Sen. Fred Thompson should know a thing or two about hackers
breaking into air-traffic control systems. When he was still
an actor, He played an air-traffic controller in DieHard II
which evil mercenary hacker types took over a DC airport in the
middle of Christmas rush.
William Knowles
erehwon@dis.org
WASHINGTON (Christian Science Monitor) [May 19, 1998]
What if hackers broke into the Social Security Administration's
computers and scrambled the names and addresses of those receiving
benefits? What if antinuclear protesters - or worse, a hostile
nation - breached Energy Department computers and discovered
the transportation route of nuclear material?
For years, Washington has put the security of top-secret Pentagon
computers above that of lower-profile civilian agencies that
quietly process workaday data, such as pork-belly prices,
national classroom scores, and personal information on welfare
recipients.
But Washington is increasingly aware that in the information age,
any government entity can be the target of computer hackers, from
ankle-biting amateurs to experienced experts, who use their skills
for wide-ranging reasons.
The result: Federal authorities are launching a counterattack
on several fronts. A national cybercop has been named to combat
computer crimes.
And starting today, Congress is holding two days of hearings
aimed at investigating the government's computer weaknesses,
while raising awareness about the danger hackers pose.
"Threats to our federal computer systems could make flying an
airplane a game of Russian roulette - and could seriously
jeopardize our national security," warns Sen. Fred Thompson (R)
of Tennessee who will chair the hearings in the Governmental
Affairs Committee.
To better understand the mind-set of the hacker -from the teenage
thrill seeker to the terrorist nation bent on breaking into
government systems - the panel will hear from testimony from
"Brian Oblivion" and "Space Rogue," members of L0PHT Heavy Industries,
a self described "hacker think tank" in Boston.
The Senate hearings will also highlight two General Accounting
Office reports set for release Wednesday examining federal
weaknesses and how to best protect against attack.
A key goal of the federal effort is to head off what is described
as "the big one" - an attack that would be the cyber-equivalent of
an Oklahoma City bombing. While not detonating in the physical world,
experts say it could wreak an equal amount of havoc.
"It is vital that you openly understand and acknowledge the
pervasiveness of the existing vulnerabilities ... and the
likelihood that they are getting worse," warns Peter Neumann,
the principal scientist at SRI International in Menlo Park, Calif.
He is the lead witness at this week's hearings.
Details are already emerging of a federal system often besieged.
The Justice Department, Commerce Department, and NASA have all
been breached. Sometimes the intrusions involve simply vandalizing
a home page. Sometimes they are far more serious.
Already, investigators have a hint of the possibilities.
Last year, for instance, a teenage hacker shut down telephone links
to the regional airport in Worcester, Mass., for six hours.
Controllers were left to guide incoming planes with one cellular
phone and battery-powered radios. The boy is now serving two years'
probation.
And hackers have disabled 911 emergency systems in several
different areas of the country.
The evolution of the information age and ever-better skills of
"bad actors," as hackers are called, creates a problem that one
official says "snuck up" on the government.
"The Social Security Administration is in the business of
administering benefits. In the past they haven't been in the
business of building secure systems to secure their data," says
Joseph Portale, director of the information security services
practice at The Investigative Group International in Washington.
As the government moves to secure itself system by system, authorities
admit they don't know the scope of the hacking problem against federal
agencies. Nor do they know how often federal computers are infiltrated
or how much data is compromised.
"One of the characteristics of this whole new area is trying to get
our arms around what the threat is," says Ken Geide, director of
computer protection at the newly formed National Infrastructure
Protection Center.
Mr. Geide is the nation's first top cop for cyberspace.
"Information systems are embedded in every service our
nation has come to expect," he explains.
Part of what will put a stop to hackers, says Geide, is a change
in the reluctance of infiltrated agencies to admit they were
breached. Such reluctance often stems from fear of exposing the
weakness to the hacker community that could encourage others.
Geide says there's a new push to encourage immediate notification
of authorities once penetration is detected. With the trail still
warm, investigators can better track down the hackers.
==
There's a compelling reason to master information & news.
Clearly there will be better job and financial opportunites.
Other high stakes will be missed by people if they don't
master and connect information. -- Everette Dennis
==
http://www.dis.org/erehwon/
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Tue May 19 18:02:12 1998