Clips February 3-4, 2003

[Lillie Coney <lillie.coney@xxxxxxx>]

Clips February 3-4, 2003

ARTICLES

Total Information Awareness official responds to criticism 
EBay Deletes 'Shuttle Debris' Offerings
FCC Phone Rule Proposals Criticized
Microsoft obtains reprieve over Java 
OMB Proposes Changes in Federal Rulemaking 
Investigation to Include Onboard Computers 
Microsoft: Faked Web Site Report Was a Hoax
NASA Web Site Put to Test Early
France prepares nationwide launch of smart cards
Budget emphasizes consolidation
Budget boosts Homeland funding
IT takes biggest piece of NSF budget 
NASA will create central repository of Columbia data 
The worm that turned: A new approach to hacker hunting 
Defense sees role for 'open source' software 

*******************************
Government Executive
January 31, 2003 
Total Information Awareness official responds to criticism 
By Shane Harris
sharris@xxxxxxxxxxx 

The second-ranking official on the Defense Department?s Total Information Awareness Project to predict terrorist attacks says critics of the effort have misinterpreted its goals and the nature of the technology it will use.


The TIA project has its roots in previous Pentagon programs to build machines that think like human beings. For more than a decade, the department has studied computers that could help the military predict enemy troop movements and better wage war. TIA would build on these efforts with a system that would inspect private information about people living in the United States to try to uncover patterns of terrorist activity. The project is under attack by privacy advocates and lawmakers who say it?s tantamount to domestic spying. 


Officials at the Defense Advanced Research Projects Agency (DARPA), which is running the TIA project, have been tight-lipped about itin fact, they?ve been sued in federal court for refusing to release records. But in recent interviews with Government Executive, TIA Deputy Director Robert Popp showed how TIA would rely on the artificial intelligence work of earlier projects as well as the inspection of databases that has inflamed TIA?s critics. 


TIA?s goal is to predict terrorist attacks before they happen. The system would scan private and public databases, as well as the Internet, for transactions that might be associated with a terrorist attack. Those transactions might be credit card purchases, airline reservations, purchases of chemicals or rental car records. TIA also would translate foreign Web pages into English to find key words and phrases that might suggest an attack.


Critics charge that TIA would search thousands of databases and collect records about mostly innocent people. They say this so-called data mining practice is of dubious scientific value because it would yield many false positive results, incorrectly fingering people as terrorists. Also, if TIA stores the data it collects, it would become a prime target for computer hackers and American adversaries. 


But Popp said TIA would rely less on data mining than many opponents think. Terrorism experts, using studies of past attacks and confiscated terrorist writings, are developing a series of templates, or likely attack scenarios. Those templates would help TIA determine what databases to investigate. TIA would not cast a wide net, he said. Rather, using the templates as a guide for specific information, it might only search dozens of databases, he said.


As an example, the Sept. 11 template might look like this: Hijackers use civil aircraft to destroy an office building. TIA would use data mining to scan an ?infospace,? looking for, perhaps, airline ticket purchases, hotel reservations, visa applications and money transfers between bank accounts. 


Popp?s comments are the first of any DARPA official to counter the opposition to TIA. The project?s director, John Poindexter, whose conviction for lying to Congress during the Iran-Contra investigation was later overturned, refuses to conduct interviews. Popp?s response, as well as the history of the TIA project and its ancestors, shows the system is predicated on complex and controversial theories that DARPA has investigated for years. The officials who lead TIA also can be traced to the projects that gave rise to it. 


Thinking Machines


In 1989, DARPA started working with the Air Force Research Laboratory in Rome, N.Y., to develop ?automatic decision-making? practices to aid the military in times of crisis and planning, documents show. It was among the first in a series of DARPA projects aimed at teaching computers to think more like people, and to make analyses and decisions on their own. Doug Dyer, the project?s manager, now works in the Information Awareness Office, the umbrella group for TIA and other projects Poindexter directs. 


The Rome lab is a frequent contractor for DARPA research, a spokesman said, and is currently performing work on the TIA project. Officials at the lab wouldn?t comment on the nature of their research. Popp was a visiting scientist at the lab several years after Dyer?s project began. 


In the late 1990s, DARPA?s work on artificial intelligence picked up steam with a project called the High Performance Knowledge Base (HPKB). Its goal was to create technology to build databases of tens of thousands of rules and observations about a variety of subjects, and it focused on warfighting. Documents show that DARPA engineers believed that powerful data mining technologies already in use to detect credit card fraud and predict consumer purchasing behavior might be applicable to the project. An evaluation paper by Defense scientists used the phrase ?knowledge is power? to describe HPKB?s philosophy. That phrase became the official slogan of Poindexter?s Total Information Awareness Office. 


Several companies helped test the projectincluding software firm Alphatech, one of Popp?s former employers. DARPA initiated a follow-on project to HPKB called Rapid Knowledge Formation (RKF), that tried to improve the interaction between thinking machines and the human beings that teach them.


A main component of RKF research was helping human database builders correct observations the machines made, in order to avoid errors and expand its knowledge. ?Our vision is that scientific, technical and military experts would encode massive amounts of knowledge into reusable knowledge bases,? Murray Burk, the RKF project manager, said at a DARPA conference in 1999. Burk, now assigned to DARPA?s Information Exploitation Office, was a project manager at the Rome lab for 14 years. 


Burk said RKF engineers wanted ?reusable theories? that could be used ?for answering a broad range of questions and solving a large number of problems.? The terrorism templates TIA envisions also are reusable theories that try to answer questions about future attacks. 


The RKF project is ongoing and is part of the Information Exploitation Office. However, it was housed in the Information Systems Office, which was closed in October 2001, after the Sept. 11 attacks, a DARPA spokeswoman said. Other programs in that office also looked at artificial intelligence and knowledge databases. Some of them were moved into Poindexter?s group after the Sept. 11 attacks, when that division became DARPA?s focal point for counterterrorism research. Some of them also are now TIA components. 


TIA predates Poindexter?s arrival at DARPA. At the 1999 conference where Burk described RKF, J. Brian Sharkey, then a DARPA program manager, delivered a presentation entitled ?Total Information Awareness.? He said the effort was not an approved program, but rather ?a technology focus? and a starting point for reshaping the direction of existing programs and launching new efforts in the future.? 


The description of TIA?s scope jibes with the goals of the other DARPA projects, according to Sharkey: ?The primary question is: ?How far can we push automation through the development of intelligent search and inference agents, to take the burden of finding relevant evidence that the human can reason about?? TIA was also part of the Information Systems Office. 


Sharkey also created the Genoa project, a decision-making tool to be used by the Defense Intelligence Agency. Poindexter says he has worked closely with the project for the past seven years. Genoa II, its heir, is now part of TIA. Prior to working on Genoa, Sharkey was a manager at Bolt, Beranek and Newman, a pioneering network technology firm. Popp was also a senior scientist at the firm overseeing DARPA projects and research. 


DARPA rotates its projects on a regular basis, and reorganizes its different offices often. But many of the same companies and entities work on several agency projects. DARPA critics point to these connections and label the agency ?an old boy?s network.? However, there are few scientists in the country with the expertise these projects require. Many of them have worked for DARPA. Much of that work now finds a home in TIA. 


Beer and Diapers


Most of the scientific skepticism about TIA concerns data mining. The term is ill-defined, but is well illustrated by an often-cited case. 


A number of convenience store clerks, the story goes, noticed that men often bought beer at the same time they bought diapers. The store mined its receipts and proved the clerks? observations correct. So, the store began stocking diapers next to the beer coolers, and sales skyrocketed. 


The story is a myth, but it shows how data mining seeks to understand the relationship between different actions. It?s used to detect credit card fraud by looking for anomalies, transactions that don?t match a customer?s usual habits. 


TIA critics say data mining is an imperfect science, and that the more transactions that are scanned, the higher the probability there will be false positives. 


Popp said the notion that false positives would impair TIA is a ?red herring.? 


?We?re not trying to define a norm and then find anomalous behaviors or outliers to that norm? as in fraud detection, Popp said. ?Our approach in TIA is to not rely on data mining to look for anomalous patterns.? 


Instead, the attack templates narrow down the data to be mined. TIA would search a ?sweet spot? of maybe a few dozen databases, not hundreds or thousands. Research by DARPA?s terrorism experts, as well as a study being conducted by the Rand Corp., suggest this focused approach is possible, Popp said. TIA would rank its findings with designations such as possible, likely or certain terrorist activity, Popp said. 


A computer scientist who specializes in data analysis, and who asked to remain anonymous, said this approach is flawed. It?s important to remove human biases and use mainly data to make the templates, he said. Otherwise, the system ?recognizes only those scenarios the [experts] had the creativity to come up with.? 


Because there is so little knowledge about how terrorists operate, TIA could only spot clusters of events that resemble what people think an attack looks like, the computer scientist said. ?I am skeptical of the idea that anyone can paint a useful, predictive picture of the general class of terrorist attacks,? he said. 


Popp said new templates would be added as experts learn more about terrorists? tactics. ?We hope to see over time?an 80/20 phenomena, where roughly 20 percent of the templates will provide 80 percent of the value,? Popp said. Of course, that requires knowing what the terrorist behavior patters are. 


One technologist familiar with TIA?s work thinks that?s impossible. When it comes to terrorism, ?there is no pattern,? said Chris Westphal, chief executive officer of Visual Analytics, a data mining software maker that worked with DARPA on TIA-related technologies in the late 1990s. 


Westphal said data mining can spot patterns as long as the templates of behavior consist of stable variables, such as numbers. The approach works well for determining what people are at risk for certain diseases, he said. 


But terrorists are dynamic human beings. Westphal?s company created behavior templates to help the U.S. Customs Service catch drug smugglers at the Mexican border. The processes yielded ?a ton of false positives,? he said, because human behavior is hard to measure. 


Westphal, who said his company trademarked the phrase ?total information awareness? before DARPA appropriated it, said Visual Analytics won?t work with the agency anymore because TIA has ?blurred the lines? of data mining. 


Seeing the Future


The TIA project is now in jeopardy. Sen. Ron Wyden, D-Ore., has introduced legislation to stop funding for the program until the administration makes a full report on its scope and budget. 


DARPA won?t build a TIA machine, but rather will hand over its design to some other agency. Defense?s inspector general has reported that TIA officials have briefed the Defense, Homeland Security and Justice departments on the project. A spokesman at the FBI said officials also met with Poindexter?s group, and that the bureau is open to creating a ?memorandum of understanding? about the use of TIA. 


A number of computer scientists contacted for this story doubted TIA?s ability to pick out terrorists from the population, but noted the system might be very good at analyzing data about a specific person or group of people. For that reason, some fear TIA might be used by law enforcement agencies to monitor people deemed suspicious by the government. 


TIA research is three years from completion. In the meantime, federal agencies such as the FBI, the Transportation Security Administration and the CIA have seen their powers to mine data and investigate individuals widened. Those agencies are using technology to conduct their work. 


The argument over privacy and the science of TIA may never be settled. But as homeland security, law enforcement and intelligence agencies become more dependent on technology, the debate will grow more ferocious. 
*******************************
Associated Press
EBay Deletes 'Shuttle Debris' Offerings 
Sun Feb 2,11:42 AM ET
By RACHEL KONRAD, AP Business Writer 

SAN JOSE, Calif. - EBay deleted several items billed as debris from the space shuttle Columbia from the online auction site Saturday, warning that anyone attempting to sell fragments from the doomed shuttle could be prosecuted. 

EBay spokesman Kevin Pursglove said customer service representatives received a handful of listings throughout the day from people purporting to have found debris in Texas. 


The listings were immediately yanked from the site, and executives may report the sellers to federal authorities. 


Taking a part of an aircraft involved in an accident is a federal offense, U.S. attorneys in Texas warned, and a conviction could result in up to 10 years in prison and a $250,000 fine. 


Debris from the space shuttle was spread over a large swath Texas and Louisiana and residents reported finding chunks of it. 


It's unclear what kind of debris was listed on eBay, but Pursglove said that many of the items were likely pranks. 


The San Jose-based company has become a barometer of pop culture and current events, with listings such as World Series (news - web sites) paraphernalia surging during the baseball championships. But eBay must also deal with morbid postings and attempts to capitalize on human tragedy, and it frequently pulls items. 


"Over the years we have learned to keep an eye out for individuals who might want to list items once a tragic event has occurred, the best example being pieces of the World Trade Center and Pentagon (news - web sites)," Pursglove said, referring to the targets of the Sept. 11, 2001, terrorist attacks. 


EBay recorded a small increase Saturday in the number of listings for Columbia memorabilia, including coins, mission patches and even one listing for the official vertical stabilizers used in earlier voyages. Collectibles related to NASA (news - web sites)'s space program are perennially popular, Pursglove said. 
*******************************
Los Angeles Times
FCC Phone Rule Proposals Criticized
Conservative leaders and others say the ideas could raise rates and hamper competition.
By James S. Granelli
Times Staff Writer

February 3 2003

Conservative leaders, joining Democrats and a host of disparate groups, will urge the Federal Communications Commission today to pull back on proposals that would dramatically change telephone competition rules.

They are expected to say in letters filed with the agency that ideas the five commissioners are considering to reform the telecom industry would lead to higher rates and effectively prevent states from setting local rules for phone and high-speed fiber-optic service.

In one letter, conservative legal scholar Bruce Fein, a former FCC general counsel, contends that the proposed restructuring under review by the commission could run afoul of the Constitution by setting up a regulatory framework that Congress already has rejected.

"For an unelected commission to trump the policy wisdom of elected and accountable representatives of the people in the Congress wrenches separation of powers principles and epitomizes agency arrogance," Fein wrote in his letter, a copy of which was obtained Sunday by The Times.

Fein adds his voice to a growing chorus of individuals and groups across the political spectrum opposing significant changes to the rules governing competition in the telecommunications industry.

What's more, never have so many varying groups allied themselves against an agency's efforts, even as the agency tries to forge a compromise, said commentator James Glassman, a fellow at the conservative American Enterprise Institute in Washington.

Last month, 15 Democrats and five Republicans signed a letter that criticized FCC Chairman Michael K. Powell's position that the industry has enough competition to justify an end to regulated rates and much of the authority of state public utility commissions.

The FCC members, in their first review of competition rules under the Telecommunications Act of 1996, have been struggling to come up with a framework that passes court muster.

Major aspects of their previous efforts have been overturned in court, and the commission faces a largely self-imposed Feb. 20 deadline to come up with a solution.

With a deadline for public comments set for Thursday, others are quickly adding their opinions to the debate.

The American Conservative Union, for example, also is expected to file a letter today urging Powell to let the states continue regulating rates under a controversial rule that permits competitors to lease lines and equipment from the nation's four Baby Bell companies at deeply discounted prices.

"The states are best suited to implement the competitive promise and congressional intent of the Telecommunications Act," the letter states.

Like most conservatives, the group sees the issue as an unnecessary infringement on states' rights, as well as a hammer on local competition, which is only starting to take hold.

The Information Technology Assn. of America, representing 450 high-tech companies, also will file a letter today arguing that the discounted prices are essential to maintain "if we are going to see growth, innovation and investment in this sector."

In addition, the National Assn. of Regulatory Utility Commissioners, representing state regulators, is expected to add comments later this week. "The entire telecom world is buzzing daily, almost hourly," association President David A. Svanda said.

The group has argued that state regulators know better than federal agents the status of competition in their states and are better able to set rates that comply with court rulings.

SBC Communications Inc., California's dominant local phone service provider, and the other Bell companies, along with their larger suppliers, have been lobbying the FCC to remove rules requiring them to lease their equipment at what they contend is below cost.

About 10 days ago, Powell circulated a proposed order among commissioners that strongly endorsed the Bells' position, but he has failed to gain enough support among his colleagues and is trying to find some middle ground.

He and other commissioners agree that competition is best fostered by companies that use their own facilities to provide service. Leasing access at cheap prices, they say, will discourage competitors from building their own facilities and the Bells from investing in new equipment.

But where that line should be drawn, and when, has been a thorny issue. Industry sources close to the arguments said the middle ground is fluid but seems to be more in line with Commissioner Kevin J. Martin's view that states should continue with their rate-setting and other roles.

Consumers, state regulators, Internet service providers, Bell competitors and other busi- nesses are worried that the commission may adopt a plan that splits the rate-setting authority along one of two lines, either of which could stifle competition.

In one scenario, states would have authority over existing copper and high-speed lines, requiring the Bell companies to lease those to competitors at low rates. But the Bells would be able to keep their new high-speed fiber-optic lines off the regulated list and to themselves.

In another scenario, the dividing line would be set according to how many access lines competitors have at any one central switching station. Above a certain level, competitors would have to have lines physi- cally transferred to their own switches. Critics argue that such transfers would damage the quality of the line.

Those ideas were encompassed in a bill proposed by Reps. W.J. "Billy" Tauzin (R-La.) and John D. Dingell (D-Mich.) several years ago. Though the measure passed the House last February, it died in the Senate.

Fein argues in his letter to the FCC that Congress didn't intend its policy debates over legislation to be a "mere dress rehearsal for a final performance before the commission it created."

He and other conservatives also worry that the ideas the FCC is considering run counter to President Bush's campaign promises and, more important, could hurt him in the next election if consumers are hit with much higher telephone rates.

"If Powell is successful, there's no doubt that one effect will be rising telecom prices for consumers, and that would hurt the administration," Glassman said.

Glassman and others say the White House has remained quiet on the issue and has not sought to influence the process.
*******************************
Seattle Times
Microsoft obtains reprieve over Java 
By Kim Peterson

A federal appeals court handed Microsoft a small victory yesterday by placing on hold a judge's ruling that Sun Microsystems' Java programming language be integrated into the Windows operating system. 

Microsoft sought the stay last month after U.S. District Judge J. Frederick Motz of Baltimore ordered Java be put in Windows XP within 120 days to correct what he said was a competitive edge Microsoft gained in illegally protecting its Windows monopoly. 

Both sides must wait until an appeals court reviews Motz's order, which came in the form of a preliminary injunction he granted Dec. 23. 

Lee Patch, a Sun vice president, said both sides will file legal briefs soon and prepare to present them to the 4th U.S. Circuit Court of Appeals in Richmond, Va., when it convenes in late March. A hearing date has not been set. 

Microsoft spokesman Jim Desler said the company was pleased by yesterday's decision. 

"We feel it's very appropriate that these issues are reviewed by the appeals court before we take any further steps," he said. 

The decision capped a confusing day for just about all sides in the case. 

Microsoft had announced a complicated plan to comply with Motz's order, although the appeals court action later threw most of that plan into the air. 

The company said it would release two updates to its Service Pack for Windows XP, a software package that adds or modifies features in the operating system between major overhauls. The first update, released yesterday, is exactly the same as the old Service Pack, except without Microsoft's version of Java. 

A second update, one with Sun's Java, was expected to be released in June. The appeal probably means that date will be pushed back, Desler said. 

Microsoft also said it would release sometime this year a sequel to the Service Pack  called, appropriately, Service Pack 2  with more updates. 

As if that wasn't confusing enough, it said it would distribute Sun's Java to computer makers, but they wouldn't have to do anything with it. Motz's ruling doesn't require them to use or distribute Java in their machines. 

Windows customers aren't required to do anything either, and they don't have to download the revised updated Service Packs, Microsoft said. 

Furthermore, Microsoft's Windows Server 2003, a new operating system for businesses due this year, isn't affected and won't have Java in it. 

Motz's order to include Java in Microsoft products is part of a private antitrust lawsuit Sun lodged against the Redmond company nearly a year ago. Sun contends Microsoft could use its illegal monopoly to push Java out of the computer market in favor of its own platform. 

The suit seeks up to $1 billion damages, which could be trebled under antitrust law. 

Although Motz's preliminary injunction handed a victory to Sun, the back-and-forth legal drama has confused the issues and clouded Java's future, observers say. 

Java suffers from a lack of good development tools, said Rob Enderle, a Santa Clara, Calif.-based analyst with Giga Information Systems. Developers often can write programs in other languages faster and more easily. 

"What's keeping Java off the desktop in the Internet age is certainly not Microsoft," he said. 

Integrating Sun's Java into Windows leaves some confusion about responsibility, Enderle said. Which company is to blame if Java has problems? So far, there is no clear answer. 

"As we always thought, the devil would be in the details in all of this," he said. 

Kim Peterson: 206-464-2360 or kpeterson@xxxxxxxxxxxxxxxx 


Microsoft talking with Apple over objections to settlement 

Microsoft is talking with Apple Computer to avoid a challenge to a planned $1.1 billion antitrust settlement Apple claims gives Microsoft an unfair advantage in the education market. 

Apple and Microsoft are discussing Apple's complaints, said Microsoft and Eugene Crew, a lawyer who represents plaintiffs in the antitrust suits. 

Microsoft has agreed to settle California consumer lawsuits accusing it of violating state antitrust law and driving up software prices. 

Apple, whose sales to schools fell 15 percent last year, says the provision that would give Microsoft products to California schools amounts to unfair competition. 

The talks indicate Microsoft wants to avoid a battle to win court approval for the settlement, analysts say. 

Apple's complaints helped derail a proposed Microsoft settlement in 2001. 

By insisting the new agreement provide only cash, Apple seeks to protect its school sales. Microsoft says the settlement is fair.
*******************************
Washington Post
OMB Proposes Changes in Federal Rulemaking 
Agencies Would Be Required to Do More Analyses of Risks, Costs and Benefits 
By Cindy Skrzycki
Tuesday, February 4, 2003; Page A07 

The White House yesterday proposed changes in the guidance that federal agencies are asked to follow in proposing new rules, an effort that could change how rule writers weigh the costs, benefits and risks involved in issuing new regulations. 

Under the Bush administration, the Office of Management and Budget's Office of Information and Regulatory Affairs has taken an increasingly involved role in both the proposal and review of new rules. Under the direction of John D. Graham, an expert in risk assessment, the reviewers at the OMB have insisted that agencies do more cost-benefit analysis of rules, use different calculations to arrive at their estimates, and offer regulatory alternatives.

Business groups have generally welcomed Graham's work, while labor and environmental groups view it with suspicion.

The proposed guidance follows attempts by earlier administrations -- including President Bill Clinton's -- to persuade agencies to do rigorous economic and scientific analysis of rules. Agencies are not required to follow such guidance, but the OMB can return rules that do not have the requisite analysis. 

The business community has been pushing for the past decade to require agencies to do more analysis and provide more scientific certainty for the rules they issue. 

The proposal "helps agencies to use their resources in a more cost-effective way," said William L. Kovacs, vice president for environment and regulatory affairs at the U.S. Chamber of Commerce. "It's good for rulemaking." 

Randall W. Lutter, a resident scholar at the American Enterprise Institute and a former OMB economist, said the proposals could result in "potentially better rules" if the office enforces the policy and agencies are responsive.

Frank O'Donnell, executive director of the Clean Air Trust, said the guidance would "keep the pressure on agencies like the Environmental Protection Agency to conform more closely to calculations that OMB would like, which are less friendly to regulation. The long-term consequences could be fewer rules."

Increased analysis can lead to better rules "that are less vulnerable to political and legal attack," Graham said in an interview yesterday. "Even pro-regulation advocates should see merit in well-analyzed rules." 

The proposal urges agencies to do analysis that compares different regulatory alternatives according to their cost and effectiveness. For example, a proposed rule that addresses how to reduce rollover of sport-utility vehicles would have to rank the proposals the agency came up with according to how much "bang for the buck," or how much they accomplish in enhancing safety per dollar of investment in that strategy. 

Graham's office is also rethinking how agencies view risk, whether they are too cautious in balancing risk against other interests, such as economic growth or technological innovation.

The proposal also asks for comments on how 58 new rules enacted since the Sept. 11, 2001, terrorist attacks to protect homeland security should be analyzed for their effectiveness in preventing future attacks as well as their costs, such as impacts on Americans' time, convenience, privacy and economic productivity. 

For a handful of rules that cost more than $1 billion annually and are based on "uncertain science," Graham's office suggests that agencies come up with several estimates of the costs and benefits and predict how likely each is to be on target. 

The proposed guidance, which will be open for comment for 60 days, is part of a draft annual report on the costs and benefits of federal regulation for 2003. 

Overall, the draft report estimated that all major rules issued by federal agencies over the past decade accounted for $135 billion to $218 billion in benefits to society, while the costs were $38 billion to $44 billion -- the benefits coming out roughly three to five times the costs. 
*******************************
Washington Post
Investigation to Include Onboard Computers 
Software Directed Columbia to Compensate for Perceived Changes in Temperature and Drag 
By Ariana Eunjung Cha
Tuesday, February 4, 2003; Page A16 

HOUSTON, Feb. 3 -- As they hurtled to earth, the seven astronauts aboard the space shuttle Columbia ceded control of their spacecraft to a sophisticated flight control system made up of four onboard computers and a backup. The machines were supposed to analyze information from the orbiter's sensors and satellite systems and make the hundreds of decisions each millisecond needed to keep the shuttle safe and on course.

While early attention in the investigation into the loss of the shuttle has focused on possible problems with the heat-resistant tiles, NASA investigators say a major part of their inquiry is determining whether something might have gone wrong with the shuttle's "brains," the computerized flight controls.

The onboard computers recorded a surge in temperature on the left side of the shuttle and detected increased drag on the left wing. They directed the craft to compensate for the changes by firing two of four right-side jets designed to keep the shuttle on a straight course -- the biggest shift of direction ever ordered on reentry.

Ron Dittemore, the NASA shuttle program manager at the Johnson Space Center here, said that all indications so far are that the main computers were functioning they way they were designed to but that it was hard to tell what happened after communications with the shuttle were cut off at 8:59 a.m. Investigators are running simulations on the software that attempt to replicate the situation in the shuttle at the time of its crash, to determine whether the computers might have under- or overcompensated.

"The flight control system was commanding surfaces to get the vehicle back to where it believed it should be, more to the roll to the right," Dittemore said.

Still, he acknowledged that what seemed to happen to the Columbia was not an ordinary event: "What's a little bit unusual about this one is that, even though it was within the capability of the flight control system to respond to this increased drag, the degree of which the elevons were trying to correct is outside our family of experience."

Software programs that control aircraft and other critical systems are among the most robust pieces of code ever developed, commonplace not just on spacecraft but also on most commercial airliners and other aircraft. NASA's "program controlled" flights have completed more than 110 missions without a major glitch.

Four of the five computers on the Columbia ran identical software and compared results with each other before giving the go-ahead to take a specific action. The fifth computer ran a different version of the software and was used only if the others failed.

"It's highly tested and very meticulously developed," said William R. Pruett, who managed the software project for NASA until 1998.

Based on NASA's history and the evidence presented so far, John Arquilla, a software expert and professor at the Navy Postgraduate School in Monterey, Calif., said it seemed unlikely that a software failure was the primary cause of the shuttle's fate but that it may have been a secondary event. Under one scenario being talked about at NASA, if something went wrong with the hardware to cause the temperature increase and subsequent drag, the computers may have been unable to adjust quickly enough, causing the plane to burn up on reentry.

"There has been so much success in repeating the whole process of launching and landing that I believe most of the bugs have been very nicely worked out," Arquilla said. But he said the systems should be reexamined for bugs.

As computer systems become more sophisticated, so does the process of debugging them. Indeed, software problems have been blamed for contributing to the explosion of the European Space Agency's new Ariane 5 rocket shortly after liftoff in December and for the B-2 bomber's inability to fly on its maiden flight.

NASA had a close call in 1981 when a Columbia shuttle flight was delayed because some fuel spilled, causing some of the heat-resistant tiles to fall off before takeoff. The crew used the extra time to train on a flight simulator that used the same software as the actual orbiter. The team ordered a "transatlantic abort" that caused the shuttle to be directed to a landing in Europe if it couldn't make orbit, but all four of the computers locked up. A subsequent review found 17 other bugs, which the agency said it corrected.

"In a system as complex as this, there are a lot of things that are difficult to test for," Jack Clemons, one of the managers on the software project, said at the time. More recently, last April, the International Space Station's mobile transporter, a railroad locomotive of sorts, stalled because of a software glitch.

Much of what is known about what happened aboard the Columbia came from a continuous stream of what NASA officials call "health and welfare" information that the craft's computers send back to the ground -- data that include such things as cabin temperature, altitude and the astronauts' heartbeats.

Investigators will try to extract from the agency's computers an additional 32 seconds of data that might provide more insight into what went wrong. That information arrived incomplete or corrupted at mission control and therefore wasn't listed in records as official readings from the shuttle.

"Dropouts" of data are not uncommon, given the great distances they must travel. Data from the shuttle first go to one of five satellites situated above the equator, then to a NASA facility in White Sands, N.M., before reaching Houston, a total of 23,000 miles or more, said Roger Flaherty, deputy program manager of NASA's Tracking and Data Relay Satellite System. Given the chaotic nature of the atmosphere around the shuttle at reentry, the side effects of the heat might have interfered with Columbia's last communications to Earth. NASA officials will try to piece together the bits of data to guess what those messages were.

"Specifically, [in] the region of flight where Columbia was -- reentry -- the plasma that develops can interfere with communications," Flaherty said in an interview.

The core of the shuttle software was built by IBM contractors and is maintained and upgraded by Houston-based United Space Alliance. The shuttle program also relies on some off-the-shelf products. A National Academy of Sciences report last year warned that the use of such products created a "potentially unsafe" environment because they were more likely to have glitches than customized software. The report cited no problems but recommended that NASA stop using off-the-shelf products.

The Columbia's orbiter underwent 100 upgrades in 1999-2000 at a Lockheed Martin facility in California, including the installation of a glass cockpit, new computer readout screens and docking system wire work to enable the shuttle to fly to the International Space Station if necessary. It has since flown one other mission, in March 2001, without problems.
*******************************
Reuters
Microsoft: Faked Web Site Report Was a Hoax
Mon Feb 3, 5:58 PM ET

LOS ANGELES (Reuters) - Microsoft Corp. (NasdaqNM:MSFT - news) and news network CNN said they were hit by a hoax on Monday after a faked Web page erroneously reported the software giant had agreed to buy the video game operations of French conglomerate Vivendi Universal. (NYSE:V - news) 


The hoax Web site, which Purdue University in Indiana confirmed came from its Internet address, was designed to look like a CNN report and circulated on the Web among video game industry watchers on Monday. 


It was not immediately clear what the student's motivation was. 


"Any purported press release or news story appearing on a Web site is a hoax," Microsoft said. 


The site was taken down just before 4 p.m. EST, a Purdue university spokeswoman said. 


The student who put up the site was identified and referred to the university's dean of students for possible disciplinary action, the spokeswoman said. It was unclear if Microsoft or CNN would press charges or take any other legal action. 


"CNN has not reported this story and as a matter of company policy we don't discuss legal matters," a CNN spokeswoman told Reuters. 


The page, which carried ads and had working links to actual CNN pages, appeared to closely imitate the online style of the news network and even included a photo of Microsoft executives with a fake caption. 


A spokeswoman for Vivendi Universal in New York also said that the report was a fabrication. 


Vivendi sources have in the past acknowledged that the company is considering the sale of its game unit, and people familiar with the situation have said Microsoft would be among the potential buyers.

Shares in both companies were up for the day and ahead of the broad market, with Vivendi 2.8 percent higher at $17.38 and Microsoft up 2.3 percent at $48.56 on Nasdaq. 
*******************************
New York Times
February 3, 2003
NASA Web Site Put to Test Early
By ADAM NAGOURNEY

WASHINGTON, Feb. 2  Since its creation six years ago, the NASA Web site has been what agency officials today described as a clunky, outdated and somewhat embarrassing dinosaur of the Internet age.

"It was an outdated design," said Robert Jacobs, a NASA spokesman. "It didn't incorporate any new technologies. You had to know where something was to find out how to find it."

NASA rolled out a sleek new redesign of its site just past midnight on Friday. By morning, www.nasa.gov was deluged: a 25-fold increase as users around the globe clicked on to get information on the Columbia disaster.

In a typical week, the site registers 650,000 hits. Mr. Jacobs said tonight that the agency had not had time to count how many people had visited since the disaster.

Some adjustments were quickly made, NASA officials said. A splashy multimedia introduction was quickly removed as inappropriate to the moment.

By midafternoon, the top of the site featured an American flag at half-staff. That linked to updates on the Columbia investigation and information about the shuttle's mission and the crew.

And the new technology is working both ways. The agency requested that anyone with text reports or photographs of the Columbia accident that might be helpful to the investigation send them by e-mail to nasamitimages@xxxxxxxxxxxxx
*******************************
Mercury News
France prepares nationwide launch of smart cards
By Kim Housego
Associated Press



PARIS - France is leaping toward a cashless future with a nationwide launch this year of computerized ``smart cards,'' a concept that has so far failed to entice many American, British and German consumers.

The chief idea behind this new breed of microchip-embedded plastic is simple -- to dispense with pocket change and speed smaller transactions.

Dubbed ``Moneo,'' the French electronic purse cards were introduced two years ago in a handful of small regions. In November, the service expanded to include Paris.

Some 850,000 consumers now regularly use Moneo cards at 80,000 grocery shops, parking lots or vending machines, says Pierre Fersztand, chief executive of BMS, the technology company that launched the project.

Because the basic Moneo card is anonymous, there are no privacy or identity-theft concerns. But if an owner loses his or her smart card the cash that's stored onboard can be used by whoever finds it -- which is why there's a 100-euro ($107) storage limit.

Fersztand expects the cards to be available to merchants and customers nationwide by the end of the year.

``We're not worried about whether it will take off here,'' he said in an interview at the company's Paris headquarters. ``The question is how long will it take -- two or 10 years?''

Every French bank has signed up for Moneo. All the major banks are shareholders in BMS, as well as the SNCF railway authority and the Paris mayor's office.

Just like in earlier projects in New York or England, users can upload money from their bank accounts onto smart cards at special teller machines in banks and post offices. Conveniently, they can also refill the so-called stored-value cards at any participating shop, supermarket, ticket booth or cinema, punching in a PIN number for security reasons.

No PIN is required to dispense cash.

And for those who dislike the idea of yet more plastic in their wallets, Moneo can be incorporated onto their existing credit cards -- something that has never been tried outside of France. In fact, it's already been automatically added to 25 million credit cards that were up for renewal -- with the owners not always being aware of it, Fersztand said.

``They have learned the lessons of past mistakes,'' said Therese Torris, senior analyst at Forrester Research. ``We do think it has a chance to succeed (in France), whereas other initiatives had a zero chance.''

Among the challenges: how to ensure the cards are widely accepted, quick to use, easy to refill and carry low transaction fees for merchants. Banks generally charge from 0.4 percent to 0.9 percent a transaction, and consumers have to pay an annual fee between $6 and $13.

So far, reaction is predictably mixed.

Gregory Clau, 30, said only one customer has used the service since he installed it three months ago at his locksmith shop near the Champs-Elysees

``I don't think anybody is interested in it,'' he said.

The dozen people a day who use Moneo to buy their baguettes and cakes at Chantal Plousseau's Paris bakery might disagree.

``More and more people are using it,'' said the 50-year-old Plousseau. ``It's efficient and eventually I will make less trips to and from the bank carrying bags of coins.''

At many parking meters in the Paris suburb of Boulogne Moneo is de rigueur -- the only acceptable method of payment. Authorities got fed up with gangs of youths tampering with the machines to get at the coins.

Smart cards have seemed to be perpetually on trial.

A limited launched in New York City in 1998 failed because of system glitches. Merchants complained about allocating precious counter space to the card reader, and consumers lost interest without a financial incentive such as rewards programs.

Perhaps more importantly, the system wasn't profitable for the issuers, and banks couldn't charge for the cards' use until consumers and retailers were willing to pay for the convenience.

The few successful rollouts have occurred in controlled settings like university campuses or with the U.S. military, where smart cards serve as far more than electronic purses.

Many U.S. and British students use them to buy food or drinks at college cafeterias and bars, gain access to buildings and computer files or check books out of the library. Smart cards also now serve as digital IDs for U.S. soldiers, authenticating them on computer networks, among other uses.

In Japan, 650,000 electronic purses known as ``Edy'' cards are in circulation and can be used at 2,100 stores, mainly in the Tokyo area. But unlike in France, the cards can only be refilled at special machines or using gadgets that hook up to personal computers.

``We all know that the future of money is completely virtual,'' said Torris, the Forrester analyst. ``Moneo is a first step toward that.''
*******************************
Federal Computer Week
Budget emphasizes consolidation
BY Diane Frank 
Feb. 3, 2003

With the release of the fiscal 2004 request today, the Bush administration took a concrete step toward a budget that is oriented toward eliminating overlap among systems and ensuring that agencies have a clear-cut way of measuring a program's performance.

President Bush sent Congress an overall $2.23 trillion spending plan that demonstrates the administration's vision of massive integration and consolidation, with even more efforts sought in the future.

The information technology requests in the budget -- totaling almost $60 billion -- represent investments not just for individual agencies but emphasize support for multiple agencies' needs. 

These cross-cutting investments include the 24 e-government initiatives and beyond. The Bush administration is examining more investments for consolidation in areas flagged by the Federal Enterprise Architecture as having overlapping business needs. These areas include financial management, human resources and criminal investigations.

A major part of this examination will be through the business cases that agencies submit for their IT investments. Under new requirements from the Office of Management and Budget, agencies submitted business cases for projects representing more than $34 billion in the fiscal 2004 IT budget. That is up from $20 billion in the fiscal 2003 request.

The fiscal 2004 budget also outlines the vision for the future of the Federal Enterprise Architecture, a business-based framework for cross-agency, governmentwide improvement.

Using the framework, OMB identified that up to 20 percent of agency IT requests could be consolidated. However, of the 1,300 major IT projects represented in the fiscal 2004 budget, very few presented joint business cases. 

OMB Director Mitch Daniels Jr. said his office was taking a close look at a lot of IT spending because of poor planning and business cases.

To improve that performance in the future, OMB is developing a process using the Federal Enterprise Architecture to group interagency initiatives into three categories:

* Projects where it is clear that one agency has the lead and that the projects can be implemented through the normal investment process.

* Projects where several agencies are involved and may require joint funding. 

* Projects that are common to all agencies and will require a new method of financing.

In regard to the concept of such performance-based budgeting, Daniels said that this year, ?we are really just establishing a baseline.?
*******************************
Federal Computer Week
Homeland IT budget on rise
BY Judi Hasson 
Feb. 4, 2003

President Bush's fiscal 2004 budget for the Homeland Security Department includes $206 million in new money for information technology, a 76 percent increase from last year's $117 million request.

Although the new department's IT budget has not yet been spelled out in this year's budget request, Tom Ridge, the department's secretary, said at a briefing Feb. 3 that spending for the department will include money from the 22 agencies that will make up the department as well as new money for projects.

"In just a week since this department was created, we have begun to lay the foundation from which we can mobilize the nation in the mission to protect the homeland," Ridge said. "Everything we have done is an effort to organize to work more efficiently and more effectively as a department."

The total budget request is $36.2 billion for the agency, an increase of 7.4 percent from the fiscal 2003 request, which has yet to be approved by Congress. Spending on homeland security and other items in President Bush's budget is likely to face a long and difficult battle on Capitol Hill.

Sen. Joe Lieberman (D-Conn.) was quick to criticize the entire fiscal 2004 budget plan, including the homeland security portion.

"President Bush says we need to invest in improving our domestic defenses without delay. But according to independent experts, the Bush administration's investments in critical homeland security priorities are insufficient," Lieberman said. "Better security won't come from wishful thinking or tough talk. It demands a genuine commitment from Washington to make our country safer."

Nevertheless, Bush's budget request for the new department includes several sizable requested increases. Among them is $771 million earmarked for a science and technology unit, a 46 percent increase from the $529 million requested in 2003. The unit will make it easier for the department to assess and purchase computers and software and set up a national communications network.

The spending plan also includes $307 million for the Customs Service's Automated Commercial Environment  an increase from $300 million in fiscal 2003. The database will be built in the next five years. In the meantime, the Homeland Security Department is using Customs' aging Automated Commercial System to process passenger and cargo manifests, according to Customs Commissioner Robert Bonner.

And the budget request includes $50 million to develop a trucker identification card using biometrics to identify drivers who routinely cross the U.S. border, according to James Loy, undersecretary of transportation for security. 

"It is always about people, cargo and vehicles," Loy said. "The idea is to push the borders out. The notion is that if you let things get too close, it's too late."
*******************************
Federal Computer Week
Justice invests heavily in IT
BY Sara Michael 
Feb. 3, 2003

The Justice Department would invest heavily in information technology to support counterterrorism and homeland security initiatives under President Bush's fiscal 2004 budget request.

With a focus on enforcement programs, the department's budget would give the FBI's IT projects $82.2 million, with most of that  $61.7 million  dedicated to its Trilogy modernization program.

Funding for the $458 million Trilogy project, intended to upgrade the bureau's IT infrastructure, was put on hold last month because of a 50 percent cost overrun. The Senate Appropriations Committee ordered the FBI to come up with a new funding package by Feb. 15 for fiscal 2003 to cover the overrun.

A Justice Department inspector general report in December said the FBI was pouring money into IT programs and poorly managing the projects. Trilogy, which one senator called a "disaster," received an additional $78 million in fiscal 2002 funding. The FBI, however, missed a July 2002 milestone for complete IT infrastructure upgrades to field offices.

The proposed $82.2 million for IT projects in the federal 2004 spending plan would include costs for hardware and software upgrades during the next several years, and $2 million would go to upgrading the Top Secret/Sensitive Compartmented Information Local-Area Network at FBI headquarters in Washington, D.C.

Overall, the department is requesting $23.3 billion, with $598.2 million dedicated to combating terrorism and $41.5 million set aside for general IT management and security resources.

Other FBI technology items in the budget include:

* $72.6 million for the Foreign Terrorist Tracking Task Force, which would employ state-of-the art database technology to support information collection, threat assessment and dissemination of information about suspected terrorists.

* $41.1 million for the Computer Intrusion Program to disrupt terrorist attacks on vital national infrastructure computer systems, such as those that control water, power and transport.

* $1.2 million to support a permanent staff for a tip line for a 24-hour review and analysis of suspected terrorist activity reported via the Internet.


* $61.8 million to add personnel and upgrade the technology of the Legal Attache (Legat) program and the Visa Identification Terrorist Automated Lookout. The resources would include bringing the technology infrastructure of the Legat offices in line with the Trilogy project.

* $18 million to support the Computer Analysis Response Team, which extracts data and supports FBI investigations involving computer evidence.

Other Justice Department technology items include:

* $12 million to expand the Regional Information Sharing System, which enables state and local public safety agencies to share terrorism alerts and related information.

* $22 million to establish an automated cross-case analytical system to compile and disseminate information from Organized Crime Drug Enforcement Task Force agencies.
*******************************
Federal Computer Week
Budget boosts Homeland funding
BY Judi Hasson 
Feb. 3, 2003

President Bush sent Congress a $2.23 trillion budget request for fiscal 2004 today that spells out how he wants to spend money and use technology to build the new Homeland Security Department.

With domestic security a top priority, Bush requested $36.2 billion for the new department, up nearly 10 percent from 2003. The money would help organize the department and provide safeguards against terrorist threats, such as chemical and biological attacks.

Among Bush's priorities: unifying multiple field structures into one regional reporting structure as well as integrating existing border security and interior enforcement functions. 

He also called for improving information sharing and counterterrorism cooperation governmentwide.

"Communication and information sharing is essential to preventing another terrorist attack," the budget request said. "The goal is to have modern information technology systems that efficiently and effectively support homeland security missions, enhance productivity, facilitate information sharing and generate budgetary savings."

The homeland security money request included:

* $500 million to assess the nation's critical infrastructure, such as nuclear power plants, and eliminate security gaps.

* $350 million in new money for the research, development and testing of homeland security projects, such as nuclear and bioterrorism detection technologies.

* $373 million for border security and trade initiatives, including technology investments along the border.

* $3.5 billion for the Office of Domestic Preparedness to train and equip first responders.

The budget also included a giant leap in funding for information analysis and infrastructure protection, from $177 million in fiscal 2003 to $823 million for fiscal 2004.

Bush's budget for the new agency continues to build on the infrastructure already established -- such as the Advance Passenger Information System and the entry/exit system to track visitors entering the United States. He also asked for an additional $500 million for border and port security.

The fiscal 2004 budget also includes $803 million for science and technology activities -- an eight-fold increase in funding over last year's budget. It includes a $12 million increase from $3.5 million for homeland security standards development related to biometric identification, threat detection and high-rise safety.

"[The Department of Homeland Security] will develop and implement a long-term research and development program that includes investment in revolutionary capabilities with high payoff potential," the budget said.

Nevertheless, the budget plan for research and development came under criticism from representatives of technology groups who said it was not nearly enough money.

"The president's fiscal year 2004 budget request to Congress will include over $59 billion for IT projects in the federal government," said Harris Miller, president of the Information Technology Association of America.

"We encourage the administration to continue to show its technology savvy by requesting the nearly $268 million authorized last year for fiscal year 2003-2004 cybersecurity research and development, and we urge Congress to appropriate the funds this year," Miller said.

One of the big questions for the Homeland Security Department is not how much is being spent, but whether it is being spent in the right places, Office of Management and Budget Director Mitch Daniels Jr. said today.

Information security is a good example. Daniels said he wouldn?t be surprised if Secretary Tom Ridge and his advisory group at the department increased the amount of money going to cybersecurity. ?It may be a greater relative threat than some of the things we are investing in now,? Daniels said.

Diane Frank contributed to this report.
*******************************
Government Computer News
IT takes biggest piece of NSF budget 
By Joab Jackson 
Post Newsweek Tech Media

Information technology takes up the largest share of all research to be funded by the National Science Foundation in its proposed 2004 budget of $5.5 billion. 

The fiscal 2004 budget increases IT research to $302.8 million, a 6 percent increase from the $285.8 million proposed for 2003. NSF will focus on tasks such as large-scale networking, high-security systems and high-end computing. 

In addition, much of the other funding areas also come with IT components. 

One of the biggest increases in funding is for research equipment and facilities, an increase of $120 million to a total of $220 million. NSF will purchase such items as computer-driven analytical tools and high-speed networks to link more research networks, said Rita Colwell, NSF's director. 

These tools "are fundamental to the progress of science and engineering. If you are going learn more about the deepest parts of the cosmos, you need the instrumentation to do it," Colwell said. 

Other research areas NSF will fund include biocomplexity at $100 million, nanoscience at $249 million, and mathematical sciences at $89 million. 

Biocomplexity saw the biggest funding increase of all the research areas at a gain of 26 percent, Colwell said. Work to combat bioterrorism makes up most of this funding.
*******************************
Government Computer News
NASA will create central repository of Columbia data 
By Wilson P. Dizard III 
GCN Staff

NASA has begun amassing data that will help it analyze the cause of Saturday's space shuttle disaster, senior agency officials said today. 

"Some is photographic, and some is data from the mission control center," Bill Readdy, associate administrator for space flight, said at a press briefing in Washington. 

NASA locked down its shuttle computers immediately following the disaster to preserve data, Readdy said. 

All of the information will go in the database that the agency will use to re-enact the events that led to Columbia?s disintegration, he said. "Much of the information comes from telemetry processed at mission control." 

Readdy reiterated statements made yesterday by space shuttle program director Ron Dittemore that NASA has about 30 seconds of corrupted shuttle telemetry data that it may be able to synchronize and analyze [see story at www.gcn.com/vol1_no1/daily-updates/21033-1.html]. 

NASA engineers also will use computer models to reconstruct Columbia?s trajectory, Readdy said. 

NASA will use geographic information systems tools provided by the Federal Emergency Management Agency and the National Imagery and Mapping Agency for analyzing debris on the ground, he said. 

?We are relying on the Defense Department to do imaging analysis of the debris," Readdy said. 

NASA contractors for the space shuttle program, including Boeing Co. and Lockheed Martin Corp., also will play a role in the investigation, he said. 

NASA is conducting an internal investigation of the accident and has created an independent outside investigation group.
*******************************
Government Executive
The worm that turned: A new approach to hacker hunting 
By Shane Harris
sharris@xxxxxxxxxxx 
Wednesday, June 20, 2001 

After 23 years as a CIA analyst, having briefed the president and his team on every conceivable threat to national security, Bob Gerber was scared. More scared than he?d been in a long time. 

Holed up in his cramped, 11th floor office on a stark, colorless hallway at FBI headquarters in Washington, Gerber?s stomach turned as he took his first look at a new enemy. 

Gerber was a hunter, one of the government?s best. These days, he was hunting worms, malicious computer programs let loose into the wild of the Internet by some of computerdom?s most brilliant hackers. Two months earlier Gerber, 56, had left his job at the CIA, where he helped write the president?s daily intelligence briefing, to head the analysis and warning division at the FBI?s National Infrastructure Protection Center. There, he and his crew of more than 60 tracked worms, viruses and other computer evils, as well as the hackers who create them. Both threatened daily to shut down the engines of modern lifeelectrical power grids, the banking system, water treatment facilities, the World Wide Web. 

Worms were the most vicious new beasts to stalk the Internet. But Gerber had never seen a worm quite like the one he confronted that sweltering Wednesday morning in June. 

It was named Leaves after ?w32.leave. worm,? the poisonous file it implanted in unsuspecting computers. Like all worms, Leaves bored through cyberspace, probing Internet connections for holes in personal computers or Web servers. It slithered inside the machines and spewed venomous strings of data that threw its victims into electronic shock.

Leaves was hardly the first worm to infest the Internet. In fact, the pests became so common in 2001, that security cognoscenti dubbed it the ?Year of the Worm.? Worms wrought all sorts of damage. They forced computers to delete critical files or erase entire programs. They also allowed hackers to steal personal information from computers? memories. Once they infested their victims, worms made clones, then used their hosts as launching pads for more worms, whose numbers grew exponentially. 

In 2000, Gerber and his team began battling a new species of even more virulent super worms. Rather than devour computers? innards, these worms hijacked their victims? controls, rendering them powerless zombies. With a gang of zombies at his command, the creator of a superworm could mob a Web site or computer system, flooding it with bogus electronic transmissions until it drowned in the data torrent.

In the spring of 2000, Gerber?s colleagues took on a 15-year-old hacker who called himself Mafiaboy. The teen-ager turned his zombies loose on World Wide Web giants Amazon.com, eBay and Yahoo!, launching what is called a distributed denial of service attack that shut down business at the sites for five hours. It cost shareholders and the companies billions and shocked the Web world. 

But compared with the Leaves worm, Mafiaboy?s creation was a larva. Gerber?s best analysts had worked late into the night trying to make sense of a sample of Leaves captured by worm watchers at the SANS Institute, a computer research center in Bethesda, Md. They let Leaves infect a computer, and then they watched how it behaved. What Gerber saw fascinated and appalled him. 

Leaves was a zombie maker on steroids. It searched out computers already wounded by another Internet scourge called a Trojan, which installs back doors in the machines. Leaves used a Trojan called SubSeven as its entrance. Once transformed, the zombies awaited orders. To communicate with them, Leaves? creator ordered his zombies to rendezvous online through Internet Relay Chat channels. He also told them to visit certain Web sites and download encrypted information to receive instructions on what to do next. No one knew who was controlling the zombies, from where or why.

Reading the guest registries of chat rooms, Gerber discovered that an army of 1,000 Leaves zombies already was on the march. Mafiaboy, by contrast, had a few hundred conscripts and sometimes used only a dozen to attack a Web site. 

What?s more, Leaves contained an electronic gene enabling its creator to control every zombie at once from any Internet connection in the world. 

Gerber never had seen a worm so sophisticated or terrifying. 

But to exterminate it, Gerber needed more samples to dissect and more time. Pulling out the lines of computer code that told the worm how to behave might help him shut it down. Or, if he could identify the worm maker?s ultimate goal, Gerber might be able to head him off. 

The FBI group usually worked alone or with a few select federal officials and private sector consultants. But even Gerber?s top-flight team was daunted by Leaves. It was time to call in help. Only a public-private posse of America?s best hacker trackers could gut this worm.

By pulling such a group together for the first time and then letting it operate largely unsupervised, Gerber created a new model for federal computer crime fighting.

June 29 
FBI Strategic Information 
and Operations Center, 
Washington 

Gerber called the most seasoned and cunning code crackers, worm gurus and cyber soldiers from government and industry to meet at FBI headquarters. On a Friday afternoon, 10 days after Leaves was discovered, the posse gathered in the FBI?s crisis headquarters, the Strategic Information Operations Center. 

It was the most concentrated arsenal of computer crime-fighting talent the government ever had gathered. They came from leading security companies Symantec and Network Associates, the FBI, the White House and the Defense Department. 

But there was a hitch. The private experts were uneasy. Could they trust the G-men? Uncle Sam was a bumbling bureaucrat. His security was notoriously lax. Hackers had been penetrating military and intelligence agency computers for years. What could federal officials possibly know about fighting an enemy as elegant as Leaves? 

The two sides eyed each other warily as Gerber laid out what he knew. The evidence seemed to show that Leaves? creator was preparing a massive denial of service attack. Everyone would have to work together to stop it. Mistrust would keep them apart. It took Marcus Sachs, a cyber soldier from a Pentagon unit trained to attack foreign networks, to bridge the suspicion gap. 

Sachs dazzled the room with his observations and theories about Leaves. With casual command of hacker lingo and the history of worms and their attacks, he demonstrated both the expertise of the government corps and the urgency of defeating this unique and dangerous foe. 

The ice melted. Slowly, a simple sheet of paper passed around the room. First one, and then the next, wrote down his name, e-mail address and phone number. The Leaves posse came to life and it readied for a fight. 

Days later
Los Angeles

Jimmy Kuo left the meeting to conduct an electronic autopsy. 

Kuo, a research fellow at the security firm Network Associates, took samples of the worm home to Los Angeles. Many in the Leaves posse returned home to operate on their own turf, not from a single base in Washington. ?In this line of work, it doesn?t matter where you are, as long as you have a laptop computer and a phone,? Kuo says. 

The Leaves code was a jumbled mess. It was encrypted and compresseddata had been squeezed together to save space. Mr. Leaves, as some in the posse had begun calling the worm?s creator, knew his creation would be captured. He ensured the worm wouldn?t easily give up its secrets. Kuo ripped apart layers of code with powerful programs to reveal the deeper truths Leaves was hiding. 

Other members of the posse were ripping Leaves, too, untying its knotted innards. One wrote a program to mimic the Trojan that Leaves used as a back door. The posse laid the trap across the Internet. 

Sharing their discoveries by phone and e-mail, the code crackers found eight variants, or mutations, of the worm. Mr. Leaves was tweaking his weapon, finding new ways to deliver it. And he was moving faster than the posse. 

While Kuo ripped in Los Angeles, a posse member watched for abnormal Internet traffic from SANS in Bethesda. Still others huddled at the FBI. The group worked smoothly because nobody was in charge, Sachs says. ?Egos didn?t get in the way of progress.? They worked fast, but as days passed, their analysis yielded fewer new results. They learned much about the worm?s attributes, but little about its purpose.

Mr. Leaves had directed the zombies to synchronize their clocks with the Naval Observatory clock on the Web. The army was prepared to attack in unison. No doubt, Mr. Leaves soon would begin his onslaught.

Unless someone could find him first.

Early July
FBI headquarters, 
National Infrastructure Protection Center 
computer investigation unit

FBI Special Agent Michelle Jupina wanted two things: to find Mr. Leaves and to lock him up. The bureau sought Leaves? creator on criminal charges of unlawfully entering a computer. Jupina was at the first posse meeting in June, but she kept a low profile. Assigned to the infrastructure protection center, Jupina, 36, was well-versed in cyber jargon. She understood how hackers thought and maneuvered. 

The posse saw Leaves as a marvel of engineering. But to Jupina, the worm and its maker were just garbage to clean up. Short, quiet and hidden under a mane of frosty blonde hair, Jupina didn?t seem capable of bursting through a hacker?s door and yanking him off his keyboard. She was so unobtrusive that a posse member recalls he didn?t even know she was a cop until she got up from her seat one day and ?I saw a cannon strapped to her side.?

But as the posse ripped Leaves apart, Jupina was a constant eavesdropper, digging for evidence in the pile of Leaves? secrets the posse unearthed. Even as new revelations slowed, Jupina and the agents under her command feverishly followed leads. Steadily, they shut down the Web sites Leaves? zombies used to receive instructions. They planted tracking devices to pick up the hacker?s footprints.

Second week of July
FBI Strategic 
Information
Operations Center

Weeks passed. The zombies remained quiet. 

Gerber had issued a public warning about Leaves on June 23. The private sector posse members had warned their customers. News that Leaves was on the loose circulated through the computer security trade press. But still no attack. 

Ripping continued. The zombie army grew. By July, at least 20,000 computers were encamped in chat rooms or patiently waiting for their orders. ?That scared the hell out of us,? Gerber says.

Mr. Leaves was getting wily. Whenever the team shut down one Leaves chat room the worm automatically created a new one. Mr. Leaves tried new methods, too. On July 9, one of the companies in the posse found an e-mail claiming to be a security bulletin from Microsoft Corp. The bulletin warned of a new virus, and told users to download a file to protect their computers. In the file was Leaves. 

The bogus warning was badly written and eerily self-congratulatory: 

?Yesterday the Internet has seen one of the first of it?s downfalls. A virus has been released. One with the complexity to destroy data like none seen before.?

Today, hackers often mask their worms as official security warnings, but this was the first use of the tactic. Like many outlaws, Mr. Leaves inspired a certain grudging admiration within the posse chasing him. ?I had a feeling I was dealing with an artisan,? Gerber says. 

Or possibly a common crook. 

Perplexed by the lack of attack, someone in the posse posed a new theory: Perhaps instead of damage, Mr. Leaves sought money. 

The posse knew that some companies paid Web surfers to click on advertisements on their sites in order to inflate estimates of the success of the ads. With 20,000 zombies to click for him, Mr. Leaves could make a killing. Some of the sites the zombies visited contained these ads. If the FBI could find an account where Mr. Leaves put the funds, trace it to a physical address and tie it to him, the case might be solved. 

Convinced Leaves had to have been created for a denial of service attack, the posse scorned this theory. Pulling off one of the biggest attacks ever was the only glory befitting such a brilliant worm. 

But something didn?t make sense. Mr. Leaves was taking an awful risk by not attacking. Every time he logged on to communicate with his zombies, the FBI had another chance to trace him. Why expose himself? Why not just preprogram the zombies to act on their own? The scam began to seem more believable. 

But before the posse could prove its theory, an attack began. It wasn?t the work of Leaves. 

On July 17, a new worm appearedCode Red. It was named after Mountain Dew Code Red soda, the only thing that kept two private sector analysts awake as they tracked it day and night. 

Leaves propagated like a rare illness, targeting only victims with weakened immunity. But Code Red spread like smallpox. The worm exploited a ubiquitous hole in one of the most popular brands of Microsoft Web servers. In a few hours, Code Red had eaten into more than 100,000 servers worldwide. The swarm of worms leaping from machine to machine caused an electronic traffic jam, slowing all Internet traffic. In the aftermath of the attack, companies would spend billions of dollars plugging the holes that let Code Red enter. 

Able as it was, the posse didn?t have the strength to fight both Code Red and Leaves at once. The choice was clear: Code Red took precedence.

The Leaves posse had built a new model for chasing Internet outlaws. They honed it battling Code Red. But fighting the new menace left Leaves on the back burner. All they could do was hope that Leaves was no more than an Internet heist or pray that Jupina and her crew could track down and nab Mr. Leaves before he, too, unleashed his zombie brigades.

For weeks, Jupina and her technicians had laid traps and tracers across the Internet. She wanted the hacker?s Internet protocol address, the digits that identify anyone who sends information online. Hackers cover their tracks by erasing those addresses from the servers they use. But Mr. Leaves had slipped. 

In a cache of addresses Jupina had pulled off a server in Oklahoma at the end of June, she found one used by Mr. Leaves. It was a hot lead. 

But chasing the address could take Jupina around the world. And she could nab Mr. Leaves only if he lived in a country that considered hacking a crime. If he did, the company that provided his Internet service would have to cough up his home address and Jupina would have her man. Luckily, after some tracking, Jupina hit gold: Mr. Leaves? address originated in the United Kingdom, home to some of the toughest computer crime statutes in the world. 

Jupina rang the Scotland Yard computer crime unit. Within days they traced the Internet address and attached it to a name and a place. The hacker was a 24-year-old man living in one of the seedier sections of London. Scotland Yard set up a stakeout at his digs.

July 23
FBI headquarters and 
South London, England

Back at FBI headquarters, Jupina kept watch on a computer monitoring the Oklahoma Web server. When Mr. Leaves logged on again, Jupina would know. Jupina waited with Scotland Yard?s phone number at the ready. Officers in South London sat tight outside the hacker?s residence. 

Nothing. 

And then, there he was. 

Jupina watched as the hacker connected to the Oklahoma server. She gave the word to Scotland Yard: Go. The officers arrested the creator of one of the most ingenious worms ever known.

Epilogue

The Leaves posse proved itself during the Code Red attack. Code Red made headline news. The FBI, the White House and security companies launched a coordinated campaign to track it, warn the public and take steps to protect vulnerable systems. Crippling of the White House Web site was narrowly avoided; Pentagon Internet connections were temporarily shut off. Damage was significantestimates are in the billions of dollarsbut it would have been worse had the response not been as fast and well organized. No perpetrator has been identified.

Mr. Leaves caused no major damage before the posse rounded him up. And the same team remains on guard against new worms or other cyber threats. When one appears, the posse comes alive. E-mails fly, home telephones ring as the members swing into action, sharing what they know, tracking, dissecting, devising traps and passing evidence to the FBI. 

In November 2002, shortly before leaving the FBI and returning to the CIA, Bob Gerber sat in a new office at FBI headquarters. Next to a bookcase full of hacker treatises, with a can of Mountain Dew Code Red displayed prominently on a shelf, Gerber pondered Mr. Leaves? motive. The FBI never found evidence the hacker had stolen money using the worm. Gerber and Jupina had brought the case all the way to a collar, yet they might never know Mr. Leaves? ultimate goal. ?As far as I know, no one ever asked Mr. Leaves why he did what he did,? Gerber says. 

And no one ever may get the chance. In November 2001, the man who confessed to British authorities that he?d created the Leaves worm received a ?formal caution,? a legal warning usually reserved for juvenile crimes and minor drug offenses. 

The lead officer on the case insists the agency has information about the hacker?s motives that the FBI hasn?t heard. But Scotland Yard refuses to divulge what it knows. Citing British law, officials refuse even to reveal the hacker?s name. 

Tens of thousands of computers containing now-dormant Leaves worms await instructions from their master. Should they ever again awaken, a posse will be waiting. 
*******************************
Government Executive
January 28, 2003 
Defense sees role for 'open source' software 
By Bara Vaida, National Journal's Technology Daily 


The Defense Department sees a role for "open source" software as well as proprietary software in its information technology systems, according to a briefing conducted on Capitol Hill by a senior Pentagon official earlier this month.

In a presentation to staff for Washington state lawmakers, Dawn Meyerriecks, chief technology officer at the Defense Information Systems Agency, noted that the agency is exploring the use of certain software licenses, covered by the general public license (GPL) whose source code is open to inspection and alteration because it has been "widely" embraced by Defense high-tech clients such as IBM, Hewlett-Packard and Sun Microsystems. It also has been embraced by commercial information technology solutions. Further, open source technology improves cost effectiveness, the presentation said. 

The presentation said that Defense is working on understanding applications and limitations of open source software as it applies to Defense policy requirements, and it is assessing the ongoing use of such software across the department. A report on both its application and use is in the process of development, to enable the agency to create an internal set of policies on open source.

The issue of the government's usage of open source is sensitive to Washington state lawmakers, as one of the state's largest employers is Microsoftthe largest producer of propriety software and a sometime critic of the government's use of open-source software. After Defense commissioned a study to examine its use of open-source software, Rep. George Nethercutt, R-Wash., arranged for Meyerriecks to meet with staff of Washington state lawmakers to get a briefing on open-source software. Nethercutt and officials with other state lawmakers would not comment on the meeting.

Microsoft and other companies, through a consortium called the Initiative for Software Choice, have been lobbying the Hill and other countries to ensure that open source systems, like Linux, do not become favored by governments. Currently, some countries such as Portugal are considering legislation that would require their governments to only use "free" or open source software. Earlier this month, Microsoft announced it would open the source code of its Windows operating system to governments and international organizations in an effort to enhance the software's security features.

Tony Stanco, associate director for open source in government at George Washington University's Cyber Security Policy and Research Institute, said that many high tech companies are starting to make use of GPL and Defense is looking at "where GPL might fit in the a software universe" at the agency.

Meyerriecks was on travel and could not be reached for immediate comment, but her presentation quoted Marcus Sachs, director of communication and infrastructure protection at the White House Cybersecurity office, saying, "We try to remain neutral with respect to the source [open vs. proprietary] ... the government isn't going to take a position [for or against open source]."

Microsoft officials declined to comment.