Forwarded From: Meehan Gregory <gregory.meehant_private> Defense News September 28-October 4, 1998 Hackers Take Offense At Pentagon Defense Experts say DoD response treads fine legal line By George I. Seffers, Defense News Staff Writer WASHINGTON-- Hackers calling themselves the Electronic Disruption Theater allege the Pentagon used illegal offensive information warfare techniques-- a charge DoD officials deny-- to thwart the group's recent computer attack. At issue is whether in fighting back against hackers, the Pentagon crossed the line into so-called offensive information warfare, and perhaps violated U.S. laws that prohibit anyone from covertly accessing another's computer. The issue of computer crimes, however, is highly controversial because U.S. legislation and laws have not kept up with the capabilities of computer technology. The hackers' claim involves a Sept. 9 attack against DefenseLink, DoD's primary public information Internet site. With advance knowledge of the attack, the hackers charge DoD officials set up a cyber ambush that automatically shut down the Internet browsers of anyone logging onto the hackers' site to participate in the attack. Such an action, some experts say, crosses the line between offense and defense and may have been illegal. If classified as an offensive warfare action, it would be a public first for the DoD. "When you ask if this is an offensive information warfare weapon, the answer, to me, would definitely be a 'yes,'" Robert Clyde, an executive at Axent Technologies Inc., an information security company based in Rockville, Md., said Sept. 17. "Any time your response is to attempt to attack back to cause a disruption of service or disrupt the system that did it, that kind of strike back would be an offensive information warfare response." A better alternative, he said, would be for the Pentagon to stick to strictly defensive means, such as blocking or slowing down the information requests. The purely defensive option, he said, "is legally cleaner." Susan Hansen, Pentagon spokeswoman, acknowledged Sept. 15 the Defense Technology Information Center, which supports the DefenseLink Web site launched an effective counter-measure, but would not comment on the exact method used. "Our support staff that controls DefenseLink was able to take appropriate countermeasures," she said. "I can't tell you what those countermeasures were because obviously this group plans future attacks, and we don't tip our hand." Hansen also said the DefenseLink site is adequately protected, and Pentagon officials believe the protective measures taken are defensive in nature and legal. Kurt Mulholm, Defense Technical Information Center a dministrator, deferred all questions to Hansen. Stefan Wray, one of the hackers involved, said Sept. 18 the Pentagon's countermeasures are a form of offensive information warfare and that it may mark a dramatic change in Pentagon procedure. "My guess is that this particular assault marks a historical moment ... one that we are a part of," Wray told Defense News via electronic mail. He also said he is not worried about the potential illegalities of his own group's actions. "What would the charge be? Refreshing Web sites? I'm not worried at the moment." Wray is a doctoral student and an instructor at New York University. University leadership, he said, has informed him the Electronic Disruption Theater must remove its Web site from the university network. Dan Kuehl, professor of information at the National Defense University, disagreed Sept. 17 that the alleged Pentagon action is an act of offensive information warfare because it was done to defend one of its own servers. However, Peter Adler, a partner and computer law expert at Oppenheimer, Wolff, Donnelly and Bayh, a Minneapolis law firm, said computer crime laws have not kept up with technical capabilities. He noted, however, that the Pentagon's alleged move may have violated the "Computer Fraud and Abuse" act. The hacker group, which supports Mexican Zapatista rebels, attacked the Pentagon server to protest the United States "supplying Mexico with sophisticated computer based communication technology and weaponry," in the guise of drug traffic control, Wray told Defense News Sept. 17. The group refers to the attempt as an act of electronic civil disobedience, the cyberspace equivalent of a civil protest. "Attack may be too severe a term in this case. A better word may be protest," Wray said. The hackers used a computer mini-application, called an applet, that was written in Java, a flexible, easy-to-use computer language that is the basic building block of most Web sites. The applet, called FloodNet, essentially set up participants' computers to dial and redial DefenseLink. The sheer volume of requests was intended to shut down the server supporting DefenseLink. The attacks were largely unsuccessful, however, because the group posted its intentions on the Internet. The announcement allowed DoD to counter the protest, experts said. "If they hadn't told the Pentagon what they were doing, or if the Pentagon hadn't been listening, [the hackers] certainly would have been successful. They definitely would have gotten where they wanted to go," Penny Leavy, government vice president of worldwide marketing and business development at Finjan Inc., Santa Clara, Calif., said Sept. 16. Finjan provides software protection against applet attacks. But according to Wray, the Pentagon fought back with an applet of its own. He said the Pentagon placed on its Web site a Java applet named Hostile Applet that was activated whenever Flood-Net was directed there. The Hostile Applet, Wray explained, shut down the targeted browsers. "The Computer Fraud and Abuse law definitely states that unauthorized access is a criminal act," Adler said. "If [the applet] is going from the Pentagon server onto someone else's computer, that sounds on the face of it like it's against the law." But like most other experts, he stressed that U.S. laws are not clear, and thus it would be hard to bring any legal action against the Pentagon. Regardless of legality, the Pentagon's countermeasure worked. "In this instance we must concede that, on a technical level the Pentagon countermeasures were successful," Wray said. -o- Subscribe: mail majordomot_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:06:09 PDT