In what could be the first act of domestic terrorism since Timothy McVeigh, a small plane (Piper) that set out from Georgetown Municipal Airport hit a federal office building housing the Internal Revenue Service (IRS) at 11:36 AM in Austin, Texas. A software developer, Joseph Andrew Stack, who had previously set his house on fire, was the pilot who suicidally flew his plane Kamikaze style into the building in an apparent act of revenge against the IRS as detailed in a 3,202 word suicide note on his web site: http://embeddedart.com. The web site is reporting a last update of Thursday, February 18, 2010 10:12:53 AM.

Note that the following message now appears on embeddedart.com: This website has been taken offline due to the sensitive nature of the events that transpired in Texas this morning and in compliance with a request from the FBI. If you want to see the original letter, please see the archived version at thesmokinggun.com. Regards, T35 Hosting http://www.t35.com/

The suicide note on embeddedart.com downloaded as a pdf: Well Mr. Big Brother IRS man… take my pound of flesh and sleep well.

The suicide note as it originally appeared.

The FBI and CIA also have offices in the same building complex. This particular IRS office is home to a group called the EP Team Audit Program, which examines employee benefit plans with 2,500 or more participants.

Terrorism?

The Echelon Building Burning.

Well certainly not the kind that one would think of with regards to foreign religious ideological based groups, such as Al Qaeda, but let’s take a closer look at what the definition of terrorism really is:

(the calculated use of violence (or the threat of violence) against civilians in order to attain goals that are political or religious or ideological in nature; this is done through intimidation or coercion or instilling fear) -Princeton.edu

Well, one could make argument that this was a decision to commit suicide in a very public way (crashing planes into buildings is certainly an attention getter), to further his views as outlined in the manifesto he wrote, or that this was an attempt to incite some sort of movement by his actions. Regardless, there was an attempt to incite fear. The deliberate use of an airplane as the method of attack, along with the parallels it invokes, are no accident. These characteristics place this as, albeit minor given the no reported deaths, an act of domestic terrorism.

“I am finally ready to stop this insanity. Well, Mr. Big Brother IRS man, let’s try something different; take my pound of flesh and sleep well.”
- Joseph Stack

Is the Letter a Hoax?

We do not think so. Let’s explore this a little, first looking at the whois results for this http://embeddedart.com/ web site. The person listed as the administrative contact is the same person being identified as the pilot, Joseph Stack. Further the web site was not registered recently, its been around for seven years. Finally, while we’ve been impressed with the complexity of Internet hoaxes in the past, its not easy to write a well thought out essay of 3,202 words in less than two hours.

Administrative Contact:
Stack, Joe dns.5.sgmail@dfgh.net
925 E Hwy 80
287
San Marcos, TX 78666
US
1.3215649879
Technical Contact:
Stack, Joe dns.5.sgmail@dfgh.net
925 E Hwy 80
287 San Marcos, TX 78666
US
1.3215649879

Registrar of Record: TUCOWS, INC.
Record last updated on 16-Sep-2006.
Record expires on 05-Jun-2010.
Record created on 05-Jun-2003.

So this does appear to be as it outwardly appears: the last essay of an American suicide bomber with a serious beef against the IRS.

A Software Engineer

Looking at the previous form of Stack’s web site, before it hosted an anti-tax manifesto, it advertised his software contracting services:

Joseph Stack Web Site

Company Mission

To advance the art of programming, one project at a time; by achieving an optimum balance between
 cost, schedule, functionality, reliability, and maintainability. 

Resume

Stack’s software experience (resume): Embedded Art – Key Environment Components.

Software Projects

Listed customer projects from Joseph Stack's web site.

Stack’s Home Location

According to his web site, his address appears to be a condominium unit:

6001 W. Parmer Ln., #370-167
Austin, TX 78727

Condo address listed on Stack's web site.

However this may be old, as another web site is reporting the address to be: 1827 Dapplegray Lane. This makes more sense when combined with the house burning video below (there is a fence/wall in both).

The address listed as Stack's on media web sites.

If this is really his house, its a nice place for a guy with tax problems:

House listed on media outlets as Joseph Stack's.

Either way, this was what the house looked like this morning:

A Wrong Reaction

So other than being a homeland security issue, why would a humble information security blog find this interesting? Well it is always interesting to us how people handle incident response.

The DHS Journal reported the following via Twitter: “Small plane crash into private office bldg in Austin, TX. Cause unknown, but no known link to terrorism.”

White House spokesman Robert Gibbs also weighed in, saying it was not an attack.

Related Posts:

• DHS Responds to Us

This morning at 11am Homeland Security Secretary Janet Napolitano addressed the nation as part of the ongoing activities around National Cybersecurity Awareness Month. This is the sixth year of this program, sponsored by the National Cyber Security Division (NCSD) of the Department of Homeland Security, in which the department advises the American people on staying safe online. This year’s theme is “Our Shared Responsibility”, reinforcing the idea that all computer users have a responsibility for protecting themselves online. The address this morning featured the ability to ask questions of the Secretary: we sent one in and Secretary Napolitano answered it.

The overall talk was very accessible, speaking directly to people on the threats faced online and the precautions people can take to protect themselves. The Secretary referenced President Obama’s remarks a few months ago including his assertion that the status quo is insufficient. She noted the DHS role in securing civilian government networks referred to by her as the “.Gov world”. She also mentioned a few DHS initiatives, including: the consolidation of external connections at federal agencies and the use of the DHS intrusion detection system referred to as EINSTEIN.

“the President challenged the nation to “seize the promise” and also “confront the perils” that technology brings.”

Janet Napolitano

After her talk, she accepted submitted questions. I will admit that I typed up a question quickly on Monday, only half thinking it would actually get answered (I apologize for my lack of faith). I probably would have thought about it a little more had I known it would be answered. That said, I tried to ask a question where the answer could provide a gauge of the Secretary’s view of how federal information security should be organized, and who should lead it. We’ve all been listening to the talk about a Cybersecurity Czar, so understanding the Secretary’s point of view on this issue would be timely.

Without further ado, here’s the question:

How serious was I about a cabinet level position? Well if you think about the primary role of the cabinet, before running large bureaucracies, it is to provide advisory to the President. Same role as a czar, an adviser to the President, except where czar’s usually hang out in pre-1900 Russia, cabinet positions have been a standard in the U.S. for about 200 years. So if Benjiman Rush, a founding father, can propose a Peace Department, I can propose the Information Assurance Department.

If I can’t get a cabinet position, I’ll settle for a single, empowered official that can lay out a strong, reasoned strategy on information assurance and the protection of critical assets (or infrastructure) for the nation. We, on the national level, at this time, appear to have some serious risks to deal with and a disjointed legislative and strategic response. This requires step 1 in every strategic plan: put someone in charge. You’re oversimplifying you might counter. All strategic plans that have a chance of working put someone in charge, someone to be accountable for moving from the ‘as is’ state that is the status quo to the ‘to be’ state that leader outlines as required. Someone with a real understanding of the threats faced in cyberspace. Ideally someone who knows what he or she is doing would be great, but we won’t get greedy.

Here is what Secretary Napolitano had to say:

A fair answer, and it ‘got me’ on confusing information technology with information security. I should have been more clear with that in the question I asked, security is not exclusively a technology problem, and in this case I definitely don’t think the security official should report through the government’s CIO (chief information officer), Vivek Kundra or any other technology department. Like any other organization, sometimes it works to have a chief information security officer (CISO) report to the CIO and sometimes the CISO should report to someone else. I don’t think reporting to the CIO would work in this case. The CIO position is below that of chairman of the Office of Management and Budget (OMB) which does not provide the direct high level access required. Further the OMB does not have the historical role with cybersecurity that DHS and other entities have had. Finally the Federal Chief Information Officer role is best served being countered by a strong security representative, such that the transparency and related initiatives underway are properly vetted.

I was willing to combine security with technology if it got that cabinet position created. If not, forget it. :)

The answer gets a little confused in the middle. The Secretary starts by stating that information security runs through everything in government, therefore it can not be siloed out and every department must have “cyber” in their thinking or planning. But then she points out that the President has appointed central leaders for technology and looks to appoint one for “cyber” (assumed to be information security).

The use of technology does permeate every department. Understanding information security and taking safeguards to protect critical assets is the responsibility of every department. But overall strategic direction, standardization, central monitoring, organized procurement, and many other aspects of information security management will not happen without centralized leadership. Accountability is lost without an empowered national leader for information assurance.

The Secretary seems to acknowledge this dichotomy in her response. I encourage you to review the full speech:

• Full transcript of the Secretary’s remarks: Transcript
• The video of the remarks: Securing America Against the Threat of Cyber Attack

Also, who else is ready to retire the term “cybersecurity” in favor of something else (information assurance maybe)?

Update

Dark Reading posted an interesting synopsis of the response to my question: DHS Secretary Says Cabinet-Level IT Position Unnecessary

Related Posts:

• Was the Austin Plane Crash Domestic Terrorism?