booklets and brochures

networked information systems

foreign intelligence service threats

FISs are acutely aware that information of great interest to them increasingly resides within computer networks. They are spending a great deal of time, energy, and money in planning ways to gain undetected access to that data.

In addition to the obvious interest an FIS may have in seeking ways to surreptitiously access networks, data-mining technologies provide the FIS with tremendous opportunities for researching and combining nuggets of related information. Using data-mining techniques, an FIS can draw data from hundreds of disparate locations and combine all the acquired information to provide it with the details of proprietary research. An FIS may also use the tremendous network resources available to collect intelligence on individuals with authorized access to desired information. This would enable the FIS to identify potential candidates for recruitment or blackmail.

FISs also are interested in mapping networks to identify vulnerabilities that could be exploited in a conflict with the United States or US allies. The identification of network vulnerabilities allows a foreign government to develop plans to exploit, degrade, take control of, or deny access to critical information or networks needed by the United States to respond to a crisis. Commonly referred to as information operations or information warfare, these cyberspace attacks provide an adversary the ability to conduct standoff warfare. It may also offer the attacker plausible deniability by allowing the attacker to remain anonymous. In addition, foreign nations are developing information warfare programs because they believe US reliance on information technology to control critical government and private industry infrastructures is its Achilles' heel. Li Peng, Chairman of the People's Republic of China's National People's Congress, in a discussion of information warfare, stated:

"We should attach great importance to strengthening the Army through technology, enhancing research in defense-related science, giving priority to developing new arms needed for defense under high-tech conditions, and stressing the development of new types of weapons."

hackers and organized crime

The media has reported examples of intrusions into government and private-sector computer networks. Hackers employing damaging viruses -- such as the "I Love You" virus, the Melissa macro virus, the Explore Zip worm, and the CIH (Chornobyl') virus -- have been attacking US Government Web sites, commercial sites -- such as CNN -- and Internet search engines -- such as YaHoo. Computer Economics, Inc., a California firm, estimates that viruses cost US businesses over $7 billion in the first half of 1999. The Computer Security Institute estimated in its 1999 survey that financial losses by the 163 businesses it surveyed on computer security approached $123.7 million. This included everything from theft of proprietary information to denial of service on networks.

According to the Federal Bureau of Investigation (FBI), cyber intrusions by criminal groups who attack systems for purposes of monetary gain have also increased. For example, in 1994 the US Secret Service uncovered a $50 million phone card scam that abused the accounts of AT&T, MCI, and Sprint customers. In another case, Carlos Felipe Salgado, Jr., gained unauthorized access to several Internet service providers in California and stole 100,000 credit card numbers with a combined credit limit of more than $1 billion. The FBI arrested him at the San Francisco International Airport when he tried to sell the credit card numbers to a cooperating witness for $260,000.