[ISN] Defense agency, Veridian to pinpoint foreign hackers

From: InfoSec News (isnat_private)
Date: Wed Aug 29 2001 - 22:40:43 PDT

  • Next message: InfoSec News: "Re: [ISN] Guard the Secrets, Then Catch the Spies"

    August 28, 2001
    WASHINGTON -- The Defense Intelligence Agency said it plans to award a
    contract to security firm Veridian to study intrusions and attacks
    against Department of Defense networks "from computers located in a
    particular foreign country." Intelligence experts said that country is
    Former intelligence officials, speaking on condition of anonymity,
    said the contract with Veridian to analyze intrusion data and produce
    a list of specific IP addresses that may pose a threat to DOD networks
    is an effort to determine the "level of activity" of China's
    information warfare program. "They want to see if they can target a
    specific country and determine if the intrusions are kids using China
    as a jumping off point or a government program," said one former
    At least 20 countries, including Russia and China, are known to be
    developing information warfare strategies that specifically target
    U.S. military and private sector data networks, according to recent
    DIA and CIA estimates. However, officials say China has been
    particularly active. The fear is that computer viruses and worms
    unleashed by foreign hackers could wreak havoc on the U.S.
    infrastructure in the event of a military conflict.
    One former official said the Energy Department witnessed a tenfold
    increase in intrusion attempts originating from China during the
    espionage investigation against Chinese-American physicist Wen Ho Lee.
    Part of the Veridian contract calls for the company to correlate
    hacking incidents with particular world events.
    The contract, which was announced Thursday, also calls for Arlington,
    Va.-based Veridian to study intrusion data from "computers that show
    evidence of being under the control of people in that country, who
    range from hackers to government personnel." Likewise, the resulting
    Veridian study must include a time line and link analysis, a list of
    DOD systems attacked, computer network functions attacked, specific
    attack methodologies found, and patterns and trends in hacker tool
    sophistication. However, officials point out that Veridian will be
    collecting the data from DOD Computer Emergency Response Teams, not
    directly from Chinese systems.
    Veridian declined to comment on the contract. However, the nature of
    the work raises questions in the minds of intelligence and industry
    experts regarding the state of government organization to combat
    cyberattacks and the risks security companies take in the market when
    they enter into such contracts. A private company that accepts a U.S.
    government security contract targeting a specific country runs a high
    risk of losing access to that country for any future business.
    "There clearly are risks if a company does much business overseas,"
    said Bill Crowell, CEO of Santa Clara, Calif.-based Cylink Corp. and a
    former director of the National Security Agency (NSA).
    Mike Higgins, CEO of Para-Protect Inc., a security firm in
    Centreville, Va., agreed that companies take big risks when they enter
    into such contracts. "This business is, more than anything else, about
    trust," said Higgins, who, as a former DIA official, helped organize
    the DIA's first incidence response center. "You're definitely staining
    yourselves for any appreciable amount of work overseas," he said,
    adding that his company's trust relationships with Fortune 500
    companies are international in nature.
    However, an interesting side question is "why is DIA doing this?" said
    Crowell, alluding to the fact that such operations have historically
    been the responsibility of the NSA. "That question gives rise to the
    whole issue of how the U.S. government is organized to deal with
    cyberattacks, both cybercrime and cyberwarfare," he said.
    Higgins also questioned the role of the DIA, which serves as a
    military intelligence support agency for the Pentagon, in contracting
    for such services, and he noted the peculiar absence of the NSA.
    "What the hell's going on here? Why isn't NSA contracting this?" asked
    Higgins. He also questioned the need for a private contractor to do
    this sort of analysis at the DIA. "We always had the capability to do
    this in-house."
    The Defense Department recorded more than 24,000 intrusions into its
    networks last year, compared with 22,144 in 1999 and 5,844 in 1998.
    However, Higgins said those figures are much lower than the number of
    attacks that actually take place. Most incidents go unreported, he
    Meanwhile, a report by the Defense Science Board released in February
    puts the cost to the U.S. economy from viruses at $1.5 trillion a
    year, or 2.5% of the gross domestic product. Chinese information
    warfare experts have recommended the use of viruses and worms as a
    means to wreak havoc on the U.S. infrastructure in the event of a
    military conflict. The increasing threat of such information warfare
    tactics caused the science board to recommend that the Pentagon shift
    its focus away from garden-variety hackers to more significant threats
    to national security.
    "Too much money and time is being spent on the lower-level threats to
    the nation's networks (e.g., hackers), and not enough on figuring out
    how to protect information systems from state and terrorist warriors
    who understand how to exploit compromised data," the board's study
    According to several former intelligence officials, the U.S.
    intelligence community is still far from developing what is known as
    the "cyberintelligence preparation of the battlefield."
    With any luck, said one official, this contract will start the process
    of including cyberintelligence in individual country studies used by
    intelligence planners.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Thu Aug 30 2001 - 00:12:40 PDT