Terminal Compromise by Winn Schwartau (my reading book .txt) 📖

NSA in other areas, many of their defensive recommenda-

tions have not been so well received.

“We are actually receiving more help from the public BBS’s and

local hacker groups in finding and eradicating the viruses than

from the NSA or ECCO,” said the Arnold Fullerman, Vice President

of Computer Services at Prudential.

AT&T is also critical of the government’s efforts. “The Presi-

dential Order gives the NSA virtual control over the use of our

long distance services. Without the ability to transmit digital

data packets, we can expect a severely negative impact on our

first quarter earnings . . .” While neither AT&T nor the other

long distance carriers indicated they would defy the executive

decree, they did say that their attorneys were investigating the

legality of the mandate.

The NSA, though, was quick to respond to criticism. “All the NSA

and its policies are trying to achieve is a massive reduction in

the rate of propagation of the Homosoto Viruses, eliminate fur-

ther infection, so we can isolate and immunize as many computers

as possible. This will be a short term situation only.” De-

tractors vocally dispute that argument.

AT&T, Northern TelCom and most telephone manufacturers are taking

additional steps in protecting one of Homosoto’s key targets:

Public and Private Branch Exchanges, PBX’s, or phone switches.

They have all developed additional security recommendations for

customers to keep Phone Phreaks from utilizing the circuits

without authorization. Telephone fraud alone reached an estimat-

ed $14 Billion last year, with the courts upholding that custom-

ers whose phones were misused are still liable for all bills.

Large companies have responded by not paying the bills and with

lawsuits.

The NSA is further recommending federal legislation to mitigate

the effects of future computer attacks. They propose that com-

puter security be required by law.

“We feel that it would be prudent to ask the private sector to

comply with minimum security levels. The C2 level is easy to

reach, and will deter all but the most dedicated assaults. It is

our belief that as all cars are manufactured with safety items

such as seat belts, all computer should be manufactured with

security and information integrity mechanisms in place. C2 level

will meet 99% of the public’s needs.” A spokesman for ECCO, one

of the emergency computer organizations working with the NSA

explained that such security levels available outside of the

highest government levels range from D Level, the weakest, to A

Level, the strongest.

It is estimated that compliance with such recommendations will

add no more than $50 to the cost of each computer.

The types of organizations that the NSA recommend secure its

computers by law is extensive, and is meeting with some vocal

opposition:

Companies with more than 6 computers connected in a network or

that use remote communications.

Companies which store information about other people or organiza-

tions.

All Credit Card merchants.

Companies that do business with local, state or federal agencies.

The entire Federal Government, regardless of data classification.

All publicly funded organizations including schools, universi-

ties, museums, libraries, research, trade bureaus etc.

Public Access Data Bases and Bulletin Boards.

“It is crazy to believe that 45 million computers could comply

with a law like that in under 2 years,” said Harry Everett, a

Washington D.C. based security consultant. “In 1987 Congress

passed a law saying that the government had to protect ‘sensitive

but unclassified data’ to a minimum C2 level by 1992. Look where

we are now! Not even close, and now they expect to secure 100

times that many in one tenth the time? No way.”

Another critic said, “C2? What a joke. Europe is going by ITSEC

and they laugh at the Orange Book. If you’re going to make

security a law, at least do it right.”

NSA also had words for those computers which do not fall under

the umbrella of the proposed legislation. Everyone is strongly

urged to practice safe computing.

Tuesday, January 26 St. Louis, Missouri

“I’m sorry sir, we can’t find you in the computer,” the harried

young woman said from behind the counter.

“Here’s my boarding pass,” he said shoving the small cardboard

pass into her face. “And here’s a paid for ticket. I want to get

on my flight.”

“Sir, there seems to be a complication,” she nervously said as

she saw at least another hundred angry people behind the irate

customer.

“What kind of complication?” he demanded.

“It seems that you’re not the only one with a ticket for Seat 11-

D on this flight.”

“What’s that supposed to mean?”

“Sir, it seems that the flight has been accidentally overbooked,

by about 300 people.”

“Well, I have a ticket and a boarding pass . . .”

“So do they, sir.”

Delta and American and Northwest and USAir were all experiencing

problems at every gate their airlines serviced. So was every

other airline that used the National Reservation Service or

Saber. Some flights though, were not so busy.

“What kind of load we have tonight, Sally?” asked Captain David

Clark. The American red-eye from LAX to Kennedy was often a

party flight, with music and entertainment people swapping cities

and visiting ex-wives and children on the opposite coast.

“Light,” she replied over the galley intercom from the middle of

the 400 seat DC-10.

“How light?”

“Crew of eleven. Two passengers.”

By midnight, the entire air traffic system was in total chaos.

Empty airplanes sat idly in major hubs awaiting passengers that

never came. Pilots and flight crews waiting for instructions as

take-offs from airports all but ceased. Overbooking was so

rampant that police were called into dozens of airports to re-

store order. Fist fights broke out and despite pleas for calm

from the police and the airlines, over 200 were arrested on

charges of disorderly conduct, assault and resisting arrest.

Tens of thousands of passengers had confirming tickets for

flights that didn’t exist or had left hours before.

Arriving passengers at the international airports, LAX, Kennedy,

San Francisco, Miami were stranded with no flights, no hotels and

luggage often destined for parts unknown. Welcome to the United

States.

The FAA had no choice but to shut down the entire air transporta-

tion system at 2:22 A.M.

* Wednesday, January 27 National Security Agency Fort Meade, Maryland

“Did you get the President to sign it?”

“No problem. Public opinion swung our way after yesterday.”

“And now?”

“Essentially, every long and short distance phone company works

for the Federal Government..”

“Tell me how it works.”

“We have lines installed from the 114 Signal Transfer Points in

every phone district to a pair of Cray-YMP’s at the Fort. Every

single AT&T long distance phone call goes through these switches

and is labeled by an IAM with where the call came from and where

it’s going. What we’re looking for is the high usage digital

lines. Including fax lines. So the phone company is kind

enough to send us a list of every call. We get about seven

million an hour.”

“We can handle that?”

“We have enough to handle ten times that.”

“I forget about the international monitors. That’s millions more

calls a day we listen to.”

“Yessir. The computers go through every call and make a list of

digital calls. Then we get a list of all billing records and

start crunching. We compare the high usage digital lines with

the phone numbers from the bills and look for patterns. We look

to see if it’s a private or business line, part of a private PBX,

hours and days of usage, then who owns the line. Obviously we

eliminate a great many from legitimate businesses. After inten-

sive analysis and profile comparison, we got a a few thousand

candidates. What we decided to look for was two things.

“First, we listen to the lines to make sure it’s a computer. If

it is, we get a look at the transmissions. If they are encrypt-

ed, they get a red flag and onto the Hit List.”

“The President bought this?”

“We told him we’d only need the records for a short time, and

then we would dispose of them. He agreed.”

“What a sucker. Good work.”

* Friday, February 12 New York City Times Computer License Law Possible? by Scott Mason

Senator Mark Bowman’s proposed legislation is causing one of the

most stirring debates on Capital Hill since the divisive decision

to free Kuwait militarily.

The so-called “Computer License Law” is expected to create as

much division in the streets and homes of America as it is polit-

ically.

The bill calls for every computer in the country to be registered

with the Data Registration Agency, a working component of the

Commerce Dept. The proposed ‘nominal fees’ are intended to

insure that the technology to protect computer systems keeps up

with other computer technology.

Critics, though, are extremely vocal in their opposition to a

bill that they say sends