Inside a looking-glass-covered professional building on a wooded lot on the outskirts of Frankfurt, important work is taking place that could revolutionized the field of economic intelligence and espionage. Approximately thirty-six computer specialists and senior intelligence officials are working on a top-secret project to bring computer hacking in to the realm of spying and intelligence. They hope that through the use of sophisticated computers and specially trained personnel, German intelligence agents will be able to enter computer data bases of corporations and foreign governments around the world. And the access could be achieved while the agents remained thousands of miles away.
The few scholars who have ventured into the field of professional computer hacking by national intelligence agencies give the Germans high marks in this area. A paper delivered by computer specialist Wayne Madsen to a computer-security conference in Helsinki in 1990 provides a rating of each of the world's national intelligence services in terms of its capabilities to hack as a means of engaging in computer espionage. Madsen rated German capability "excellent."
The German effort was dubbed Project Rahab, named for the harlot who helped the Israelites infiltrate Jericho. The concept of bringing computer hacking into the world of intelligence was developed under the-BND Director Eberhard Blum in 1985. In 1988, the idea was developed further and became an experimental program.
The original plans for Rahab were drawn up by a BND official name Christian Stoessel. An expert in computers and computer security, he had been working for the BND for eight years, tracking the activities of West German computer hackers and learning about ways in which foreign intelligence services might try to penetrate BND data bases. He had taken a particular interest in a Hamburg computer hacker's club called Chaos and was impressed with its technical proficiency and the technological reach it had achieved with ordinary computers. "He wanted to harness the power [of the computer} to serve our intelligence ends," says a former colleague.
In August 1988, Stoessel issued an eighteen-page paper concerning his findings and the feasibility of using hacking for intelligence purposes, and he submitted it to senior directors of the BND's Division II. He proposed that the BND establish a hybrid project to explore the possibility of developing an arm of Division II that would be devoted to entering systematically the data bases of foreign governments and companies.
Although neither Stoessel nor senior officials of Division II spoke about potential targets while in the conceptual stage, U.S. intelligence officials are adamant that the focus of the main effort was intended to be Germany's Western allies. "As much as they may like the claim that they wanted a worldwide capability to target anybody, that claim just doesn't hold water," says a senior U.S. counterintelligence official. "No one in what at that time was the Soviet bloc really had the sort of computer network that could be entered. In the U.S., France, Britain, Japan, and every other Western industrial power, it's another story. Everybody is linked somehow and therefore accessible."
[...]
In the initial months, Rahab was focused almost exclusively on gleaning as much as possible from earlier hacker cases. Stoessel use the files he had developed for protecting BND networks to learn more about how to enter other data bases. Rahab officials established an internal, detailed computer network to replicate those they might be attempting to enter. The operation was concerned not only with data base entry, however, but with all that might be of use to the BND.
Because of an expressed interest in the possibility of using the Rahab network against the Soviet bloc during a crisis or a war, in April of 1989 the network was subjected to deliberate attempts to replicate a computer virus that had been created by a West German hacker named Bernd Fix. Like all such viruses, this one had two parts: a code that infected other programs by duplicating itself with those programs and a function that, once planted, could erase or damage magnetic data or interfere with normal computer operations.
Fix's virus attracted the Rahab team because it was particularly powerful. It was capable of destroying all the information in a large mainframe computer in a matter of minutes. If widely used, it could render national computer systems useless in the course of a few hours. But it was also dangerous. By their nature, viruses cannot be contained, and Rahab officials recognized that for practical purposes using the Fix virus against a potential enemy could eventually lead to Germany's being infected, too. And, finally, the Fix virus was incredibly complex. Once the program was reproduced by the Rahab team, it would take twenty hours of programming to recreate it from start to stop.
BND agents, with the cooperation of the BfV, did extensive research on other hackers, including individual members of the infamous Chaos Club. According to one German official with knowledge of Rahab, BND officials were truly shocked at what they learned: "They discovered that they knew very little about hacking." They learned, for example, that it was not technique that mattered so much as understanding one secret: few legitimate owners of information install computer security products properly. Once you figured out the flaw in the installation, you could easily defeat them.
[...]