Slashdot Mirror

Are you sure? Larry Franklin might beg to differ:
http://www.defensenews.com/story.php?F=829855&C=am erica

Here's another recent story about a government procurement officer whose probably headed to the pokey for a long time in connection with a Boeing deal:
http://www.govexec.com/features/0704-15/0704-15s2. htm

Government workers actually have very strong regulations on them, and the government really doesn't have a sense of humor about some of its regulations. Particularly what's found in the FAR (Federal Acquisitions Regs)

When people do things that are crooked, from what I've seen they get nailed to the wall. They don't do Martha Stewart white collar leniency, particularly for actual (or perceived) graft.

That $600 hammer was meant to be used in an area normally filled with an explosive gas mixture. If you had to work in that area you would be glad the hammer you were using was made of materials that would not cause an explosion, no matter what it costs.

The other explination of this hammer is it is an accounting gimic: they spend $x on researching purchases that year, and bought y things, so each thing cost $x/y in research, never mind a hammer needs little research, while the engine they also bought needs are lot more than that before buying.

Last, I've used $300 hammers. If the $600 hammer is a much better than the $300 hammer as the $300 hammer is over the $15 hammer it was money well spent! $15 hammers are hard on the joints and should never be used.

"There are 43 million uninsured Americans - 4 million more than when the current administration took office. George W. Bush will reverse this trend by making health insurance affordable for hard-working, low-income families." Source:

Bush-Cheney 2000 website

Reality?

In the first two years Bush was in office, the number of uninsured American increased by nearly four million. Since Bush took office, health insurance premiums have risen by an average rate of 12.5 percent per year. According to a major study, "widespread adoption [of Bush's major health care plan] could drive up the annual deductible paid by workers." Source:

U.S. Census Bureau, 7/8/04; Kaiser Family Foundation, 4/04; USA Today, 4/25/04

Another Healthcare promise:

"George W. Bush will establish the 'Healthy Communities Innovation Fund' to provide $500 million in grants over five years to fund innovative projects addressing targeted health risks, such as childhood diabetes." [Source: Bush-Cheney 2000 website]

Reality?

Bush never established this fund. Source:

The Philadelphia Inquirer, 1/20/04

Environmental promise:

George W. Bush "will also ensure that the federal government, which is the country's largest polluter, complies with all environmental laws." Source: Bush-Cheney 2000 website

Reality?

For the past three years, the Department of Defense has requested that Congress exempt it from environmental laws and regulations like the Clean Air Act of 1970. The exemptions were requested despite the fact that the Environmental Protection Agency has thus far declined to apply the policies to the military training facilities in question. Source:

Government Executive Magazine, 4/6/04

Education promise:

George W. Bush will "fully fund the Pell grant program for first-year students by increasing the maximum grant amount by more than 50 percent, to $5,100." Source:

Bush-Cheney 2000 - Education website

Reality?

President Bush has frozen the maximum Pell Grant at $4,050 in his FY 2005 education budget. This is the third year in a row that Bush has frozen or cut the maximum Pell Grant. Source:

House Committee on Education and the Work Force 2/2/04

Welfare promise:

"To encourage states to help families in crisis, Governor Bush will provide states an additional $1 billion over five years for preventative services to keep children in, or return them to, their homes whenever safely possible." Source:

Bush-Cheney 2000 - Child Welfare website

Reality?

Bush has proposed allowing states to use the federal funds currently earmarked for foster care room-and-board payments to be used for preventative services. In exchange, states must accept a spending cap on the amount of foster care funding they receive. Sour

It's sad we can't audit their income and security. It would make them pay their debt faster, right?

...not that the national debt seems to matter much anymore. Though it does interest me still why Microsoft was chosen as exclusive Homeland Security contractor.

So, what was Tenet talking about, really? See http://www.govexec.com/dailyfed/1204/120104c1.htm.

"Efforts at physical security will not be enough, because the thinking enemy that we confront is going to school on our network vulnerabilities as well, and I think the two are inextricably linked," he said. "The number of known potential adversaries conducting research on information attacks is increasing rapidly and includes intelligence services, military organizations and nonstate entities."

According to Tenet "a loose collection of regional [terrorist] networks" now "thrive independently" worldwide by using telecommunications and the Internet to communicate with and learn from each other at almost no cost.

Telecommunications technology for government and business should have built-in protections, Tenet said, such as intrusion detection and protection systems, antivirus software, authentication and identify management services, and encryption.

"I know that these actions would be controversial in this age where we still think the Internet is a free and open society with no control or accountability," he added. "But, ultimately, the Wild West must give way to governance and control."

And here:

Former senior federal cyber security official F. Lynn McNulty told UPI there would have to be "some retreat from the Wild West" concept of the Internet as an ungoverned space.

"It has become such an integral part of people's lives," he argued, "that they will demand from policymakers and legislators the laws and regulations needed to protect it."

Tenet suggested that this
might not be enough. "New attacks have raised questions about the trustworthiness of the Internet and Internet protocol technologies," he said.

Tenet suggests a move to Internet 2, a project of universities and private industry geared at advancing the speed and security of the Internet as we know it. The project claims speeds at 300,000 times that of the current home Internet connection, allowing high-quality real-time video and audio over long distances.

So, what was Tenet talking about, really? See http://www.govexec.com/dailyfed/1204/120104c1.htm.

"Efforts at physical security will not be enough, because the thinking enemy that we confront is going to school on our network vulnerabilities as well, and I think the two are inextricably linked," he said. "The number of known potential adversaries conducting research on information attacks is increasing rapidly and includes intelligence services, military organizations and nonstate entities."

According to Tenet "a loose collection of regional [terrorist] networks" now "thrive independently" worldwide by using telecommunications and the Internet to communicate with and learn from each other at almost no cost.

Telecommunications technology for government and business should have built-in protections, Tenet said, such as intrusion detection and protection systems, antivirus software, authentication and identify management services, and encryption.

"I know that these actions would be controversial in this age where we still think the Internet is a free and open society with no control or accountability," he added. "But, ultimately, the Wild West must give way to governance and control."

Ugh... every time someone want's to bash the US government, the $400 (actually the myth was $600) hammer comes up. It never happened. Never. Here's a link to an enlightening article. Please read it, and never again post information regarding expensive hammers.

Is this the same EDS that is currently fleecing the US Navy for Hundreds of Millions of dollars in, what has been described by everyone I've talked to as extremely poor computer and network support?
FTA -- "If you mention NMCI, there is an automatic groan," he says. "I think the phrase is, 'I've been NMCI'd.' "
The Article

Let me see if I get this straight. You commented that ) Drugs are expensive because they are illegal... suggesting crack, crystal meth, and marijuana are expensive? No, only some drugs are illegal. Even though name brand green beans are $0.50-0.88 per can, some people will still buy the cheaper generic ones for a variety of reasons. So cocaine gets cheaper, so does crack, and there's still a market for it.

) Several studies have shown that when junkies get their fix consistently, they are perfectly able to maintain their jobs and responsibilities.

I cannot stand it when people say "several studies" and give no source whatsoever. Anyone can say those two words, and it adds an element of believability in the same way saying Benjamin Franklin once said it, or whispering it. For every study, there is an equal and opposite study. My experience in the volunteer work I've done in the past for the Star of Home shelter in Houston is that once people are on drugs, it is extremely difficult to get them off of them, and they "need" more and more. At first they can afford them, but the increased need for them eventually causes them to lose everything, or overdose. Quite a few of the people I spent time with lost their jobs because they were no longer able to function at work, given their increased need for the high associated with the addictive drug of choice... needing it during their working hours eventually. So maybe I should write and publish a "study" disproving the studies you paraphrased, but did not give any reference to.

If even 10% of the money that we currently spend on fighting the drug war were directed towards drug treatment, we could greatly reduce the drug problems we face right now.

Currently, in the war on drugs, 20% of federal dollars are spent on treatment, leaving the other two thirds to be spent on prevention. The Office of National Drug Control Policy FY 2003 Executive Summary shows that the federal budget increase for 2003 was $461MM. That's just an increase. The total was almost $19BB. Care to make any summaries as to how that money could have been spent instead? Let's look at how you suggest (rather how Peter McWilliams, whose only qualifications are as an author, suggests) we could spend the war on drugs money elsewhere...

Pay off the national debt in less than ten years.

Anyone who has an understanding of federal bonds and the majority of their use would never suggest we pay off the national debt. Most of those bonds are held by American taxpayers, and typically for retirement funds. Would you like to see more people forced into an already overbought and unstable stock market instead? In the realm of risk analysis, people closer to retirement need investments that less risky, and t-bonds/t-bills are near the top of that list.

Reduce personal income taxes by more than 75 percent. With 41% of federal income spent on social security and medicare, and an additional 18% spent on the US military, I challenge you to show me the math in 100-41-18=75.

Allow the Pentagon to purchase 23 wrenches, 16 office chairs, and 243 paper clips.

What? Oh, probably the story of the $600 hammer again. That hammer never existed.

Send every man, woman, and child in the United States a check for $2,000 each year

Erm... watch the clock tick and let me know when it reaches the $580 billion dollars you get when you give 280 million people a check for $2000.

Pay everyone's doctor, dentist, phone, and utility bills, as well as pay for gasoline and repair of every car in the United States.

While my numbers may not represent everyone in the US, I think I'm prob

NG/ANG

Ahead of schedule

CNN agrees

It's in obscure trade journals

Straight from the horse's mouth

The stop-loss orders do not imply a lack of recruitment. Rather, it's a way to retain forces-in-being and their experience, and a way to increase numbers without increasing recruitment. Plugging the drain in the bathtub doesn't mean that the faucet has turned off.

"If you vote for Kerry, you're voting for a moderate liberal agenda."

Moderate liberal agenda? From the guy with the most liberal voting record in the Senate? Even farther left than Teddy "nutjob" Kennedy, and Hillary Clinton.

Sometimes regulation is a good thing. This is why my landline has five nines of reliability. Lack of regulation contributed to last summer's east coast blackout.

Downtime reports accessible to the public (at least in the aggregate by city, say, if not by cell) might also give the buying public the ability to make better-informed decisions. Right now, we're stuck working with anecdotal evidence at best. With this information, I can say to myself, "Company X is up 97% of the time, while Company Y is up 99.5%. Now I know why X is cheaper." I can make decisions based on real data, rather than, "My brother's roommate told me that his cell service seems to be down all the time."

To suggest that reporting on outages is an onerous task that will put the 'little guys' out of business is a red herring. One cell tower costs how much--anybody?--more money than I make in a year, certainly. Further, I imagine that there are very few companies that operate just one cell. Any company that owns towers already will have regulatory compliance people who work full time to comply with FCC rules and shepherd paperwork. If someone has to spend a couple days writing software to automatically compile outage reports, it's a drop in the bucket.

they buy $800 hammers and expect to be able to dictate how to run a successful company? please.

First, the government isn't trying to nationalize the cell phone companies--in question here is having them report on their service. Second, how many times does the myth of the $800 hammer have to be debunked? Briefly, it was $600 in the news reports, and $435 on paper. $420 of that was an accounting artifact--the details were published here at least five years ago. So the $800 hammer actually was fifteen dollars.

I gather that very expensive hammers are also occasionally purchased for special applications. In certain environments, you want a hammer that is light, durable, non-sparking, and non-magnetic, and that sort of thing can legitimately cost a lot of money.

I work at USDA, and was here during Glickman's time. He's a pretty regular guy.

If he saw you in the hall, he'd say hi. He mostly ate in the regular employee cafeterias, instead of the Secretary's Dining Room (which has pretty the same food, but also wood paneling and table service).

His official portrait on the Patio (just past the Visitor's Center, if you come in the Whitten Building) shows him standing behind his chair, jacket on the back of the chair, with a kind of sarcastic look on his face. All the others have the usual standing-there-button-up-jacket sort.

When 50 black farmers demonstrated in front of Clinton's White House for better treatment from USDA, Bill called Dan, and Dan put together the Civil Rights Action Team (CRAT). This team made 92 recommendations to ameliorate the problem, and they were put into place by the Civil Rights Implementation Team (CRIT).

Glickman gave his full backing to this effort, which, frankly, was resisted in some of the USDA agencies cited in the CRAT Report

He always struck me as a pretty fair, stand-up kind of guy, so it wouldn't surprise me if well-reasoned, non-hostile Linux advocacy were presented to him, a major victory could be won.

How many times do we have to hear this? I've cited this article on Slashdot before, and if necessary I will cite it again. Steven Kelman explained it in Government Excecutive magazine, back in 1998.

The military bought the hammer, Kelman explained, bundled into one bulk purchase of many different spare parts. But when the contractors allocated their engineering expenses among the individual spare parts on the list -- a bookkeeping exercise that had no effect on the price the Pentagon paid overall -- they simply treated every item the same. So the hammer, originally $15, picked up the same amount of research and development overhead -- $420 -- as each of the highly technical components, recalled retired procurement official LeRoy Haugh. (Later news stories inflated the $435 figure to $600.)

"The hammer got as much overhead as an engine," Kelman continued, despite the fact that the hammer cost much less than $420 to develop, and the engine cost much more -- "but nobody ever said, 'What a great deal the government got on the engine!' "

Well also I'm going to bet they don't get any more shots at government contracts.

What you say should be true, but you'd lose that bet. Under an executive order by the first President Bush, a company guilty of illegal activities can be banned from consideration in procurements. The problem is that the company first has to be debarred by a federal agency, and that just doesn't happen. Face it, big business runs the country, not the government.

One of the reasons we don't hear about Monsanto and Lockheed Martin is that they don't want us to hear about them.

Monsanto is the antithesis of the family farm. They genetically engineer seeds and plants. They sell chemicals that pollute the land. They browbeat farmers into using buying their products or paying in court.

Lockheed? They recieve oodles of taxpayer dollars to build bigger bombs. Approximately half the country thinks this is a bad idea, and furthermore, raising the public's awareness of Lockheed products can only lead to more investigations by journalists and more oversight by Congress. That's just not good for business.

These companies do spend tons of money on research, much of it directly taken from tax coffers. They don't want attention for the same reasons that anybody who is up to no good doesn't want attention.

The $1000 hammer is a myth. Actually, it's even a badly reported myth--the usual figure cited by the media back in the Eighties was $600, and the real number on the books is $435.

Still, that seems rather shocking...until you dig deeper and realize that the hammer's actual cost was fifteen dollars. Sydney Freedberg described the issue in Government Executive magazine way back in 1998.

One problem: "There never was a $600 hammer," said Steven Kelman, public policy professor at Harvard University's John F. Kennedy School of Government and a former administrator of the Office of Federal Procurement Policy. It was, he said, "an accounting artifact."

The military bought the hammer, Kelman explained, bundled into one bulk purchase of many different spare parts. But when the contractors allocated their engineering expenses among the individual spare parts on the list--a bookkeeping exercise that had no effect on the price the Pentagon paid overall--they simply treated every item the same. So the hammer, originally $15, picked up the same amount of research and development overhead--$420--as each of the highly technical components, recalled retired procurement official LeRoy Haugh. (Later news stories inflated the $435 figure to $600.)

"The hammer got as much overhead as an engine," Kelman continued, despite the fact that the hammer cost much less than $420 to develop, and the engine cost much more?"but nobody ever said, 'What a great deal the government got on the engine!' "

Thus retold, the legend of the $600 hammer becomes a different kind of cautionary tale. It is no longer about simple, obvious waste. The new moral is that numbers, taken as self-explanatory truths by the public and the press, can in fact be the woefully distorted products of a broken accounting system.

What if the National Science Foundation got to directly and substantially compete with NASA, though? (As other examples there are also the Department of Defense (such as the Air Force or DARPA); the FAAs AST; and the NIH, etcetera.) The National Science Foundation has no research facilities of its own, and it conditions grant-awards on successful completion of a peer review process involving experts from academia, industry and the government. If the National Science Foundation (for example) got more funding allocated for its space endeavors along with the authorization to directly compete against NASA, it could utilize NASA centers as long as doing so withstands peer review scrutiny. This could boost NASA's public image, as people would be more likely to believe that whatever remains of NASA is not merely a product of executive or legislative pork-barreling, stacked evaluation boards, and bureaucratic inertia.

NASA's $13.6 billion annual budget dwarfs the $170 million budget for the National Science Foundation's space-related projects (which are presently focused merely on ground-based astronomy). The NSF therefore has to reject close to 75% of the space-related research proposals it receives. The Congressional Appropriations subcommittee on VA, HUD and Independent Agencies decides how much money it will allocate to both NASA and the National Science Foundation. Why not boost the NSF's space budget and, more significantly, broaden the scope of space activities for which future NSF money is earmarked? The NSF could already compete regarding funding nanotechnology research, space plasma investigations (related to nuclear fusion, for example), and microgravity studies. Does it really make sense to maintain the presently large budget discrepancy? source)

I am so relieved that the FBI is ensuring the security of Microsoft code (oxymoron alert: Microsoft and security) in order to ensure that our Homeland is Secure. (Oh wait...I get it now...the Dept of Homeland Security did this deal with Microsoft in order to experience massive security problems themselves so they could protect us. I am even more relieved than before).

I find it interesting that even as so many governments are making moves away from Microsoft, the US Department of Homeland Security designated Microsoft as its preferred supplier of desktops and servers.

I concur. However, if you're less interested in outright brutality and disfigurement it's an interesting development. Since electricity has become so ubiquitous, cheap and effective electro-convulsive torture methods have flourished. But it's crude. This would be a sophisticated means of producing a very pronounced disorientation that affects the body and mind. Using drugs can be dangerous and there's so much miscibility with allergies and side-effects, and of course what happens when the staff starts enjoying the good-stuff too?

If a government wanted to still look good in the eyes of the world while perfoming interrogations, this would be a nice way to do it. Much better than a talk-man , or being shaken until you go into a coma and die.

It [the dept. of homeland security] got an F.

It's not like there wasn't a warning ... for the last 10 years.

I'd expect the hundred-dollar-hammer and similar stories probably have similar truths behind them.

Yes, it does:

http://www.govexec.com/dailyfed/1298/120798t1.htm

If you ask me, the people are undervalued and the songs overvalued.

I call them MSNBC's.

It makes sense, all four cause damage or rapidly cause long term harm.

Even though it's one sentence in the NYTimes article, the audacity of this man to even *think* that he could charge for updates is stunning. Especially since there are so many gaping holes in his product.

That said, MSFT security seems to be good enough for the United States Government...and they would probably cough up maintenance monies (especially if Billy places back-doors, DRM, etc. in Longhorn) to support the 140,000 desktops the big brains at the Department of Homeland Security bought to keep our nation safe: ( Microsoft chosen as exclusive Homeland Security contractor . My favorite part of this "Government Executive" article was, "Microsoft's selection for such a wide range of software products would seem to indicate that officials have found those brands are used and favored by the majority of security agencies."

My God...how many technically clueless people are there in our nation's security agencies?

... courtesy of the rejected post machine. The government sector news sites are always good - and usually better - for details about contracts of this sort:

Microsoft/Dell Gets $90-$120 Million Homeland Security Contract

Microsoft has been awarded the five-year, $90 million Department of Homeland Security contract for desktop and server software. The contract will be managed by Dell and will provide the DHS with 140,000 desktops running Windows XP and Microsoft Office Professional. When consolidated with current agreements, the contract amounts to a six-year agreement covering 144,000 desktops, worth between $110 million and $120 million. This follows the $478 million, six-year deal with the Army announced last month. More at the Seattle Post-Intelligencer, Washington Post, InformationWeek, the Register , eWEEK, and Reuters.

This journalism is so biased it's amazing.

First off SEVIS is one of many computer systems controlled by the government. Pointing out flaws in SEVIS then inferring that all government computers can be flawed is a pretty bad argument.

Secondly, look at the home page on govexec.com. Most of the articles critisize the government, ex 'As bioterror threat grows federal capacity to respond shrinks', 'Agencies' electronic storage of records lags, archivists say,' and 'Pork-watcher skewers military construction bills.' This article is slightly biased.

Finally - the more complex a system is the more likely it will be to have bugs. SEVIS interacts with all univerities. I would rank that pretty high so far as complex systems go.

Los Alamos is my
favorite surplus store :)

On November 1 1983, the secretary of state, George Shultz, was passed intelligence reports of "almost daily use of CW [chemical weapons]" by Iraq.

However, 25 days later, Ronald Reagan signed a secret order instructing the administration to do "whatever was necessary and legal" to prevent Iraq losing the war. Source: Rumsfeld 'offered help to Saddam'

The Leaves code was a jumbled mess. It was encrypted and compressed--data had been squeezed together to save space.

Shameless Anonymous KarmaWhores International Bring You..br>
The worm that turned: A new approach to hacker hunting

By Shane Harris
sharris@govexec.com

Wednesday, June 20, 2001
6:30 a.m.
FBI Headquarters,
Washington

After 23 years as a CIA analyst, having briefed the president and his team on every conceivable threat to national security, Bob Gerber was scared. More scared than he'd been in a long time.

Holed up in his cramped, 11th floor office on a stark, colorless hallway at FBI headquarters in Washington, Gerber's stomach turned as he took his first look at a new enemy.

Gerber was a hunter, one of the government's best. These days, he was hunting worms, malicious computer programs let loose into the wild of the Internet by some of computerdom's most brilliant hackers. Two months earlier Gerber, 56, had left his job at the CIA, where he helped write the president's daily intelligence briefing, to head the analysis and warning division at the FBI's National Infrastructure Protection Center. There, he and his crew of more than 60 tracked worms, viruses and other computer evils, as well as the hackers who create them. Both threatened daily to shut down the engines of modern life--electrical power grids, the banking system, water treatment facilities, the World Wide Web.

Worms were the most vicious new beasts to stalk the Internet. But Gerber had never seen a worm quite like the one he confronted that sweltering Wednesday morning in June.

It was named Leaves after "w32.leave. worm," the poisonous file it implanted in unsuspecting computers. Like all worms, Leaves bored through cyberspace, probing Internet connections for holes in personal computers or Web servers. It slithered inside the machines and spewed venomous strings of data that threw its victims into electronic shock.

Leaves was hardly the first worm to infest the Internet. In fact, the pests became so common in 2001, that security cognoscenti dubbed it the "Year of the Worm." Worms wrought all sorts of damage. They forced computers to delete critical files or erase entire programs. They also allowed hackers to steal personal information from computers' memories. Once they infested their victims, worms made clones, then used their hosts as launching pads for more worms, whose numbers grew exponentially.

In 2000, Gerber and his team began battling a new species of even more virulent super worms. Rather than devour computers' innards, these worms hijacked their victims' controls, rendering them powerless zombies. With a gang of zombies at his command, the creator of a superworm could mob a Web site or computer system, flooding it with bogus electronic transmissions until it drowned in the data torrent.

In the spring of 2000, Gerber's colleagues took on a 15-year-old hacker who called himself Mafiaboy. The teen-ager turned his zombies loose on World Wide Web giants Amazon.com, eBay and Yahoo!, launching what is called a distributed denial of service attack that shut down business at the sites for five hours. It cost shareholders and the companies billions and shocked the Web world.

But compared with the Leaves worm, Mafiaboy's creation was a larva. Gerber's best analysts had worked late into the night trying to make sense of a sample of Leaves captured by worm watchers at the SANS Institute, a computer research center in Bethesda, Md. They let Leaves infect a computer, and then they watched how it behaved. What Gerber saw fascinated and appalled him.

Leaves was a zombie maker on steroids. It searched out computers already wounded by another Internet scourge called a Trojan, which installs back doors in the machines. Leaves used a Trojan called SubSeven as its entrance. Once transformed, the zombies awaited orders. To communicate with them, Leaves' creator ordered his zombies to rendezvous online through Internet Relay Chat channels. He also told them to visit certain Web sites and download encrypted information to receive instructions on what to do next. No one knew who was controlling the zombies, from where or why.

Reading the guest registries of chat rooms, Gerber discovered that an army of 1,000 Leaves zombies already was on the march. Mafiaboy, by contrast, had a few hundred conscripts and sometimes used only a dozen to attack a Web site.

What's more, Leaves contained an electronic gene enabling its creator to control every zombie at once from any Internet connection in the world.

Gerber never had seen a worm so sophisticated or terrifying.

But to exterminate it, Gerber needed more samples to dissect and more time. Pulling out the lines of computer code that told the worm how to behave might help him shut it down. Or, if he could identify the worm maker's ultimate goal, Gerber might be able to head him off.

The FBI group usually worked alone or with a few select federal officials and private sector consultants. But even Gerber's top-flight team was daunted by Leaves. It was time to call in help. Only a public-private posse of America's best hacker trackers could gut this worm.

By pulling such a group together for the first time and then letting it operate largely unsupervised, Gerber created a new model for federal computer crime fighting.

June 29
FBI Strategic Information
and Operations Center,
Washington

Gerber called the most seasoned and cunning code crackers, worm gurus and cyber soldiers from government and industry to meet at FBI headquarters. On a Friday afternoon, 10 days after Leaves was discovered, the posse gathered in the FBI's crisis headquarters, the Strategic Information Operations Center.

It was the most concentrated arsenal of computer crime-fighting talent the government ever had gathered. They came from leading security companies Symantec and Network Associates, the FBI, the White House and the Defense Department.

But there was a hitch. The private experts were uneasy. Could they trust the G-men? Uncle Sam was a bumbling bureaucrat. His security was notoriously lax. Hackers had been penetrating military and intelligence agency computers for years. What could federal officials possibly know about fighting an enemy as elegant as Leaves?

The two sides eyed each other warily as Gerber laid out what he knew. The evidence seemed to show that Leaves' creator was preparing a massive denial of service attack. Everyone would have to work together to stop it. Mistrust would keep them apart. It took Marcus Sachs, a cyber soldier from a Pentagon unit trained to attack foreign networks, to bridge the suspicion gap.

Sachs dazzled the room with his observations and theories about Leaves. With casual command of hacker lingo and the history of worms and their attacks, he demonstrated both the expertise of the government corps and the urgency of defeating this unique and dangerous foe.

The ice melted. Slowly, a simple sheet of paper passed around the room. First one, and then the next, wrote down his name, e-mail address and phone number. The Leaves posse came to life and it readied for a fight.

Days later
Los Angeles

Jimmy Kuo left the meeting to conduct an electronic autopsy.

Kuo, a research fellow at the security firm Network Associates, took samples of the worm home to Los Angeles. Many in the Leaves posse returned home to operate on their own turf, not from a single base in Washington. "In this line of work, it doesn't matter where you are, as long as you have a laptop computer and a phone," Kuo says.

The Leaves code was a jumbled mess. It was encrypted and compressed--data had been squeezed together to save space. Mr. Leaves, as some in the posse had begun calling the worm's creator, knew his creation would be captured. He ensured the worm wouldn't easily give up its secrets. Kuo ripped apart layers of code with powerful programs to reveal the deeper truths Leaves was hiding.

Other members of the posse were ripping Leaves, too, untying its knotted innards. One wrote a program to mimic the Trojan that Leaves used as a back door. The posse laid the trap across the Internet.

Sharing their discoveries by phone and e-mail, the code crackers found eight variants, or mutations, of the worm. Mr. Leaves was tweaking his weapon, finding new ways to deliver it. And he was moving faster than the posse.

While Kuo ripped in Los Angeles, a posse member watched for abnormal Internet traffic from SANS in Bethesda. Still others huddled at the FBI. The group worked smoothly because nobody was in charge, Sachs says. "Egos didn't get in the way of progress." They worked fast, but as days passed, their analysis yielded fewer new results. They learned much about the worm's attributes, but little about its purpose.

Mr. Leaves had directed the zombies to synchronize their clocks with the Naval Observatory clock on the Web. The army was prepared to attack in unison. No doubt, Mr. Leaves soon would begin his onslaught.

Unless someone could find him first.

Early July
FBI headquarters,
National Infrastructure Protection Center
computer investigation unit

FBI Special Agent Michelle Jupina wanted two things: to find Mr. Leaves and to lock him up. The bureau sought Leaves' creator on criminal charges of unlawfully entering a computer. Jupina was at the first posse meeting in June, but she kept a low profile. Assigned to the infrastructure protection center, Jupina, 36, was well-versed in cyber jargon. She understood how hackers thought and maneuvered.

The posse saw Leaves as a marvel of engineering. But to Jupina, the worm and its maker were just garbage to clean up. Short, quiet and hidden under a mane of frosty blonde hair, Jupina didn't seem capable of bursting through a hacker's door and yanking him off his keyboard. She was so unobtrusive that a posse member recalls he didn't even know she was a cop until she got up from her seat one day and "I saw a cannon strapped to her side."

But as the posse ripped Leaves apart, Jupina was a constant eavesdropper, digging for evidence in the pile of Leaves' secrets the posse unearthed. Even as new revelations slowed, Jupina and the agents under her command feverishly followed leads. Steadily, they shut down the Web sites Leaves' zombies used to receive instructions. They planted tracking devices to pick up the hacker's footprints.

Second week of July
FBI Strategic
Information
Operations Center

Weeks passed. The zombies remained quiet.

Gerber had issued a public warning about Leaves on June 23. The private sector posse members had warned their customers. News that Leaves was on the loose circulated through the computer security trade press. But still no attack.

Ripping continued. The zombie army grew. By July, at least 20,000 computers were encamped in chat rooms or patiently waiting for their orders. "That scared the hell out of us," Gerber says.

Mr. Leaves was getting wily. Whenever the team shut down one Leaves chat room the worm automatically created a new one. Mr. Leaves tried new methods, too. On July 9, one of the companies in the posse found an e-mail claiming to be a security bulletin from Microsoft Corp. The bulletin warned of a new virus, and told users to download a file to protect their computers. In the file was Leaves.

The bogus warning was badly written and eerily self-congratulatory:

"Yesterday the Internet has seen one of the first of it's downfalls. A virus has been released. One with the complexity to destroy data like none seen before."

Today, hackers often mask their worms as official security warnings, but this was the first use of the tactic. Like many outlaws, Mr. Leaves inspired a certain grudging admiration within the posse chasing him. "I had a feeling I was dealing with an artisan," Gerber says.

Or possibly a common crook.

Perplexed by the lack of attack, someone in the posse posed a new theory: Perhaps instead of damage, Mr. Leaves sought money.

The posse knew that some companies paid Web surfers to click on advertisements on their sites in order to inflate estimates of the success of the ads. With 20,000 zombies to click for him, Mr. Leaves could make a killing. Some of the sites the zombies visited contained these ads. If the FBI could find an account where Mr. Leaves put the funds, trace it to a physical address and tie it to him, the case might be solved.

Convinced Leaves had to have been created for a denial of service attack, the posse scorned this theory. Pulling off one of the biggest attacks ever was the only glory befitting such a brilliant worm.

But something didn't make sense. Mr. Leaves was taking an awful risk by not attacking. Every time he logged on to communicate with his zombies, the FBI had another chance to trace him. Why expose himself? Why not just preprogram the zombies to act on their own? The scam began to seem more believable.

But before the posse could prove its theory, an attack began. It wasn't the work of Leaves.

On July 17, a new worm appeared--Code Red. It was named after Mountain Dew Code Red soda, the only thing that kept two private sector analysts awake as they tracked it day and night.

Leaves propagated like a rare illness, targeting only victims with weakened immunity. But Code Red spread like smallpox. The worm exploited a ubiquitous hole in one of the most popular brands of Microsoft Web servers. In a few hours, Code Red had eaten into more than 100,000 servers worldwide. The swarm of worms leaping from machine to machine caused an electronic traffic jam, slowing all Internet traffic. In the aftermath of the attack, companies would spend billions of dollars plugging the holes that let Code Red enter.

Able as it was, the posse didn't have the strength to fight both Code Red and Leaves at once. The choice was clear: Code Red took precedence.

The Leaves posse had built a new model for chasing Internet outlaws. They honed it battling Code Red. But fighting the new menace left Leaves on the back burner. All they could do was hope that Leaves was no more than an Internet heist or pray that Jupina and her crew could track down and nab Mr. Leaves before he, too, unleashed his zombie brigades.

For weeks, Jupina and her technicians had laid traps and tracers across the Internet. She wanted the hacker's Internet protocol address, the digits that identify anyone who sends information online. Hackers cover their tracks by erasing those addresses from the servers they use. But Mr. Leaves had slipped.

In a cache of addresses Jupina had pulled off a server in Oklahoma at the end of June, she found one used by Mr. Leaves. It was a hot lead.

But chasing the address could take Jupina around the world. And she could nab Mr. Leaves only if he lived in a country that considered hacking a crime. If he did, the company that provided his Internet service would have to cough up his home address and Jupina would have her man. Luckily, after some tracking, Jupina hit gold: Mr. Leaves' address originated in the United Kingdom, home to some of the toughest computer crime statutes in the world.

Jupina rang the Scotland Yard computer crime unit. Within days they traced the Internet address and attached it to a name and a place. The hacker was a 24-year-old man living in one of the seedier sections of London. Scotland Yard set up a stakeout at his digs.

July 23
FBI headquarters and
South London, England

Back at FBI headquarters, Jupina kept watch on a computer monitoring the Oklahoma Web server. When Mr. Leaves logged on again, Jupina would know. Jupina waited with Scotland Yard's phone number at the ready. Officers in South London sat tight outside the hacker's residence.

Nothing.

And then, there he was.

Jupina watched as the hacker connected to the Oklahoma server. She gave the word to Scotland Yard: Go. The officers arrested the creator of one of the most ingenious worms ever known.

Epilogue

The Leaves posse proved itself during the Code Red attack. Code Red made headline news. The FBI, the White House and security companies launched a coordinated campaign to track it, warn the public and take steps to protect vulnerable systems. Crippling of the White House Web site was narrowly avoided; Pentagon Internet connections were temporarily shut off. Damage was significant--estimates are in the billions of dollars--but it would have been worse had the response not been as fast and well organized. No perpetrator has been identified.

Mr. Leaves caused no major damage before the posse rounded him up. And the same team remains on guard against new worms or other cyber threats. When one appears, the posse comes alive. E-mails fly, home telephones ring as the members swing into action, sharing what they know, tracking, dissecting, devising traps and passing evidence to the FBI.

In November 2002, shortly before leaving the FBI and returning to the CIA, Bob Gerber sat in a new office at FBI headquarters. Next to a bookcase full of hacker treatises, with a can of Mountain Dew Code Red displayed prominently on a shelf, Gerber pondered Mr. Leaves' motive. The FBI never found evidence the hacker had stolen money using the worm. Gerber and Jupina had brought the case all the way to a collar, yet they might never know Mr. Leaves' ultimate goal. "As far as I know, no one ever asked Mr. Leaves why he did what he did," Gerber says.

And no one ever may get the chance. In November 2001, the man who confessed to British authorities that he'd created the Leaves worm received a "formal caution," a legal warning usually reserved for juvenile crimes and minor drug offenses.

The lead officer on the case insists the agency has information about the hacker's motives that the FBI hasn't heard. But Scotland Yard refuses to divulge what it knows. Citing British law, officials refuse even to reveal the hacker's name.

Tens of thousands of computers containing now-dormant Leaves worms await instructions from their master. Should they ever again awaken, a posse will be waiting.

If you wrote zillions of Lines of Code, much of it having nothing to do with the program you were assigned, would your boss pat you on the back and say, "Great job, Ted! I really like the way you slipped in the Beos port of 'Outpost 2: Back in the Habit' in the TPS Report Generator software. I see you taking my place some day..."

Yet that is just what we have in the hallowed halls of Congress. A bunch of shitty programmers, eating all of our pizza.

.
LOOK!
Real congresswhores subscribe to http://www.govexec.com!
Because we're not Public Servants, we're EXECUTIVES!

It would be even funnier if it weren't so true.

See the Independent Counsel's Report on Iran-Contra: "Poindexter in April 1990 was convicted by a jury on five felony counts of conspiracy, false statements, destruction and removal of records and obstruction of Congress. The Court of Appeals reversed his conviction in November 1991 on the immunized testimony issue."

The White House has defended Poindexter's current role. When asked in a February 25 press conference about the new appointment, White House Press Secretary Ari Fleischer said, "Admiral Poindexter is somebody who this administration thinks is an outstanding American, an outstanding citizen, who has done a very good job in what he has done for our country, serving the military." He was then asked by veteran White House reporter Helen Thomas, "How can you say that, when he told Colonel [Oliver] North to lie?" Fleischer disagreed and said, "I understand. The president thinks that Admiral Poindexter has served our nation very well."

This is a real worry. It hasn't appeared much in the mainstream press, either.

Lets revive the microwave beam weapons while we are at it.

It's been done.

Well, the kickoff of the Virtual IT Job Fair brought down the house, or at least the servers. OPM is desperately adding computers to keep up with demand...

Something similar is already in the works.

It was faster, better, cheaper and the Mars probes were part of them - Efficiency vs effectiveness

There are actually reforms stalled in congress. The reforms are to allow the Patent office to operate more as a business making it easier to hire staff etc. Oddly enough it looks as if big companies got it held up. They should fund it more or perhaps raise the fees for patent apps. This is a service provided to those that apply for the patents in the first place.

C2 products have demonstrated they can:

• Identify and authenticate system users
  
• Limit data access to only approved users
  
• Audit system and user actions
  
• Prevent access to files that have been deleted by others

C2 certification only applies to stand-alone, non-networked machines.

Distraction, as a military tactic, is ancient. Sun-Tzu wrote about it in "The Art of War".

It's no coincidence that Pentagon and other "break-ins" happen in such close proximity to budget cycles. Go back and look through your Congressional record - you can practically set your clock by it, it's so regular.

Recipe for inflating your budget: put some moderately secured machines on the Internet, allow them to be compromised, express some outrage, wait for a while (but not so long that people forget), and then - presto! - money falls from the sky!

The military/industrial complex does this all of the time. In theory, a perfect example of this is Area 51 - if I'm the U.S. Government and I have alien technology, I've got plenty of incentive to fake the establishment of a military base for studying that technology, do a half-assed job of covering it up, and then leak it's existence to the press. That way, no one looks for the place I'm stashing the *real* alien hardware. :)