SIGHTINGS

SIGHTINGS

Cyber War Underway On Pentagon Computers - Major Attack Through Russia www.cnn.com
3-5-99

WASHINGTON (CNN) -- Defense Department computers are under a "coordinated, organized" attack from hackers, according to Rep. Curt Weldon (R-Pennsylvania), who held a classified hearing on the problem.

Weldon told CNN Thursday night that Deputy Secretary of Defense John Hamre briefed lawmakers at last week's hearing on a specific breach of cyber security that represents a "coordinated, organized" attempt to gain access to classified information in Pentagon computers.

"There is an attack under way. You can basically say we are at war," said Weldon.

Trail leads to Russia

Pentagon sources say investigators traced a number of the attacks to sites in Russia, but it was not known whether the sources were government or non-governmental.

Investigators also could not rule out the possibility the computer attacks were coming from elsewhere and were simply channeled through Russia.

Classified Air Force computer systems at Kelly Air Force Base in San Antonio, Texas, came under attack on January 7 and 8 from a number of locations around the world, sources told CNN, but they were detected and stopped by newly developed Defense Department systems.

Weldon says this was "not a typical hacker," and that the attacks seemed to be targeting specific systems.

Solar Sunrise: Preparation for attack?

Pentagon officials say no classified computer systems have been breached, but Rep. Weldon said there was fear that the attackers may have penetrated systems that could lead to access to classified systems.

A year ago, Hamre told lawmakers about Solar Sunrise, a series of attacks in February 1998 that targeted Pentagon computers.

"The attacks were widespread, systematic and showed a pattern that indicated they might be the preparation for a coordinated attack on the Defense Information Structure," said Hamre of Solar Sunrise in his unclassified written testimony Tuesday.

Guarding cyber Pentagon

"The attacks targeted key parts of Defense Networks at a time we were preparing for possible military operations against Iraq."

The Solar Sunrise incident led to the establishment of 24-hour, 7-days-a-week online guard duty at important military computer sites.

This increased vigilance has led, in turn, to increased reports of cyber attacks, officials say.

Pentagon Cyber-War Attack Mounted Through Russia

By Barbara Starr ABCNEWS.com 3-5-99

Washington - The Pentagon's military computer systems are being subjected to ongoing, sophisticated and organized cyber-attacks, officials there tell ABCNEWS.

And unlike in past attacks by teenage hackers, officials believe the latest series of strikes at defense networks may be a concerted and coordinated effort coming from abroad.

Until now, the Defense Department had not publicly acknowledged this latest cyber-war.

But in an interview Thursday with ABCNEWS, Deputy Defense Secretary John Hamre, who oversees all Pentagon computer security matters, confirmed the attacks have occurred over the last several months and called them 'a major concern.'

"This is an ongoing law enforcement and intelligence matter," said Hamre, who last month briefed the House Armed Services Committee on the attacks in a classified session.

Firewalls Breached?

The investigation is looking at a pattern of attacks that has not been seen before. Officials tell ABCNEWS there are several matters under investigation, and it is not clear to what extent the cyber-attacks are all linked.

Sources insist no classified networks have been breached, but they do say attacks have been aimed at sensitive information that may be 'locked' behind firewalls and computer passwords.

Officials believe some of the most sophisticated attacks are coming from Russia. Federal investigators are detecting probes and attacks on U.S. military research and technology systems - including the nuclear weapons laboratories run by the Department of Energy.

What is not clear, however, is whether the attacks are coming directly from Russia or whether the probes are coming from other countries that are simply routing through Russian computer addresses to disguise their origin.

Initial indications are that, wherever the probes and attacks are originating abroad, they are not from individuals. But U.S. officials say they would treat any Russian threat similarly whether it comes from the government, industry or high-technology interests.

A Russian Gateway for Espionage

The U.S. National Counterintelligence Center, or NACIC, which monitors espionage activities worldwide, has been tracking the threats posed by lack of official security systems on Russian computer networks for some time. A September 1998 NACIC report noted Kremlin statements that foreign secret services were regularly penetrating Russian computer networks.

U.S. officials believe, however, that there may be an even more disturbing problem: Foreign government hackers may be getting help from within the U.S. government.

"We are increasingly concerned about those who have legitimate access to our networks - the trusted insider," Hamre told the House committee in a written statement on Feb. 23. "I cannot emphasize strongly enough the seriousness of the insider threat to our information systems and, through those systems, to the Department's operations."

Senior Defense Department officials are being briefed regularly on the investigations into the insider threat.

Congressional Concerns

Indeed, the Pentagon has quietly established a new organization - the Joint Counterintelligence Evaluation Office - which is tracking foreign intelligence services attempts to gain access to critical Defense Department technologies as well as their attempts to penetrate information infrastructure and U.S. military operations. All of the military services are beefing up their own counterintelligence efforts as well.

Hamre's closed-door appearance has sparked a new round of concerns in Congress. Pentagon computer systems are probed about 60 times a day with as many as 60 actual computer attacks each week. Many of these are from more typical hackers, and the Defense Department has the capability to freeze out access to government networks.

But the current situation is far more serious, according to Congress. Rep. Curt Weldon, R-Pa., chairman of the House Armed Services Research and Development Subcommittee, told ABCNEWS: "What we've been seeing in recent months is more of what could be a coordinated attack, that could be some attack we have not yet fully uncovered that could be involved in a very planned effort to acquire technology and information about our systems in a way that we have not seen before." Testing Security

In February 1998, Pentagon computers were attacked by hackers in what was then characterized as one of the most serious computer intrusions to date. A series of attacks known as 'Solar Sunrise' targeted Defense Department network domain name servers, exploiting a vulnerability in the Solaris Operating System that runs many of the computers.

The attacks were thought to be a preliminary attempt for a widespread attack on the entire Pentagon information infrastructure. The attacks also were especially sensitive because they came at a time when many elements of the Defense Department's computer network were being used in preparation for possible military operations against Iraq.

Subsequently, the Pentagon conducted its first large-scale exercise designed to test the ability of the military to respond to an information attack. The 'Eligible Receiver' exercise demonstrated that the Pentagon and the intelligence community had little capability to detect or assess cyber-attacks.

Since then, the Pentagon has made several efforts to improve network security and its ability to detect intrusions and attacks. But while the system may be in better shape than it was last year, officials are urgently trying to find the latest attacker and stop the cyber-war before U.S. national security is compromised.
SIGHTINGS HOMEPAGE