[ISN] Hackers target DND computers, break into network

From: William Knowles (wk@private)
Date: Fri Jul 02 2004 - 05:27:46 PDT

  • Next message: InfoSec News: "Re: [ISN] E-Mail Snooping Ruled Permissible"

    By David Pugliese
    The Ottawa Citizen
    Defence Department employees are being targeted by suspicious e-mails 
    designed to plant viruses and other malicious codes inside military 
    computers, according to a report obtained by the Citizen. 
    Most of the details about the incidents, code-named Snow Leopard by 
    the Canadian Forces, are wrapped in secrecy. But Defence Department 
    records confirm that hackers were able to gain access to military 
    computers on at least 10 occasions last year. 
    In total in 2003, the military's computer response team dealt with 160 
    incidents ranging from poor cyber security to unauthorized entry into 
    high-level systems. 
    According to one report produced in December, defence employees were 
    hit by "suspicious e-mails that appear to be targeting DND individuals 
    in an attempt to 'social engineer' the installation of malicious 
    code." At least one computer was compromised by the mystery e-mail. 
    Social engineering involves the use of deception to try to gain access 
    to the password of a large computer system or network. For instance, 
    it can be done through e-mails sent by a hacker posing as an 
    organization's computer security official and requesting verification 
    of an individual's password. Malicious code could refer to a variety 
    of problems, including viruses and worms. 
    Defence officials are refusing to discuss any aspect of the Snow 
    Leopard case, so it is not known how many other department or federal 
    government computers have been compromised, the extent of the attacks, 
    or if they are continuing. 
    "There's very much classified (information) around Snow Leopard and 
    what it entails," said Canadian Forces spokesman Maj. Mike Audette. 
    "We're not going to discuss in any terms any potential or ongoing 
    communications computer network security operations." 
    Patrick Naubert, a computer security specialist, said that even if a 
    hacker obtains a password through social engineering, there are still 
    numerous hurdles to overcome before gaining electronic access to the 
    target's computer network. 
    Even if access is gained, the hacker must know roughly what they are 
    looking for, or they face the problem of filtering through thousands 
    of filenames to find the information they want, noted Mr. Naubert of 
    Tyger Team Consultants Ltd. 
    "DND might not actually care about that, since just any hacker gaining 
    read access to any machine on any of DND's network might be a PR 
    nightmare, regardless of the fact that DND must have an airgap between 
    their 'unprotected' network and their 'protected' network," Mr. 
    Naubert explained. 
    It's not the first time that military computers have been compromised. 
    In 1999, it took a 17-year-old high school student in the U.S. just 10 
    minutes to breach the Defence Department's computer system. "The DND 
    site was an easy target," Russell Sanford told the Citizen in 2002. 
    "It was pretty weak." 
    Mr. Sanford said he went in and out of the military computer network 
    over a period of three days. When the Citizen story emerged, Defence 
    officials acknowledged the breach but claimed the teenager was only 
    able to infiltrate the department's Internet website which did not 
    contain any classified information. 
    But the teenager responded that he had hacked into one of the 
    department's secure computers via its public website. 
    While he did not access or intercept any classified data, Mr. Sanford 
    claimed he could have done so if he had wanted to. Instead he left on 
    the website tips on how the military could improve its computer 
    In one of the Snow Leopard cases, an administrative assistant with the 
    Defence Department's Director of Protocol and Foreign Liaison 
    distributed a suspicious e-mail with an attachment. The malicious code 
    was removed and military officials indicated in their December report 
    that it did not appear the main Defence network computer had been 
    compromised in that incident. 
    Most details of the Snow Leopard report, released under the Access to 
    Information law, have been censored for reasons of national security. 
    But the incident prompted military officials to warn the Privy Council 
    Office about the attempts to plant a malicious code on Defence 
    computers. The Office of Critical Infrastructure Protection and 
    Emergency Preparedness also issued a security advisory to other 
    departments about the probes. 
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    Help C4I.org with a donation:   http://www.c4i.org/donation.html
    Help InfoSec News with a donation: http://www.c4i.org/donation.html

    This archive was generated by hypermail 2b30 : Fri Jul 02 2004 - 05:59:12 PDT