December 1989
FBI 1.


       THEFT OF COMPUTER SOFTWARE:  A NATIONAL SECURITY THREAT

                               By

                         William J. Cook
                     Assistant U.S. Attorney
                          Chicago, IL



     -- Between July and September 1987, a Chicago
        youth attacked AT&T computers at Bell Labs in
        Illinois and New Jersey, at a NATO missile
        support site in North Carolina, and at Robbins
        Air Force Base in Georgia, stealing software
        worth $1.2 million and causing $174,000 worth
        of damage. (1)

     -- In October 1988, Scotland Yard arrested an
        English attacker who had broken into over 200
        military, corporate, and university computers
        in the United States and Europe.  The
        indication was that he planned to extort money
        from one of the victim corporations. (2)

     -- In November 1988, a college undergraduate
        planted a computer virus that temporarily
        disabled 6,000 computers on the U. S. Army
        research computer network (ARPANET). (3)

     As evident by these accounts of computer piracy, computer-aided
attacks on Government and corporate networks are becoming more
numerous and sophisticated.  While estimates vary, computer industry
sources indicate that computer-related crime (including software
theft) annually costs U.S. companies as much as $5 billion per year,
with each incident costing approximately $450,000. (4)  More
importantly, however, the infiltration and theft of computer files is
a growing Federal crime problem, since many such actions jeopardize
the security and defense of the United States.

     This article gives a brief overview of the theft and illegal
export of computer software.  It also details steps taken by the U.S.
Government to protect national security and defense information with
the intent of curtailing and hopefully eliminating the occurrence of
such actions in the future.

INTERNATIONAL COMPUTER HACKERS

     While most computer attacks are committed by hackers who are not
agents of foreign government, the growing attention of Eastern Bloc
governments to hackers indicates that these nations clearly recognize
the benefits of using them to expose openings in U.S.  computer
networks.

     In March 1989, it was disclosed that West German hackers
sponsored by Eastern Bloc intelligence agencies had been
systematically searching for classified information on Government
computers throughout the United States through a weakness in a
computer network at a California university. (5)  The following
month, Canada expelled 19 Soviet diplomats for wide-ranging espionage
operations to obtain Canadian defense contractor information for
military and commercial purposes. (6)  And in December 1988, a search
warrant filed by U.S. Customs agents in Chicago disclosed that a
confederate of the Yugoslav Consul- General in Chicago was using a
hacker to attack defense contractors by remote access in order to
steal computerized information.  According to the affidavit, the
information obtained by the hacker was subsequently smuggled out of
the United States in diplomatic pouches with the help of the Counsel-
General.

     Public access information and published reports reflect that
Soviet efforts to obtain technical information are not an illusion.
A major daily newspaper reported that the Soviet Union was actively
fostering hacker-to-hacker ties between the Soviet international
computer club and computer firms and hackers in the United States,
Britain, and France. (7) Another newspaper account told of the Soviet
Union setting up programmers in Hungary and India for the purpose of
translating and converting U.S. origin software to the format of
Soviet and Warsaw Pact country machines. (8)  Then in March 1989, a
member of the Soviet military mission in Washington, DC, was arrested
and expelled from the United States for attempting to obtain
technical information about how U.S. Government classified
information is secured in computers. (9)

     The Soviet's main targets are U.S. Government agencies, defense
contractors, and high-tech companies and are purportedly backed by a
$1.5 billion annual "procurement" budget.  Further, Soviet satellite
countries have become very active in the Soviet high technology
procurement effort.   For the past several years, Hungarian,
Bulgarian, Yugoslavian, and Polish intelligence officers and their
agents have participated in the high-tech theft effort, along with
agents from Vietnam, North Korea, and India. (10)  Also, Cuban and
Nicaraguan intelligence officers are using front companies in Panama
to obtain U.S. technology. (11)

     News accounts suggest that these efforts are successful; 60-70%
of the technology is obtained, while 90% of nonclassified high
technology data is acquired.  More than 60% of the stolen technology
comes from the United States. (12)

     As a result, the U.S. technological "lead" over the Soviets has
gone from 10-12 years in 1975 to 4-6 years in 1985. (13)  And the
savings to the Soviets has been impressive.  In 1978 it has been
estimated that the Soviet Union saved $22 million in research and
development costs by stealing U.S. technology; the following year,
they saved $50 million. (14)  Between 1976 and 1980, the Soviet
aviation industry alone saved $256 million in research and
development because of stolen U.S. technology. (15)  More
significantly, much of the stolen technology is critical to the
national security and defense of the United States.

PROTECTING TECHNICAL DATA

     In 1984, the U.S. Department of Commerce placed expanded export
controls on computer software as part of its general protection of
technical data deemed vital to the national defense and security of
the United States.  However, export control in this realm is an
enormous challenge since modern technology allows the criminal to
steal restricted software stored on Government and corporate
computers by remote access from a personal computer anywhere in the
world.  Literally, an international border becomes established where
a telephone line plugs into the computer modem.

OBSERVATIONS

     Several observations can be reached from this mosaic.
Obviously, U.S. taxpayers are subsidizing the modernization of the
Soviet military establishment.  And it is more economical for the
Soviets to steal U.S. technology than to fund and develop their own
research and development capabilities.  More importantly, however,
the United States needs to do a better job protecting its technology.

     As noted previously, in response to the Soviet "tech-threat,"
the United States and other countries expanded controls on
high-technology computer software by placing them on the Commodity
Control List or Munitions List.  Commerce Department and State
Department licensing officers require that validated export licenses
and end-user assurances are obtained before software named on these
lists are exported.  Both the Commerce and State Departments
routinely call in Defense Department personnel to analyze these
export requests.

     Prosecution for illegally exporting computer data and software
can be brought under several sections of the U.S. Code. (16)
However, before prosecution under these sections can be successful,
several areas must be developed in the computer industry and the law
enforcement community.

     o  Corporations should consider placing export
        control warnings on sensitive software
        programs, which would clearly assist U.S.
        efforts to enforce national export laws that
        require defendants have specific knowledge of
        export restrictions when they export the
        computer data.

     o  Federal agents need to become oriented to the
        computer industry and computers to overcome
        computerphobia.

     o  Corporate and Government hiring must be done
        with great care when the employees will have
        access to computer networks or trash from
        computer centers.

     o  Computer security specialists and systems
        administrators must be alert to internal
        unauthorized access and external hacker
        attacks and the potential ramifications of
        activities.  They must also be aware that the
        modem plug-in on one of their computers could
        be the international border in the export
        violation and that computerized log records
        may be the only evidence of espionage of
        "tech-theft."

     o  Federal agents and computer security
        professionals must recognize the need for
        rapid mutual cooperation and communication,
        with security professionals providing
        background information on the attacked
        computer network and assisting with Federal
        investigations and search warrant efforts.

CONCLUSION

     It is folly to assume that U.S. industry can continue to make
sufficient research and development advances each year to ensure that
the United States keeps an edge on Warsaw Pact countries. These
countries continue to rob the United States of advanced technological
information critical to the defense and security of this country.
The taxpayers and consumers writing the checks for Government and
private sector technological research and development deserve a
coordinated Federal law enforcement and computer industry response
that recognizes software and computer-related engineering as one of
our country's greatest resources.

FOOTNOTES

(1) ComputerWorld, February 20, 1989.

(2) Sunday Telegraph, October 23, 1988.

(3) The Boston Globe, November 14, 1988.

(4) ComputerWorld, April 3, 1989.

(5) Hamburg Ard Television Network, March 2, 1989; see also, Cliff
Stoll, "Stalking the Wiley Hacker," Communications of the ACM, May
1988.

(6) Reuters, June 28, 1988.

(7) The Washington Post, January 2, 1989.

(8) The New York Times, January 29, 1988.

(9) Reuters, March 9, 1989.

(10) "Soviet Acquisition of Militarily Significant Western
Technology: An Update," published by the Central Intelligence Agency,
1985.

(11) The Los Angeles Times, November 21, 1988.

(12) Supra note 10.

(13) Ibid.

(14) Ibid.

(15) Ibid.

(16) 118 U.S.C.  sec. 1029 (fraudulent activity in connection with
using accessing devices in interstate commerce); 18 U.S.C. sec. 1030
(remote access with intent to defraud in connection with Federal
interest computers and/or Government-owned computers); 18 U.S.C. sec.
1343 (use of interstate communications systems to further a scheme to
defraud); 18 U.S.C.  sec. 2512 (making, distributing, possessing, and
advertising communication interception devices and equipment);  18
U.S.C. sec. 2314 (interstate transportation of stolen property valued
at over $5,000);  17 U.S.C.  sec. 506 (Copyright infringement
violations);  22 U.S.C. sec 2778 (illegal export of Department of
Defense controlled software); 18 U.S.C.  sec. 793 (espionage,
including obtaining and/or copying information concerning telegraph,
wireless, or signal station, building, office, research laboratory or
stations for a foreign government or to injure the United States); 18
U.S.C. sec. 2701 (unlawful access to electronically stored
information);  18 U.S.C.  sec.  1362 (malicious mischief involving
the willful interference with military communications systems); 18
U.S.C.  sec. 1962 (RICO--20 years/$25,000/forfeiture of property for
committing two violations of wire fraud and/or transportation of
stolen property).
================================================================

The EPIC Project, a nonprofit public benifit corporation founded
last year by a handful of college students, is advising the
Chairman of the American Bar Association Technology and the Courts
(Sundevil) Subcommittee looking into federal court rule changes.

These proposed rule changes are a direct result of actions taken by
the Seceret Service, FBI and other enforcement agents in Operation
Sun Devil.  Rules of evidence, warrants, et al, are in drastic need
of change to address the constitutional and civil rights issues at
odds with technology.

I would very much like to hear from anyone with constructive input
or suggestions for needed changes.
                                               9-18-90

Jeff Aldrich                    Fax: (707) 425-9811
The EPIC Project              Voice: (707) 425-6813
P.O. Box 5080-341              Data: 1:212/105@fido.org
Fairfield, CA 94533                  jefrich@well.sf.ca.us