Forwarded From: Meehan Gregory <gregory.meehan@croughton.af.mil>
Defense News September 28-October 4, 1998
Hackers Take Offense At Pentagon Defense
Experts say DoD response treads fine legal line
By George I. Seffers, Defense News Staff Writer
WASHINGTON-- Hackers calling themselves the Electronic Disruption Theater
allege the Pentagon used illegal offensive information warfare
techniques-- a charge DoD officials deny-- to thwart the group's recent
computer attack. At issue is whether in fighting back against hackers, the
Pentagon crossed the line into so-called offensive information warfare,
and perhaps violated U.S. laws that prohibit anyone from covertly
accessing another's computer. The issue of computer crimes, however, is
highly controversial because U.S. legislation and laws have not kept up
with the capabilities of computer technology.
The hackers' claim involves a Sept. 9 attack against DefenseLink, DoD's
primary public information Internet site. With advance knowledge of the
attack, the hackers charge DoD officials set up a cyber ambush that
automatically shut down the Internet browsers of anyone logging onto the
hackers' site to participate in the attack.
Such an action, some experts say, crosses the line between offense and
defense and may have been illegal. If classified as an offensive warfare
action, it would be a public first for the DoD.
"When you ask if this is an offensive information warfare weapon, the
answer, to me, would definitely be a 'yes,'" Robert Clyde, an executive at
Axent Technologies Inc., an information security company based in
Rockville, Md., said Sept. 17.
"Any time your response is to attempt to attack back to cause a disruption
of service or disrupt the system that did it, that kind of strike back
would be an offensive information warfare response."
A better alternative, he said, would be for the Pentagon to stick to
strictly defensive means, such as blocking or slowing down the information
requests. The purely defensive option, he said, "is legally cleaner."
Susan Hansen, Pentagon spokeswoman, acknowledged Sept. 15 the Defense
Technology Information Center, which supports the DefenseLink Web site
launched an effective counter-measure, but would not comment on the exact
method used.
"Our support staff that controls DefenseLink was able to take appropriate
countermeasures," she said. "I can't tell you what those countermeasures
were because obviously this group plans future attacks, and we don't tip
our hand."
Hansen also said the DefenseLink site is adequately protected, and
Pentagon officials believe the protective measures taken are defensive in
nature and legal.
Kurt Mulholm, Defense Technical Information Center a dministrator,
deferred all questions to Hansen.
Stefan Wray, one of the hackers involved, said Sept. 18 the Pentagon's
countermeasures are a form of offensive information warfare and that it
may mark a dramatic change in Pentagon procedure.
"My guess is that this particular assault marks a historical moment ...
one that we are a part of," Wray told Defense News via electronic mail.
He also said he is not worried about the potential illegalities of his own
group's actions. "What would the charge be? Refreshing Web sites? I'm not
worried at the moment."
Wray is a doctoral student and an instructor at New York University.
University leadership, he said, has informed him the Electronic Disruption
Theater must remove its Web site from the university network.
Dan Kuehl, professor of information at the National Defense University,
disagreed Sept. 17 that the alleged Pentagon action is an act of offensive
information warfare because it was done to defend one of its own servers.
However, Peter Adler, a partner and computer law expert at Oppenheimer,
Wolff, Donnelly and Bayh, a Minneapolis law firm, said computer crime laws
have not kept up with technical capabilities. He noted, however, that the
Pentagon's alleged move may have violated the "Computer Fraud and Abuse"
act.
The hacker group, which supports Mexican Zapatista rebels, attacked the
Pentagon server to protest the United States "supplying Mexico with
sophisticated computer based communication technology and weaponry," in
the guise of drug traffic control, Wray told Defense News
Sept. 17. The group refers to the attempt as an act of electronic civil
disobedience, the cyberspace equivalent of a civil protest.
"Attack may be too severe a term in this case. A better word may be
protest," Wray said.
The hackers used a computer mini-application, called an applet, that was
written in Java, a flexible, easy-to-use computer language that is the
basic building block of most Web sites. The applet, called FloodNet,
essentially set up participants' computers to dial and redial DefenseLink.
The sheer volume of requests was intended to shut down the server
supporting DefenseLink.
The attacks were largely unsuccessful, however, because the group posted
its intentions on the Internet. The announcement allowed DoD to counter
the protest, experts said.
"If they hadn't told the Pentagon what they were doing, or if the Pentagon
hadn't been listening, [the hackers] certainly would have been successful.
They definitely would have gotten where they wanted to go," Penny Leavy,
government vice president of worldwide marketing and business development
at Finjan Inc., Santa Clara, Calif., said Sept. 16. Finjan provides
software protection against applet attacks.
But according to Wray, the Pentagon fought back with an applet of its own.
He said the Pentagon placed on its Web site a Java applet named Hostile
Applet that was activated whenever Flood-Net was directed there. The
Hostile Applet, Wray explained, shut down the targeted browsers.
"The Computer Fraud and Abuse law definitely states that unauthorized
access is a criminal act," Adler said. "If [the applet] is going from the
Pentagon server onto someone else's computer, that sounds on the face of
it like it's against the law."
But like most other experts, he stressed that U.S. laws are not clear, and
thus it would be hard to bring any legal action against the Pentagon.
Regardless of legality, the Pentagon's countermeasure worked.
"In this instance we must concede that, on a technical level the Pentagon
countermeasures were successful," Wray said.
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Mon Oct 5 08:50:56 1998