A SOVIET AGENT aboard a U.S. Navy warship can do something even worse than steal secrets. He can steal the ship's ability to fight or defend herself. By inserting a "software mole" into the ship's computer system, he can create false orders that will cripple the ship -- perhaps long after he has left her. Like an invisible time bomb, the subverted software could lie hidden in the computer system, ready to explode in the form of catastrophic commands.
"If an espionage agent should gain access to the classified information stored in a computer system, he could retrieve it for clandestine purposes," two Navy officers warned in 1983. "He also could alter the information stored in the computer so as to significantly change its operation characteristics."
At the time of this warning, communications expert Jerry Alfred Whitworth was serving aboard the nuclear-powered carrier Enterprise and, according to the espionage indictment against him, allegedly was providing the Soviet Union with information about a highly classified Navy shipboard computer system. The government charges that Whitworth was recruited for spying by John A. Walker, another retired Navy communications specialist.
Writing in 1983 in the U. S. Naval Institute Proceedings, the authoritative professional journal of the Navy, the two officers used three scenarios to illustrate this new form of computer-age sabotage at sea:
A reconnaissance plane routinely launched from a U.S. carrier off Lebanon observes the sinking of a warship belonging to a friendly nation. The plane immediately transmits a report through the Worldwide Military Command and Control System net. But only a garbled message reaches Washington.
A U. S. Navy task force -- a cruiser and three guided-missile frigates -- is steaming off the coast of Oman when one of the frigates makes sonar contact with an unidentified submarine. While the frigate is tracking the submarine, the submarine sinks a tanker near the mouth of the Straits of Hormuz. The officer in tactical command of the task force orders a helicopter-frigate unit to pinpoint the location of the submarine and prepare for an attack.
But everything goes haywire. None of the officer's commands get through to the other ships or helicopters. And, with no proof that a submarine was in the area, the United States is blamed for the sinking of the tanker.
A ship in a U.S. Navy battle group detects an incoming barrage of enemy cruise missiles. The battle- group commander orders his defensive missiles fired. In the air they all self-destruct, leaving the U.S. ship with only second-string defenses that cannot destroy all the enemy missiles.
The hidden actor in the three scenarios was a computer penetrator, a subversive agent who inserted into shipboard computer systems what Navy Lieutenants Peter Grant and Robert Riche, authors of the Proceedings article, called "trapdoors" and "Trojan horses." A trapdoor is a small section of a computer program that is swung open by a word or sequence of characters the agent has inserted in the computer software.
A Trojan horse, also called a software mole, is a false command inserted inside a legitimate command. The reconnaissance plane in the first scenario had a Trojan horse inside its command-and-control system. When the plane flashed its report, its computer software called up a routine "utility program" for setting up the telecommunications link to Washington via the Worldwide Military Command and Control System net.
Inside the utility program was a Trojan horse designed by the penetrator's Soviet handlers. The covert subversive program told the legitimate utility program to monitor the message for certain key words -- such as "sinking'' or "missiles" or the name of a certain country -- and, when those words were detected, to garble the message. The task force lost the submarine because of another Trojan horse.
This horse told the computer to kill any antisubmarine warfare commands given in a real combat situation that occurred at certain navigational coordinates, in this case a location near the Straits of Hormuz. The horse also knew that Navy ships do not fire live ammunition in exercises in certain sensitive areas. So the horse would not be activated during a training exercise and would remain undetected until the crucial moment when a real incident was taking place in a real trouble spot.
The battle group's missiles destroyed themselves because of a trapdoor built into the ship's radar. The trapdoor was opened by a signal from an enemy plane: It simply transmitted an activating message read by the ship's plane-detection radar. The message passed into the computer network and triggered a previously planted subversive message that gave false signals to the radar tracking the ship's missiles, blowing them up long before they reached their target.
The vulnerability of warships' computer systems, the authors said, has been known since at least 1975. Around that time, the Department of Defense formed "tiger teams" that were told to try to penetrate sensitive defense computers.
"Not only were these tiger teams able to break into every one of the computer systems that they had targeted," the authors wrote. "They found that doing so was far simpler than many had expected. Even systems that were advertised as 'secure and unbreakable' by their manufacturers took a relatively short time to penetrate. The tiger teams were able to gain access to desired information and even obtain control over the entire computer system."
Although ideas for protecting the military's computer systems have been developed, many of the ideas have been sidetracked in the rush to modernize computer systems and continually update software. Many of the software-writing private contractors are connected to the ARPANET, the Department of Defense's Advanced Research Projects Agency's communications network.
Someone penetrating that network could insert trapdoors and Trojan horses even before the software is delivered to the Navy. (A student at the University of California at Los Angeles was arrested on November 2, 1983 for breaking into ARPANET, along with more than 200 computer systems, including the Naval Research Laboratory's.)
The lack of adequate computer protection was conceded in the Department of Defense computer security manual in effect when Whitworth was serving aboard the Enterprise. "Operating in a true multilevel security mode," the manual said, "remains a desired operational goal . . . . However . . . this goal cannot generally be obtained with confidence due to the limitations in the currently available hardware/software state-of-the-art."
Adm. James D. Watkins, chief of naval operations, in a June 11 press conference assessing probable losses to the alleged Walker spy ring, hinted concern over computer penetration. "Some technical design communications information has probably been lost," he said. Watkins did not say if any Navy tigers had been sent to search for trapdoors or Trojan horses where alleged spies had been.