- WASHINGTON (CNN) -- Defense Department computers are under a "coordinated,
organized" attack from hackers, according to Rep. Curt Weldon (R-Pennsylvania),
who held a classified hearing on the problem.
- Weldon told CNN Thursday night that Deputy
Secretary of Defense John Hamre briefed lawmakers at last week's hearing
on a specific breach of cyber security that represents a "coordinated,
organized" attempt to gain access to classified information in Pentagon
- "There is an attack under way. You
can basically say we are at war," said Weldon.
- Trail leads to Russia
- Pentagon sources say investigators traced
a number of the attacks to sites in Russia, but it was not known whether
the sources were government or non-governmental.
- Investigators also could not rule out
the possibility the computer attacks were coming from elsewhere and were
simply channeled through Russia.
- Classified Air Force computer systems
at Kelly Air Force Base in San Antonio, Texas, came under attack on January
7 and 8 from a number of locations around the world, sources told CNN,
but they were detected and stopped by newly developed Defense Department
- Weldon says this was "not a typical
hacker," and that the attacks seemed to be targeting specific systems.
- Solar Sunrise: Preparation
- Pentagon officials say no classified
computer systems have been breached, but Rep. Weldon said there was fear
that the attackers may have penetrated systems that could lead to access
to classified systems.
- A year ago, Hamre told lawmakers about
Solar Sunrise, a series of attacks in February 1998 that targeted Pentagon
- "The attacks were widespread, systematic
and showed a pattern that indicated they might be the preparation for a
coordinated attack on the Defense Information Structure," said Hamre
of Solar Sunrise in his unclassified written testimony Tuesday.
- Guarding cyber Pentagon
- "The attacks targeted key parts
of Defense Networks at a time we were preparing for possible military operations
- The Solar Sunrise incident led to the
establishment of 24-hour, 7-days-a-week online guard duty at important
military computer sites.
- This increased vigilance has led, in
turn, to increased reports of cyber attacks, officials say.
- Pentagon Cyber-War Attack
Mounted Through Russia
- By Barbara Starr ABCNEWS.com
- Washington - The Pentagon's military
computer systems are being subjected to ongoing, sophisticated and organized
cyber-attacks, officials there tell ABCNEWS.
- And unlike in past attacks by teenage
hackers, officials believe the latest series of strikes at defense networks
may be a concerted and coordinated effort coming from abroad.
- Until now, the Defense Department had
not publicly acknowledged this latest cyber-war.
- But in an interview Thursday with ABCNEWS,
Deputy Defense Secretary John Hamre, who oversees all Pentagon computer
security matters, confirmed the attacks have occurred over the last several
months and called them 'a major concern.'
- "This is an ongoing law enforcement
and intelligence matter," said Hamre, who last month briefed the House
Armed Services Committee on the attacks in a classified session.
- Firewalls Breached?
- The investigation is looking at a pattern
of attacks that has not been seen before. Officials tell ABCNEWS there
are several matters under investigation, and it is not clear to what extent
the cyber-attacks are all linked.
- Sources insist no classified networks
have been breached, but they do say attacks have been aimed at sensitive
information that may be 'locked' behind firewalls and computer passwords.
- Officials believe some of the most sophisticated
attacks are coming from Russia. Federal investigators are detecting probes
and attacks on U.S. military research and technology systems - including
the nuclear weapons laboratories run by the Department of Energy.
- What is not clear, however, is whether
the attacks are coming directly from Russia or whether the probes are coming
from other countries that are simply routing through Russian computer addresses
to disguise their origin.
- Initial indications are that, wherever
the probes and attacks are originating abroad, they are not from individuals.
But U.S. officials say they would treat any Russian threat similarly whether
it comes from the government, industry or high-technology interests.
- A Russian Gateway for Espionage
- The U.S. National Counterintelligence
Center, or NACIC, which monitors espionage activities worldwide, has been
tracking the threats posed by lack of official security systems on Russian
computer networks for some time. A September 1998 NACIC report noted Kremlin
statements that foreign secret services were regularly penetrating Russian
- U.S. officials believe, however, that
there may be an even more disturbing problem: Foreign government hackers
may be getting help from within the U.S. government.
- "We are increasingly concerned about
those who have legitimate access to our networks - the trusted insider,"
Hamre told the House committee in a written statement on Feb. 23. "I
cannot emphasize strongly enough the seriousness of the insider threat
to our information systems and, through those systems, to the Department's
- Senior Defense Department officials are
being briefed regularly on the investigations into the insider threat.
- Congressional Concerns
- Indeed, the Pentagon has quietly established
a new organization - the Joint Counterintelligence Evaluation Office -
which is tracking foreign intelligence services attempts to gain access
to critical Defense Department technologies as well as their attempts to
penetrate information infrastructure and U.S. military operations. All
of the military services are beefing up their own counterintelligence efforts
- Hamre's closed-door appearance has sparked
a new round of concerns in Congress. Pentagon computer systems are probed
about 60 times a day with as many as 60 actual computer attacks each week.
Many of these are from more typical hackers, and the Defense Department
has the capability to freeze out access to government networks.
- But the current situation is far more
serious, according to Congress. Rep. Curt Weldon, R-Pa., chairman of the
House Armed Services Research and Development Subcommittee, told ABCNEWS:
"What we've been seeing in recent months is more of what could be
a coordinated attack, that could be some attack we have not yet fully uncovered
that could be involved in a very planned effort to acquire technology and
information about our systems in a way that we have not seen before."
- In February 1998, Pentagon computers
were attacked by hackers in what was then characterized as one of the most
serious computer intrusions to date. A series of attacks known as 'Solar
Sunrise' targeted Defense Department network domain name servers, exploiting
a vulnerability in the Solaris Operating System that runs many of the computers.
- The attacks were thought to be a preliminary
attempt for a widespread attack on the entire Pentagon information infrastructure.
The attacks also were especially sensitive because they came at a time
when many elements of the Defense Department's computer network were being
used in preparation for possible military operations against Iraq.
- Subsequently, the Pentagon conducted
its first large-scale exercise designed to test the ability of the military
to respond to an information attack. The 'Eligible Receiver' exercise demonstrated
that the Pentagon and the intelligence community had little capability
to detect or assess cyber-attacks.
- Since then, the Pentagon has made several
efforts to improve network security and its ability to detect intrusions
and attacks. But while the system may be in better shape than it was last
year, officials are urgently trying to find the latest attacker and stop
the cyber-war before U.S. national security is compromised.