From: William Knowles (wkC4I.ORG)
Date: Wed Apr 04 2001 - 01:48:28 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.computerworld.com/cwi/story/0,1199,NAV47_STO59203,00.html

By DAN VERTON
April 03, 2001

As U.S. diplomats yesterday rushed to the site in China where a U.S.
Navy spy plane was forced to make an emergency landing, intelligence
and security analysts warned of fallout from China gaining access to
sensitive computers aboard the aircraft and a Cold War-like face-off
that has spilled onto the Internet.

Three U.S. diplomats arrived yesterday on China's Hainan Island,
located in the South China Sea between the Chinese mainland and the
Philippines, to secure the release of 24 U.S. military personnel who
were aboard the EP-3E Aries II spy plane. The aircraft, which was
likely monitoring Chinese missile deployments, was forced to make an
emergency landing Sunday after a Chinese fighter jet collided with it
in international airspace and damaged part of the plane's wing and
engine.

However, the Chinese government has denied U.S. officials access to
the crew and the aircraft, leading to a major escalation of tensions
between the two countries. Also complicating matters is the lack of
knowledge about the plane and the highly sensitive electronic
equipment that it carried.

The EP-3E is a sophisticated surveillance aircraft outfitted with
state-of-the-art computers, cryptological equipment and sensors that
are designed to monitor military communications deep within a
country's borders. According to intelligence experts, even the
slightest compromise of the plane's computers and equipment will
likely help China further refine its information warfare capabilities.

"Even the most trivial information they pick up will be something they
didn't know before," said Steven Aftergood, an intelligence analyst at
the Federation of American Scientists, a public policy think tank. "A
lot depends on how thoroughly the crew was able to implement the
dismantlement and destruction procedures," he said.

According to military and intelligence experts, the crew of the plane
probably had plenty of time to conduct emergency destruction
procedures on all of the aircraft's most sensitive computers and
digital media, including hard drives and cryptographic keys. Such
actions are called for as part of the crew's standard operating
procedures during such emergencies.

"The information on paper, media or [in] people's heads is indeed the
most important thing," said Allen Thomson, a former CIA scientist. And
although the physical equipment is probably the least sensitive aspect
of the aircraft, "one hopes that rapid sterilization is one of the
design requirements for equipment that operates under the danger of
capture," said Thomson. "Beyond that, yes, undoubtedly the Chinese
will get a better feel for what we can collect, how we do it and how
they can improve their own capabilities and countermeasures."

A former Navy intelligence official said cryptographic keys, databases
that maintain U.S. intelligence information on Chinese systems, and
classified computer codes are of far greater value to the Chinese than
the hardware systems alone. However, electricity is required to
degauss, or erase, crypto systems and other hard drives. Damage to the
aircraft could have hampered the crew's ability to take such actions,
the official said.

Meanwhile, as the Bush administration continues to fault the Chinese
for not releasing the crew and the aircraft sooner, Chinese citizens
have taken to the Internet to express outrage at what they consider
meddling by the U.S. military in the region. As a result, security
experts in the U.S. are warning that China's Internet-enabled public
outcry could eventually lead to hacker attacks against U.S. Internet
sites.

As of 9 a.m. (EDT) today, the well-known Chinese Web site china.com
carried only a few stories about the incident on its English-language
pages. Its Chinese language page, however, offered 25 stories, most of
which called for revenge for the breach of China's territory and
supported putting the U.S. military personnel on trial, according to a
report released today by Vigilinx Inc., a New York-based security
firm.

"Once the protesters have received news from the various Chinese
information sources, and after they have their passions stirred up at
the rallying points, the cybermob will take to the streets," the
report states. A similar pattern of events occurred in May 1999 after
the accidental bombing of the Chinese embassy in Belgrade, according
to the Vigilinx report.

The Chinese are winning the first phase of this protracted information
warfare campaign by exploiting the propaganda and inflammatory value
of the incident, said Michael Assante, vice president of intelligence
for Vigilinx and a former Navy intelligence officer. "It is being used
effectively to focus the Chinese Internet community's resources on an
anti-American campaign," he said. "Offshoots of that could include
hacker attacks, Web site defacements and denial-of-service attacks
against U.S. government and business entities."

*==============================================================*
"Communications without intelligence is noise; Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERVSecurityFocus.com with a message body of
"SIGNOFF ISN".

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]