RE: [ISN] Sleuths Invade Military PCs With Ease

From: InfoSec News (isnat_private)
Date: Tue Aug 20 2002 - 05:43:11 PDT

  • Next message: InfoSec News: "[ISN] Cracking the hackers' code"

    Forwarded from: "Huggins, Michael" <mhhugginsat_private>
    
    I do have a problem with this type of activity.  We are supposed to be
    ethical and abide by standards when a certified professional violates
    those standards their certification should and ought to be revoked.  
    There is no excuse for un-solicited scanning or penetration.
    
    Michael H. Huggins
    CISSP CTOC USN (ret)
    First Command Information
    Security Manager
    817 569 2435
    
    
    -----Original Message-----
    From: InfoSec News [mailto:isnat_private] 
    Sent: Friday, August 16, 2002 1:33 AM
    To: isnat_private
    Subject: [ISN] Sleuths Invade Military PCs With Ease 
    
    
    Forwarded from: William Knowles <wkat_private>
    
    http://www.washingtonpost.com/wp-dyn/articles/A24191-2002Aug15.html
    
    By Robert O'Harrow Jr.
    Washington Post Staff Writer
    Friday, August 16, 2002; Page A01 
    
    SAN DIEGO, Aug. 15 -- Security consultants entered scores of 
    confidential military and government computers without approval this 
    summer, exposing vulnerabilities that specialists say open the 
    networks to electronic attacks and spying.
    
    The consultants, inexperienced but armed with free, widely available 
    software, identified unprotected PCs and then roamed at will through 
    sensitive files containing military procedures, personnel records and 
    financial data.
    
    One computer at Fort Hood in Texas held a copy of an air support 
    squadron's "smart book" that details radio encryption techniques, the 
    use of laser targeting systems and other field procedures. Another 
    maintained hundreds of personnel records containing Social Security 
    numbers, security clearance levels and credit card numbers. A NASA 
    computer contained vendor records, including company bank account and 
    financial routing numbers.
    
    Available on other machines across the country were e-mail messages, 
    confidential disciplinary letters and, in one case, a memo naming 
    couriers to carry secret documents and their destinations, according 
    to records maintained by ForensicTec Solutions Inc., the 
    four-month-old security company that discovered the lapses.
    
    ForensicTec officials said they first stumbled upon the accessible 
    military computers about two months ago, when they were checking 
    network security for a private-sector client. They saw several of the 
    computers' online identifiers, known as Internet protocol addresses. 
    Through a simple Internet search, they found the computers were linked 
    to networks at Fort Hood.
    
    Former employees of a private investigation firm -- and relative 
    newcomers to the security field -- the ForensicTec consultants said 
    they continued examining the system because they were curious, as well 
    as appalled by the ease of access. They made their findings public, 
    said ForensicTec President Brett O'Keeffe, because they hoped to help 
    the government identify the problem -- and to "get some positive 
    exposure" for their company.
    
    [...]
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Aug 20 2002 - 08:31:26 PDT