[ISN] Have Crackers Found Military's Achilles Heel? (disa/dem)

From: jerichot_private
Date: Tue Apr 21 1998 - 16:45:57 PDT

  • Next message: jerichot_private: "[ISN] Hands-On Web Security Course Announced By Learning Tree"

    Forwarded From: netmask <netmaskt_private>
    Have Crackers Found Military's Achilles Heel?
    By: James Glave
    In what may be one of the first demonstrations of the potential of cyber
    warfare, an international cracking group claims it has stolen a suite of
    programs used to run classified US military networks and satellites.
    The group, calling itself Masters of Downloading, or MOD, said in a
    statement that it had stolen the software -- the Defense Information
    Systems Network Equipment Manager (DEM) -- from the Defense Information
    Systems Agency, the branch of the Defense Department in charge of
    classified computer networks. 
    "This may help you to realize the reality of the threat of information
    warfare against the United States of America, as well as the DEM
    software's obvious value to global organizations and individuals," said
    the statement, which was supplied to Wired News by an anonymous
    representative of the group.
    The statement detailed the capabilities of the DEM software, and was
    accompanied by a number of image files that depicted the program's
    interfaces. The software's authenticity was confirmed by John Vranesevich
    of the computer security site AntiOnline. Vranesevich said he obtained a
    copy from MOD last Thursday and tested it after first unplugging his
    computer from the Internet. 
    Vranesevich, who has tracked the computer underground for five years, said
    that the theft of a classified network control program pointed to a threat
    far more serious than the routine Web server intrusions of recent months. 
    "This is one of the first times we've seen a group of hackers whose goal
    was not to commit acts of Internet graffiti by defacing low-security Web
    pages, but [instead] to actually target, plan, and retrieve software
    suites designed for military use," said Vranesevich.
    Last month, Vranesevich was the first to interview Ehud Tenebaum, the
    Israeli teen at the center of a federal investigation into widespread
    attacks on US military computer systems. But those attacks pale in
    comparison, he says.
    "[The deliberate theft of classified software] puts this group on a whole
    other playing field,"  said Vranesevich, who added that the group is
    comprised of 15 individuals, including eight Americans, five Britons, and
    two Russians. The group is not affiliated with Tenebaum, known as the
    MOD said that the software is used to remotely monitor and manage military
    computer-related equipment, including routers, repeaters, switches,
    military communication networks, and GPS satellites and receivers. The
    suite's top-level interface is designed to "manage all the
    computer-related equipment used by the United States military," the
    statement read.
    With the DEM software, the group claims, the entire Defense Information
    Systems Network could be shut down for a period of time. "This is
    definitely not a good thing for the United States military, as they depend
    heavily on their computer systems and networks to quickly share data and
    information from anywhere in the world," the statement said.
    MOD went into detail over two particular software components, one of which
    allows a user with access to monitor or shut down T1 links used by the
    military. The other program concerns Global Positioning System satellites,
    which are used to establish precise coordinates for weapons targeting and
    the navigation of commercial aircraft.
    "Although the DEM software cannot be used to send data to the GPS
    satellites, it can be used to track the satellites and pinpoint their
    exact whereabouts, as well as the frequency ranges they use and other
    operational information," said the MOD statement.
    MOD claims it first obtained the software in October 1997 but did nothing
    with it at first, to be sure that they were not being tracked.
    Although the Defense Information Systems Agency public affairs office
    declined to comment, a mission statement on the agency's Web site
    clarifies its role within the Department of Defense:  "DISA will be the
    preeminent provider of information systems delivery support to our
    warfighters and others as required by the DoD, under all conditions of
    Peace and War." 
    MOD members were not immediately available for comment, either, but in an
    interview with Vranesevich last Friday, group members said their
    intentions were not hostile.
    "We have the power to do so, but at this time we have no intentions to
    launch such a [military] attack," a member told Vranesevich. Another
    member also told Vranesevich that he had obtained a separate piece of
    software used to communicate with submarines.
    Gene Spafford, director of the computer security research center COAST,
    said that the intrusion, if true, didn't surprise him.
    "I don't think anyone who is familiar with government security has ever
    believed it to be as secure as claimed," Spafford said.
    Spafford added that he was not familiar with DISA systems, but that any
    distributed system is vulnerable, and that many government systems are
    configured "for convenience and not need." 
    The group claimed that they stole the software from a Windows NT server at
    DISA, and that about 30 individuals worldwide presently have copies.
    "When you have a system that is distributed such that others can
    manipulate it, you open it up to not just security problems but also
    erroneous operations," Spafford said. "[You get] people who don't have
    training and [you get] accidents. It is a standard systems design
    In an interview with Vranesevich, the group offered some network security
    advice for the US government.
    "It's simple: take all [classified] military systems off the Internet,
    place only [unclassified] Web servers on the Internet [and] keep the rest
    on a purely internal network," the MOD member said. 
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Dimensional Communications (www.dim.com)

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:51:05 PDT