absolutely terrified," Wiest said about his trial and 
discharge. "And especially, you know, this is all I was doing. I was chatting. The 
rest of this is ridiculous."


This article is based on original reporting by "CyberCrime" segment producer Scott 
Pearson.

Copyrightę 2001 TechTV LLC. All Rights Reserved.

============================================================
Good, Better, BEST!  What's better than a year's subscription
to Ladies' Home Journal? Only a FREE year's subscription!
Check out this great offer now!
http://click.topica.com/caaac1Db1dhr0b2EDp2f/TopOffers
============================================================

--via http://techPolice.com
archive: http://theMezz.com/cybercrime/archive
subscribe: [EMAIL PROTECTED]
--via http://theMezz.com

==^================================================================
EASY UNSUBSCRIBE click here: http://topica.com/u/?b1dhr0.b2EDp2
Or send an email To: [EMAIL PROTECTED]
This email was sent to: archive@jab.org

T O P I C A -- Register now to manage your mail!
http://www.topica.com/partner/tag02/register
==^================================================================

Reply via email to