US proving Internet-adept and inept at same time

Oct 31, 2013 by Seth Borenstein
This Jan. 3, 2013, file photo shows a Google sign at the company's headquarters in Mountain View, Calif. When it comes to the Internet, the Obama administration appears simultaneously to be a bungling amateur and a stealthy wizard. The same federal government that apparently intercepted communications to and from Google and Yahoo data centers without leaving a trace is facing scorn because it can't put together a working website for health care. (AP Photo/Marcio Jose Sanchez, File)

When it comes to computers, the Obama administration appears simultaneously to be an amateur and a wizard. The same government that reportedly intercepted the communications of leading U.S. consumer technology firms, Google and Yahoo, without leaving a trace is criticized because it can't build a working federal website for health insurance.

In a single day in Washington, the extremes were on full display.

Under a classified project called MUSCULAR, the National Security Agency has secretly broken into the main communications links that connect Google and Yahoo data centers around the world, The Washington Post reported Wednesday, citing documents obtained from former NSA systems analyst Edward Snowden. In the past 30 days, the NSA swept up and processed more than 180 million new records, including metadata indicating who sent and received emails and when it happened, the Post reported.

Across town, Health and Human Services Secretary Kathleen Sebelius was apologizing to Congress over the troubled healthcare.gov website. New documents obtained by The Associated Press showed that officials had worried that a lack of website testing posed a potentially high security risk. A congressman told Sebelius that she had put Americans' personal financial information at risk.

The difference? National priorities, including big differences in how much the spends, plus the talent and expertise of the people the government hires.

The NSA's annual budget was just over $7 billion in fiscal 2013, according to budget documents leaked by Snowden. The budget for the entire Health and Human Services Department was less than $1 trillion, and it spent $118 million on the website plus about $56 million on other IT to support the website, Sebelius said Wednesday.

In these October 2013 photos, Director of National Intelligence James Clapper, left, and Health and Human Services Secretary Kathleen Sebelius testify at separate hearings on Capitol Hill in Washington. When it comes to the Internet, the Obama administration appears simultaneously to be a bungling amateur and a stealthy wizard. The same federal government that apparently intercepted communications to and from Google and Yahoo data centers without leaving a trace is facing scorn because it can't put together a working website for health care. (AP Photo)

The NSA is famous for employing small focused teams of highly talented, highly recruited experts with special skills, said Chris Wysopal, a former hacker who is chief technology officer for Veracode. But the Health and Human Services Department's website designers? "They are sort of your average developers," he said.

Ex-hacker Marc Maiffret, the at BeyondTrust, said Washington contractors who work on civilian technology projects usually are over-budget and under-performing. Teams putting together large IT systems are complex and must coordinate across different government agencies, insurance companies, states and contractors.

"They may have underestimated the complexity when they started on it, which is again not surprising," said Purdue University computer science professor Gene Spafford.

Motivation is important, too. Patriotic hacking on behalf of the NSA is exciting, especially among the mostly young and mostly male demographic.

"Breaking in, it feels like special ops," Wysopal said. "Building something feels probably like you're in the Corps of Engineers. You're just moving a lot of dirt around."

It's also widely understood to be easier to break something down than to build it. Siphoning the Google and Yahoo data is simpler to do than building a secure website for millions of people to get health care, Wysopal and Maiffret said.

Besides, if the NSA had failed to collect all the data it wanted during a classified mission, few people would learn about it—unlike what happened almost immediately when the health care was launched and immediately experienced problems, said Matt Green, a computer science professor at Johns Hopkins University.

"If the NSA doesn't do something, you and I don't hear about it," Green said.

The government generally spends more money researching how to attack, not defend, computers, said Spafford, director of the Center for Education and Research in Information Assurance and Security at Purdue.

The apparent contradiction between and the NSA, Spafford said, "is what makes computers magical."

Explore further: Report: NSA broke into Yahoo, Google data centers (Update 2)

More information: Center for Education and Research in Information Assurance and Security: www.cerias.purdue.edu/site/about

1 /5 (1 vote)
add to favorites email to friend print save as pdf

Related Stories

Report: NSA collecting millions of contact listss

Oct 15, 2013

The National Security Agency has been sifting through millions of contact lists from personal email and instant messaging accounts around the world—including those of Americans—in its effort to find possible ...

Recommended for you

Study: Social media users shy away from opinions

Aug 26, 2014

People on Facebook and Twitter say they are less likely to share their opinions on hot-button issues, even when they are offline, according to a surprising new survey by the Pew Research Center.

US warns shops to watch for customer data hacking

Aug 23, 2014

The US Department of Homeland Security on Friday warned businesses to watch for hackers targeting customer data with malicious computer code like that used against retail giant Target.

Fitbit to Schumer: We don't sell personal data

Aug 22, 2014

The maker of a popular line of wearable fitness-tracking devices says it has never sold personal data to advertisers, contrary to concerns raised by U.S. Sen. Charles Schumer.

Should you be worried about paid editors on Wikipedia?

Aug 22, 2014

Whether you trust it or ignore it, Wikipedia is one of the most popular websites in the world and accessed by millions of people every day. So would you trust it any more (or even less) if you knew people ...

How much do we really know about privacy on Facebook?

Aug 22, 2014

The recent furore about the Facebook Messenger app has unearthed an interesting question: how far are we willing to allow our privacy to be pushed for our social connections? In the case of the Facebook ...

Philippines makes arrests in online extortion ring

Aug 22, 2014

Philippine police have arrested eight suspected members of an online syndicate accused of blackmailing more than 1,000 Hong Kong and Singapore residents after luring them into exposing themselves in front of webcam, an official ...

User comments : 0