Net Force - finding hackers who target Air Force computers - Brief Article

OSI hunts hackers targeting Air Force computers

Ovie Carroll's brown eyes track across the computer screen. Line after line of computer code scrolls past. Somewhere among this sea of electronic gobbledygook is a clue to catching a hacker.

From his office at Andrews Air Force Base, Md., the Air Force Office of Special Investigations agent is in chase-mode. Time is crucial. Chasing a hacker is a bit like catching a vapor trail. You've got to get it before it disappears.

"I have to get in the hacker's mind, look at what was done and figure out the why and how," said Carroll, who has been a special agent for eight years -- the last two as a cyber-cop.

"When I look at the keystrokes, I'm looking at his fingerprints," Carroll explained. "I can find out what he does on his computer and why."

This 30-something cop is one of just 48 OSI computer crime investigators. This small group, working from strategic locations around the world, tracks and captures people who hack Air Force computers. They are the computer enforcers - the "Net Force."

Brisk business

Unfortunately, business is brisk for these cyber-sleuths, according to Special Agent C. Damon Hecker, chief of OSI's computer investigations and operations program. Demand has steadily increased for his agents' services in the last decade.

As the world's computer literacy increases, so do the number of computer intrusions.

When the OSI began its computer crime program in 1978, intrusions constituted about 10 percent of a computer cop's work. In 22 years, that number jumped to 85 percent. OSI conducted 26 intrusion investigations last year.

An intrusion, by OSI standards, is when a hacker gains root-level access to a computer. They don't go after cyber-kiddies that deface Web pages, or worry about probes or attempted intrusions. The agency doesn't have the resources to chase down these "nuisance" crimes. They track the hackers who pose a threat.

"Root-level access means you're king of the system," Hecker said. "That's bad."

The Pentagon alone experiences between 10 and 15 attempted intrusions a day, according to John Hamre, former deputy defense secretary.

The number of intrusions continues to climb despite enormous Department of Defense and Air Force work to stop hackers at the front door of its computer systems.

"DOD and the Air Force are juicy targets," Hecker said. "The temptation to take on the government -- be it the Air Force, FBI, NASA or the White House -- is too tempting to resist."

Folks who have been in the computer crime business awhile are cognizant of one fact. No one is hack-proof.

"Eventually it happens to everyone," Carroll said. "No matter how good the defenses, you will get hacked."

The October 2000 hacking of Microsoft's computer network in Redmond, Wash., drives home Carroll's point. No system is invincible. The hackers stole blueprints for software under development by the computer giant.

Net reality

Another Net Force reality is not every hack gets solved.

"We catch the stupid ones," Hecker said bluntly. "The smart ones usually get away."

Often that's tough for investigators.

"Sometimes I just have to shake my head and admit 'this guy's good,'" Carroll said. "It's frustrating, but all we can do is lay in wait, set up surveillance, and hope we get him next time."

A normal hack goes like this. A hacker goes from a home computer and dials into an Internet service provider. From there the hacker goes to a place he's compromised -- it could be a school, government site or even a service provider. From there, the hacker goes to another and another and another computer, so when the hacker reaches the final destination -- the target site -- it's hard for the computer cops to track.

An intrusion investigation can lead around the world. In the best case, the logs lead the good guys to the hacker's front door, said Hecker. Sometimes, when they knock on that door what they discover is someone who had a password stolen. Other times, the trail ends in a foreign country, one that doesn't consider hacking a crime. Sometimes what they discover is even more ominous.

"Spies today don't wear trench coats," Carroll said. "Instead, they carry laptops."

This observation brings OSI's biggest concern with computer crime in focus. Hackers aren't necessarily kids trying to prove how smart they are. They could be foreign intelligence services -- even terrorists.

"People can die in this business," Carroll said. "If someone hacks a computer, it doesn't even have to have classified information on it, but information that provides a picture of our operations, that could mean the mission fails, or worse, airmen die."

The Air Force had a scare with this type of scenario in 1998, when a hacker gained access to Air Force systems that contained logistics and operations information for operations in Southwest Asia.

"This scared us because we thought it was coming from unfriendly nations," Hecker said. "It ended up being kids having fun, but the potential for catastrophe was there."

That potential fuels the computer investigators' searches. Unlike normal investigations, where police usually start with one or two suspects in mind, computer cops have no clue where the trail will lead.

Back in his Maryland office -- dubbed the "bat cave" -- Carroll pours over the computer logs. The equipment at his disposal would make most computer geeks do back flips. But, despite the high-tech tools, Carroll can't nail down the clue he needs to catch his current suspect.

"I equate hacker crimes to rape and murder," Carroll said. "If they get into a system and take information they're not authorized to have, it's rape. If they do something destructive to a computer, it's murder."

Turning back to his monitor, Carroll continues his search. He's got a hacker to catch, and the clock is ticking.

"We are recognized in the Department of Defense as having the greatest experience and capability regarding computer crime," said Brig. Gen. Francis X. Taylor, Air Force Office of Special Investigations commander. The Air Force's computer cops spend 80 percent of their time catching hackers. The other 20 percent is spent doing media analysis -- which means getting evidence from computers or computer devices. Special Agents Sabrina Moses and Jesse Kornblum perform some of that media analysis.

COPYRIGHT 2001 U.S. Air Force, Air Force News Agency
COPYRIGHT 2001 Gale Group