Thanks to William Knowles <erehwon@dis.org> for this info.


Source: Defense Electronics & Electronics report
Edition: February 13, 1998
Page: 1
Title: Pentagon Looks For Answers To Massive Computer Attack
Author: Richard Lardner and Pamela Hess
DOD Confirmation: Col Richard Bridges, Pentagon

As the United States flexes its military muscle in the Persian gulf 
region, Defense Department officials in Washington are scrambling to 
assess the full impact of a widespread and potentially harmful attack 
on a variety of DOD computers, Defense Information and Electronics
Report has learned.

The electronic intrusions, which were detected early last week, serve 
as a stark reminder that despite its warfighting prowess the nation 
remains highly vulnerable to assaults on its ever-growing information
infrastructure. Although the Pentagon says it is investing heavily in 
information security systems, its increasing reliance on electronic
storage and transmission of information is an Achilles' heel. At press 
time, DOD was still assessing what information may have been
lost or compromised, and was also trying to determine the motivation 
for the attacks. Defense sources say 11 DOD sites have been attacked 
-- seven of the locations are operated by the Air Force and four by 
the Navy. So far, investigators believe only systems used for processing 
unclassified information were targeted.  These types of computers are 
used to transmit logistics data as well as pay and personnel information 
-- especially  crucial as DOD mobilizes troops in the Persian Gulf.
A task force in the Joint Staff's operations directorate is looking 
into the intrusions, and sources say the incidents are being taken very 
seriously. While the identity of the attacker or attackers is not yet
known, the current situation with Iraq has investigators eyeing
countries or groups that may have financial or political ties to 
Saddam Hussein.

Sources tell DI&ER that information security experts at the National
Security Agency believe the "language" used in the attacks suggests 
Dutch hackers could be responsible. Allegedly, a group of Dutch hackers 
stole US military secrets during the Persian Gulf war and offered them 
to Iraq.  DI&ER has also learned that US defense officials believe a 
computer system in the United Arab Emirates served as a "waypoint" to 
one of the Navy computers that was attacked. DOD does not believe the 
UAE was responsible for the attack, however.

Publicly, the Defense Department is saying little about the attacks. 
DOD spokesman Col. Richard Bridges told DI&ER only that the Department 
"has detected an increase in the level of activity against selected
DOD computer systems." DOD, he added, is taking Steps to counter that 
activity and protect its information network.  A spokeswoman at the 
Embassy of the Netherlands said she has heard "nothing" about the recent 
outbreak of electronic attacks, nor did she know anything about claims 
that Dutch hackers had attempted to sell purloined US secrets to Iraq 
seven years ago." I would be interested to find out." She said.

The seven Air Force sites hit are Andrews AF Base in Maryland, Columbus 
AF Base in Mississippi, Lackland and Kelly AF Bases in Texas. Gunter
Annex in Alabama, Kirtland AF Base in New Mexico, and Port Hueneme 
Air National Guard weather facility in California. Ironically, the 
attacks at Andrews, Kirtland and Columbus occurred between Feb 3 and 
Feb 5, the first few days of a month-long Air Force campaign aimed 
at improving computer security awareness.  The four Navy sites are 
Pearl Harbor, the Naval Academy, and two systems in Okinawa, where 
the Marine Corps has a substantial presence.  Apparently, most of 
the attacks were concentrated on domain name servers, which translate
common website names like http://www.defenselink.mil into a numeric 
address that a network can understand. It is possible, sources say, 
that passwords to sensitive DOD networks were compromised.  DOD
investigators, however, continue to accumulate new details and are 
not yet sure exactly what has been jeopardized.

The Defense Department's investigation, which involves the Joint Staff,
the Defense Intelligence Agency, the Air Force Office of Special
Investigations and the Naval Criminal Investigative Service, is likely 
to prove more frustrating than fruitful. Sophisticated hackers tend to
"loop" through a variety of other systems before hitting their target, 
so it extremely difficult to know where the attack originated.  On top 
of that, there are myriad legal and political roadblocks that preclude 
tracing a hacker's steps.  "If the attacker is good, it's probably 
impossible to catch him," says Bruce Schneier of Counterpane Systems, 
a Minneapolis-based computer-security and cryptography consulting firm. 
On the other hand, even if the hacker is amateurish he may be operating
from a country with no computer crime laws, leaving the victim with 
little recourse.

It is uncertain just how often military computer systems are attacked
because DOD, like most public and private organizations, does not want 
to announce such events. For starters, it trumpets the fact military 
systems are vulnerable. But going public also lets the electronic 
attackers know they have been discovered and that they are probably 
being pursued. As a result, potential counter-measures intended to 
snare the culprits may not work.  Further, publicity discussing
information attacks opens DOD to claims that it is not doing enough 
to protect its information systems.  A recent Pentagon report to 
Congress notes that DOD will spend roughly $3.6 billion between 
fiscal years 1999 and 2002 on "information assurance" activities 
(DI&ER, Jan 23, p3). At the same time, however, the report 
acknowledges "additional investments" for information security are
required.  Senior defense officials clearly recognize the infosec
problem.  Deputy Defense Secretary John Hamre acknowledged in a 
recent Memo that DOD "has undertaken several exercises that have
confirmed our vulnerability to computer attack in the future" 
(DI&ER, Jan 30, p1). Those information warfare exercises, known as 
Project Eligible Receiver, showed prospective intruders could have 
great Success in gaining unauthorized access to the military's 
unclassified computer systems. DI&ER reported the results of 
the classified exercise last summer.

At an Armed Forces Communications and Electronics Association 
conference this week, acting Assistant Secretary of Defense for 
Command, Control, Communications and Intelligence Tony Valletta  
said DOD may be overreacting to normal hacker activity.  Part of DOD's 
problem is that it is not necessarily the master of its own domain. 
The military's iinformation infrastructure is interlocked with the 
civilian information infrastructure.  This can have have serious
implications, especially on the battlefield where a commander might 
find he no longer controls communications availability and
integrity.  Further, DOD plans to increase its use of commercial
encryption products. But these off-the-shelf products must generally 
conform with federal cryptographic standards and fit within DOD's 
overall infosec architecture.  While the Defense Department takes 
steps to assess this recent electronic broadside, the White House
continues to examine a series of recommendations for guarding against 
cyberattacks that were prepared by the President's Commission on 
Critical Infrastructure protection. Implementation of those
recommendations, coupled with a more aggressive DOD infosec
strategy should improve the military's ability to guard its 
information systems. But experts note that total protection, 
especially for unclassified systems, is virtually impossible.  
"The issue is how much security do you want," says Anthony Hearn, 
a senior information scientist at Rand Corp. "If you never turn your
computer system on, you're safe. But you have to connect with the 
outside world, and when you do, there are risks."