[ISN] Hackers spur shutdown of computer server for Navy

From: InfoSec News (isnat_private)
Date: Thu May 02 2002 - 00:21:42 PDT

  • Next message: InfoSec News: "[ISN] Creator of "Melissa" Virus, Which Did Millions of Dollars of Damage, Sentenced to 20 Months"

    By Bruce V. Bigelow 
    May 1, 2002 
    A defense contractor developing a public Web site for the Navy shut
    down a key computer network this week after hackers gained access to
    employee passwords and other user information.
    A Navy spokesman emphasized yesterday that no military secrets were
    stored on the computer server operated in Mission Valley by Booz Allen
    Hamilton, a consulting firm working with the Navy in San Diego.
    But the weekend incident was embarrassing to SPAWAR, the San
    Diego-based Naval command that serves as the information technology
    provider for the entire U.S. Navy.
    Booz Allen has been working closely with SPAWAR, known officially as
    the Space and Naval Warfare Systems Command, to develop a Web site
    featuring public information about SPAWAR. That Web site was subjected
    to a similar cyber attack on April 22, about a week before the
    electronic raid on Booz Allen.
    In each incident, Web pages were defaced, private information was
    disclosed and unauthorized messages claiming responsibility for the
    attacks were posted by "the Deceptive Duo."
    One message read: "We are two US Citizens that understand how sad our
    country's cyber-security really is . . . This situation proves that we
    are all still vulnerable even after 9/11."
    Richard Williamson, a SPAWAR spokesman, denounced those statements as
    insincere, saying: "These people claim that their goal is to make our
    network more secure. If that was true they would not have illegally
    broken into our machines and they would not have illegally posted
    information on our Web site."
    In the April 22 attack on SPAWAR's Web site, Williamson said the
    hackers found that passwords intended to give system administrators
    access to Web-based software were left on "default" settings.
    By not changing the passwords that provide access, Williamson said,
    "We locked the door and then essentially left the keys hanging on a
    nail on the doorframe."
    Whether that security breach was directly related to the weekend raid
    on Booz Allen's computer server was under investigation, Williamson
    "It is possible that they picked up something off our server, such as
    a name or a password," to gain access to the other system, Williamson
    Dave Karp, a manager in Booz Allen's San Diego office, said a team of
    the firm's own computer experts was analyzing both cyber attacks to
    see which files were accessed.
    "As you might imagine, our Web guys are scrambling," Karp said. "My
    Web guys have been at GQ (general quarters) for a while. This is not
    simple stuff."
    Karp said the computer server accessed by the hackers was an internal
    system used by Booz Allen employees to store documents and develop
    software for the Navy's public Web site.
    Documents retrieved from the system and displayed by the hackers
    included names, e-mail addresses and phone numbers of, and other
    information about 35 Booz Allen employees. One employee, who was
    contacted by the Union-Tribune on the cell phone number listed in one
    document, confirmed that the information about him was accurate.
    Another document listed 34 user names and passwords, presumably for
    Booz Allen employees to access their computers.
    Williamson emphasized that no classified documents were stored on the
    public Web servers. He said SPAWAR is often subjected to hacker
    attacks, which once reached 83,000 "hits" in one 24-hour period,
    because it represents an elite U.S. military technology command.
    At least some documents stored on the system, however, apparently had
    not been reviewed for public release. For example, a five-page
    memorandum that had been stored on the system was about the Navy's
    "Integrated Battle Force Training Process." Williamson said the memo,
    which was issued last year by Rear Adm. Kenneth D. Slaght, had not
    been reviewed for public release.
    In the previous raid on SPAWAR's Web site, the intruders
    electronically pasted several screen shots to the home page that
    appeared to be a flight schedule and passenger manifest for a
    Midwestern commuter airline's database.
    It also appeared that e-mail addresses and full names of some airline
    customers were compromised.
    According to one SPAWAR employee, Slaght was furious about the recent
    Bruce Bigelow: (619) 293-1314; bruce.bigelowat_private
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu May 02 2002 - 03:58:17 PDT