Forwarded From: darek milewski <darekm@cmeasures.com>
http://www.zdnet.com/filters/printerfriendly/0,6061,2220773-2,00.html
Pentagon and hackers in 'cyberwar'
By Jim Miklaszewski and Robert Windrem, MSNBC
March 5, 1999 5:17 AM PT
URL: http://www.zdnet.com/zdnn/stories/news/0,4586,2220773,00.html
WASHINGTON, D.C. -- The Pentagon has been warning about a future computer
war. Well, the future is now, and the war is on.
For two days in January, hackers repeatedly tapped into military computers
at Kelly Air Force Base in San Antonio -- the center for the most
sensitive Air Force intelligence, the kind of information critical to
American troops now on patrol over Iraq and in Bosnia.
NBC News has learned the attack was a sophisticated, coordinated assault
through computer networks in Canada, Norway and Thailand.
The hackers didn't receive top secrets but the Pentagon's No. 2 man,
Deputy Secretary of Defense John Hamre, says the United States is
essentially engaged in an all-out cyberwar.
"The department is experiencing fairly sophisticated challenges right
now," said Hamre.
For the past several months, so-called cyberterrorists, operating from as
many as 15 locations worldwide, have launched a series of coordinated
attacks on Pentagon computers -- as many as 100 per day.
The attackers remain unidentified and since anyone with a computer is a
potential enemy, experts warn the United States military is vulnerable to
a sneak attack.
"It's not a matter of if America has an electronic Pearl Harbor -- it's a
matter of when," said Rep. Curtis Weldon, R-Penn.
At Kelly, the hackers were trying to enter a server that controls a number
of sensitive computers at the base and other bases in the San Antonio
area.
Among the computers targeted were those of the Air Intelligence Agency,
the Air Force Information Warfare Center and a Joint Chiefs of Staff
command-and-control operation. Officials said it was the most
sophisticated attack yet on Pentagon computers.
"What is clear is that the attacks were coordinated," said Steven
Northcutt, head of the intrusion center at the U.S. Naval Surface Warfare
Center in Virginia, which tracked the assault. "But exactly how many
people are driving it is not clear."
FBI called in for help
The attack so worried the Pentagon that it called in the FBI, which has
launched a criminal investigation.
Officials said the attacks were coordinated to increase the "stealth and
firepower" of the perpetrators and were "difficult to detect" because they
were planted in "a large volume of identical traffic that is too massive
to process without specialized techniques."
A copy of the Navy's briefing on the attacks, called 'Internet Threat
Briefing -- Stealth and Coordinated Probes and Attacks,' shows an
"evolution of the cat-and-mouse game hackers and administrators play,"
said Peter Durham, MSNBC's network security analyst.
"This is a new strategy, not a new weapon," said Durham, who reviewed the
briefing. "Each attack is a regular, familiar kind of attack. What is
different is the way it's being executed."
Durham said what distinguishes this attack is that it came from a number
of different, unrelated locations, which makes tracking it difficult.
Making some progress
But the military is making some progress. New technology developed by the
Navy did detect the attacks on Kelly Air Force Base, but failed to find
the hackers themselves. Several experts said such an attack wouldn't have
even been detected at all a few months ago but the government has been
quietly setting up cyberwar early-warning operations at the Pentagon, CIA
and the National Security Agency over the past year.
In a speech last November, National Security Council Terrorism Coordinator
Richard Clarke said Department of Defense Web sites are being visited
regularly by foreign governments.
U.S. officials said none of these nations is believed to have aggressive
plans and attribute their 'pinging' of sensitive systems to an extension
of their economic espionage activities.
In speeches and interviews, Clarke has been unsparing in his declarations
of the threat. He told The New York Times in a recent interview: "I'm
talking about people shutting down a city's electricity, shutting down 911
systems, shutting down telephone networks and transportation systems. You
black out a city, people die. Black out lots of cities, lots of people
die. It's as bad as being attacked by bombs."
"An attack on American cyberspace is an attack on the United States, just
as much as a landing on New Jersey," he said. "The notion that we could
respond with military force against a cyberattack has to be accepted."
President Bill Clinton recently proposed spending $1.5 billion in fiscal
2000 to shore up the nation's defenses against cyberterrorism.
France and Israel cited
Specifics on the threat are hard to come by, say experts. One of the few
instances where the United States has in any way detailed the threat came
last week after Hamre described the Kelly Air Force Base attack before
Weldon's committee. Afterward, Weldon described what Hamre told the
committee as a "siege by a coordinated, organized attack."
Sources tell NBC News that a top-secret intelligence document written in
1996 identified Israel and France as trying to penetrate sensitive U.S.
government and commercial computers.
"French and Israeli attempts were noted" in the report, a source familiar
with the document said. A second source in the U.S. government confirmed
the two countries' attempts.
This effort is reportedly centered in two places inside the U.S.
intelligence community. One is the Critical Technologies Branch of the
CIA's Office of Science and Weapons Research. The other is the Infowar
Support Center, also known as G42, at the National Security Agency.
Both are involved in the American effort to have cyberweapons available to
retaliate against an enemy who goes after U.S. systems or to use these
weapons to disable enemy defenses in a war.
Pentagon officials insist the military's deepest secrets are still safe,
but they admit that as these computer terrorists become more
sophisticated, this is one war that's getting tougher to fight.
Jim Miklaszewski covers the Pentagon for NBC News and Robert Windrem is an
investigative producer specializing in the U.S. military. --
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
Received on Thu Mar 11 17:31:27 1999