[Moderator: This is getting ridiculous. I know we have at least a couple
.nasa.gov types on the list. Any of you care to reply to this (anonymous
is fine) and set people straight on any 'facts' of the article?]
Forwarded From: Nicholas Charles Brawn <ncb05@uow.edu.au>
Pentagon Cyber-Hackers Claim NASA Also Cracked
RTos 4/23/98 7:37 AM
By Andrew Quinn
SAN FRANCISCO (Reuters) - An international group of computer hackers
who successfully broke into the telecommunications backbone of the U.S.
military say they also stole key software programs from NASA.
The group, which calls itself the "Masters of Downloading" or MOD,
said the cyber-attack had stripped the U.S. space agency of its chief
defense against computer intrusion and would allow them "to pass undetected
through their systems."
MOD announced earlier it had broken into another sensitive site, the
Pentagon's Defense Information Systems Network (DISN), and stolen enough
information to "take control" of military satellites and other systems.
MOD, which includes at least two Russian members, said it might
consider selling the information to international terrorist groups or
foreign governments.
In Washington, the Defense Department confirmed the intrusion had
taken place but officials said the application downloaded was for
management and records-keeping rather than anything that could perform a
control function.
Susan Hansen of the Pentagon's Public Affairs office said: "The
equipment management software suite of the Defense Information System
Network is an unclassified application. It does not contain classified
information and does not perform control of classified systems."
The DISN, which one Pentagon official described as the
"telecommunications backbone" for the Defense Department, is key to a
number of military systems including the Global Positioning System (GPS)
satellite network which U.S. military planners use for everything from
missile targeting to troop movement information.
Computer expert John Vranesevich, who runs the AntiOnline website
devoted to information security issues (www.antionline.com), said Wednesday
that MOD had contacted him with new claims about a break-in at NASA.
"They have access to a lot more than they've given to me, or let me
know about," Vranesevich told Reuters.
"The materials that they've supplied to me are the bottom of the totem
pole, they are boosting their credibility with proof that they can get into
these various systems."
According to MOD, which sent Vranesevich samples of the alleged NASA
software to back up its claim, members of the group broke into system
through the Jet Propulsion Laboratory (JPL) in Pasadena, California, and
took away enough information to effectively disable any "intruder alert"
system the agency's computers might have.
Specifically, the group said it now had key pieces of the NASA
Automatic Systems Incident Response Capability (NASIRC) software package
and was able to break into NASA computer servers with impunity.
NASA had no immediate comment on the group's claims, although one
official who had seen a list of the software allegedly stolen said "it
doesn't look too alarming."
"It is pretty trivial stuff that is openly available. It doesn't look
like something a super-slick hacker would take," the official, who spoke on
condition of anonymity, said.
Vranesevich, who has conducted several online interviews with MOD
members, said they appeared both more mature and more dangerous than the
teen-age hackers who mounted a widely-publicized cyber-assault on the
Pentagon in February.
"They are much more secretive, much more careful, and much more
sophisticated," said Vranesevich, who was instrumental in tracking down the
18-year-old Israeli master-hacker known as the "Analyzer".
He said MOD members, some of whom claim to be computer security
specialists themselves, contact him with an elaborate system of passwords
and cover their tracks by routing communication through a variety of
computer systems all over the world.
REUTERS
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Dimensional Communications (www.dim.com)
Received on Thu Apr 23 17:04:40 1998