[IWAR] HACK DoD, major penetration

From: 7Pillars Partners (partnersat_private)
Date: Tue Apr 21 1998 - 16:41:24 PDT

  • Next message: 7Pillars Partners: "[IWAR] PRIVACY gamers' personal info copied"

    Tuesday April 21 5:31 PM EDT 
       
    Group claims high access to US military networks
    
       By James Glave
       
       SAN FRANCISCO (Wired) - In what may be one of the first demonstrations
       of the potential of cyber warfare, an international hacking group claims
       it has stolen a suite of programs used to run classified US military
       networks and satellites.
       
       The group, calling itself Masters of Downloading, or MOD, said in a
       statement that it had stolen the software -- the Defense Information
       Systems Network Equipment Manager (DEM) -- from the Defense Information
       Systems Agency, the branch of the Defense Department in charge of
       classified computer networks.
       
       "This may help you to realize the reality of the threat of information
       warfare against the United States of America, as well as the DEM
       software's obvious value to certain global organizations and
       individuals," said the statement, which was supplied to Wired News by an
       anonymous representative of the group.
       
       The statement detailed the capabilities of the DEM software, and was
       accompanied by a number of image files that depicted the program's
       interfaces. The software's authenticity was confirmed by John
       Vranesevich of the computer security site AntiOnline
       (http://www.antionline.com). Vranesevich said he obtained a copy from
       MOD last Thursday and tested it after first unplugging his computer from
       the Internet.
       
       Vranesevich, who has tracked the computer underground for five years,
       said that the theft of a classified network control program pointed to a
       threat far more serious than the routine Web server intrusions of recent
       months.
       
       "This is one of the first times we've seen a group of hackers whose goal
       was not to commit acts of Internet graffiti by defacing low-security Web
       pages, but (instead) to actually target, plan, and retrieve software
       suites designed for military use," said Vranesevich.
       
       Last month, Vranesevich was the first to interview Ehud Tenebaum, the
       Israeli teen at the center of a federal investigation into widespread
       attacks on US military computer systems. But those attacks pale in
       comparison, he says.
       
       "(The deliberate theft of classified software) puts this group on a
       whole other playing field," said Vranesevich, who added that the group
       is comprised of 15 individuals, including eight Americans, five Britons,
       and two Russians. The group is not affiliated with Tenebaum, known as
       the Analyzer.
       
       The hacker group said that the software is used to remotely monitor and
       manage military computer-related equipment, including routers,
       repeaters, switches, military communication networks, and GPS satellites
       and receivers.
       
       The suite's top-level interface is designed to "manage all the
       computer-related equipment used by the United States military," the
       statement read.
       
       Using the defense system software, the group claims, the entire Defense
       Information Systems Network could be shut down for a period of time.
       
       "This is definitely not a good thing for the United States military, as
       they depend heavily on their computer systems and networks to quickly
       share data and information from anywhere in the world," the statement
       said.
       
       MOD went into detail over two particular software components, one of
       which allows a user with access to monitor or shut down T1 links used by
       the military. The other program concerns Global Positioning System
       satellites, which are used to establish precise coordinates for weapons
       targeting and the navigation of commercial aircraft.
       
       "Although the DEM software cannot be used to send data to the GPS
       satellites, it can be used to track the satellites and pinpoint their
       exact whereabouts, as well as the frequency ranges they use and other
       operational information," said the MOD statement.
       
       MOD claims it first obtained the software in October 1997 but did
       nothing with it at first, to be sure that they were not being tracked.
       
       Although the Defense Information Systems Agency public affairs office
       declined to comment, a mission statement on the agency's Web site
       clarifies its role within the Department of Defense: "DISA will be the
       preeminent provider of information systems delivery support to our
       warfighters and others as required by the DoD, under all conditions of
       Peace and War."
       
       ---
       
       MOD members were not immediately available for comment, either, but in
       an interview with Vranesevich last Friday, group members said their
       intentions were not hostile.
       
       "We have the power to do so, but at this time we have no intentions to
       launch such a network attack," a member told Vranesevich. Another member
       also told Vranesevich that he had obtained a separate piece of software
       used to communicate with submarines.
       
       Gene Spafford, director of the computer security research center COAST,
       said that the intrusion, if true, didn't surprise him.
       
       "I don't think anyone who is familiar with government security has ever
       believed it to be as secure as claimed," Spafford said.
       
       Spafford added that he was not familiar with DISA systems, but that any
       distributed system is vulnerable, and that many government systems are
       configured "for convenience and not need."
       
       The group claimed that they stole the software from a Windows NT server
       at DISA, and that about 30 individuals worldwide presently have copies.
       
       "When you have a system that is distributed such that others can
       manipulate it, you open it up to not just security problems but also
       erroneous operations," Spafford said. "You get people who don't have
       training and you get accidents. It is a standard systems design
       question."
       
       In an interview with Vranesevich, the group offered some network
       security advice for the US government.
       
       "It's simple: take all classified military systems off the Internet,
       place only unclassified Web servers on the Internet and keep the rest on
       a purely internal network," the MOD member said.
       
       (Reuters/Wired)
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:07:42 PDT