Today's ISN Sponsor: Repent Security Incorporated
Could "WarGames" Really Happen?
If two California teenagers can electronically penetrate the
deep recesses of the Pentagon's computer system, could the
doomsday hacking scenario depicted in the movie ``WarGames''
really happen?
Hackers and security experts say the farfetched plot of a
teenage hacker nearly launching a nuclear war isn't too far off.
It's just a matter of time, they say, before someone hacks into
a government computer system -- even at the Pentagon -- and
stumbles across top-secret military information.
``If a couple of teenager hackers can do this in their spare
time, what's to stop the Russians, Chinese, Iranians, Iraqis and
the drug cartels from already doing the same thing?'' said Ira
Winkler, a former National Security Agency expert and author on
Internet security. ``They would have much more sophisticated
attacks and would have easily gone undetected compared to these
teenagers.''
Classified information is not supposed to be stored on
government computers. But Winkler said a smart hacker could
piece together nonclassified information to learn top-level
secrets.
And high-tech intruders who crack government systems often have
access to nonclassified but sensitive information such as the
travel schedules of military officials, the military deployment
records of Army personnel and weapons in different countries,
and missile test reports, according to hackers and Internet
security specialists.
``You come across a lot of junk, like personnel records, but
sometimes the stuff is great,'' said one hacker, who asked not
to be identified.
Winkler and others say Internet addresses bearing the suffix
``.mil'' (short for military) and ``.gov'' (government) are a
``red flag'' for hackers. ``The (addresses) might as well have a
`please hack me' sign on it,'' Winkler said. ``It's the cyber
equivalent of teenage vandalism for many.''
Many young hackers have underground Web sites or dial-up
electronic bulletin boards containing specific attack methods
directed at computer-operating systems used by government and
other organizations, said Charles Wood, a computer security
consultant in Sausalito.
Deputy Defense Secretary John Hamre said none of the Pentagon's
classified systems was penetrated by the recent spate of
hacking. ``Routinely, hackers have games that they play, and
that this could indeed be a hacker's game,'' he said.
Nonetheless, government computer break-ins ``happen all the
time,'' said Peter Shipley, a security network consultant in
Berkeley. An internal report by the General Accounting Office
estimated there were 250,000 known intrusions into government
networks in 1996.
``Military computers are some of the most poorly defended
computers on the Internet,'' said Dan Farmer, a noted Internet
security expert. ``The government has a history of poor
training, unwieldy networks and a lot of turnover in its
computer systems groups.''
Hamre said the government has purchased software to start
constructing firewalls -- software that blocks unwanted visitors
from internal computer networks -- around its unclassified
systems. ``We're taking this very seriously,'' he said.
The recent Pentagon case ``sounds like children who were trying
their best to play a fantasy game from the movie `Hackers,'''
said Clifford Stoll, the Berkeley scientist famous for exposing
a plot by KGB agents to use hackers to penetrate Lawrence
Berkeley National Laboratory. The movie involves teen hackers
who use their skills to prove they did not commit computer
crimes.
``It's a little bit like going Dumpster diving, glorified joy
riding,'' Stoll said.
For corporate America, the cyber-threat is equally daunting.
U.S. businesses said they lost at least $100 million in
computer-related thefts last year, according to a survey by the
Computer Security Institute in San Francisco. Many don't report
losses, however, because they weren't aware of a break-in or
feared bad publicity.
Hackers say some companies offer them money to filch product
designs and sensitive marketing materials from rivals. One young
computer whiz said a company offered him $500 last summer at a
computer trade show in Las Vegas to steal secrets from a
competitor's Web site. He refused.
``If I want to steal money, a computer is a much better tool
than a handgun,'' Daniel Geer, a high-tech security expert, told
a House subcommittee briefing on computer security last year.
``It would take a long time to get $10 million with a handgun.''
It didn't take Russian hackers long to pilfer $10 million from
Citibank a few years ago, in what is believed to be the largest
publicized virtual heist. The resulting fallout from the
incident caused customers to bolt from the venerable New York
company and scared other banks from admitting to
computer-related breakdowns.
The eruption of electronic burglary comes just as cyberspace is
becoming a major artery for commerce. Financial transactions
over the Internet are expected to reach nearly $300 billion by
the year 2002, according to a forthcoming White House study.
More banks, companies and the government are using technology to
outwit hackers. They use exotic-sounding technology like
firewalls and encrypted code, which scrambles information.
Others just preach greater awareness among employees.
Some companies are even turning to hackers to safeguard their
systems. Geoff Mulligan, a high-profile hacker in the 1970s, is
senior security engineer at Sun Microsystems.
``You could have all the security guards and weapons in the
world, but you're defenseless against a good hacker,'' Shipley
said.
If you wish to receive ISN directly, mail majordomo@sekurity.org with "subscribe isn".
ISN is a non-profit list designed to keep Security Professionals aware.
Received on Fri Mar 13 17:25:26 1998