http://www.uniontrib.com/news/business/20020501-9999_1b1spawar.html By Bruce V. Bigelow UNION-TRIBUNE STAFF WRITER May 1, 2002 A defense contractor developing a public Web site for the Navy shut down a key computer network this week after hackers gained access to employee passwords and other user information. A Navy spokesman emphasized yesterday that no military secrets were stored on the computer server operated in Mission Valley by Booz Allen Hamilton, a consulting firm working with the Navy in San Diego. But the weekend incident was embarrassing to SPAWAR, the San Diego-based Naval command that serves as the information technology provider for the entire U.S. Navy. Booz Allen has been working closely with SPAWAR, known officially as the Space and Naval Warfare Systems Command, to develop a Web site featuring public information about SPAWAR. That Web site was subjected to a similar cyber attack on April 22, about a week before the electronic raid on Booz Allen. In each incident, Web pages were defaced, private information was disclosed and unauthorized messages claiming responsibility for the attacks were posted by "the Deceptive Duo." One message read: "We are two US Citizens that understand how sad our country's cyber-security really is . . . This situation proves that we are all still vulnerable even after 9/11." Richard Williamson, a SPAWAR spokesman, denounced those statements as insincere, saying: "These people claim that their goal is to make our network more secure. If that was true they would not have illegally broken into our machines and they would not have illegally posted information on our Web site." In the April 22 attack on SPAWAR's Web site, Williamson said the hackers found that passwords intended to give system administrators access to Web-based software were left on "default" settings. By not changing the passwords that provide access, Williamson said, "We locked the door and then essentially left the keys hanging on a nail on the doorframe." Whether that security breach was directly related to the weekend raid on Booz Allen's computer server was under investigation, Williamson said. "It is possible that they picked up something off our server, such as a name or a password," to gain access to the other system, Williamson said. Dave Karp, a manager in Booz Allen's San Diego office, said a team of the firm's own computer experts was analyzing both cyber attacks to see which files were accessed. "As you might imagine, our Web guys are scrambling," Karp said. "My Web guys have been at GQ (general quarters) for a while. This is not simple stuff." Karp said the computer server accessed by the hackers was an internal system used by Booz Allen employees to store documents and develop software for the Navy's public Web site. Documents retrieved from the system and displayed by the hackers included names, e-mail addresses and phone numbers of, and other information about 35 Booz Allen employees. One employee, who was contacted by the Union-Tribune on the cell phone number listed in one document, confirmed that the information about him was accurate. Another document listed 34 user names and passwords, presumably for Booz Allen employees to access their computers. Williamson emphasized that no classified documents were stored on the public Web servers. He said SPAWAR is often subjected to hacker attacks, which once reached 83,000 "hits" in one 24-hour period, because it represents an elite U.S. military technology command. At least some documents stored on the system, however, apparently had not been reviewed for public release. For example, a five-page memorandum that had been stored on the system was about the Navy's "Integrated Battle Force Training Process." Williamson said the memo, which was issued last year by Rear Adm. Kenneth D. Slaght, had not been reviewed for public release. In the previous raid on SPAWAR's Web site, the intruders electronically pasted several screen shots to the home page that appeared to be a flight schedule and passenger manifest for a Midwestern commuter airline's database. It also appeared that e-mail addresses and full names of some airline customers were compromised. According to one SPAWAR employee, Slaght was furious about the recent incidents. Bruce Bigelow: (619) 293-1314; firstname.lastname@example.org - ISN is currently hosted by Attrition.org To unsubscribe email email@example.com with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu May 02 2002 - 03:58:17 PDT