[ISN] Fed offices gird against hackers

From: William Knowles (erehwonat_private)
Date: Tue May 19 1998 - 11:26:41 PDT

  • Next message: mea culpa: "[ISN] ACLU suffers hack on AOL"

    Sen. Fred Thompson should know a thing or two about hackers 
    breaking into air-traffic control systems.  When he was still
    an actor, He played an air-traffic controller in DieHard II 
    which evil mercenary hacker types took over a DC airport in the
    middle of Christmas rush.
    
    William Knowles
    erehwonat_private
      
    
    WASHINGTON (Christian Science Monitor) [May 19, 1998] 
    What if hackers broke into the Social Security Administration's 
    computers and scrambled the names and addresses of those receiving 
    benefits? What if antinuclear protesters - or worse, a hostile 
    nation - breached Energy Department computers and discovered 
    the transportation route of nuclear material?
    
    For years, Washington has put the security of top-secret Pentagon
    computers above that of lower-profile civilian agencies that 
    quietly process workaday data, such as pork-belly prices, 
    national classroom scores, and personal information on welfare 
    recipients.
     
    But Washington is increasingly aware that in the information age, 
    any government entity can be the target of computer hackers, from
    ankle-biting amateurs to experienced experts, who use their skills 
    for wide-ranging reasons.
    
    The result: Federal authorities are launching a counterattack 
    on several fronts. A national cybercop has been named to combat 
    computer crimes.
     
    And starting today, Congress is holding two days of hearings 
    aimed at investigating the government's computer weaknesses, 
    while raising awareness about the danger hackers pose.
    
    "Threats to our federal computer systems could make flying an 
    airplane a game of Russian roulette - and could seriously 
    jeopardize our national security," warns Sen. Fred Thompson (R) 
    of Tennessee who will chair the hearings in the Governmental 
    Affairs Committee.
    
    To better understand the mind-set of the hacker -from the teenage
    thrill seeker to the terrorist nation bent on breaking into 
    government systems - the panel will hear from testimony from 
    "Brian Oblivion" and "Space Rogue," members of L0PHT Heavy Industries, 
    a self described "hacker think tank" in Boston.
    
    The Senate hearings will also highlight two General Accounting 
    Office reports set for release Wednesday examining federal 
    weaknesses and how to best protect against attack.
    
    A key goal of the federal effort is to head off what is described 
    as "the big one" - an attack that would be the cyber-equivalent of 
    an Oklahoma City bombing. While not detonating in the physical world,
    experts say it could wreak an equal amount of havoc.
    
    "It is vital that you openly understand and acknowledge the
    pervasiveness of the existing vulnerabilities ... and the 
    likelihood that they are getting worse," warns Peter Neumann, 
    the principal scientist at SRI International in Menlo Park, Calif. 
    He is the lead witness at this week's hearings.
    
    Details are already emerging of a federal system often besieged. 
    The Justice Department, Commerce Department, and NASA have all 
    been breached. Sometimes the intrusions involve simply vandalizing
    a home page. Sometimes they are far more serious.
    
    Already, investigators have a hint of the possibilities.
    
    Last year, for instance, a teenage hacker shut down telephone links 
    to the regional airport in Worcester, Mass., for six hours.
    
    Controllers were left to guide incoming planes with one cellular 
    phone and battery-powered radios. The boy is now serving two years'
    probation.
    
    And hackers have disabled 911 emergency systems in several 
    different areas of the country.
    
    The evolution of the information age and ever-better skills of 
    "bad actors," as hackers are called, creates a problem that one 
    official says "snuck up" on the government.
    
    "The Social Security Administration is in the business of
    administering benefits. In the past they haven't been in the 
    business of building secure systems to secure their data," says 
    Joseph Portale, director of the information security services 
    practice at The Investigative Group International in Washington.
    
    As the government moves to secure itself system by system, authorities
    admit they don't know the scope of the hacking problem against federal
    agencies. Nor do they know how often federal computers are infiltrated
    or how much data is compromised.
    
    "One of the characteristics of this whole new area is trying to get
    our arms around what the threat is," says Ken Geide, director of
    computer protection at the newly formed National Infrastructure
    Protection Center.
    
    Mr. Geide is the nation's first top cop for cyberspace. 
    "Information systems are embedded in every service our 
    nation has come to expect," he explains.
    
    Part of what will put a stop to hackers, says Geide, is a change 
    in the reluctance of infiltrated agencies to admit they were 
    breached. Such reluctance often stems from fear of exposing the 
    weakness to the hacker community that could encourage others.
    
    Geide says there's a new push to encourage immediate notification 
    of authorities once penetration is detected. With the trail still 
    warm, investigators can better track down the hackers.
    
    
    == 
    There's a compelling reason to master information & news.
    Clearly there will be better job and financial opportunites.
    Other high stakes will be missed by people if they don't
    master and connect information.  --  Everette Dennis
    ==
    http://www.dis.org/erehwon/
    
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:53:37 PDT