[ISN] Hackers breached Defence Department computers: report on security lapses

From: InfoSec News (isn@private)
Date: Tue Jul 13 2004 - 22:49:22 PDT


July 13, 2004

OTTAWA (CP) - Determined computer hackers broke through federal
firewalls several times last year, gaining access to Defence
Department networks.

A newly obtained report on security breaches at the department in 2003
also reveals dozens of internal lapses. Computer security has become a
high-profile concern in federal circles in light of cyber-terrorism,
operations mounted by foreign intelligence services and, more often,
the sloppy practices of employees.

The Defence Department's Computer Incident Response Team tracked a
total of 160 events - from digital break-ins to dodgy e-mail
procedures - last year.

Located in Ottawa at the Canadian Forces network operations centre,
the team defends department computers by monitoring intrusion
detection systems, zeroing in on threats and issuing alerts.

A declassified version of the team's report was released to The
Canadian Press under the Access to Information Act.

It provides an indication of the difficulties faced by federal
agencies such as the Defence Department in keeping their sprawling
information holdings secure from interlopers.

The Canadian Security Intelligence Service has warned that it is
almost impossible to eliminate network vulnerabilities entirely
because computer systems and attack tools are in a constant state of

Other documents released by Defence underscore the high degree of
confidentiality attached to such issues. Many of the records are
classified top secret, with much of the information withheld from
release due to its perceived sensitivity.

The response team's report notes five instances of "unauthorized
privileged access" to Defence networks, considered the most serious of
seven categories of breaches.

They also logged five cases of "unauthorized limited access" and 35
instances of "malicious logic" - the attempted introduction of
viruses, worms or other unwanted programs into a computer system.

There were 110 cases of "poor security practice" on the part of
employees, by far the most common problem last year. Of these, the
majority involved concerns about the security of e-mail transmissions.

Others stemmed from use of Internet Relay Chat messaging and the
popular KaZaa file-sharing service, inappropriate storage of
materials, and unauthorized Web postings. Another case involved
improper access to a network.

No one from the Defence Department was available Tuesday to discuss
the security cases.

Several of the documents released by Defence were prepared by the
Communications Security Establishment, the highly secretive federal
agency with the dual role of electronic spy service and protector of
federal computer systems.

The records indicate CSE focused on issues including the potential
exploitation of wireless communication networks, suspicious probes of
systems and the general methods employed by hackers.

It appears CSE also undertook an analysis of the so-called Blaster
worm that infected computers last August.

Help InfoSec News with a donation: http://www.c4i.org/donation.html

This archive was generated by hypermail 2.1.3 : Wed Jul 14 2004 - 00:06:07 PDT