None of this information had the comment “classified” on it. It wasn’t secret, top secret, or even confidential. At least, none of the files carried those labels. Now, no military computer on the Milnet is allowed to carry classified information. There’s another computer network, completely separate, that handles classified data. So in one sense, the Systems Command’s Space Division had nothing to lose: its computer is unclassified.But there’s a deeper problem. Individually, public documents don’t contain classified information. But once you gather many documents together, they may reveal secrets. An order from an aircraft manufacturer for a load of titanium sure isn’t secret. Nor is the fact that they’re building a new bomber. But taken together, there’s a strong indicator that Boeing’s new bomber is made of titanium, and therefore must fly at supersonic speeds (since ordinary aluminum can’t resist
In the past, to pull together information from diverse sources you’d spend weeks in a library. Now, with computers and networks, you can match up data sets in minutes— look at how I manipulated Mitre’s long-distance phone bills to find where the hacker had visited. By analyzing public data with the help of computers, people can uncover secrets without ever seeing a classified database.
Back in 1985 Vice Admiral John Poindexter worried about just this problem. He tried to create a new classification of information, “Sensitive but unclassified.” Such information fit below the usual levels of Top Secret, Secret, and Confidential; but access to it was to be denied to certain foreigners. Poindexter clumsily tried to apply this to academic research—naturally, the
universities refused, and the idea died. Now, standing in front of my monitor, watching the hacker prowl through the Space Command’s system, I realized his meaning. Air Force SDI projects might not be top secret, but they sure were sensitive.
The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage circa 1990
Computer Spies Breach Fighter-Jet Project in today’s WSJ:
Computer spies have broken into the Pentagon’s $300 billion Joint Strike Fighter project — the Defense Department’s costliest weapons program ever — according to current and former government officials familiar with the attacks.Similar incidents have also breached the Air Force’s air-traffic-control system in recent months, these people say. In the case of the fighter-jet program, the intruders were able to copy and siphon off several terabytes of data related to design and electronics systems, officials say, potentially making it easier to defend against the craft.
Many details couldn’t be learned, including the specific identity of the attackers, and the scope of the damage to the U.S. defense program, either in financial or security terms. In addition, while the spies were able to download sizable amounts of data related to the jet-fighter, they weren’t able to access the most sensitive material, which is stored on computers not connected to the Internet.
Former U.S. officials say the attacks appear to have originated in China. However it can be extremely difficult to determine the true origin because it is easy to mask identities online.
I hope our information security people designed this system in a way that what the hackers got isn’t worth much without the information on the secure network. If we see some of our next generation technology showing up in Russia or China, I guess we’ll know.
It seems like our enemies are getting better at stealing our data faster than we are at keeping them from doing so.