The Spybots Among Us

How the NSA tracks terrorists in the United States through the Internet

One South Dakota company designs bots for the government that access 500 times more data than normal searchbots. Gerard Tardif, vice president of BrightPlanet, says his bots, unlike ordinary search engines, mine the vast collection of databases underlying public Web pages. Tardif's quasi-intelligent bots do not just blindly follow hypertext links, they enter into a dynamic relationship with a database, querying it for deep content. For example, "LexiBot" can visit the Web site of a nonprofit organization that raises money to educate Palestinian schoolchildren and retrieve its latest financial data, if that data is connected to the Web page server. A normal bot would just return the URL for the Web page.

"Some of our customers are using our products for intelligence-gathering in support of national defense," says Tardif. "We are permitted to mention some customer names, such as NATO and Lawrence Livermore Laboratories. But the others must remain anonymous."

The clever searchbots are dumb beasts, however, compared to the NSA's "Trojan horses," a generic name for a particularly malicious type of software, or "malware." Trojan horse bots can be written to carry out a series of complex tasks, such as finding the password to your online bank account and using it to transfer your terrorist trust fund, penny by penny, to thousands of randomly selected accounts, where the tiny deposits will not be noticed.

Intelligent software agents, such as Trojan horses, are self-contained miniprograms that act on their own initiative after being set free to hunt pre-parametered prey in the cyberjungle. Aggressive malware can take control of a computer, without the user being aware of its presence, by seizing on flaws in the computer's operating system, such as the widespread use of the practically insecurable ActiveX programming language used in many Microsoft applications.

Government malware is analogous to commercial applications, such as Symantec Corp.'s pcAnywhere, and powerful hacker tools, such as Back Orifice. These sophisticated bots can be quietly installed on the hard drives of computers that are connected to the Internet (or by real-life government burglars trained to break and enter the old-fashioned way). Once hidden inside the millions of lines of code that are the life force of a computer, a malicious bot can copy logs of the Web sites a suspect has visited, steal his credit card numbers, or purloin the embarrassing love poem he thought he had trashed and send it all back in a bundle to the bot's master by way of an untraceable route.

A nasty "warbot" can mine the suspect's data for information on the whereabouts of the other members of his terrorist cell -- and then wipe his hard drive clean. A "worm" or "logic bomb" can attach itself to his e-mails and the e-mails of the people he sends e-mail to, and their e-mail lists, ad infinitum. On a certain date, thousands of self-replicated copies of this badbot, nesting inside hundreds of innocent computers, can send cascades of 1,000-page e-mail files to the server hosting the Web site of the front group for the suspect's terrorist organization, crashing it. On the other hand, a low-profile snitchbot can just sit quietly inside a font file and rat him out to the NSA every time he goes online.

Bruce Schneier, founder and chief technical officer of Counterpane Internet Security Inc. in Cupertino, has worked with the National Security Agency. "The NSA would be foolish not to make attacks using malware," says Schneier. "It would not be doing its job if it didn't." Indeed, the NSA's mandate to protect and defend the country's cyber-infrastructure necessitates that it engage in comprehensive surveillance and "defensive" hacking.

Federal law does not criminalize surveillance or hacking unless $5,000 worth of damage is done. Aside from that threshold, there is almost no case law to guide plaintiffs who object to being monitored by bots, be they taxpayer-financed bots or private-sector bots. While the Fourth Amendment to the Constitution generally forbids the government to search and seize private property without a court order, it does not define the boundaries in cyberspace at which a bot becomes an unauthorized intruder, by, for instance, crossing from sniffing around inside a public Web site to peeking into a private database. Schneier points out that in the United States people basically do not own their personal data, which can be sold by others for profit.

Christopher O'Ferrell is the director of ethical hacking for NETSEC, a computer security company founded by two ex-NSA officials. The Virginia-based company has several contracts with federal intelligence agencies to deepen the security of government computer networks and to surveil the Internet in real time.

O'Ferrell, who used to work for the FBI and the Secret Service, says, "Oh sure, definitely, without question government [intelligence] agencies use bots. The terrorists attack us with worms, so, of course, we use worms against them." O'Ferrell says the NSA conducts "black projects" -- covert operations -- in cyberspace.

"Of course they do that stuff [hacking]," he says. "They'd be crazy not to." O'Ferrell notes that the military establishment and the law enforcement and intelligence agencies need to "think outside the box."

"If we stay within legal bounds," O'Ferrell says, "we have lost the game."

« Previous Page
Next Page »
My Voice Nation Help
Sort: Newest | Oldest
©2014 SF Weekly, LP, All rights reserved.