Authors: Fred Kaplan
Dark Territory (2 page)
During the transitions between presidents, the ideas of cyber warfare were dismissed, ignored, or forgotten, but they never disappeared. All along, and even before Ronald Reagan watched
WarGames
, esoteric enclaves of the national-security bureaucracy toiled away on fixingâand, still more, exploitingâthe flaws in computer software.
General Jack Vessey could answer Reagan's question so quicklyâwithin a week of the meeting on June 8, 1983, where the president asked if someone could really hack the military's computers, like the kid in that movieâbecause he took the question to
a man named Donald Latham. Latham was the assistant secretary of defense for command, control, communications, and intelligenceâASD(C3I), for shortâand, as such, the Pentagon's liaison with the National Security Agency, which itself was an extremely secret part of the Department of Defense. Spread out among a vast complex of shuttered buildings in Fort Meade, Maryland, surrounded by armed guards and high gates, the NSA was much larger, better funded, and more densely populated than the more famous Central Intelligence Agency in Langley, Virginia. Like many past (and future) officials in his position, Latham had once worked at the NSA, still had contacts there, and knew the ins and outs of signals intelligence and how to break into communications systems here and abroad.
There were also top secret communications-intelligence bureaus of the individual armed services: the Air Intelligence Agency (later called the Air Force Information Warfare Center) at Kelly Air Force Base in San Antonio, Texas; the 609th Information Warfare Squadron at Shaw Air Force Base in Sumter, South Carolina; scattered cryptology labs in the Navy; the CIA's Critical Defense Technologies Division; the Special Technological Operations Division of J-39, a little known office in the Pentagon's Joint Staff (entry required dialing the combination locks on two metal doors). They all fed to and from the same centers of beyond-top-secret wizardry, some of it homegrown, some manufactured by ESL, Inc. and other specialized private contractors. And they all interacted, in one way or another, with the NSA.
When Reagan asked Vessey if someone could really hack into the military's computers, it was far from the first time the question had been asked. To those who would write NSDD-145, the question was already very old, as old as the Internet itself.
In the late 1960s, long before Ronald Reagan watched
WarGames
, the Defense Department undertook a program called the ARPANET. Its direct sponsor, ARPA (which stood for Advanced Research Projects Agency), was in charge of developing futuristic weapons for the U.S. military. The idea behind ARPANET was to let the agency's contractorsâscientists at labs and universities across the countryâshare data, papers, and discoveries on the same network. Since more and more researchers were using computers, the idea made sense. As things stood, the director of ARPA had to have as many computer consoles in his office as there were contractors out in the field, each hooked up to a separate telephone modemâone to communicate with UCLA, another with the Stanford Research Institute, another with the University of Utah, and so forth. A single network, linking
them all, would not only be more economical, it would also let scientists around the country exchange data more freely and openly; it would be a boon to scientific research.
In April 1967, shortly before ARPANET's rollout, an engineer named Willis Ware wrote a paper called “Security and Privacy in Computer Systems” and delivered it at the semiannual Joint Computer Conference in New York City. Ware was a pioneer in the field of computers, dating back to the late 1940s, when there barely was such a field. At Princeton's Institute for Advanced Studies, he'd been a protégé of John von Neumann, helping design one of the first electrical computers. For years now, he headed the computer science department at the RAND Corporation, an Air Forceâfunded think tank in Santa Monica, California.
He well understood the point of ARPANET, lauded its goals, admired its ambition; but he was worried about some implications that its managers had overlooked.
In his paper, Ware laid out the risks of what he called “resource-sharing” and “on-line” computer networks. As long as computers stood in isolated chambers, security wouldn't be a problem. But once multiple users could access data from unprotected locations, anyone with certain skills could hack into the networkâand after hacking into one part of the network, he could roam at will.
Ware was particularly concerned about this problem because he knew that defense contractors had been asking the Pentagon for permission to store classified and unclassified files on a single computer. Again, on one level, the idea made sense: computers were expensive; commingling all the data would save lots of money. But in the impending age of ARPANET, this practice could prove disastrous. A spy who hacked into unclassified networks, which were entirely unprotected, could find “back doors” leading to the classified sections. In other words, the very existence of a network created sensitive vulnerabilities; it would no longer be possible to keep secrets.
Stephen Lukasik, ARPA's deputy director and the supervisor of the ARPANET program, took the paper to Lawrence Roberts, the project's chief scientist. Two years earlier, Roberts had designed a communications link, over a 1200-baud phone line, between a computer at MIT's Lincoln Lab, where he was working at the time, and a colleague's computer in Santa Monica. It was the first time anyone had pulled off the feat: he was, in effect, the Alexander Graham Bell of the computer age. Yet Roberts hadn't thought about the security of this hookup. In fact, Ware's paper annoyed him. He begged Lukasik not to saddle his team with a security requirement: it would be like telling the Wright brothers that their first airplane at Kitty Hawk had to fly fifty miles while carrying twenty passengers. Let's do this step by step, Roberts said. It had been hard enough to get the system to
work
; the Russians wouldn't be able to build something like this for decades.
He was right; it
would
take the Russians (and the Chinese and others) decadesâabout three decadesâto develop their versions of the ARPANET and the technology to hack into America's. Meanwhile, vast systems and networks would sprout up throughout the United States and much of the world, without any provisions for security.
Over the next forty years, Ware would serve as a consultant on government boards and commissions dealing with computer security and privacy.
In 1980, Lawrence Lasker and Walter Parkes, former Yale classmates in their late twenties, were writing the screenplay for the film that would come to be called
WarGames
. They were uncertain about some of the plotline's plausibility. A hacker friend had told them about “demon-dialing” (also called “war-dialing”), in which a telephone modem searched for other nearby modems by automatically dialing each phone number in a local area code and letting it ring twice before moving on to the next number. If a modem answered, it would squawk; the demon-dialing software would record
that number, and the hacker would call it back later. (This was the way that early computer geeks found one another: a pre-Internet form of web trolling.) In the screenplay, this was how their whiz-kid hero breaks into the NORAD computer. But Lasker and Parkes wondered whether this was possible: wouldn't a military computer be closed off to public phone lines?
Lasker lived in Santa Monica, a few blocks from RAND. Figuring that someone there might be helpful, he called the public affairs officer, who put him in touch with Ware, who invited the pair to his office.
They'd found the right man. Not only had Ware long known about the myriad vulnerabilities of computer networks, he'd helped design the software program at NORAD. And for someone so steeped in the world of big secrets, Ware was remarkably
open
, even friendly. He looked like Jiminy Cricket from the Disney cartoon film of
Pinocchio
, and he acted a bit like him, too: excitable, quick-witted, quick to laugh.
Listening to the pair's questions, Ware waved off their worries. Yes, he told them, the NORAD computer was supposed to be closed, but some officers wanted to work from home on the weekend, so they'd leave a port open. Anyone could get in, if the right number was dialed. Ware was letting the fledgling screenwriters in on a secret that few of his colleagues knew. The only computer that's completely secure, he told them with a mischievous smile, is a computer that no one can use.
Ware gave Lasker and Parkes the confidence to move forward with their project. They weren't interested in writing sheer fantasy; they wanted to imbue even the unlikeliest of plot twists with a grain of authenticity, and Ware gave them that. It was fitting that the scenario of
WarGames
, which aroused Ronald Reagan's curiosity and led to the first national policy on reducing the vulnerability of computers, was in good part the creation of the man who'd first warned that they were vulnerable.
Ware couldn't say so, but besides working for RAND, he also served on the Scientific Advisory Board of the National Security Agency. He knew the many ways in which the NSA's signals intelligence crews were piercing the shieldsâpenetrating the radio and telephone communicationsâof the Russian and Chinese military establishments. Neither of those countries had computers at the time, but ARPANET was wired through dial-up modemsâthrough phone lines. Ware knew that Russia or China could hack into America's phone lines, and thus into ARPANET, with the same bag of tricks that America was using to hack into their phone lines.
In other words, what the United States was doing to its enemies, its enemies could also do to the United Statesâmaybe not right now, but someday soon.
The National Security Agency had its roots in the First World War. In August 1917, shortly after joining the fight, the United States government created Military Intelligence Branch 8, or MI-8, devoted to deciphering German telegraph signals. The unit stayed open even after the war, under the dual auspices of the war and state departments, inside an inconspicuous building in New York City that its denizens called the Black Chamber. The unit, whose cover name was the Code Compilation Company, monitored communications of suspected subversives; its biggest coup was persuading Western Union to provide access to all the telegrams coming over its wires. The Black Chamber was finally shut down in 1929, after Secretary of State Henry Stimson proclaimed, “Gentlemen don't read each other's mail.” But the practice was revived, with the outbreak of World War II, as the Signal Security Agency, which, along with British counterparts, broke the codes of German and Japanese communicationsâa feat that helped the Allies win the war. Afterward, it morphed into the Army Security Agency, then the multiservice Armed Forces Security
Agency, then in 1952âwhen President Harry Truman realized the services weren't cooperating with one anotherâa unified code-breaking organization called the National Security Agency.
Throughout the Cold War, the NSA set up bases around the worldâhuge antennas, dishes, and listening stations in the United Kingdom, Canada, Japan, Germany, Australia, and New Zealandâto intercept, translate, and analyze all manner of communications inside the Soviet Union. The CIA and the Air Force flew electronic-intelligence airplanes along, and sometimes across, the Soviet border, picking up signals as well. In still riskier operations, the Navy sent submarines, equipped with antennas and cables, into Soviet harbors.
In the early years of the Cold War, they were all listening mainly to radio signals, which bounced off the ionosphere all around the globe; a powerful antenna or large dish could pick up signals from just about anyplace. Then, in the 1970s, the Russians started switching to microwave transmissions, which beamed across much shorter distances; receivers had to be in the beam's line of sight to intercept it. So the NSA created joint programs, sending spies from the CIA or other agencies across enemy lines, mainly in the Warsaw Pact nations of Eastern Europe, to erect listening posts that looked like highway markers, telephone poles, or other mundane objects.
Inside Moscow, on the tenth floor of the American embassy, the NSA installed a vast array of electronic intelligence gear. In a city of few skyscrapers, the tenth floor offered a panoramic view. Microwave receivers scooped up phone conversations between top Soviet officialsâincluding Chairman Leonid Brezhnev himselfâas they rode around the city in their limousines.
The KGB suspected something peculiar was going on up there. On January 20, 1978, Bobby Ray Inman, the NSA director, was awakened by a phone call from Warren Christopher, the deputy secretary of state. A fire had erupted in the Moscow embassy, and the local fire chief was saying he wouldn't put it out unless he was
given access to the tenth floor. Christopher asked Inman what he should do.
Inman replied, “Let it burn.” (The firefighters eventually put it out anyway. It was one of several fires that mysteriously broke out in the embassy during that era.)
By 1980, the last full year of Jimmy Carter's presidency, the American spy agencies had penetrated the Soviet military machine so deeply, from so many angles, that analysts were able to piece together a near-complete picture of its operations, patterns, strengths, and weaknesses. And they realized that, despite its enormous buildup in troops and tanks and missiles, the Soviet military was extremely vulnerable.
The fatal gaps lay in the communications links of its command-control systemsâthe means by which radar operators tracked incoming planes and missiles, general officers sent out orders, and Kremlin higher-ups decided whether to go to war. And once American SIGINT crews were inside Soviet command-control, they could not only learn what the Russians were up to, which was valuable enough; they could also insert false information, disrupt the command signals, even shut them off. These disruptions might not win a war by themselves, but they could tip the balance, sowing confusion among Soviet officers, making them distrust the intelligence they were seeing and the orders they were receivingâwhich, in the best of scenarios, might stop them from launching a war in the first place.
