The summer 1996 hearings by the Senate Governmental Affairs Permanent Investigations Subcommittee is focusing on the vulnerability of DOD computers. This highlighted the recently declassified story of the March-May 1994 assault by a pair of hackers against AF computers.
According to press accounts, on March 28, 1994, network administrators at Rome Air Development Center, Griffiss AFB, NY, discovered that their system had been broken into five days earlier. The Defense Information Systems Agency (DISA) sent a Computer Emer-gency Response Team (CERT) of experts to kick off an investigation that quickly spiraled. Other agencies involved in the month and a half investigation included the AFOSI, the AF Information Warfare Center, and New Scotland Yard.
The two hackers, “Datastream” and “Kuji”
* Downloaded sensitive unclassified battle-field simulation program data from RADC (the USAF’s command and control research facility);
* Compromised 100 user accounts; read, copied, and deleted e-mail from 30 different RADC systems.
* Stole all the data from the Korean Atomic Research Institute and stored it on the RADC computer, leading to fears the Koreans would think the USAF was conducting electronic espionage against them; and
* Stole a 3-4 megabyte artificial intelligence program dealing with the Air Order of Battle from Wright-Patterson AFB, OH.
Allegedly the hackers successfully compromised other systems included:
* the National Aero-Space Plane Joint Program Office at Wright-Patterson AFB, OH;
* NASA’s Goddard Space Flight Center in Greenbelt, MD, and Jet Propulsion Laboratory in Pasadena, CA;
* the Department of Energy’s Brookhaven National Laboratories in New York;
* four California and one Texas network of an aerospace industry firm; and
* SHAPE at The Hague, Netherlands.
The investigative team monitored the hackers’ activities and turned to informants to “surf the Net” for clues. The sources on the Net provided a lead on a United Kingdom hacker known as the Datastream Cowboy who liked to hack into American military systems because they were so insecure. On May 12, 1994, New Scotland Yard entered the home of Datastream, a 16 year old British boy with a 486SX-25 desktop, and arrested him. He had been making free calls by “phone phreaking,” and paid for his Internet time with a credit card number generated by a program he had downloaded from the Internet.
Datastream, the less skillful of the two hackers, had been mentored by Kuji, whom he had met only on-line. He provided many of the stolen files to Kuji, who has not yet been identified. Since Kuji has not been apprehended, authorities do not know where the stolen files were sent or how much damage was done to national security. The GAO estimated the cost to the government was over $500K, not counting the value of the stolen research data.
There is even more bad news. During 1995, DISA launched 38,000 on-line attacks to probe the defenses of DOD computers. Only 4% of the at-tacks were detected and only 27% of those were reported to the proper offices. DISA has estimated that hackers attacked Pentagon computers about 250,000 times in 1995. As many as 65% of these were successful! The National Security Agency reports that almost 120 countries can program computer attacks against the US.
More and more of our valuable information is stored on computers linked to networks. The threat against them is different from the traditional espionage case government and contractor professionals have studied for years. If a 16-year old with an old computer can do such damage, imag-ine what an industrial or international spy with years of training could do! In the future, the measures we take to understand and defend these systems may mean the difference between success and failure.
No comments:
Post a Comment