THE ALLY WE NEED

INTELLIGENCE REPORT
# 20010708
By: LTC (CAMCO) Enrique Fernández

U.S. DELEGATION ARRIVES IN CUBA IN ADVANCE OF AID

HAVANA, Cuba -- Members of an interdenominational religious group opposed to the U.S. trade embargo against Cuba arrived on the communist island Wednesday evening in advance of 80 tons of humanitarian aid traveling here by sea. The Rev. Lucius Walker, founder of the nonprofit Pastors for Peace, said the group of about 90 people -- most of them Americans -- hoped to return home later with some sort of Cuban product to demonstrate its opposition to U.S. restrictions on Cuban imports

Top Court Rejects Indefinite Alien Detention

WASHINGTON - The U.S. Supreme Court on Thursday stated the federal government may not keep criminal immigrants in prison indefinitely until the Unites States persuades a country to take them. The high court, by a 5-4 vote, handed a stinging setback to the federal government, which argued that immigration officials may continue to detain an illegal alien beyond the 90-day removal period if the alien cannot immediately be sent home.

Bush Picks Prosecutor Mueller to Lead Troubled FBI

WASHINGTON - President Bush nominated federal prosecutor Robert Mueller on Thursday to head the FBI after blunders at the agency including an accused spy in its ranks and mishandled documents in the Oklahoma bombing case.

Mueller, the U.S. attorney in San Francisco, served as the acting deputy attorney general this year and helped to oversee high-profile cases like the Pan Am 103 bombing as head of the Justice Department 's criminal division under Bush's father, former President George Bush.

Hanssen Plea Bargain

Robert P. Hanssen, former FBI counterintelligence agent and traitor, has reportedly struck a deal with the government in which he will plead guilty to charges of spying for Moscow and receive a life sentence. A 'change of plea' hearing has been scheduled for 9 a.m. Friday 6 July 2001 in Alexandria before U.S. District Judge Claude M. Hilton. As part of the deal, the government will drop its demand for the death penalty and Hanssen will sit for extensive debriefings with FBI, CIA and other U.S. counterintelligence agents. The government can also require Hanssen to undergo a polygraph examination. He will not be sentenced for six months to allow time for the debriefings. Hanssen's wife, Bonnie, and their six children will reportedly receive benefits under his government pension earned for his 27-year "service."

The Hanssen case is the most serious act of spying in the history of the FBI, and quite probably worse than the case of former CIA agent Aldrich H. Ames. The latter betrayed our agents within the Soviet intelligence structure - a true loss. But Hanssen also betrayed critical national security and intelligence systems and procedures. It is for that national security reason -- the fact we may now be relying on systems and procedures that have been compromised -- that the Intelligence Community must find out all it can about what was provided to the Soviets - and now possibly still in the files of Russian or other foreign powers. Only in that light does the plea bargain make sense.

Intelligence Community Review Starts

Two panels will be convened this week to begin top-to-bottom reviews of the nation's intelligence capabilities, to be completed in only three short months -- by September. Under a directive issued by President Bush to DCI George Tenet in May, the two panels are directed to conduct "independent, but parallel, reviews" of four areas: (1) twenty-first century intelligence threats and priorities; (2) current capabilities; (3) new and "highly advanced" technologies for intelligence collection and analysis; and (4) possible reorganization of the community.

The first panel is headed by retired General Brent Scowcroft, a former National Security Advisor in the Ford and (senior) Bush administrations, and also mentioned as the prospective Chairman of the President's Foreign Advisory Board (PFIAB). This panel will be composed of up to ten "outside" experts (including a former Chairman of the JCS, Admiral Jeremiah), and will particularly focus on new technologies in relation to new threats.

The second panel will be chaired by Joan Dempsey, the current Deputy Director of Central Intelligence for Intelligence Community Management. It will be composed of up to ten "internal" representatives from the Intelligence Community agencies, and will focus on assessing current capabilities in the projected environment of the new millennium.

NSA Modernization Program Proceeds

The proliferation of information technology and wireless communications in the 1990s has made it more difficult for NSA to perform its mission. Because of the explosion in information technology, NSA receives more and different data than ever before, and the agency must increase its data processing capabilities significantly. As the Director NSA, Lt. Gen. Michael Hayden has articulated inmany a forum, modernizing the NSA computer infrastructure is the answer.

NSA took the first step in its $10 billion modernization program on April 2, awarding three concept study contracts for Project Trailblazer, a five-year, $57 million contract for systems engineering and technical assistance to NSA. Trailblazer is intended to provide a blueprint for modernizing the agency's signals intelligence capabilities, NSA's primary mission.

In late July NSA will complete the first part of its modernization program when it also awards a contract for Project Groundbreaker. This project will create a computer infrastructure to enhance the processing of intelligence information. Project Groundbreaker was delayed three months by acquisition reforms and a sometimes reluctant work force, as reportedly, middle management at NSA does not always agree with the course taken by the leadership, particularly in respect to the commercial out-sourcing of much that was done in-house before.

Net espionage stirs Cold-War tensions

WASHINGTON -- Fears of Cold War tensions are finding new life in cyberspace, as the threat of Internet espionage shifts the nuclear-age doctrine of "mutually assured destruction" to that of mutually assured disruption.

In one long-running operation, the subject of a U.S. spy investigation dubbed "Storm Cloud," hackers traced back to Russia were found to have been quietly downloading millions of pages of sensitive data, including one colonel's entire e-mail inbox. During three years, most recently in April, government computer operators have watched--often helplessly--as reams of electronic documents flowed from Defense Department computers, among others. The heist is "equivalent to a stack of printed copier paper three times the height of the Washington Monument," says Air Force Maj. Gen. Bruce Wright of the Air Intelligence Agency.

China and Russia pose the deepest threats because their technology research is the most advanced, U.S. officials say. But some senior officials worry that it doesn't take a superpower to hack into a nation's sensitive computer networks. Moreover, there are complicated legal issues about how and when to launch counterstrikes.

A teenager or a terrorist?

It is often impossible for government or corporate victims to know whether an attacker is a teenager or terrorist, a rival company or a foreign government--and those distinctions make all the difference in how the U.S. government reacts. Even in the Storm Cloud case, officials can't answer for certain whether a foreign government or rogue hackers are involved.

Both pose dangers. A federal advisory panel, the Defense Science Board, reported in March that the Pentagon "cannot today defend itself from an information operations attack by a sophisticated, nation-state adversary." Security testers at the Pentagon's National Security Agency routinely hack into U.S. military networks--and without the Pentagon noticing 99 percent of the time, the board found.

But the Central Intelligence Agency says hacking by foreign governments, as opposed to individuals, is the biggest threat. "Only government-sponsored programs are developing capabilities with the future prospect of causing widespread, long-duration damage to U.S. critical infrastructures," says Lawrence Gershwin, head of the CIA's intelligence on technology. He calls terrorists, for example, a "limited" Internet threat. "Bombs still work better than bytes."

The Storm Cloud case, which involved several military and law-enforcement agencies and descended from an FBI investigation called "Moonlight Maze," isn't the only illustration of the threat from overseas. After a U.S. spy plane collided with a Chinese jet in May, Chinese activists vandalized or shut hundreds of U.S. Web sites, including that of the White House. Last fall, a hacker accessed software blueprints at Microsoft Corp.; detectives believe the hacker used software from Asia and transferred data back to an anonymous e-mail account in Russia.

So far, the government's response has been disjointed; cooperation has been slow to evolve among various U.S. agencies, corporations and foreign governments. A 1998 presidential order made the Federal Bureau of Investigation's National Infrastructure Protection Center the "focal point" for collecting data about threats. But the FBI center sometimes can't share information with the president's cyber-security adviser unless the Justice Department approves. Meanwhile, the White House budget office instructed agencies to report Internet attacks to the General Services Administration.

The Storm Cloud case has highlighted all these issues. The attackers often covered their tracks using a modified software tool called "Loki," after a mischievous Nordic god; the software makes break-ins look like innocent Web browsing. Victims include the Defense Department's high-performance computer labs, where researchers use some of the world's fastest supercomputers to predict how air flows around a jet or how a missile penetrates armor. Weeks after the first attacks, an insider newsletter at one lab, the Aeronautical Systems Center at Wright-Patterson Air Force Base, conceded, "We accept that we can never be completely secure." Investigators insist nothing classified was stolen though the data were sensitive and commercially valuable.

Suspicious file transfers tripped sensors at Wright-Patterson in early 1998. But it wasn't until months later, after intrusions into other computer labs, that officials realized the attacks were connected. The hackers were particularly clever: Officials found software sensors inside federal computers that modified a private Web site in Britain whenever new documents were available. The hackers would view the Web site to see if it had changed and therefore didn't have to risk detection by checking themselves. Investigators believe hackers installed eavesdropping "sniffer" software as early as 1997 at universities, including Louisiana State University, in Baton Rouge, and the University of Cincinnati in Ohio, where professors working on defense projects connect via the Internet to military labs. The hackers then posed online as those professors to steal data and pilfer more passwords. Only after the attacks were noted were outside researchers instructed to use some encryption.

The Pentagon then ordered all defense employees to change their computer passwords. The intruders even stole that memorandum, investigators suspect, and accordingly changed the passwords for the military accounts they had hacked.

Investigators traced the break-ins to three commercial Internet-service providers in Moscow. But the riddle remained: Who was at the keyboard? Russia's government, or rogue hackers? The State Department last year formally pressed Russia--where laws subject almost all electronic communications to government monitoring--for help. A spokesman for Russia's intelligence service denies culpability, adding that if the government had organized the hacking, it would have done a better job hiding its tracks.

How to respond to attacks?

Such uncertainties raise crucial legal and diplomatic questions about how to respond. When does the U.S. hack back, and how? If the hackers are civilians, they are deemed "unlawful combatants" and criminals under U.S. law. But if a government is involved, the U.S. would weigh a retaliatory cyberstrike, says military spokesman Barry Venable.

The agency that chiefly defends the military's computers changed its role this spring to include offensive attacks. It expects to triple its staff to nearly 150 in the next two years, and a draft Pentagon budget projects spending on computer warfare to increase by $400 million next year, and by $3.5 billion over the next seven years.

The FBI tried a similar hack-back approach. In April, a grand jury in Seattle indicted two Russian computer experts accused of hacking into dozens of U.S. banks and e-commerce sites, and then demanding money for not publicizing the break-ins. FBI agents, posing as potential customers from a mock company called Invita Computer Security, last November had lured the Russians to Seattle and asked the pair for a hacking demonstration. The agents secretly recorded every keystroke with commercial software available to anyone for $99.

Days later, using one man's password, "cfvlevfq," the FBI connected to the Russians' own computers overseas and downloaded 781 megabytes of data. Only then did they obtain a search warrant for the files. A U.S. judge condoned the tactic in a pretrial ruling, partly because the searched computers were in Russia.

Sen. Robert Bennett, a Utah Republican who is one of Congress's technology experts, says the ability to counterstrike should help discourage serious attacks from those who can be hit back. "The U.S. is the most vulnerable society because we're the most wired in the world," he said. "On the other hand, we're probably the most capable to wage this kind of warfare if someone were to provoke us."

Bush facing EU condemnation over spy network

Members of the European Parliament were last night due to vote to finalize a report that condemns the use of the United States and British-run Echelon international communications surveillance system as a breach of privacy, sovereignty and human rights. The special report, expected to be adopted overwhelmingly by the parliament in September, calls for the European Convention on Human Rights to be amended to enforce the privacy of international communications at the same standard as that which applies to national communications. It also demands that the British and German governments enforce their legal and treaty obligations to ensure proper supervision and accountability for secret US surveillance operations conducted from their territory.

ECHELON Publicity in Japan

A Japanese newspaper featured an article on a "U.S.-led spy network" intercepting Japanese diplomatic communications for 20 years to keep track of Tokyo's economic activities. The information was attributed to a New Zealand researcher named Nicky Hagger. The network, reported as "Echelon," was said to have focused on communications pertaining to trade and fishing as well as on ships transporting plutonium in the South Pacific. The article did not elaborate on the plutonium shipments, but Japan, which depends on nuclear power for about 30 percent of its electricity needs, periodically imports shipments of a uranium oxide and plutonium mixture (MOX) from Europe.

New Zealand's Government Communications Security Bureau was said to use its Waihopai signals base to intercept communications sent via satellite from the Japanese Embassy back to Toyo and vice versa. The information then was supposedly sent to NSA.

Media reports have alleged that the Echelon network (said to include the US, Britain, Canada, Australia and New Zealand), was set up at the beginning of the Cold War for intelligence-gathering and has grown into a current network of intercept stations across the globe. European media reports have suggested that Echelon has listened in to vast numbers of telephone calls, fax transmissions and e-mails, prompting concern over privacy violations and allegations of industrial espionage. U.S. officials have never publicly confirmed the network exists and deny that the United States engages in industrial espionage. New Zealand government officials said they never comment on intelligence matters.

This newspaper report, causing a public reaction in Japan, comes just before the European Union is slated to vote its recommendations on the so-called Echelon case.

CIA says it can't keep up with hackers

WASHINGTON--Despite a major increase in intelligence efforts dedicated to computer security, attackers still develop new tools and techniques faster than the CIA can keep up, a top CIA official told Congress.

Often, "we end up detecting (an attack) after it's happened," said Lawrence K. Gershwin, the CIA's top adviser on science and technology issues. "I don't feel very good about our ability to anticipate." Gershwin told the Joint Economic Committee that foreign governments will be the most potent threat to U.S. computers for the next five to 10 years, rather than terrorists or lone troublemakers.

So far, he said, individual hackers don't have the skills or the motive to make major attacks against U.S. infrastructure such as the telephone system or financial networks. And since terrorists want immediate and predictable results, they will stick with their current attacks for the foreseeable future.

"Terrorists really like to make sure that what they do works," Gershwin said. "They do very nicely with explosions, so we think largely they're working on that."

Still, Gershwin warned that a terrorist organization could surprise intelligence officers and mount a cyberattack within the next six months.

The committee focused on the vulnerabilities faced because of the lack of coordination between the public and private sector. Even though the government uses commercial networks, and vice versa, there still is little information shared, and attackers could exploit that split.

"When a commander at the Pentagon tries to call a commander in the field," said Sen. Robert Bennett, R-Utah, "he's connecting with Verizon."

Gershwin said this reliance on private networks could mean a foreign power could install a backdoor into government systems.

"While we may be working with American companies on issues at some point, there are contracts and subcontracts," Gershwin said. "It gets hard to tell who's doing the work for you."

Gershwin and other legislators said they would like to see more cooperation between businesses and government, similar to the activity geared toward beating the Y2K bug.

There is some public-private collaboration. The FBI's InfraGard program, for example, lets the agency and tech companies alert one another to attacks. But there is still distrust, as companies don't want to share their vulnerabilities with other companies or see them reported publicly, and the government holds back its secrets.

"I'd like to think we can work on that collaboration now," said Rep. Adam Putnam, R-Fla., "rather than when there's a crisis."

Spy Mania May Have A Downside

The spy mania in Russian society today has allowed the security services to act in ways they have not been able to since before the demise of the USSR, "Vremya novostei" reported on 27 June. That is because they are easily able to convince the public that any charges they bring are true. But they may be losing one important supporter, namely the president. The paper cited Putin's recent observation that "both the Russian and U.S. secret services are performing badly. They are not doing anything interesting. They are only interfering. Their main activity is to inform the political authorities, but I believe that they are doing very little to neutralize real threats. The Western security services call this 'making waves.' This expression can be applied to our secret services as well."

CIS States to Set Up Anti-Terror Center

MOSCOW. The CIS summit to be held in Sochi August 1 through 3 will discuss the possibility of founding an anti-terror centre with the Commonwealth of Independent States, CIS Executive Secretary Yuri Yarov told reporters on Wednesday. He said that under review will also be the problem of creating a free trade zone. According to Yarov, the agenda of the meeting will be rather busy, yet flexible.

Russia, China Working on Cyber Warfare

WASHINGTON - Russia and China appear to be developing computer-baed tools with the potential to do long-lasting harm to the U.S. economy, a top intelligence official told Congress on Thursday. Such arms will give future foes new leverage over the United States, including a way to ratchet up pressure and the prospect of anonymity, said Lawrence Gershwin, the national intelligence officer for science and technology.

Testifying before the Joint Economic Committee, Gershwin cited what he called some nations' public acknowledgment of the role cyber attacks would play as the "next wave of military operations."

"We've certainly seen that from countries such as China and Russia," he said. While he mentioned no other states by name, he said a "fair number" had "active" programs, adding that most of his information on the subject was classified.

"We watch them very intensely," Gershwin said. "Some of them are aimed at the United States and some of the others are probably aimed at others."

"For the next five to 10 years or so, only nation-states appear to have the discipline, commitment and resources to fully develop capabilities to attack critical infrastructures," he said.

The United States itself is working to integrate keyboard-launched attacks and network defense into "all military plans and operations," Army Lt. Gen. Edward Anderson, deputy commander in chief of the U.S. Space Command, told House Armed Service Committee members Wednesday."We need to continue developing computer network attack strategies through simulations and war-gaming to improve our understanding of the potential collateral effects associated with such actions," he said. "Collateral" damages is military jargon for spillover to civilians.

China Denies Organ Harvesting From Prisoners

BEIJING - China denied on Thursday it harvested organs from executed prisoners, including from some not quite dead, after a Chinese doctor testified to the U.S. congress that he had performed such operations. Foreign Ministry spokeswoman Zhang Qiyue told a news conference Doctor Wang Guoqi had fabricated "a vicious slander" and "sensational lies" for his own personal good. Wang, who has lived in the United States since leaving China a year ago, told the House of Representatives subcommittee on human rights on Wednesday Chinese doctors harvested the organs to profit from foreign transplant patients.

Cyber Network Intruder Detection System

Network administrators now have a new first line of defense in the protection of information assets. Motorola, Inc. announced a visualization and analysis software tool that helps the user visually interpret network attacks at a glance and respond quickly. Because the data is displayed in near-real time, the user can react quickly based on responses defined by the operation's security policy. Rapid response can serve to eliminate or mitigate potential damage to the network.

Tracing Stolen Laptops

Software which pinpoints the exact location of laptop thieves via the Net was developed by US company zTrace. The software package activates a tracing technology when stolen laptops are connected to the Internet. Computer owners sign up to zTrace, then notify the company if their machine is stolen (a police report must also be submitted). The tracing technology inside the laptop, which zTrace says cannot be detected or uninstalled, is then activated the next time anyone tries to get the notebook online.

Hackers, corporate espionage fuel encryption market

The amount of classified information being transmitted via networks is rapidly increasing. However, as e-terrorists attempt corporate espionage and hacker attacks, military and government agencies, along with contractors, are propelling sales as they invest in data and network encryption devices that assure necessary privacy. According to new analysis by Frost & Sullivan (World Military and Government High Assurance Network and Data Encryption Market) this industry generated revenues of $176 million in 2000 and is projected to increase steadily to $457.6 million by 2007.

Guerrillas Prefer Bombs

Duane Andrews, an assistant secretary of defense for command, control and intelligence in the first Bush administration, told the hearing that the United States had lost ground in dealing with cyber threats.

The Defense Department should be prepared if necessary to help protect "networks of critical importance" to U.S. economic security, said Andrews, now an executive vice president of employee-owned Science Applications International Corp., a major defense contractor.

In other testimony, Frank Cilluffo, co-chair of a task force on cyber threats of the Washington-based Center for Strategic and International Studies, urged the creation of a White House post to oversee the government's cyber defense strategy.

Gershwin said "bombs still work better than bytes" for guerrillas. "But we anticipate more substantial cyber threats in the future as a more technically competent generation enters the terrorist ranks."

Although the harm done by "hackers" is well publicized, they pose a negligible threat to national-level infrastructures like transportation grids or financial networks, partly because they lack the skill or motive to mount a sustained attack, he said.

"National cyber warfare programs are unique in posing a threat along the entire spectrum of objectives that might harm U.S. interests," including "long-duration damage to U.S critical infrastructures," Gershwin said.He predicted computer viruses were likely to become more controllable, precise and predictable -- "making them more suitable for weaponization."

Senator Bob Bennett of Utah, the panel's ranking Republican and chairman of the defunct Senate Year 2000 committee, urged industry to join government in strengthening U.S. cyber defenses."In an interconnected world, the private sector is on the front line," he said.

Radar research may help operators see through foliage

ROME, N.Y. (AFPN) -- Experts from the Air Force Research Laboratory's information directorate here awarded a $99,039 contract June 15 to a Utica firm that hopes to help radar operators better locate ground targets hidden under trees and bushes.

AFRL officials awarded the contract to Integrated Sensors Inc. The nine-month agreement, "Foliage Penetration Synthetic Aperture Radar Enhancements," was awarded under the federal government's Small Business Innovative Research program.

"Current radars have an inherent problem with 'seeing' through trees and vegetation that provide cover to vehicles traveling along the roads," said Jon Jones, program manager in the directorate's information and intelligence exploitation division. "The problem with maintaining surveillance on vehicles under these conditions is they can maneuver in ways that are unpredictable -- like stopping for periods of time or turning directions."

The contract will allow scientists to investigate radars capable of seeing through foliage and use this information to fuse with existing systems, leading to a capability to track vehicles through move-stop-move conditions within the foliage cover, said Jones.

Jones said two primary radar modes will be investigated – synthetic aperture and ground moving target indication.

Synthetic aperture radar develops radar images of the area to detect fixed targets, like vehicles that are not moving, he said. Ground moving target indication radar helps detect moving targets or vehicles.

"Integrated Sensors engineers will conduct research on algorithms that will fuse those two types of radar into a composite picture that maintains a track of the vehicle through the foliage," said Jones.

Beret is here, other Army headgear issues clarified

WASHINGTON -- With the Army's recent adoption of the beret, many soldiers are asking what is to be done with their other headgear.

The answer is nothing out of the ordinary -- at least not right away, according Master Sgt. Kittie Messman, Army uniform policy officer, Office of the Deputy Chief of Staff for Personnel.

"When the policy for the black beret was published, we said the green service cap (or) hat would be worn for official duties as prescribed by the commander," Messman said. "At this time, no one will be required to buy or maintain the service cap (or) hat for ceremonial or official duties. As far as the garrison cap is concerned, the only soldiers who can wear it are those who have not been issued the beret."

Because not all Army installations or units have been issued the beret yet, installation commanders will determine when their installation will transition from service cap and hat to the beret, said Lt. Col. Jerry Swanner, chief of personnel readiness, ODCSPER. The beret will eventually be the standard headgear for the Class A and B uniform, and will also replace the Battle Dress Uniform cap in garrison, he said.

The blue and white service caps will still be worn with the Dress Blues and White uniforms respectively.

Soldiers who travel from a unit that has the beret issued will wear the beret while on temporary duty, Swanner said. However, soldiers making a permanent change of station move from a unit with the beret to one which has not been issued the new headgear will wear the garrison cap, unless the installation commanders allows otherwise.

The bottom line is that anyone who has a garrison cap should hold on to it for at least the next year, Messman added

As far as the BDU cap, it is considered a utility cap and will continued to be issued, Messman said.

"When soldiers perform activities that are very work oriented, where the beret would become soiled, damaged, or where it is just not appropriate, the commander of the unit can direct wear of the BDU cap," Messman explained. "Such situations would exist when the soldiers are out on a field exercise. Normally soldiers wear the Kevelar helmet but when they are not doing actual training, the commanders can tell them to take the helmets off and in that case, they would wear the BDU cap."

Messman gave other examples of work in the motor pool or on post detail where the BDU cap would be more appropriate than the beret.

"The beret is not a utility type of headgear," Messman said. "It is not meant for work activities, and also, we do not have a lot of them. We don't want them worn in situations where they can get really dirty. Right now we don't have enough of them to turn in for replacements."

ODCSPER is currently working on an update of AR 670-1, Wear and Appearance of Army Uniform and Insignia, to include specific guidance on the wear of the beret, Messman said. The revision is slated for release by the end of the calendar year.