[ISN] Hackers Take Offense at Pentagon Defense

From: mea culpa (jerichot_private)
Date: Sun Oct 04 1998 - 18:15:23 PDT

  • Next message: mea culpa: "[ISN] AAFID released by COAST"

    Forwarded From: Meehan Gregory <gregory.meehant_private>
    
    Defense News September 28-October 4, 1998
    
    Hackers Take Offense At Pentagon Defense 
    Experts say DoD response treads fine legal line 
    
    By George I. Seffers, Defense News Staff Writer 
    
    WASHINGTON-- Hackers calling themselves the Electronic Disruption Theater
    allege the Pentagon used illegal offensive information warfare
    techniques-- a charge DoD officials deny-- to thwart the group's recent
    computer attack. At issue is whether in fighting back against hackers, the
    Pentagon crossed the line into so-called offensive information warfare,
    and perhaps violated U.S. laws that prohibit anyone from covertly
    accessing another's computer. The issue of computer crimes, however, is
    highly controversial because U.S. legislation and laws have not kept up
    with the capabilities of computer technology. 
    
    The hackers' claim involves a Sept. 9 attack against DefenseLink, DoD's
    primary public information Internet site. With advance knowledge of the
    attack, the hackers charge DoD officials set up a cyber ambush that
    automatically shut down the Internet browsers of anyone logging onto the
    hackers' site to participate in the attack.
    
    Such an action, some experts say, crosses the line between offense and
    defense and may have been illegal. If classified as an offensive warfare
    action, it would be a public first for the DoD.
    
    "When you ask if this is an offensive information warfare weapon, the
    answer, to me, would definitely be a 'yes,'" Robert Clyde, an executive at
    Axent Technologies Inc., an information security company based in
    Rockville, Md., said Sept. 17.
    
    "Any time your response is to attempt to attack back to cause a disruption
    of service or disrupt the system that did it, that kind of strike back
    would be an offensive information warfare response."
    
    A better alternative, he said, would be for the Pentagon to stick to
    strictly defensive means, such as blocking or slowing down the information
    requests. The purely defensive option, he said, "is legally cleaner."
    
    Susan Hansen, Pentagon spokeswoman, acknowledged Sept. 15 the Defense
    Technology Information Center, which supports the DefenseLink Web site
    launched an effective counter-measure, but would not comment on the exact
    method used.
    
    "Our support staff that controls DefenseLink was able to take appropriate
    countermeasures," she said. "I can't tell you what those countermeasures
    were because obviously this group plans future attacks, and we don't tip
    our hand."
    
    Hansen also said the DefenseLink site is adequately protected, and
    Pentagon officials believe the protective measures taken are defensive in
    nature and legal.
    
    Kurt Mulholm, Defense Technical Information Center a dministrator,
    deferred all questions to Hansen.
    
    Stefan Wray, one of the hackers involved, said Sept. 18 the Pentagon's
    countermeasures are a form of offensive information warfare and that it
    may mark a dramatic change in Pentagon procedure.
    
    "My guess is that this particular assault marks a historical moment ...
    one that we are a part of," Wray told Defense News via electronic mail.
    
    He also said he is not worried about the potential illegalities of his own
    group's actions. "What would the charge be? Refreshing Web sites? I'm not
    worried at the moment."
    
    Wray is a doctoral student and an instructor at New York University. 
    University leadership, he said, has informed him the Electronic Disruption
    Theater must remove its Web site from the university network.
    
    Dan Kuehl, professor of information at the National Defense University,
    disagreed Sept. 17 that the alleged Pentagon action is an act of offensive
    information warfare because it was done to defend one of its own servers.
    
    However, Peter Adler, a partner and computer law expert at Oppenheimer,
    Wolff, Donnelly and Bayh, a Minneapolis law firm, said computer crime laws
    have not kept up with technical capabilities. He noted, however, that the
    Pentagon's alleged move may have violated the "Computer Fraud and Abuse"
    act.
    
    The hacker group, which supports Mexican Zapatista rebels, attacked the
    Pentagon server to protest the United States "supplying Mexico with
    sophisticated computer based communication technology and weaponry," in
    the guise of drug traffic control, Wray told Defense News
    
    Sept. 17. The group refers to the attempt as an act of electronic civil
    disobedience, the cyberspace equivalent of a civil protest.
    
    "Attack may be too severe a term in this case. A better word may be
    protest," Wray said.
    
    The hackers used a computer mini-application, called an applet, that was
    written in Java, a flexible, easy-to-use computer language that is the
    basic building block of most Web sites. The applet, called FloodNet,
    essentially set up participants' computers to dial and redial DefenseLink. 
    
    The sheer volume of requests was intended to shut down the server
    supporting DefenseLink.
    
    The attacks were largely unsuccessful, however, because the group posted
    its intentions on the Internet. The announcement allowed DoD to counter
    the protest, experts said.
    
    "If they hadn't told the Pentagon what they were doing, or if the Pentagon
    hadn't been listening, [the hackers] certainly would have been successful.
    They definitely would have gotten where they wanted to go,"  Penny Leavy,
    government vice president of worldwide marketing and business development
    at Finjan Inc., Santa Clara, Calif., said Sept. 16. Finjan provides
    software protection against applet attacks. 
    
    But according to Wray, the Pentagon fought back with an applet of its own. 
    He said the Pentagon placed on its Web site a Java applet named Hostile
    Applet that was activated whenever Flood-Net was directed there. The
    Hostile Applet, Wray explained, shut down the targeted browsers. 
    
    "The Computer Fraud and Abuse law definitely states that unauthorized
    access is a criminal act," Adler said. "If [the applet] is going from the
    Pentagon server onto someone else's computer, that sounds on the face of
    it like it's against the law."
    
    But like most other experts, he stressed that U.S. laws are not clear, and
    thus it would be hard to bring any legal action against the Pentagon.
    
    Regardless of legality, the Pentagon's countermeasure worked. 
    
    "In this instance we must concede that, on a technical level the Pentagon
    countermeasures were successful," Wray said. 
    
    
    -o-
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:06:09 PDT