August 29th, 2005

How the undermining of US intelligence continues in cyberspace

Posted by George Ou @ 8:35 am

Categories: Security

Tags:

When my friend emailed me this story on Time Online about Chinese cyberspies, I thought it was just going to be just another story about cyber attacks from China.  Even the title of the Time article "The Invasion of the Chinese Cyberspies (And the Man Who Tried to Stop Them)" gave no indication of the alarming ineffectiveness of US cyber intelligence policy.  The article chronicled the work of an American Veteran Shawn Carpenter who tracked down and counter-hacked a Chinese cyberespionage ring called "Titan Rain" that hacked everything from Lockheed to NASA to the Army.  What’s shocking is that the FBI who unofficially worked with Carpenter ended up investigating Carpenter rather than the Titan Rain and dumped all of Carpenter’s work.

It turns out that US intelligence agencies must go through a "cumbersome authorization process that can be as tough as sending covert agents into foreign lands" before they can track down any foreign hackers.  This also means that they can’t officially work with someone like Shawn Carpenter since it’s illegal for a US citizen to counter-hack in to a foreign country.  The US essentially has to play nice and hope that a foreign government will be cooperative.  The reality is that the Titan Rain are so professional and organized that many in the intelligence community suspect the Chinese government of being the sponsors of Titan Rain and this is simply a continuation of the 90s when China routinely stole technology from American companies and National Laboratories.  Since the Chinese government is giving zero cooperation in the investigation against Titan Rain and went as far as calling the charges against Titan Rain "totally groundless, irresponsible and unworthy of refute", US intelligence has very little to work with.

Up until Shawn Carpenter successfully counter-hacked Titan Rain, there wasn’t even any direct evidence that the attacks were emanating from China in the first place.  It was known that massive numbers of cyber attacks were coming from China but no one could be certain if China was just being used as a proxy by some other foreign country who managed hack in to Chinese computers to use them as a launch platform.  Carpenter had actually managed to install his own bugging code into one of Titan Rain’s primary routers in Guangdong China (near Hong Kong) and could effectively monitor Titan Rain’s every move and verified that the hacks were indeed emanating from China.  Carpenter fed this intelligence to the FBI for months and was showered with praise until the FBI abruptly stopped communicating with him in March of 2005.  Carpenter ended up being the subject of an FBI investigation which eventually ended up filing no charges against him but resulted in his dismissal from his employer Sandia National Laboratories.  What’s most shocking is that the FBI did not even bother to ask Carpenter for the password to Titan Rain’s router or any of the other tools that Carpenter used to infiltrate Titan Rain.  If Shawn Carpenter had hacked in to an Al Qaeda network, his work probably would have been discarded the same way.

What the Carpenter case illustrates is a continuation of the gutting of US intelligence that started back in the 70s with Senator Frank Church’s Church commission and the 90s with Robert Torricelli leading an effort to "reform" the CIA.  In their crusade to investigate the CIA and turn them in to a kinder gentler agency, the Church commission leaked so much classified information that it lead to the deaths of many US informants in foreign countries which dried up all other leads since no one wants to work with a country whose own Senate might betray them.  The Torricelli reforms forbade the CIA from recruiting terrorists and criminals as informants yet anyone who knows the spy business knows that effective informants are usually not choir boys.  Now that the FBI has let Carpenter’s work go to waste, it would seem that 9/11 hasn’t really taught us anything and we’re still more interested in being politically correct than being safe.