From: "Joseph M. Reagle Jr." <reagle@MIT.EDU>
Date: Fri, 24 May 1996 03:53:58 +0800
To: cypherpunks@toad.com
Subject: nyt: Report Warns of Security Threats Posed by Computer Hackers
Message-ID: <9605231405.AA12953@rpcp.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain



                 Copyright 1996 The New York Times Company

          May 23, 1996

          Report Warns of Security Threats Posed by Computer
          Hackers

          By PHILIP SHENON

          [W] ASHINGTON -- Government investigators warned
              Wednesday that computer hackers cruising the
          Internet posed a serious and growing threat to national
          security, with the Pentagon suffering as many as 250,000
          "attacks" on its computers last year.

          The investigators, from the General Accounting Office,
          offered scenarios in which terrorists or enemy
          governments might break into Defense Department computer
          networks and shut them down, cutting off communications
          between military commanders in the middle of a war.

          "There will become an increasingly attractive way for
          terrorists or adversaries to wage attacks," the
          investigators said in a report prepared for two
          congressional committees. "The potential for
          catastrophic damage is great."

          The Pentagon did not dispute the findings of the study,
          although Defense Department officials said they knew of
          no instance in which hackers had obtained secret
          information or gained access to computer networks that
          control the firing of weapons. "We are certainly well
          aware that people are breaking in or trying to hack into
          our systems," said Susan Hansen, a department
          spokeswoman.

          While the Pentagon is developing encryption devices that
          show promise in defeating computer hackers, the
          accounting office, which is the investigative arm of
          Congress, warned that none of the proposed technical
          solutions was foolproof, and that the military's current
          security program was "dated, inconsistent and
          incomplete."

          The explosion in the use of the Internet and the
          increasing power and sophistication of small desktop
          computers has compounded the Pentagon's problems,
          creating a worldwide army of hackers able to break into
          all but the most secure computer networks.

          The report cited Defense Department estimates that the
          number of unauthorized efforts to enter its computer
          systems -- "attacks," in the parlance of cyberspace --
          was doubling every year and may have reached 250,000 in
          1995, most of them made through the Internet.

          Pentagon figures suggest that in about 65 percent of
          those efforts, hackers were able to gain entry to a
          computer network.

          The investigators provided details on several recent
          attacks on the Pentagon's computers, including a 1994
          incident in which two computer hackers were able to gain
          "complete access to all of the information" on the
          computer systems of the Rome Air Development Center, the
          Air Force laboratory in Rome, N.Y., where the Defense
          Department carries out some of its most important
          research on weapons systems.

          The report said the hackers rummaged through the
          computer networks for several days and stole information
          on the methods used by Air Force commanders to relay
          secret intelligence and targeting information during
          wartime.

          Working through the Internet and a variety of phone
          switches in South America, the hackers also used the
          laboratory's computers as a "launching platform to
          attack other military, government, commercial and
          academic systems worldwide," including the
          Wright-Patterson Air Force Base in Ohio and the Goddard
          Space Flight Center in Greenbelt, Md., the report said.

          One of the hackers, a Briton whose code name was
          "Datastream Cowboy," was later arrested in England. The
          authorities say they do not know the nationality of the
          other hacker, whose code name is "Kuji" and who was
          never apprehended.

          "There may have been some national security risks
          associated with the Rome incident," the report said.
          "Air Force officials told us that at least one of the
          hackers may have been working for a foreign country
          interested in obtaining military research data or
          information on areas in which the Air Force was
          conducting advanced research." The foreign country was
          not identified in the report.

          In separate incidents between April 1990 and May 1991,
          the report said, hackers from the Netherlands broke into
          computer networks at 34 Defense Department sites and
          browsed the electronic-mail systems of several
          department officials, calling up all messages that
          contained the key words "nuclear," "weapons" or
          "missile."

          The accounting office investigator who oversaw the
          report, Jack L. Brock Jr., said in testimony Wednesday
          before the Senate Permanent Subcommittee on
          Investigations that more than 120 nations are reported
          to be developing "information warfare techniques" that
          could "allow our enemies to seize control of public
          networks which Defense relies upon for communications."

          "Countries today do not have to be military superpowers
          with large standing armies, fleets of battleships or
          squadrons of fighters to gain a competitive edge," he
          said. "Instead, all they really need to steal sensitive
          data or shut down military computers is a $2,000
          computer and modem and a connection to the Internet."

          The investigators said the Pentagon had made itself
          vulnerable to attack by making itself so dependent on
          computers and the Internet, a system that its own
          researchers created in the 1970s.

          "Defense's computer systems are particularly susceptible
          to attack through connections on the Internet, which
          Defense uses to enhance communication and information
          sharing," the report said, noting that an estimated 40
          million people worldwide are Internet users. "In turning
          to the Internet, Defense has increased its own exposure
          to attacks."

          The Pentagon uses the Internet to distribute electronic
          mail and other information. During the war in the
          Persian Gulf, the Defense Department used the Internet
          to communicate with allied armies and gather and
          distribute intelligence information.



_______________________
Regards,            When we ask advice, we are usually looking for 
                    an accomplice. -Marquis de la Grange
Joseph  Reagle      http://farnsworth.mit.edu/~reagle/home.html
reagle@mit.edu      E0 D5 B2 05 B6 12 DA 65  BE 4D E3 C1 6A 66 25 4E