[ISN] Attack by Korean hacker prompts Defense Department cyber debate

From: InfoSec News (alerts@private)
Date: Mon Feb 12 2007 - 23:19:45 PST


By Josh Rogin
Feb. 9, 2007

Defense Department computer networks are probed and attacked hundreds of 
time each day. But a recent attack on the civilian Internet is causing 
DOD officials to re-examine whether the policies under which they fight 
cyber battles are tying their hands.

This is an area where technology has outstripped our ability to make 
policy, said Air Force Gen. Ronald Keys, Commander of Air Combat 
Command. We need to have a debate and figure out how to defend 

Unlike in the war on terror, DOD cant go after cyber attackers who plan 
or discuss crimes until they act, Keys said. Web sites in other 
countries are beyond DODs reach, he added. If theyre not in the United 
States, you cant touch 'em.

Keys said it would probably take a cyber version of the 9/11 attacks to 
make the U.S. realize that barriers to action in cyberspace should be 

The danger is real, officials say. On Feb 5, an organized group of 
hackers perpetrated the most powerful set of attacks since 2002. The 
attacks targeted UltraDNS, the company that runs several servers that 
manage traffic for domains that end with .org and other extensions, 
according to several reports.

Although the hackers made efforts to conceal their identity, large 
amounts of rogue data was traced back to servers in South Korea, the 
reports stated. The Associated Press wrote that a traffic server 
operated by the Defense Department was affected.

Affected or not, senior DOD cyber officials have taken notice. They 
spoke about its defense implications at the Air Warfare Symposium in 
Orlando, Fla., hosted by the Air Force Association today.

The recent UltraDNS attacks raised several questions for DOD policy 
makers, Keys said. How do you react to that attack? How do you trace it 
back? What are the legalities included? What do you do when you do find 
them? Its a huge challenge, he said.

DOD must consider more aggressive measures, including penetrating enemy 
networks, infiltrating wi-fi, phishing for passwords, and e-mail 
deception, Keys said. Cyber attack forces could replace traditional 
forces in future attack missions, he said.

The current cyber threat is divided into three tiers: hackers, 
criminals, and nation-states, with increasing levels of resources and 
investment in cyber capabilities, said U.S. Strategic Commander General 
James Cartwright, speaking at the conference.

The U.S. cyber warfare strategy is divided among three fiefdoms, 
reconnaissance, offense, and defense, Cartwright said. This results in a 
passive, disjointed approach that undermines the military's cyberspace 
operations, he added.

Were already at war in Cyberspace, have been for many years, said Keys 
Terrorists use the Internet extensively, through remotely detonated 
bombs, GPS, Internet financial transactions, navigation jamming, bogs, 
bulletin boards, and chat rooms.

Hacker tools are readily available on the Internet, and several sites 
promote products that give people the ability to circumvent DODs 
security measures, Keys said. But policy and law prevent the department 
from shutting down these sites.

Cyberspace is the only warfighting domain in which the U.S. has peer 
competitors, Keys said. The Chinese Communist government said in a 
recent military white paper that its goal is to be capable of winning 
informationized war by the middle of the 21st century, he noted.

DOD is also vulnerable because it procures technology components, such 
as computer chips, from China. The companies there could embed 
threatening technologies in the chips and then use them for malicious 
purposes, Keys said. If theyre good enough [at hiding the technology], 
then how would you know? he asked.

Several attacks have disabled government computer systems over the last 
few months. In November, the Naval War College took its computers 
offline for weeks after a foreign network attack disabled the system. In 
July, the Commerce Departments Bureau of Industry and Security had to 
replace hundreds of computers following an intrusion that was admitted 
to have originated from Chinese servers.

Keys ACC, headquartered at Langley AFB, Va., provides command, control, 
communications and intelligence systems to the Air Force and conducts 
global information operations. The command is also oversees the 8th Air 
Force at Barksdale AFB, La., which will soon become the Air Forces Cyber 
Command, it was announced in October.

Cyber Command will focus on integrating reconnaissance, offensive, and 
defense operations in cyberspace, Keys said. DOD is dependent on its 
networks for almost all its missions, he added. Its entwined into 
everything we do.

Subscribe to the InfoSec News RSS Feed

This archive was generated by hypermail 2.1.3 : Mon Feb 12 2007 - 23:29:27 PST