While the Federal Bureau of Investigation is stretched thin trying to deal with a flood of tips on terrorist activity, the agency is turning away former agents volunteering to work for free. At a time when brilliant hackers from the cyber netherworld could hunt America’s enemies through the Internet, the federal government is refusing their help outright and closing off the chance for future cooperation with broad-stroke legislation that slams them.
As panicky residents in Mississippi cry anthrax, FBI scientists are still begging their administrative superiors to talk to a Virginia resident who, as a Soviet researcher, helped make the lion’s share of the world’s biological weapons. Then there’s the robotics firm in Little Italy that designs deep-digging probes for NASA’s Mars missions 35 million miles away, but doesn’t know who to call to help look through the World Trade Center rubble a few blocks south.
The last time the U.S. was threatened on its own soil, national leaders brought together the brightest talent—whether domestic or from hostile regimes—to build the atomic bomb and beat back Hitler. Now, instead of creating a new Manhattan Project, the feds are erecting a Homeland Security tent with serious holes. The Pentagon has issued a cattle call to the American public for new methods to battle terrorism, and famously solicited Hollywood screenwriters to dream up terrorist scenarios for which the U.S. should be prepared. Even President Bush enlisted the television show America’s Most Wanted to hunt down Al Qaeda cells. It’s obvious Washington is trying to be more creative, but an outsider is still left to wonder about the resources left untapped.
“The federal government has repeatedly failed to use resources at its disposal to fight the war on terrorism,” says Brian Flynn, who has agitated for attention to terrorist dangers since his brother was killed on Pan Am Flight 103 in 1988. “Yes, September 11 has caused us to make a number of short-term changes, but this battle requires fundamental changes. Once again, I fear that we may not have learned our lesson.”
Flynn is founding the Civilian Defense League, a citizens’ activist group to push for new policies and programs. Among the ideas his group will champion is that of a new emergency broadcast system for the information age, with alerts reaching the public through e-mails from Internet service providers, and Web postings that can overwrite pages at the server level. Notices to wireless phones and Palm Pilots could signal people in pinpoint hazard zones. It’s an idea that requires no new technology and could have been done years ago as new communication channels opened up.
Such innovation should be welcome, but at this moment even cheap, mundane solutions are being refused, experts say.
“I don’t disagree that there’s talent out there that could be used and isn’t. We’re probably a perfect example of that—we’ve got former (FBI) agents here who’ve offered services for free and were turned down,” says Dennis Farley, president of the Intelligence Group, a New Jersey corporate security firm. Farley’s staff includes an executive who, as part of the FBI’s elite Evidence Response Team, worked on the Egypt Air Flight 990 crash two years ago.
The disconnect between eager supply and crushing demand is glaring. The FBI is buried in paperwork spinning out from the 390,000 tips it’s received since September 11, yet “there’s been no effort on our part to rehire,” says Bill Carter, an agency spokesman. Imagine a private corporation turning away unsalaried skilled laborers when its crew is on the brink of exhaustion. Former agents are frequently contracted for specific cases, or to perform routine background checks on employees, Carter explained, but all such arrangements are made on a “case-by-case basis.”
Another FBI source says legal hassles make it hard to accept free labor.
The harvesting of outside talent has been yet more abysmal. One example is that of Dr. Ken Alibek. As the former No. 2 Soviet bioweapons researcher and now an American citizen living in Virginia, Alibek might have valuable contributions to make in the anthrax investigation. After all, his team created more weapons-grade anthrax strains than any other and developed the most advanced ways to transport and disperse the germs. The FBI, however, hasn’t seen fit to bring him in.
“Believe me, the failure to consult (Alibek) is a senior-level decision. . . . But we all must pay the price for such failures and omissions,” commented one frustrated researcher close to the case.
Of course, the U.S. government debriefed Alibek, a native of Kazakhstan, when he immigrated in 1992 after the fall of the USSR. Intelligence officers may believe he has nothing left to tell them. But the 51-year-old Alibek remains active on the anthrax front—his company is developing countermeasures—and if presented with fresh data might be uniquely able to identify aspects of the strain causing panic in America now.
One qualification he might be missing is credibility, says Les Paldy, distinguished professor of technology and society at the State University of New York at Stony Brook and a former U.S. arms-control delegate. He believes the FBI is going full tilt, and suggests the agency might have its own reasons for not contacting Alibek. “This is a man obviously capable of violating international law,” notes Paldy, referring to the 1972 treaty that expressly barred the biowarfare work Alibek performed for years.
If Paldy’s right, that resistance flies in the face of Vice President Dick Cheney’s caution to innocents in the American public that the government was going to have to do dirty things with dirty people to win the war on terrorism.
We’re now coddling despots who started their day on September 11 bankrolling the Taliban and Al Qaeda, so why not call a scientist in Virginia who broke ties with biowarfare a decade ago? “Round up and continually exploit all of the former Soviet and former state (weapons) managers and scientists that are available, without making them jump through hoops to prove themselves,” argues Ray Picquet, technical director of the Cobra Institute for Counterterrorism Research and Analysis. “Too much time is lost playing those credibility games with important scientific defectors—for the sake of a relatively small risk to security interests and very little money.”
During the Space Race, the U.S. went so far as to work with Nazi rocketry experts. Cyberspace warfare may also present ethical challenges.
The very term hacker evokes radically different images to different people. For hardcore veterans of the Internet, a hacker is to code what a Fermi lab researcher is to nuclear physics—a dedicated maven motivated by knowledge alone. But that definition has devolved in popular use to mean those who use a bit of know-how to wreak havoc on computer servers. Semantics alone make alliances between intelligence agencies and byte jockeys problematic.
“I am an old-school hacker and only work with the crème de la crème,” boasts Kim “Kimble” Schmitz, the German who runs an investment company and since September 15 has operated YIHAT, or Young Intelligent Hackers Against Terrorism. “Uncle Sam has no idea of cyberwar, only theoretical experts, no practical skills.” In an echo of Al Qaeda’s organization, YIHAT says it will soon open hacker training camps.
Schmitz takes credit for conducting a cyberwar against Web vandals sympathetic to Osama bin Laden, and more importantly to having found and reported $360 million from 12 sources in the terrorists’ network by hacking into banks. But YIHAT seems to have declared victory and retreated. On October 20, a few days after holding an online meeting to strategize ways of gaining government blessings for its vigilante project, the group posted an announcement from Munich that it had amassed the talent it needed, and had suffered distracting attacks to its public page. Therefore, “YIHAT moves to the underground.”
The feds seem unimpressed. “We don’t hire or consult hackers to do our investigations or to get insight into the hacking community. We work with the employees we have,” says Debra Weierman, an FBI spokesperson with the National Infrastructure Protection Center. “It’s a logical connection to make, but I don’t think they’re going to be addressing that as a source of information or insight. The bottom line is we have other avenues to gain information and to work on investigations without having to consult hackers.”
As for the attitude of governments to which YIHAT presumably reports its findings, Schmitz curtly replies, “confidential.”
Chris Wysopal, director of research and development for the leading cyber security firm @stake, lays into Schmitz. “YIHAT. I think this is a complete joke. There are many hackers out their looking for a legitimizing excuse to ply their trade,” says Wysopal, who compares YIHAT to earlier efforts by hackers to curry favor with—and get slack from—authorities by catching pedophiles. “It is pretty reckless to engage in this activity. Luckily for the rest of us, these hackers are mostly making up their stories.”
Like Weierman, Wysopal is confident the U.S. government has the expertise, through the National Security Agency, Air Intelligence Agency, and various infowar teams too spooky to publicly name, to smoke out terrorists on the Web. And @stake itself has been consulting with the federal government and Senator Joe Lieberman’s office for some time on protecting sensitive networks.
Many hackers aren’t interested in riding shotgun to Uncle Sam these days anyway. They’re too busy angrily countering government efforts to tap the Internet and unravel encryption protections. In a country like Israel, where terrorism has long been part of life, nearly all the top hackers have served in the military at some point, and private firms often have government connections and support.
It’s the American public that may pay the price for the bad blood and static, says Elias Ladopoulos, chief strategy officer for the Internet security company Digital Frameworks. “Many hackers may have access to systems and information overseas that are not normally available to the NSA or other U.S. intelligence agencies. It’s likely political and legal restrictions prevent our agencies from engaging in this type of work, while hackers may already have access—or can get it,” he points out. “Oftentimes hackers will have control over systems and networks over long periods of time, and will recognize intrusions faster than the owners of the system themselves. . . . So some hackers may have knowledge of events that have fallen under the radarscope of the authorities.
“Unfortunately, while law enforcement has its paid informants in this space, it’s usually those hackers who have been caught and must work out a deal,” adds Ladopoulos, who as a teenager in the ’80s found himself squarely on the wrong side of the law when he hacked under the handle Acid Phreak. “The best hackers are in too deep into systems and networks, and will probably never be caught. Those are the ones we need to deal with.” Offer to pay them with an anonymous service like PayPal, he suggests, and they may come knocking.
The hackers are recommending faceless digital dollars, but the U.S. is still chasing after old-fashioned “wire transfers between banks and individuals linked to terrorism,” says one former CIA money hound. “The people they should tap are probably the criminals, the people in jail for money laundering. But that brings us back to the dumb-ones-get-caught dilemma.”
Money lies at the heart of the problem in pulling talent from the private sector. “It’s often the larger companies that get the government contracts for this type of thing. Unfortunately, they’re not often the ones with truly innovative solutions. Even more so, it’s often a matter of politics as to who gets brought in,” says Ladopoulos.
Those are unnerving sentiments for a 17-employee venture like Honeybee Robotics to hear. The company sits upstairs from a bakery in Little Italy, but designs equipment for NASA probes to Mars and beyond. It also has capabilities that might aid the investigation at the World Trade Center pit, or at least provide a measure of protection for workers.
Honeybee could outfit robots to probe and sample the dust that lies below workers, giving them foreknowledge of dangerous pockets and gases below. One corer is unique for its ability to preserve dust and rubble in precisely the layers it fell, which might prove useful for forensics. Honeybee also has a robot designed to crawl through steam pipes like those leading into the foundation of the World Trade Center—which perhaps could give investigators a peak deeper in than they’ve been able to get so far.
Yet the company’s phone hasn’t rung. “The Con Ed executive who would know to hire us because he’s hired us before, Dick Morgan, died in the attack, or at least is missing,” says Stephen Gorevan, chairman of the company. “We’ve never been asked to go in, but I’m not sitting here pissed off that nobody is calling me. I worked for the government for 18 years. I understand how it’s too cumbersome and big to respond effectively. It can’t swing into place as fast as giants in the corporate sector do,” Gorevan reflects. “I think there’s a little bit of a myth that we do have our act together, but we don’t.”