The Spybots Among Us

After cautioning the interviewer that he is "approaching a no-go zone," Arquilla says, "We can use bots to see who is accessing information of dual use to science and terrorism." For example, he says, Web sites that display the human genome can be used to create biological weapons. Spybots inserted into the operating system code at a genome Web server can be instructed to follow any visitor and then report back to the NSA.

Two years ago, the European Parliament issued an investigative report that offered an unprecedented glimpse into the NSA's ECHELON program, which covertly intercepts the world's military, diplomatic, commercial, and civilian communications as they are transmitted through the air or by wire. (ECHELON is a joint effort of the English-speaking countries. The Parliament's investigation was inspired by allegations that the NSA was using those intercepts to give hot tips to American businesses at the expense of their European competitors.) The ECHELON report said the NSA uses custom-designed bots to ferret out information on Web pages, Usenet, and open databases. These spybots are many times more powerful than common search engines, which skim the surface of the Web as they follow a series of hypertext links from one Web page to another.

One South Dakota company designs bots for the government that access 500 times more data than normal searchbots. Gerard Tardif, vice president of BrightPlanet, says his bots, unlike ordinary search engines, mine the vast collection of databases underlying public Web pages. Tardif's quasi-intelligent bots do not just blindly follow hypertext links, they enter into a dynamic relationship with a database, querying it for deep content. For example, "LexiBot" can visit the Web site of a nonprofit organization that raises money to educate Palestinian schoolchildren and retrieve its latest financial data, if that data is connected to the Web page server. A normal bot would just return the URL for the Web page.

"Some of our customers are using our products for intelligence-gathering in support of national defense," says Tardif. "We are permitted to mention some customer names, such as NATO and Lawrence Livermore Laboratories. But the others must remain anonymous."

The clever searchbots are dumb beasts, however, compared to the NSA's "Trojan horses," a generic name for a particularly malicious type of software, or "malware." Trojan horse bots can be written to carry out a series of complex tasks, such as finding the password to your online bank account and using it to transfer your terrorist trust fund, penny by penny, to thousands of randomly selected accounts, where the tiny deposits will not be noticed.

Intelligent software agents, such as Trojan horses, are self-contained miniprograms that act on their own initiative after being set free to hunt pre-parametered prey in the cyberjungle. Aggressive malware can take control of a computer, without the user being aware of its presence, by seizing on flaws in the computer's operating system, such as the widespread use of the practically insecurable ActiveX programming language used in many Microsoft applications.

Government malware is analogous to commercial applications, such as Symantec Corp.'s pcAnywhere, and powerful hacker tools, such as Back Orifice. These sophisticated bots can be quietly installed on the hard drives of computers that are connected to the Internet (or by real-life government burglars trained to break and enter the old-fashioned way). Once hidden inside the millions of lines of code that are the life force of a computer, a malicious bot can copy logs of the Web sites a suspect has visited, steal his credit card numbers, or purloin the embarrassing love poem he thought he had trashed and send it all back in a bundle to the bot's master by way of an untraceable route.

A nasty "warbot" can mine the suspect's data for information on the whereabouts of the other members of his terrorist cell -- and then wipe his hard drive clean. A "worm" or "logic bomb" can attach itself to his e-mails and the e-mails of the people he sends e-mail to, and their e-mail lists, ad infinitum. On a certain date, thousands of self-replicated copies of this badbot, nesting inside hundreds of innocent computers, can send cascades of 1,000-page e-mail files to the server hosting the Web site of the front group for the suspect's terrorist organization, crashing it. On the other hand, a low-profile snitchbot can just sit quietly inside a font file and rat him out to the NSA every time he goes online.

Bruce Schneier, founder and chief technical officer of Counterpane Internet Security Inc. in Cupertino, has worked with the National Security Agency. "The NSA would be foolish not to make attacks using malware," says Schneier. "It would not be doing its job if it didn't." Indeed, the NSA's mandate to protect and defend the country's cyber-infrastructure necessitates that it engage in comprehensive surveillance and "defensive" hacking.