http://www.canada.com/ottawa/ottawacitizen/news/story.html?id=9c7140f5-576f-4c2a-b6dd-d11126882264 By David Pugliese The Ottawa Citizen 2004.07.02 Defence Department employees are being targeted by suspicious e-mails designed to plant viruses and other malicious codes inside military computers, according to a report obtained by the Citizen. Most of the details about the incidents, code-named Snow Leopard by the Canadian Forces, are wrapped in secrecy. But Defence Department records confirm that hackers were able to gain access to military computers on at least 10 occasions last year. In total in 2003, the military's computer response team dealt with 160 incidents ranging from poor cyber security to unauthorized entry into high-level systems. According to one report produced in December, defence employees were hit by "suspicious e-mails that appear to be targeting DND individuals in an attempt to 'social engineer' the installation of malicious code." At least one computer was compromised by the mystery e-mail. Social engineering involves the use of deception to try to gain access to the password of a large computer system or network. For instance, it can be done through e-mails sent by a hacker posing as an organization's computer security official and requesting verification of an individual's password. Malicious code could refer to a variety of problems, including viruses and worms. Defence officials are refusing to discuss any aspect of the Snow Leopard case, so it is not known how many other department or federal government computers have been compromised, the extent of the attacks, or if they are continuing. "There's very much classified (information) around Snow Leopard and what it entails," said Canadian Forces spokesman Maj. Mike Audette. "We're not going to discuss in any terms any potential or ongoing communications computer network security operations." Patrick Naubert, a computer security specialist, said that even if a hacker obtains a password through social engineering, there are still numerous hurdles to overcome before gaining electronic access to the target's computer network. Even if access is gained, the hacker must know roughly what they are looking for, or they face the problem of filtering through thousands of filenames to find the information they want, noted Mr. Naubert of Tyger Team Consultants Ltd. "DND might not actually care about that, since just any hacker gaining read access to any machine on any of DND's network might be a PR nightmare, regardless of the fact that DND must have an airgap between their 'unprotected' network and their 'protected' network," Mr. Naubert explained. It's not the first time that military computers have been compromised. In 1999, it took a 17-year-old high school student in the U.S. just 10 minutes to breach the Defence Department's computer system. "The DND site was an easy target," Russell Sanford told the Citizen in 2002. "It was pretty weak." Mr. Sanford said he went in and out of the military computer network over a period of three days. When the Citizen story emerged, Defence officials acknowledged the breach but claimed the teenager was only able to infiltrate the department's Internet website which did not contain any classified information. But the teenager responded that he had hacked into one of the department's secure computers via its public website. While he did not access or intercept any classified data, Mr. Sanford claimed he could have done so if he had wanted to. Instead he left on the website tips on how the military could improve its computer security. In one of the Snow Leopard cases, an administrative assistant with the Defence Department's Director of Protocol and Foreign Liaison distributed a suspicious e-mail with an attachment. The malicious code was removed and military officials indicated in their December report that it did not appear the main Defence network computer had been compromised in that incident. Most details of the Snow Leopard report, released under the Access to Information law, have been censored for reasons of national security. But the incident prompted military officials to warn the Privy Council Office about the attempts to plant a malicious code on Defence computers. The Office of Critical Infrastructure Protection and Emergency Preparedness also issued a security advisory to other departments about the probes. *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ---------------------------------------------------------------- C4I.org - Computer Security, & Intelligence - http://www.c4i.org ================================================================ Help C4I.org with a donation: http://www.c4i.org/donation.html *==============================================================* _________________________________________ Help InfoSec News with a donation: http://www.c4i.org/donation.html
This archive was generated by hypermail 2b30 : Fri Jul 02 2004 - 05:59:12 PDT