Hackers attack CIA home page

The CIA Web site break-in early Thursday morning came only hours after the Senate passed a bill designed to crack down on computer crimes by hackers.

Hackers apparently affiliated with a Swedish group changed the name of the intelligence agency to the "Central Stupidity Agency " altered links to send users to Playboy magazine and hacker sites and added obscenities. The hackers also replaced the photograph of CIA Director John Deutch with the photograph of an unknown person. CIA officials took down the page shortly after 7:30 a.m. Thursday morning.

The National Information Infrastructure Protection Act which would toughen penalties for hackers who steal computer files or time or interfere with the operation of computer systems passed the Senate by unanimous consent Wednesday night.

In a statement bill sponsor Sen. Jon Kyl (R-Ariz.) said the legislation carries harsher penalties than the criminal-mischief statutes that usually apply to hackers.

"Theft and extortion are increasingly occurring on-line " Kyl said. "There have been cases where hackers have threatened to demolish a computer information system unless they were granted free access to accounts."

Kyl could not be reached for comment following the hacker attack of the CIA home page.

A CIA spokesman said the site that was vandalized was a stand-alone system that had no links with any classified files. Therefore private files could not be accessed by the hackers said Rick Oborn a CIA public affairs officer. He said agency officials had no clues as to the identity of the hackers. A task force was formed to analyze how much of the site was affected and to plan how to get the agency back on-line.

The computer crime bill which is expected to reach the House before it adjourns in early October creates federal penalties for theft of computer information across state lines or internationally. Federal law on interstate theft does not recognize computer programs.

It also adds a new section to the Computer Fraud and Abuse Act to provide penalties for interstate or international transmission of threats against computer networks. This would include threats to: deny access to authorized users erase or corrupt data or programs slow down the operation of the computer system or encrypt data and then demand money for the key. Hackers who trespass in computer systems and use computer time worth more than $5 000 in any one year would be charged with a felony under the bill.

While the invasion of the CIA's site may be high-profile the threat to national security information by these types of break-ins is usually minimal to none said Richard Power an analyst with the San Francisco-based Computer Security Institute. Power is the author of a report released last month that revealed most federal agencies are open to electronic attack.

Power compared the attack on the CIA's Web page to vandals spray painting the gates that mark the entrance to the agency - a defiling of the facade without harm to the agency itself.

"The important thing is sensitive information on networks farther in hasn't been compromised and I'm sure [the networks] haven't been in this case " Power said. "Web-enabling technology is very new and there are a lot of vulnerabilities that are being exploited and discovered. Software developers don't take security seriously and there's a rush to get to market so there are a lot of holes."

The CIA's Oborn said the agency used an off-the-shelf security program to protect its page. He said agency officials talked with other agencies after the Justice Department attack but had not changed security mechanisms.