December 1989FBI 1.       THEFT OF COMPUTER SOFTWARE:  A NATIONAL SECURITY THREAT                               By                         William J. Cook                     Assistant U.S. Attorney                          Chicago, IL     -- Between July and September 1987, a Chicago        youth attacked AT&T computers at Bell Labs in        Illinois and New Jersey, at a NATO missile        support site in North Carolina, and at Robbins        Air Force Base in Georgia, stealing software        worth $1.2 million and causing $174,000 worth        of damage. (1)     -- In October 1988, Scotland Yard arrested an        English attacker who had broken into over 200        military, corporate, and university computers        in the United States and Europe.  The        indication was that he planned to extort money        from one of the victim corporations. (2)     -- In November 1988, a college undergraduate        planted a computer virus that temporarily        disabled 6,000 computers on the U. S. Army        research computer network (ARPANET). (3)     As evident by these accounts of computer piracy, computer-aidedattacks on Government and corporate networks are becoming morenumerous and sophisticated.  While estimates vary, computer industrysources indicate that computer-related crime (including softwaretheft) annually costs U.S. companies as much as $5 billion per year,with each incident costing approximately $450,000. (4)  Moreimportantly, however, the infiltration and theft of computer files isa growing Federal crime problem, since many such actions jeopardizethe security and defense of the United States.     This article gives a brief overview of the theft and illegalexport of computer software.  It also details steps taken by the U.S.Government to protect national security and defense information withthe intent of curtailing and hopefully eliminating the occurrence ofsuch actions in the future.INTERNATIONAL COMPUTER HACKERS     While most computer attacks are committed by hackers who are notagents of foreign government, the growing attention of Eastern Blocgovernments to hackers indicates that these nations clearly recognizethe benefits of using them to expose openings in U.S.  computernetworks.     In March 1989, it was disclosed that West German hackerssponsored by Eastern Bloc intelligence agencies had beensystematically searching for classified information on Governmentcomputers throughout the United States through a weakness in acomputer network at a California university. (5)  The followingmonth, Canada expelled 19 Soviet diplomats for wide-ranging espionageoperations to obtain Canadian defense contractor information formilitary and commercial purposes. (6)  And in December 1988, a searchwarrant filed by U.S. Customs agents in Chicago disclosed that aconfederate of the Yugoslav Consul- General in Chicago was using ahacker to attack defense contractors by remote access in order tosteal computerized information.  According to the affidavit, theinformation obtained by the hacker was subsequently smuggled out ofthe United States in diplomatic pouches with the help of the Counsel-General.     Public access information and published reports reflect thatSoviet efforts to obtain technical information are not an illusion.A major daily newspaper reported that the Soviet Union was activelyfostering hacker-to-hacker ties between the Soviet internationalcomputer club and computer firms and hackers in the United States,Britain, and France. (7) Another newspaper account told of the SovietUnion setting up programmers in Hungary and India for the purpose oftranslating and converting U.S. origin software to the format ofSoviet and Warsaw Pact country machines. (8)  Then in March 1989, amember of the Soviet military mission in Washington, DC, was arrestedand expelled from the United States for attempting to obtaintechnical information about how U.S. Government classifiedinformation is secured in computers. (9)     The Soviet's main targets are U.S. Government agencies, defensecontractors, and high-tech companies and are purportedly backed by a$1.5 billion annual "procurement" budget.  Further, Soviet satellitecountries have become very active in the Soviet high technologyprocurement effort.   For the past several years, Hungarian,Bulgarian, Yugoslavian, and Polish intelligence officers and theiragents have participated in the high-tech theft effort, along withagents from Vietnam, North Korea, and India. (10)  Also, Cuban andNicaraguan intelligence officers are using front companies in Panamato obtain U.S. technology. (11)     News accounts suggest that these efforts are successful; 60-70%of the technology is obtained, while 90% of nonclassified hightechnology data is acquired.  More than 60% of the stolen technologycomes from the United States. (12)     As a result, the U.S. technological "lead" over the Soviets hasgone from 10-12 years in 1975 to 4-6 years in 1985. (13)  And thesavings to the Soviets has been impressive.  In 1978 it has beenestimated that the Soviet Union saved $22 million in research anddevelopment costs by stealing U.S. technology; the following year,they saved $50 million. (14)  Between 1976 and 1980, the Sovietaviation industry alone saved $256 million in research anddevelopment because of stolen U.S. technology. (15)  Moresignificantly, much of the stolen technology is critical to thenational security and defense of the United States.PROTECTING TECHNICAL DATA     In 1984, the U.S. Department of Commerce placed expanded exportcontrols on computer software as part of its general protection oftechnical data deemed vital to the national defense and security ofthe United States.  However, export control in this realm is anenormous challenge since modern technology allows the criminal tosteal restricted software stored on Government and corporatecomputers by remote access from a personal computer anywhere in theworld.  Literally, an international border becomes established wherea telephone line plugs into the computer modem.OBSERVATIONS     Several observations can be reached from this mosaic.Obviously, U.S. taxpayers are subsidizing the modernization of theSoviet military establishment.  And it is more economical for theSoviets to steal U.S. technology than to fund and develop their ownresearch and development capabilities.  More importantly, however,the United States needs to do a better job protecting its technology.     As noted previously, in response to the Soviet "tech-threat,"the United States and other countries expanded controls onhigh-technology computer software by placing them on the CommodityControl List or Munitions List.  Commerce Department and StateDepartment licensing officers require that validated export licensesand end-user assurances are obtained before software named on theselists are exported.  Both the Commerce and State Departmentsroutinely call in Defense Department personnel to analyze theseexport requests.     Prosecution for illegally exporting computer data and softwarecan be brought under several sections of the U.S. Code. (16)However, before prosecution under these sections can be successful,several areas must be developed in the computer industry and the lawenforcement community.     o  Corporations should consider placing export        control warnings on sensitive software        programs, which would clearly assist U.S.        efforts to enforce national export laws that        require defendants have specific knowledge of        export restrictions when they export the        computer data.     o  Federal agents need to become oriented to the        computer industry and computers to overcome        computerphobia.     o  Corporate and Government hiring must be done        with great care when the employees will have        access to computer networks or trash from        computer centers.     o  Computer security specialists and systems        administrators must be alert to internal        unauthorized access and external hacker        attacks and the potential ramifications of        activities.  They must also be aware that the        modem plug-in on one of their computers could        be the international border in the export        violation and that computerized log records        may be the only evidence of espionage of        "tech-theft."     o  Federal agents and computer security        professionals must recognize the need for        rapid mutual cooperation and communication,        with security professionals providing        background information on the attacked        computer network and assisting with Federal        investigations and search warrant efforts.CONCLUSION     It is folly to assume that U.S. industry can continue to makesufficient research and development advances each year to ensure thatthe United States keeps an edge on Warsaw Pact countries. Thesecountries continue to rob the United States of advanced technologicalinformation critical to the defense and security of this country.The taxpayers and consumers writing the checks for Government andprivate sector technological research and development deserve acoordinated Federal law enforcement and computer industry responsethat recognizes software and computer-related engineering as one ofour country's greatest resources.FOOTNOTES(1) ComputerWorld, February 20, 1989.(2) Sunday Telegraph, October 23, 1988.(3) The Boston Globe, November 14, 1988.(4) ComputerWorld, April 3, 1989.(5) Hamburg Ard Television Network, March 2, 1989; see also, CliffStoll, "Stalking the Wiley Hacker," Communications of the ACM, May1988.(6) Reuters, June 28, 1988.(7) The Washington Post, January 2, 1989.(8) The New York Times, January 29, 1988.(9) Reuters, March 9, 1989.(10) "Soviet Acquisition of Militarily Significant WesternTechnology: An Update," published by the Central Intelligence Agency,1985.(11) The Los Angeles Times, November 21, 1988.(12) Supra note 10.(13) Ibid.(14) Ibid.(15) Ibid.(16) 118 U.S.C.  sec. 1029 (fraudulent activity in connection withusing accessing devices in interstate commerce); 18 U.S.C. sec. 1030(remote access with intent to defraud in connection with Federalinterest computers and/or Government-owned computers); 18 U.S.C. sec.1343 (use of interstate communications systems to further a scheme todefraud); 18 U.S.C.  sec. 2512 (making, distributing, possessing, andadvertising communication interception devices and equipment);  18U.S.C. sec. 2314 (interstate transportation of stolen property valuedat over $5,000);  17 U.S.C.  sec. 506 (Copyright infringementviolations);  22 U.S.C. sec 2778 (illegal export of Department ofDefense controlled software); 18 U.S.C.  sec. 793 (espionage,including obtaining and/or copying information concerning telegraph,wireless, or signal station, building, office, research laboratory orstations for a foreign government or to injure the United States); 18U.S.C. sec. 2701 (unlawful access to electronically storedinformation);  18 U.S.C.  sec.  1362 (malicious mischief involvingthe willful interference with military communications systems); 18U.S.C.  sec. 1962 (RICO--20 years/$25,000/forfeiture of property forcommitting two violations of wire fraud and/or transportation ofstolen property).================================================================The EPIC Project, a nonprofit public benifit corporation foundedlast year by a handful of college students, is advising theChairman of the American Bar Association Technology and the Courts(Sundevil) Subcommittee looking into federal court rule changes.These proposed rule changes are a direct result of actions taken bythe Seceret Service, FBI and other enforcement agents in OperationSun Devil.  Rules of evidence, warrants, et al, are in drastic needof change to address the constitutional and civil rights issues atodds with technology.I would very much like to hear from anyone with constructive inputor suggestions for needed changes.                                               9-18-90Jeff Aldrich                    Fax: (707) 425-9811The EPIC Project              Voice: (707) 425-6813P.O. Box 5080-341              Data: 1:212/105@fido.orgFairfield, CA 94533                  jefrich@well.sf.ca.us