Pentagon Cyber-War Attack Mounted Through Russia
Source: ABC News
March 5, 1999
Washington - The Pentagon’s military computer systems
are being subjected to ongoing, sophisticated and organized
cyber-attacks, officials there tell ABCNEWS.
And unlike in past attacks by teenage hackers, officials
believe the latest series of strikes at defense networks may be a
concerted and coordinated effort coming from abroad.
Until now, the Defense Department had not publicly
acknowledged this latest cyber-war.
But in an interview Thursday with ABCNEWS, Deputy
Defense Secretary John Hamre, who oversees all Pentagon computer
security matters, confirmed the attacks have occurred over the last
several months and called them ’a major concern.’
"This is an ongoing law enforcement and intelligence
matter," said Hamre, who last month briefed the House Armed Services
Committee on the attacks in a classified session.
Firewalls Breached?
The investigation is looking at a pattern of attacks
that has not been seen before. Officials tell ABCNEWS there are
several matters under investigation, and it is not clear to what
extent the cyber-attacks are all linked.
Sources insist no classified networks have been
breached, but they do say attacks have been aimed at sensitive
information that may be ’locked’ behind firewalls and computer
passwords.
Officials believe some of the most sophisticated attacks
are coming from Russia. Federal investigators are detecting probes and
attacks on U.S. military research and technology systems - including
the nuclear weapons laboratories run by the Department of Energy.
What is not clear, however, is whether the attacks are
coming directly from Russia or whether the probes are coming from
other countries that are simply routing through Russian computer
addresses to disguise their origin.
Initial indications are that, wherever the probes and
attacks are originating abroad, they are not from individuals. But
U.S. officials say they would treat any Russian threat similarly
whether it comes from the government, industry or high-technology
interests.
A Russian Gateway for Espionage
The U.S. National Counterintelligence Center, or NACIC,
which monitors espionage activities worldwide, has been tracking the
threats posed by lack of official security systems on Russian computer
networks for some time. A September 1998 NACIC report noted Kremlin
statements that foreign secret services were regularly penetrating
Russian computer networks.
U.S. officials believe, however, that there may be an
even more disturbing problem: Foreign government hackers may be
getting help from within the U.S. government.
"We are increasingly concerned about those who have
legitimate access to our networks - the trusted insider," Hamre told
the House committee in a written statement on Feb. 23. "I cannot
emphasize strongly enough the seriousness of the insider threat to our
information systems and, through those systems, to the Department’s
operations."
Senior Defense Department officials are being briefed
regularly on the investigations into the insider threat.
Congressional Concerns
Indeed, the Pentagon has quietly established a new
organization - the Joint Counterintelligence Evaluation Office - which
is tracking foreign intelligence services attempts to gain access to
critical Defense Department technologies as well as their attempts to
penetrate information infrastructure and U.S. military operations. All
of the military services are beefing up their own counterintelligence
efforts as well.
Hamre’s closed-door appearance has sparked a new round
of concerns in Congress. Pentagon computer systems are probed about 60
times a day with as many as 60 actual computer attacks each week. Many
of these are from more typical hackers, and the Defense Department has
the capability to freeze out access to government networks.
But the current situation is far more serious, according
to Congress. Rep. Curt Weldon, R-Pa., chairman of the House Armed
Services Research and Development Subcommittee, told ABCNEWS: "What
we’ve been seeing in recent months is more of what could be a
coordinated attack, that could be some attack we have not yet fully
uncovered that could be involved in a very planned effort to acquire
technology and information about our systems in a way that we have not
seen before."
Testing Security
In February 1998, Pentagon computers were attacked by
hackers in what was then characterized as one of the most serious
computer intrusions to date. A series of attacks known as ’Solar
Sunrise’ targeted Defense Department network domain name servers,
exploiting a vulnerability in the Solaris Operating System that runs
many of the computers.
The attacks were thought to be a preliminary attempt for
a widespread attack on the entire Pentagon information infrastructure.
The attacks also were especially sensitive because they came at a time
when many elements of the Defense Department’s computer network were
being used in preparation for possible military operations against
Iraq.
Subsequently, the Pentagon conducted its first
large-scale exercise designed to test the ability of the military to
respond to an information attack. The ’Eligible Receiver’ exercise
demonstrated that the Pentagon and the intelligence community had
little capability to detect or assess cyber-attacks.
Since then, the Pentagon has made several efforts to
improve network security and its ability to detect intrusions and
attacks. But while the system may be in better shape than it was last
year, officials are urgently trying to find the latest attacker and
stop the cyber-war before U.S. national security is compromised.
by Barbara Starr
http://www.abcnews.com