Suche innerhalb des Archivs / Search the Archive All words Any words

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[infowar.de] digitaler Spion in den USA/Intelink



Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------
Ein Artikel über den letzte Woche in den USA festgenommenen Spion Brian
P. Regan, mit ein paar interessanten Details über das
US-Geheimdienst-Netzwerk Intelink. Mehr zu Intelink in dem Buch von
Fredrick Thomas Martin: "Top Secret Intranet - How US Intelligence Built
INTELINK, The World's Largest, Most Secure Network.".

RB


http://www.theregister.co.uk/content/6/21327.html

Sysadmin spy left digital trail
By Kevin Poulsen
Posted: 29/08/2001 at 11:48 GMT

The FBI investigation that lead to last week's arrest of a former Air
Force sergeant on espionage charges had more in common with a modern
Internet hacker hunt than a John le Carre novel, court records show. 

Brian P. Regan, 38, was arrested Thursday at Washington Dulles
International Airport while boarding a Lufthansa flight to Zurich,
Switzerland. He's charged with conspiracy to commit espionage for
allegedly passing classified satellite photos and secret documents to an
unnamed foreign government, called 'County A' in court filings,
identified in a Washington Post report as Libya. 

Regan had been posted at the super-secret National Reconnaissance Office
(NRO) in Virginia, the Defense Department organization responsible for
building and controlling the United States' network of orbiting
reconnaissance satellites. 

According to a 19-page FBI affidavit filed in the case last week, which
relies much on unidentified "reliable source information", Regan began
his abortive espionage career in August 2000, shortly after retiring
from military service. 

Regan allegedly introduced himself to 'Country A' by passing it a set of
overhead satellite photos, as well as a CIA intelligence report, two
pages from a classified CIA newsletter, and other documents. 

At the same time, Regan, a former system administrator, gave his
would-be handlers a number of encrypted messages, and a plaintext
message written in English. "The initial, unencrypted message appears to
be an introductory letter containing instructions to prevent detection
of the messages by the US government," reads the affidavit. 

While the court records don't indicate what encryption system Regan
favored, it evidently didn't pose an insurmountable obstacle to the FBI.
"The encrypted messages, which were decrypted by the US government, set
forth contact instructions, establish bona fides, and offered to provide
additional classified information," the affidavit reads. 

Regan's alleged contact instructions had a decidedly information age
twist. 

Rather than arrange a rendezvous in a dark alley or a smoke-filled bar,
Regan allegedly referred 'Country A' to a free Internet email account he
established under the alias Steven Jacobs. When FBI agents obtained logs
from the email provider, they found that the account had been used nine
times, all of them from Internet terminals at public libraries near
Regan's home or office. One of them, in Crofton, Maryland, was five
miles from Regan's home. 

"Physical surveillance of Regan during May through August 2001 indicated
that Regan regularly utilized the public internet access located in the
Crofton library," reads the affidavit. 

While the free email provider's records incriminated Regan on one end,
computer forensics and government network logs fingered him on the
other. 

Suspect surfed secret Web 
According to the affidavit, most of the images and documents Regan is
accused of passing came from Intelink, a classified global intranet that
links the thirteen US intelligence agencies to each other, and to their
'customers' in the White House, Congress, the Pentagon and other
government agencies. 

Developed in the mid-90s, Intelink is estimated to have over 50,000
users with access to 'special compartmentalized information' housed on
some 200 servers at over 100 physical sites. Another 265,000 users have
access at the lower 'secret' level. 

Intelink addresses take the form http://www.nro.ic.gov or
http://www.cia.ic.gov. The resemblance to Internet URLs is not
coincidental-- the classified network is isolated from public access,
but uses the same protocols and software as the public Internet.
Inttelligence analysts and operatives surf its secrets with the ease of
an Internet user shopping for books online. And like the Internet,
Intelink has seen an explosion of growth in recent years -- albeit
behind closed doors. 

"Just as the Web as taken off in the real world, the Intelink web has
taken off in the intelligence community," says Fredrick Thomas Martin, a
former NSA official and author of Top Secret Intranet --- How US
Intelligence Built INTELINK, The World's Largest, Most Secure Network.
"Anything that is Web enabled and uses Web ttechnology, the intelligence
community has latched onto on Intelink," Martin says. 

Martin, whose Web site includes an Intelink simulation, says that the
network's unbridled expansion troubled some in the intelligence
community, who were long accustomed to handling knowledge on a 'need to
know' basis. "They finally realized that they have big security problem
here... People might access things that they shouldn't have access to,"
Martin says. "They nearly shut it down." 

Instead, Intelink restricts which Web sites legitimate users can browse.
"You have to have a digital certificate to access certain things," says
Martin. "You have to be cleared for whatever you see." 

Those access control mechanisms may have played a critical role in the
FBI's investigation of Regan. 

According to the affidavit, when FBI agents scoured the hard drive of
Regan's former office computer in April 2001 they found that "someone
using Regan's password" had surfed to an Intelink URL for one of the
overhead photos offered to 'Country A', and visited four URLs for other
documents that were passed at the same time. 

Server logs from Intelink web sites tied Regan's machine to three more
documents, and "Intelink audit records indicate that the URL for the CIA
intelligence report....was accessed from the computer in Regan's former
office at 8:52 p.m." on the day that the copy passed to the 'Country A'
was printed out. 

A few months after retiring from the Air Force in August 2000, Regan
went back to work at NRO as a employee of defense contractor TRW. His
security clearance was reinstated in July, one month before his arrest. 

Regan isn't the first accused spy with computer expertise. Computer logs
provided damning evidence against FBI mole Robert Hanssen, who pleaded
guilty last month to selling the United States' most precious
counter-intelligence secrets to Russia. 

Hanssen, an experienced computer programmer, passed information to his
Russian handlers on encrypted floppy disks, kept reminders of his
clandestine appointments in his Palm organizer, and routinely searched
FBI computers for hints that his co-workers might be on to him.



---------------------------------------------------------------
Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.