Former CIA director
warns that spies will soon use "instructive" viruses that steal
secrets as they spread. By Kevin
Poulsen May 17, 2000 4:58 PM PT
WASHINGTON (SecurityFocus.com News) -- Former CIA director R. James Woolsey,
speaking on a panel here Wednesday, warned that international spies and
terrorists would soon wield a more purposeful and dangerous breed of computer
virus than ever seen before. Unlike Melissa, CIH or the recent ILOVEYOU virus,
these viruses would not be destructive, but "instructive," Woolsey
said.
As described by Woolsey, an "instructive" virus would spread covertly
and use minimal system and network resources as it instructs computers to
perform certain functions undetected, like stealing particular secrets from
specific targets.
Woolsey gave a law firm with a sensitive case as an example victim. "They
get a virus into the local area network that says, 'transfer at midnight, Sunday
night, all files on such-and-such a case to this particular outside
computer,'" Woolsey explained. "If you've got an instructive virus in
your system that is reading out your files to one of your competitors, that may
have been going on for some time."
Woolsey served as Director of Central Intelligence for two years ending in
January, 1995, and is now with a Washington law firm. He ignited a storm
of controversy in March, when he authored a Wall Street Journal op-ed piece
attacking reports that U.S. intelligence agencies use the NSA's
"Echelon" global surveillance network to spy on European industry for
the benefit of American corporations. "Most European technology just isn't
worth our stealing," Woolsey wrote:
'If somebody's put an instructive
virus on your system... you've got a serious problem.'
-- Former CIA director R. James Woolsey
Wednesday's statements came at the Economic Strategy Institute's Global Forum
conference, on a panel titled "Old Armies and Alliances & New Threats
(Cyber and Bio-Terrorism)." Also on the panel was Swedish ambassador Rolf
Ekeus, Leon Fuerth, assistant to the Vice President for National Security
Affairs, and Representative Curt Weldon (R-PA), of the House Armed Services
Committee.
Weldon, an outspoken "cyberterrorism" bellwether, drew audible murmurs
from the audience by recounting the story of an unidentified hacker who changed
the computer-stored blood types of every patient in an unnamed New York
hospital. Weldon -- who told the same story at InfowarCon '99 last September --
added no details Wednesday, and the tale continues to defy verification.
Woolsey warned that cyberterrorism is a real threat, and said that terrorists
are more dangerous now than during the cold war when they were restricted in
their use of mass murder by stabilizing Soviet influences. "The combination
of loose organization, the new technologies that they can use to communicate,
and the lack of restrictions on mass casualties, creates a very different
situation," said Woolsey.
"We have terrorist groups that don't want a place at the table at all, they
want to blow up the table and everybody sitting at it," Woolsey said.
The instructive virus may be a valuable tool to such a terrorist by instructing
critical computers to shut down vital infrastructures, Woolsey claimed.
Industrial spies can use them to steal secrets, and Woolsey warned that even
strong crypto is no match for the spy-virus. "Encryption essentially works
to protect data on the link, but if you've had your computer or network hacked
into or somebody's put an instructive virus on your system and is reading out
your files before the data is encrypted, you've got a serious problem,"
said Woolsey.
Experts say the supposed threat isn't entirely new, and point out that the
recent ILOVEYOU virus attempted to steal passwords and email them to a central
source while it spread. "The game would be to go through all the email
addresses in a company and hope that somebody was stupid," said Richard
Smith, a specialist in ferreting out malicious code. "I don't know about
state sponsored terrorism, but I could see a private detective hired to get
information, who's less than ethical, using this for industrial espionage or
divorce cases."
"It seems like if you really wanted to get confidential information... it
would make more sense to get an insider, or hack into a system," said
Dorothy Denning, a computer science professor at Georgetown University and
author of Information Warfare and Security. "If you hack into the system,
you're free to browse around. The whole system's yours."
Denning said she believes such viruses are entirely possible, but not very
practical, and would only appeal to a narrow field of would-be attackers.
"It sounds like something that maybe intelligence agencies might do,"
said Denning.