[ISN] Re: Spy vs Spy (Was: Cyberspies protect the virtual business world)

From: InfoSec News (isnat_private)
Date: Tue Jun 05 2001 - 20:56:18 PDT

  • Next message: Jonathan Rickman: "Re: [ISN] Is Military Hiding Hacks?"

    Name: Lewis Z. Koch 
    Email: lzkochat_private 
    With much regret, I write to suggest that this column is replete with
    errors of fact, as well as unproven allegations.
    Here is just one paragraph in the story that needs to be corrected --I
    In 1998, the Pentagon computer system - the holiest of the holy - was
    hacked by a ring of five Israeli and three American hackers, who
    picked their target because of a shared dislike of organizations.
    Their attack was so fierce that early reports of what was later dubbed
    "Solar Sunrise" caused Rep. Curt Weldon, R-Pa., to conclude that the
    U.S. had entered a cyberwar. The perpetrators, all under the drinking
    age, were caught by a phenomenal joint American-Israeli law
    enforcement effort. No trial date has been set yet.
    First, the hack was conducted by one Israeli,not five. Only two
    Americans youths were involved not three, both of whom were
    16-year-olds from Cloverdale, California.
    Second, they had no "shared dislike of organizations" [what ever that
    Third, the "hack" was not conducted against the "Pentagon" but rather
    a computer at a military base. As I wrote in a column in this magazine
    on July 4,2001, "The hack could have been totally prevented if the
    military had only fixed the holes and vulnerabilities in its computer
    systems--holes and vulnerabilities it already knew existed...The fact
    is the military had been provided with the fixes months prior to the
    hack. It simply failed to do what it was instructed to do: fix the
    I likened this to falling asleep in guard duty, which in combat, is
    punlishable by a firing squad.
    Smetannikov writes "Their attack was so fierce that early reports of
    what was later dubbed 'Solar Sunrise" caused Rep. Curt Weldon, R-Pa to
    conclude that the U.S. had entered a cyberwar."
    The attack was not fierce. What concerned military authorities --for
    less than 36 hours -- was the possibility that the "attack" was coming
    from somewhere in the Middle East as the THREE hackers were using
    various routes to disguise where the attack was coming from and who
    was doing it.
    Rep. Weldon's hysteria aside, even the NIPC, which "celebrated" its
    indentification of the three hackers admitted "In the end, the Solar
    Sunrise invasion of military sites proved to be purely recreation."So
    much for entering a cyberwar.
    Finally, in dealing only with this one paragraph in the column, it
    fails to mention that the punishment handed out to the California
    teens was a gentle slap on the wrist and a promise that they'd never
    do it again. The single Israeli hacker"Analyzer" -- Ehud Tennenbaum
    plus four 20-year-old Israeli on lookers -- were finally identified by
    American and Israeli forces -- remain relatively unconcerned.Many,
    including Tennenbaum are considering offers from computer security
    Finally, I found it disturbing that much of the rest of the column
    relied on the allegations of Charles Neal, a 20-year veteran of the
    FBI, who reportedly investigated Kevin Mitnick (an instance where the
    FBI had to be told where to go to find Mitnick), the same Neal who
    claimes to have ended his government work with the Mafia Boy case
    (another instance of where the FBI had to be told by others who the
    hacker was and where he lived.)
    Neal now works as "vice president of cybertorrism and incident
    response at Exodus" the article tells us. Exodus is a company who
    sells security. This is its
    Exodus has the expertise to help safeguard your enterprise at every
    level. Exodus combines a team of leading technology experts and a wide
    array of leading-edge products and services to provide you with the
    tools, techniques, and knowledge you need to protect your business.
    The sad fact is that -- given the technical state of affairs --
    computer security is putting your finger in the dike to hold off a
    river of attacks well over the flood stage. Anyone claiming to be able
    to "safeguard your enterprise at every level" -- would be well advised
    to also get a "or your money back" guarantee.
    Back to "Spy Vs. Spy"
    ISN is hosted by SecurityFocus.com
    To unsubscribe email isn-unsubscribeat_private

    This archive was generated by hypermail 2b30 : Wed Jun 06 2001 - 05:58:08 PDT