[ISN] Crackers Set Sights on Submarines

From: mea culpa (jerichot_private)
Date: Fri Apr 24 1998 - 14:09:07 PDT

  • Next message: mea culpa: "[ISN] Check Point Software Technologies Ltd. Reports Record First Quarter Results"

    Forwarded From: Aleph One <aleph1t_private>
    [ This is getting silly. The DoD leaves their software all over the place
      I remember a few years ago when I found an FTP site with a copy of SPI.
      SPI is a COPS like program that the DoE wrote and makes available only
      to DoE, DoD and their contractors. Search and you will find. - a1 ]
       Crackers Set Sights on Submarines
       by James Glave 
       5:02am  24.Apr.98.PDT
       The cracker group that claimed earlier this week to have stolen US
       Department of Defense networking software is gearing up to release
       another suite of sensitive programs.
       The group, called Masters of Downloading, or MOD, say that on 1 or 2
       May they will release a set of programs used to track and communicate
       with submarines.
       In an Internet relay chat interview Thursday with Wired News, a
       24-year-old Russian member of MOD said the group will release the
       submarine programs, "and more after that." He declined to identify
       himself and he would not elaborate on what the sub programs actually
       do -- stating only that "we have so much more to show you."
       "Information warfare is a very genuine threat," said the cracker, who
       claimed his group pilfered the networking software from a Windows NT
       server at the Defense Information Systems Agency (DISA).
       Yesterday, a DISA spokeswoman said that the theft of the software,
       called the Defense Information Systems Network Equipment Manager
       (DEM), in no way represented a threat to national security.
       "There is no national security risk posed by this being in the wrong
       hands," said Betsey Flood, who added that the intrusion was being
       treated as a "serious matter."
       "The software is an unclassified application, it does not contain
       classified information, and it does not perform control of classified
       systems," said Flood.
       But the MOD member said that DISA was playing down the threat.
       "The DEM may be unclassified, but the information it can give can lead
       to highly classified data being compromised," the cracker said.
       "The fact that the DEM software was fully configured makes all the
       difference -- we know the servers and networks that it connects to and
       we also had a lot of logs and generated reports from when it was run
       previously," he said.
       To prove his point, he outlined exactly how the configured software
       could be exploited.
       "We could launch the DEM program using the DISA systems as a trusted
       gateway, thus gaining very important router/repeater information about
       the DISA," he said.
       "We could then either reconfigure/shut down the equipment, or attempt
       to compromise it to change routes through systems we 'own,' then sniff
       from the owned DISA boxes," he said, describing a process of setting
       an invisible recorder to capture keystrokes or network traffic on a
       But a system administrator with the Department of the Air Force said
       that the group's claims are overblown.
       "So what if they stole a copy of the software that the Department of
       Defense uses to manage its networks. All that it shows is that the
       DOD has to pay millions to software companies for obscure software to
       manage its networks instead of buying off-the-shelf software like NT
       or Novell," said the sysadmin, who spoke on condition of anonymity.
       "If it is just a simple tracking program that says 'this sub is going
       out over here,' then it's no big deal.... But if it had operational
       information like where the subs were, or where their missiles are
       targeted -- then that's something to be concerned about," the
       administrator said.
       The MOD member said that he had been hacking for almost a decade, that
       he didn't worry about being caught, and that, as a hedge, he keeps all
       his private information cloaked with powerful 2048-bit encryption.
       Further, he said that he was browsing inside US Defense Department
       systems during the interview with Wired News.
       The hacker confirmed earlier reports that MOD did not have hostile
       intentions, and he brushed off earlier comments that the group could
       sell the sensitive software.
       "We spoke of selling it purely as an option to emphasize the DEM
       software's value when fully configured for operation with generated
       logs and reports, as the version we have comes with," he said.
       "Our goals are to demonstrate the power of 15 or so individuals over
       large organizations, through publicizing break-ins and data
       retrieved," he said.
       In February, US Attorney General Janet Reno announced that she would
       ask Congress for US$64 million to fund a new US center for fighting
       cybercrime. The National Infrastructure Protection Center would be a
       hub for a renewed counterattack on hackers around the world.
       "Janet Reno needs to stand back and take a reality check," said the
       "Any networked system cannot, and will not be entirely secure. It all
       depends how much of an element of 'human error' has been in the setup
       of the system through naiveté, etc.," he said.
       As previously reported, the US Department of Defense says it keeps
       top-secret communications on a network called SIPRNET that is
       physically disconnected from servers on the Internet.
       But MOD says they have found that is not always the case.
       "The administrative Naval Space Command systems are on the Internet
       and they contain a lot of 'interesting' data regarding weapons and
       communications technologies that are to be used by the DOD including
       energy weapons specifications," the hacker said.
       But the Air Force systems administrator remained unimpressed by the
       group's threats of potential cyberwar.
       "In the end, what does the theft of this software mean?" asked the
       administrator. "In the long run, not much. In the short term, the DOD
       will spend a few millions to tighten up computer security even more."
       "Does it affect the ability of the US military? Not at all.... even
       though the DOD likes to use computers, it's people and firepower that
       win wars. Computers only make the use of combat forces more
       effective," he said.
       Editor's Note: Because of the anonymous nature of IRC, the real-world
       identity of the MOD member in this interview could not be confirmed.
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Dimensional Communications (www.dim.com)

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:51:33 PDT