Tuesday April 21 5:31 PM EDT Group claims high access to US military networks By James Glave SAN FRANCISCO (Wired) - In what may be one of the first demonstrations of the potential of cyber warfare, an international hacking group claims it has stolen a suite of programs used to run classified US military networks and satellites. The group, calling itself Masters of Downloading, or MOD, said in a statement that it had stolen the software -- the Defense Information Systems Network Equipment Manager (DEM) -- from the Defense Information Systems Agency, the branch of the Defense Department in charge of classified computer networks. "This may help you to realize the reality of the threat of information warfare against the United States of America, as well as the DEM software's obvious value to certain global organizations and individuals," said the statement, which was supplied to Wired News by an anonymous representative of the group. The statement detailed the capabilities of the DEM software, and was accompanied by a number of image files that depicted the program's interfaces. The software's authenticity was confirmed by John Vranesevich of the computer security site AntiOnline (http://www.antionline.com). Vranesevich said he obtained a copy from MOD last Thursday and tested it after first unplugging his computer from the Internet. Vranesevich, who has tracked the computer underground for five years, said that the theft of a classified network control program pointed to a threat far more serious than the routine Web server intrusions of recent months. "This is one of the first times we've seen a group of hackers whose goal was not to commit acts of Internet graffiti by defacing low-security Web pages, but (instead) to actually target, plan, and retrieve software suites designed for military use," said Vranesevich. Last month, Vranesevich was the first to interview Ehud Tenebaum, the Israeli teen at the center of a federal investigation into widespread attacks on US military computer systems. But those attacks pale in comparison, he says. "(The deliberate theft of classified software) puts this group on a whole other playing field," said Vranesevich, who added that the group is comprised of 15 individuals, including eight Americans, five Britons, and two Russians. The group is not affiliated with Tenebaum, known as the Analyzer. The hacker group said that the software is used to remotely monitor and manage military computer-related equipment, including routers, repeaters, switches, military communication networks, and GPS satellites and receivers. The suite's top-level interface is designed to "manage all the computer-related equipment used by the United States military," the statement read. Using the defense system software, the group claims, the entire Defense Information Systems Network could be shut down for a period of time. "This is definitely not a good thing for the United States military, as they depend heavily on their computer systems and networks to quickly share data and information from anywhere in the world," the statement said. MOD went into detail over two particular software components, one of which allows a user with access to monitor or shut down T1 links used by the military. The other program concerns Global Positioning System satellites, which are used to establish precise coordinates for weapons targeting and the navigation of commercial aircraft. "Although the DEM software cannot be used to send data to the GPS satellites, it can be used to track the satellites and pinpoint their exact whereabouts, as well as the frequency ranges they use and other operational information," said the MOD statement. MOD claims it first obtained the software in October 1997 but did nothing with it at first, to be sure that they were not being tracked. Although the Defense Information Systems Agency public affairs office declined to comment, a mission statement on the agency's Web site clarifies its role within the Department of Defense: "DISA will be the preeminent provider of information systems delivery support to our warfighters and others as required by the DoD, under all conditions of Peace and War." --- MOD members were not immediately available for comment, either, but in an interview with Vranesevich last Friday, group members said their intentions were not hostile. "We have the power to do so, but at this time we have no intentions to launch such a network attack," a member told Vranesevich. Another member also told Vranesevich that he had obtained a separate piece of software used to communicate with submarines. Gene Spafford, director of the computer security research center COAST, said that the intrusion, if true, didn't surprise him. "I don't think anyone who is familiar with government security has ever believed it to be as secure as claimed," Spafford said. Spafford added that he was not familiar with DISA systems, but that any distributed system is vulnerable, and that many government systems are configured "for convenience and not need." The group claimed that they stole the software from a Windows NT server at DISA, and that about 30 individuals worldwide presently have copies. "When you have a system that is distributed such that others can manipulate it, you open it up to not just security problems but also erroneous operations," Spafford said. "You get people who don't have training and you get accidents. It is a standard systems design question." In an interview with Vranesevich, the group offered some network security advice for the US government. "It's simple: take all classified military systems off the Internet, place only unclassified Web servers on the Internet and keep the rest on a purely internal network," the MOD member said. (Reuters/Wired)
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:07:42 PDT