REGISTER
 
 Minimize
Auburn Mountain
SearchMinimize

 Minimize
Internet SecurityMinimize
Helpful ArticlesMinimize
 Minimize

 

CyberTerrorism

The U.S. Federal Bureau of Investigation defines CyberTerrorism as any "premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents." This would include the banking and insurance industry.



Carnivore, Echelon and DCSNet
Global and national monitoring projects considered an imposition on freedom of may have been the saving graces of us all…Carnivore, Echelon and DCSNet. Keith Lourdeau, Deputy Assistant Director, Cyber Division, FBI stood before the Senate Judiciary Subcommittee on Terrorism, Technology, and Homeland Security in February 24, 2004 and told this story:

 “I’ve Hacked The Server...Pay Me"
“In May 3, 2003, an e-mail was sent to the National Science Foundation’s (NSF) Network Operations Center which read, “I’ve hacked into the server of your South Pole Research Station. Pay me off, or I will sell the station’s data to another country and tell the world how vulnerable you are.” The e-mail contained data only found on the NSF’s computer systems, proving that this was no hoax. NSF personnel immediately shut down the penetrated servers. During May, the temperature at the South Pole can get down to 70 degrees below zero Fahrenheit; aircraft cannot land there until November due to the harsh weather conditions. The compromised computer systems controlled the life support systems for the 50 scientists “wintering over” at the South Pole Station.

The FBI determined that the hackers were accessing their e-mails from a cyber café in Romania. One of the hop points utilized by the intruder was a computer system in Pittsburgh owned and operated by a trucking company. A hop point is a computer system, usually compromised by the intruder that is utilized to conceal the true location and identity of the intruder. Joint FBI investigative efforts with the Romanian authorities, in this matter, resulted in the seizure of documents, a credit card used in the extortion scheme, and a computer that contained the very e-mail account that was used to make the demands of the National Science Foundation. On June 3, 2003, two Romanian citizens accused of hacking into the NSF South Pole Research Station were arrested in a joint FBI/Romanian police operation. The two are currently scheduled to stand trial in Romania.
Source: Testimony of Keith Lourdeau, Deputy Assistant Director, Cyber Division, FBI
Before the Senate Judiciary Subcommittee on Terrorism, Technology, and Homeland Security…February 24, 2004

Cyber-Terrorism Activity
Financial Services Professionals should understand that sending e-mail unencrypted is inherently insecure. Network administrators at Internet service providers and employers can read messages at one of several transit points. However, hackers can use software initially designed for network administrators to diagnose Internet problems. Security experts say more sophisticated hackers can even change messages in transit, without the sender or recipient ever knowing.

Echelon and Carnivore...Big Brother Watching?
Corporations are taking steps to protect computer networks after the September 11th, 2001 attacks on the Pentagon and World Trade Center. Corporations still fear the next attacks might be launched online. Many are suggesting that we go back to  low-tech, back to paper and faxes and what we used to do in the 1980s before we had virtual private networks and widespread Internet connections. Of course, we know this is not the best long-term strategy,

Carnivore Primer: The NIPC, Echelon and Carnivore
The FBI's National Infrastructure Protection Center-NIPC which is a joint FBI and private sector office was charged with protecting US network and computer infrastructures from Cyber-Terrorists and their attacks. Our federal agencies have been at work on these issues long before September 11th, 2001. The FBI's National Infrastructure Protection Center is now a part of the National Infrastructure Coordinating Center (NICC). A key component of the Infrastructure Coordination Division (ICD), the National Infrastructure Coordinating Center (NICC), serves as an extension of the Homeland Security Operations Center. As part of the National Cyber Security Division, the United States Computer Emergency Readiness Team (US-CERT), a partnership between the DHS National Cyber Security Division (NCSD) and the private sector, has been established to protect our Nation's Internet infrastructure.

Saving Grace
It is interesting to note that several global and national monitoring projects that have long been considered an imposition on freedom of speech and movement by many in the American pubic may be the saving grace of us all. The surveillance projects are Carnivore and Echelon.

“Electronic surveillance has been extremely effective in securing the conviction of more than 25,600 dangerous felons over the past 13 years” Source: Formerly posted at –www.fbi.gov/programs/carnivore/carnivore.htm-

Carnivore versus Echelon
Echelon (origins are in the National Security Agency) deploys technology so advanced that it can scan tens of thousands of telephone calls for words of interest to government agents such as the Central Intelligence Agency (CIA). Echelon is an eavesdropping system so vast that it spans the globe, collecting telephone and data transmissions at network nodes around the world, archiving every one of them on endlessly running tapes. Echelon has the capability to monitor every telephone call to and from the United States.

Echelon is the older of two government-operated systems designed to intercept and analyze personal telecommunications on a wholesale basis. It is very interesting to note that before the Twin Tower Attacks, Echelon and Carnivore was viewed as a very real and very dangerous threat to liberty and privacy. Recent changes in surveillance rules may allow "Big Brother" to become a real hero in the War on Terrorism.There is no solid evidence to support the existence of Echelon. Maybe people may have confused this rumored system with the Carnivore system…just a thought.

Echelon has a sinister younger brother, nicknamed Carnivore (origins is with the Federal Bureau of Investigation (FBI). Carnivore has been renamed "DCS-1000" to improve its public image. In terms of privacy concerns as well as raw technological power, Carnivore looked like a toy compared to Echelon. The US government has admitted to operating Carnivore while no official admission of Echelon has ever been made.

Echelon was almost certainly the world's most sophisticated network monitoring system and, if rumors are to be believed, anyone who felt uncomfortable with the secrecy surrounding Carnivore should have been downright paranoid where Echelon is concerned. Carnivore was designed to track and intercept email messages. Carnivore is attached to the computers of an Internet Service Provider and scans email traffic for information of interest to the government. The FBI traditionally deployed Carnivore to scan e-mail traffic for Cyber-Terrorism activity.

Carnivore Used For Specific Reasons
The FBI named this system "Carnivore" in reference to its objective of collecting hard ("meaty") data. However, Carnivore captures only the raw bits of information. Messages that users encrypt with readily-available tools like PGP, for example, are not "cracked" by the system. Decoding these messages offline can require serious effort on the part of investigators.

The FBI used Carnivore for specific reasons. Particularly, the agency would request a court order to use Carnivore when a person was suspected of:

  1. Terrorism
  2. Child pornography/Exploitation
  3. Espionage
  4. Information Warfare
  5. Fraud

Echelon - Global Surveillance System
Echelon is a global system i.e. worldwide surveillance system - the tentacles of which reach into voice and data traffic carried by satellite, microwave, undersea cable and radio. Carnivore is a more local phenomenon. It resides in a "black box" attached to the computers of an Internet Service Provider. Carnivore, which is operated by the FBI, cannot be installed without a court order. But unlike traditional wiretaps, which target only the phone of an identified suspect, Carnivore sifts through email traffic indiscriminately.

FBI Shuts Down Carnivore in 2005
In the year 2005, The Federal Bureau of investigation abandoned its custom-built Internet surveillance technology designed to read e-mails and other online communications among suspected criminals, terrorists and spies, according to bureau oversight reports submitted to Congress in 2005.

FBI Did Not Go Quietly In the Night
Instead, the FBI said it has switched to unspecified commercial software to eavesdrop on computer traffic during such investigations and has increasingly asked Internet providers to conduct wiretaps on targeted customers on the government's behalf, reimbursing companies for their costs...the saga continues. The FBI has quietly built a sophisticated, point-and-click surveillance system that performs instant wiretaps on almost any communications device. Source: Freedom of Information Act

DCSNet
The surveillance system, called DCSNet, for Digital Collection System Network, connects FBI wiretapping rooms to switches controlled by traditional land-line operators, internet-telephony providers and cellular companies. It is embedded into our nation's telecom infrastructure. Do not let anyone tell you otherwise. DCSNet is a suite of software that collects, sifts and stores phone numbers, phone calls and text messages.

The FBI’s system is comprehensive. This system intercepts wire line phones, cellular phones, push-to-talk systems and SMS. Commonly called “Text Messaging”, Short Message Service (SMS) is a communications protocol allowing the interchange of short text messages between mobile telephone devices. SMS text messaging is the most widely used data application on the planet, with over 2.4 billion active users, or 74% of all mobile phone subscribers sending and receiving text messages on their phones.

DCSNet’s Working Parts
Electronic Frontier Foundation stated that DCSNet includes at least three collection components, each running on Windows-based computers.

  1. DCS-3000 also known as Red Hook: handles pen-registers and trap-and-traces, a type of surveillance that collects signaling information -- primarily the numbers dialed from a telephone -- but no communications content. (Pen registers record outgoing calls; trap-and-traces record incoming calls.)
  2. DCS-6000, known as Digital Storm: captures and collects the content of phone calls and text messages for full wiretap orders.
  3. DCS-5000 (CLASSIFIED): is used for wiretaps targeting spies or terrorists.

Together, the surveillance systems let FBI agents play back recordings even as they are being captured (like TiVo), create master wiretap files, send digital recordings to translators, track the rough location of targets in real time using cell-tower information, and even stream intercepts outward to mobile surveillance vans.

Who Tapping The FBI?
FBI wiretapping rooms in field offices and undercover locations around the country are connected through a private, encrypted backbone that is separated from the internet. Sprint runs it on the government's behalf. So the short answer is no one!
Source: Electronic Frontier Foundation,  EFF is a donor-supported membership organization working to protect fundamental rights regardless of technology. FOIA Litigation: Electronic Surveillance Systems,   The FBI ,and FBI Counterterrorism

Adhere To Your Company’s Privacy Policies and Procedures
It is important for Financial Services Professionals to adhere to their companies and broker dealer privacy policies that are designed to protect client and customer data.

Sample Privacy Statements are shown below for your review and understanding. Please consult your company(ies) and Broker Dealer websites and compliance department for your specific privacy policies and procedure.

HIPPA Privacy Policy
Copyright 2006 - 2008 by Auburn Mountain   Auburn Mountain  Terms Of Use  Privacy Statement