By Walter Pincus
Tuesday, March 3, 2009
In the new electronic information world, your cellphone or BlackBerry can be tagged, tracked, monitored and exploited by a foreign intelligence service between the time you disembark from a plane in that country's capital and the time you reach the airport taxi stand.
That is according to Joel F. Brenner, national counterintelligence executive and mission manager for counterintelligence for the director of national intelligence.
In a talk on information-sharing last Wednesday at a conference sponsored by the Institute for Defense and Government Advancement, Brenner described his job by invoking the image of a hole materializing in a security fence. "Our job in part," he said, "is to figure out how it got there, who's been coming through it, and what they took when they left." In addition, he said, his group tries to figure out "how to return the favor," meaning how to break into the adversary's networks.
The thrust of his presentation was to alert the audience and the public to the vulnerability of new electronic communications devices and the growth in the number and types of groups exploiting them.
Cellphones, he said, are great devices for sharing information, "but the mike can be turned on when you think it is off." An iPod's ear buds can be converted to a recording device when not in your ears. Brenner described thumb drives as "the electronic equivalent of unprotected sex" and the biggest source of what he calls "ETDs," or electronically transmitted diseases.
Those vulnerabilities are increasingly exploited in the intelligence world as demand increases for the sharing of collected information and the resulting analysis. Brenner noted the countervailing pressures within the intelligence community and society in general to share intelligence as well as restrict it. The "propeller heads" who invent new "cool" ways to transfer information in the intelligence world, Brenner said, are similar to those in civilian companies: They believe in openness, not secrecy, and therein lies the problem.
"We have not paid enough attention to the operational and CI implications of the rapid deployment of information systems," Brenner said, using the abbreviation for counterintelligence.
He pointed out that the Sept. 11, 2001, terrorist attacks were arguably the result of a failure to relay intelligence where it was most needed within the CIA and FBI. "The next disaster," he said, could "well be caused by our relentless push to move information before we understand where it's going, only to find later that we moved it right into the lap of a hostile foreign intelligence service or terrorist organization."
Americans, he said, are basically "a trusting lot not born with an inclination to protect secrets." Added to that is "our workforce's relentless demand for convenience and its impatience with reasonable security requirements." When the competing demands clash, Brenner said, "convenience wins hands down, every time."
Figures he presented from the Department of Homeland Security showed that unauthorized access to U.S. government computers and, more ominously, the introduction of malicious software or viruses are both growing. There were 2,172 known incidents of government computer tampering in 2006, compared with 3,928 in 2007 and 5,499 last year.
In the civilian world, Brenner said, hacking into Web sites has gone from a prank to a highly profitable business. "Cybercrime is now a mature business model, with a well-developed secondary market for electronic burglar's tools and stolen information," he said. There has been a change in what is being stolen, he added, because the market for illegally obtained personal data, such as credit card and Social Security numbers, has become saturated. The new target for criminal hackers is corporate intellectual data.
The only answer for electronic systems protection, Brenner said, is training and earning the loyalty of employees -- who could enable security breaches -- whether in government or the private sector. He told of an appearance last year before a Silicon Valley audience that he thought wanted him to describe some single system to eliminate the vulnerabilities of electronic systems.
The answer he gave them: "There is no black box, real or imagined, that can make this problem go away."
National security and intelligence reporter Walter Pincus pores over the speeches, reports, transcripts and other documents that flood Washington and every week uncovers the fine print that rarely makes headlines -- but should. If you have any items that fit the bill, please send them to firstname.lastname@example.org.