murray bent" (by way of feedback@MediaFilter.org (MediaFilter)) on Tue, 17 Feb 1998 23:09:42 +0100 (MET)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> DoD hacks up in Feb98


Gulf  tensions and hacker activity
--
MJ Bent    45 Newell Rd #209, Palo Alto, CA  94303-2733 US

Source: Defense Electronics & Electronics report
Edition: February 13, 1998
Page: 1
Title: Pentagon Looks For Answers To Massive Computer Attack
Author: Richard Lardner and Pamela Hess
DOD Confirmation: Col Richard Bridges, Pentagon

As the United States flexes its military muscle in the Persian gulf
region, Defense Department officials in Washington are scrambling to
assess the full impact of a widespread and potentially harmful attack on a
variety of DOD computers, Defense Information and Electronics Report has
learned. 

The electronic intrusions, which were detected early last week, serve as a
stark reminder that despite its warfighting prowess the nation remains
highly vulnerable to assaults on its ever-growing information
infrastructure. Although the Pentagon says it is investing heavily in
information security systems, its increasing reliance on electronic
storage and transmission of information is an Achilles' heel. At press
time, DOD was still assessing what information may have been lost or
compromised, and was also trying to determine the motivation for the
attacks. Defense sources say 11 DOD sites have been attacked -- seven of
the locations are operated by the Air Force and four by the Navy. So far,
investigators believe only systems used for processing unclassified
information were targeted. These types of computers are used to transmit
logistics data as well as pay and personnel information -- especially
crucial as DOD mobilizes troops in the Persian Gulf. A task force in the
Joint Staff's operations directorate is looking into the intrusions, and
sources say the incidents are being taken very seriously. While the
identity of the attacker or attackers is not yet known, the current
situation with Iraq has investigators eyeing countries or groups that may
have financial or political ties to Saddam Hussein. Sources tell DI&ER
that information security experts at the National Security Agency believe
the "language" used in the attacks suggests Dutch hackers could be
responsible. Allegedly, a group of Dutch hackers stole US military secrets
during the Persian Gulf war and offered them to Iraq. DI&ER has also
learned that US defense officials believe a computer system in the United
Arab Emirates served as a "waypoint" to one of the Navy computers that was
attacked. DOD does not believe the UAE was responsible for the attack,
however. Publicly, the Defense Department is saying little about the
attacks. DOD spokesman Col. Richard Bridges told DI&ER only that the
Department "has detected an increase in the level of activity against
selected DOD computer systems." DOD, he added, is taking Steps to counter
that activity and protect its information network. A spokeswoman at the
Embassy of the Netherlands said she has heard "nothing" about the recent
outbreak of electronic attacks, nor did she know anything about claims
that Dutch hackers had attempted to sell purloined US secrets to Iraq
seven years ago." I would be interested to find out." She said. 

The seven Air Force sites hit are Andrews AF Base in Maryland, Columbus AF
Base in Mississippi, Lackland and Kelly AF Bases in Texas. Gunter Annex in
Alabama, Kirtland AF Base in New Mexico, and Port Hueneme Air National
Guard weather facility in California. Ironically, the attacks at Andrews ,
Kirtland and Columbus occurred between Feb 3 and Feb 5, the first few days
of a month-long Air Force campaign aimed at improving computer security
awareness. The four Navy sites are Pearl Harbor, the Naval Academy, and
two system sin Okinawa, where the Marine Corps has a substantial presence.
Apparently, most of the attacks were concentrated on domain name servers,
which translate common website names like www.defenselink.mil into a
numeric address that a network can understand. It is possible, sources
say, that passwords to sensitive DOD networks were compromised. DOD
investigators, however, continue to accumulate new details and are not yet
sure exactly what has been jeopardized. The Defense Department's
investigation, which involves the Joint Staff, the Defense Intelligence
Agency, the Air Force Office of Special Investigations and the Naval
Criminal Investigative Service, is likely to prove more frustrating than
fruitful. Sophisticated hackers tend to "loop" through a variety of other
systems before hitting their target, so it extremely difficult to know
where the attack originated. On top of that, there are myriad legal and
political roadblocks that preclude tracing a hacker's steps. "If the
attacker is good, it's probably impossible to catch him," says Bruce
Schneier of Counterpane Systems, a Minneapolis- based computer-security
and cryptography consulting firm. On the other hand, even if the hacker is
amateurish he may be operating from a country with no computer crime laws,
leaving the victim with little recourse. It is uncertain just how often
military computer systems are attacked because DOD, like most public and
private organizations, does not want to announce such events. For
starters, it trumpets the fact military systems are vulnerable. But going
public also lets the electronic attackers know they have been discovered
and that they are probably being pursued. As a result, potential
counter-measures intended to snare the culprits may not work. Further,
publicity discussing information attacks opens DOD to claims that it is
not doing enough to protect its information systems. A recent Pentagon
report to Congress notes that DOD will spend roughly $3.6 billion between
fiscal years 1999 and 2002 on "information assurance" activities (DI&ER,
Jan 23, p3). At the same time, however, the report acknowledges
"additional investments" for information security are required. Senior
defense officials clearly recognize the infosec problem. Deputy Defense
Secretary John Hamre acknowledged in a recent Memo that DOD "has
undertaken several exercises that have confirmed our vulnerability to
computer attack in the future" (DI&ER, Jan 30, p1). Those information
warfare exercises, known as Project Eligible Receiver, showed prospective
intruders could have great Success in gaining unauthorized access to the
military's unclassified computer systems. DI&ER reported the results of
the classified exercise last summer. At an Armed Forces Communications and
Electronics Association conference this week, acting Assistant Secretary
of Defense for Command, Control, Communications and Intelligence Tony
Valletta said DOD may be overreacting to normal hacker activity. Part of
DOD's problem is that it is not necessarily the master of its own domain.
The military's iinformation infrastructure is interlocked with the
civilian information infrastructure. This can have have serious
implications, especially on the battlefield where a commander might find
he no longer controls communications availability and integrity. Further,
DOD plans to increase its use of commercial encryption products. But these
off-the-shelf products must generally conform with federal cryptographic
standards and fit within DOD's overall infosec architecture. While the
Defense Department takes steps to assess this recent electronic broadside,
the White House continues o examine a series of recommendations for
guarding against cyberattacks that were prepared by the President's
Commission on Critical Infrastructure protection. Implementation of those
recommendations, coupled with a more aggressive DOD infosec strategy
should improve the military's ability to guard its information systems.
But experts note that total protection, especially for unclassified
systems, is virtually impossible. "The issue is how much security do you
want," says Anthony Hearn, a senior information scientist at Rand Corp.
"If you never turn your computer system on, you're safe. But you have to
connect with the outside world, and when you do, there are risks." 






---
#  distributed via nettime-l : no commercial use without permission
#  <nettime> is a closed moderated mailinglist for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: majordomo@icf.de and "info nettime" in the msg body
#  URL: http://www.desk.nl/~nettime/  contact: nettime-owner@icf.de