Cyberwarfare

Foreign Government Hackers May be Getting Help from Within the U.S. Government

Pentagon Cyber-War Attack Mounted Through Russia
by Barbara Starr

Source: ABC News
http://www.abcnews.com

March 5, 1999

Washington - The Pentagon’s military computer systems are being subjected to ongoing, sophisticated and organized cyber-attacks, officials there tell ABCNEWS.

And unlike in past attacks by teenage hackers, officials believe the latest series of strikes at defense networks may be a concerted and coordinated effort coming from abroad.

Until now, the Defense Department had not publicly acknowledged this latest cyber-war.

But in an interview Thursday with ABCNEWS, Deputy Defense Secretary John Hamre, who oversees all Pentagon computer security matters, confirmed the attacks have occurred over the last several months and called them ’a major concern.’

"This is an ongoing law enforcement and intelligence matter," said Hamre, who last month briefed the House Armed Services Committee on the attacks in a classified session.

Firewalls Breached?

The investigation is looking at a pattern of attacks that has not been seen before. Officials tell ABCNEWS there are several matters under investigation, and it is not clear to what extent the cyber-attacks are all linked.

Sources insist no classified networks have been breached, but they do say attacks have been aimed at sensitive information that may be ’locked’ behind firewalls and computer passwords.

Officials believe some of the most sophisticated attacks are coming from Russia. Federal investigators are detecting probes and attacks on U.S. military research and technology systems - including the nuclear weapons laboratories run by the Department of Energy.

What is not clear, however, is whether the attacks are coming directly from Russia or whether the probes are coming from other countries that are simply routing through Russian computer addresses to disguise their origin.

Initial indications are that, wherever the probes and attacks are originating abroad, they are not from individuals. But U.S. officials say they would treat any Russian threat similarly whether it comes from the government, industry or high-technology interests.

A Russian Gateway for Espionage

The U.S. National Counterintelligence Center, or NACIC, which monitors espionage activities worldwide, has been tracking the threats posed by lack of official security systems on Russian computer networks for some time. A September 1998 NACIC report noted Kremlin statements that foreign secret services were regularly penetrating Russian computer networks.

U.S. officials believe, however, that there may be an even more disturbing problem: Foreign government hackers may be getting help from within the U.S. government.

"We are increasingly concerned about those who have legitimate access to our networks - the trusted insider," Hamre told the House committee in a written statement on Feb. 23. "I cannot emphasize strongly enough the seriousness of the insider threat to our information systems and, through those systems, to the Department’s operations."

Senior Defense Department officials are being briefed regularly on the investigations into the insider threat.

Congressional Concerns

Indeed, the Pentagon has quietly established a new organization - the Joint Counterintelligence Evaluation Office - which is tracking foreign intelligence services attempts to gain access to critical Defense Department technologies as well as their attempts to penetrate information infrastructure and U.S. military operations. All of the military services are beefing up their own counterintelligence efforts as well.

Hamre’s closed-door appearance has sparked a new round of concerns in Congress. Pentagon computer systems are probed about 60 times a day with as many as 60 actual computer attacks each week. Many of these are from more typical hackers, and the Defense Department has the capability to freeze out access to government networks.

But the current situation is far more serious, according to Congress. Rep. Curt Weldon, R-Pa., chairman of the House Armed Services Research and Development Subcommittee, told ABCNEWS: "What we’ve been seeing in recent months is more of what could be a coordinated attack, that could be some attack we have not yet fully uncovered that could be involved in a very planned effort to acquire technology and information about our systems in a way that we have not seen before."

Testing Security

In February 1998, Pentagon computers were attacked by hackers in what was then characterized as one of the most serious computer intrusions to date. A series of attacks known as ’Solar Sunrise’ targeted Defense Department network domain name servers, exploiting a vulnerability in the Solaris Operating System that runs many of the computers.

The attacks were thought to be a preliminary attempt for a widespread attack on the entire Pentagon information infrastructure. The attacks also were especially sensitive because they came at a time when many elements of the Defense Department’s computer network were being used in preparation for possible military operations against Iraq.

Subsequently, the Pentagon conducted its first large-scale exercise designed to test the ability of the military to respond to an information attack. The ’Eligible Receiver’ exercise demonstrated that the Pentagon and the intelligence community had little capability to detect or assess cyber-attacks.

Since then, the Pentagon has made several efforts to improve network security and its ability to detect intrusions and attacks. But while the system may be in better shape than it was last year, officials are urgently trying to find the latest attacker and stop the cyber-war before U.S. national security is compromised.

Back To Contents