Forwarded From: Aleph One <aleph1@dfw.net>
http://www.wired.com/news/news/technology/story/12915.html
US' 'Soft, Digital Underbelly'
Reuters
1:10pm 11.Jun.98.PDT
WASHINGTON -- The head of a new US cyber law-enforcement agency says a
half dozen substantial attacks have been launched against government
computer systems since February.
"A good percentage of the incidents we see ... involve [the Department
of Defense], because DOD is such a prime target for even individual
hackers who want to test their skills," said Michael Vatis, the chief
of the National Infrastructure Protection Center of the FBI. "They see
the Department of Defense as the big banana, the final exam, the
ultimate challenge to test their skills."
Vatis testified Wednesday before the Senate Judiciary Subcommittee on
Technology, Terrorism, and Government Information, which met to hear
from administration officials about the latest steps to counter
attacks on critical US computer infrastructure.
Vatis refused to elaborate on the attacks, saying pending
investigations prevented him from doing so. But Vatis did respond to
lawmakers when asked how many attacks he had witnessed since February
-- when his agency was created -- were considered "substantial" and
separate from routine hacks.
"I would say somewhere in the vicinity of a half dozen of what I would
consider substantial," he said. "Ones that we are still investigating
to determine in fact whether they are significant or whether they're
really part of the noise that exists almost everyday."
Those attacks would include breaches by the Isreali teenage cracker
known as Analyzer, who in February claimed to have gained
high-level access to as many as 400 unclassified government and
military computer systems, and an attack on other federal networks
believed to have been carried out by two teenagers whom Analyzer
claimed to have tutored.
Senators were also briefed on last year's Department of Defense
exercise, which exposed US vulnerabilities to cyber attack.
The National Infrastructure Protection Center was formed to root out
and investigate unlawful acts involving intrusions and other threats
against vital infrastructures.
Arizona Republican Senator Jon Kyl, the subcommittee chairman, said
the US should gird for a cyber attack against military computers with
the same urgency as the military prepared for more traditional
physical attacks.
"Today, because of the networked nature of our critical
infrastructures, our enemies needn't risk attacking our strong
military if they can much more easily attack our soft, digital
underbelly," Kyl said.
Last month, President Clinton signed two directives designed to
strengthen defenses against terrorism and other unconventional
threats. At the same time, working groups comprised of experts from
the public and private sectors were formed to produce a coordinated
strategy.
Administration studies showed that an attack by a foreign government,
or by domestic or foreign terrorists, could not only harm military
operations but disrupt banking and finance, cause power outages,
interrupt transportation nodes, and crash entire communications
networks.
Vatis said some of the immediate concerns include determining a
budget, creating an attack detection and warning system, determining
legal authority and legislative requirements, and devising a cohesive
intelligence collection process.
In late February, the Pentagon and FBI investigated a series of
successful efforts by crackers to obtain information from military
computers. The break-ins came at the same time US forces were being
marshaled for a possible attack on Iraq.
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Fri Jun 12 13:08:52 1998