Have Crackers Found Military's Achilles Heel?
By: James Glave
12:27pm  21.Apr.98.PDT

In what may be one of the first demonstrations of the potential of cyber
warfare, an international cracking group claims it has stolen a suite of
programs used to run classified US military networks and satellites.

The group, calling itself Masters of Downloading, or MOD, said in a
statement that it had stolen the software -- the Defense Information
Systems Network Equipment Manager (DEM) -- from the Defense Information
Systems Agency, the branch of the Defense Department in charge of
classified computer networks. 

[It is well circulated that 'MOD' is nothing more than a media hoax
 among the hacker community.]

"This may help you to realize the reality of the threat of information
warfare against the United States of America, as well as the DEM
software's obvious value to global organizations and individuals," said
the statement, which was supplied to Wired News by an anonymous
representative of the group.

The statement detailed the capabilities of the DEM software, and was
accompanied by a number of image files that depicted the program's
interfaces. The software's authenticity was confirmed by John Vranesevich
of the computer security site AntiOnline. Vranesevich said he obtained a
copy from MOD last Thursday and tested it after first unplugging his
computer from the Internet. 

[And does this verify where it came from? Or if it is classified?]

Vranesevich, who has tracked the computer underground for five years, said
that the theft of a classified network control program pointed to a threat
far more serious than the routine Web server intrusions of recent months. 

[Vranesevich couldn't recall a major event that was reported in half a dozen
 magazines and newspapers involving a hacker and email bombs three years ago. 
 Five years tracking the underground?]

"This is one of the first times we've seen a group of hackers whose goal
was not to commit acts of Internet graffiti by defacing low-security Web
pages, but [instead] to actually target, plan, and retrieve software
suites designed for military use," said Vranesevich.

[First time?! LOD and the *original* MOD was a group of hackers
 that had no Internet graffiti agenda. Since then, countless groups have 
 come and gone that had no intention of defacing web sites. To say something
 like this shows he has not been around for a few months, or he is 
 fabricating this to make the group seem more dramatic.]

Last month, Vranesevich was the first to interview Ehud Tenebaum, the
Israeli teen at the center of a federal investigation into widespread
attacks on US military computer systems. But those attacks pale in
comparison, he says.

"[The deliberate theft of classified software] puts this group on a whole
other playing field,"  said Vranesevich, who added that the group is
comprised of 15 individuals, including eight Americans, five Britons, and
two Russians. The group is not affiliated with Tenebaum, known as the

[Independent military personell have verified that the software
 stolen was NOT classified at all.]

MOD said that the software is used to remotely monitor and manage military
computer-related equipment, including routers, repeaters, switches,
military communication networks, and GPS satellites and receivers. The
suite's top-level interface is designed to "manage all the
computer-related equipment used by the United States military," the
statement read.

With the DEM software, the group claims, the entire Defense Information
Systems Network could be shut down for a period of time. "This is
definitely not a good thing for the United States military, as they depend
heavily on their computer systems and networks to quickly share data and
information from anywhere in the world," the statement said.

MOD went into detail over two particular software components, one of which
allows a user with access to monitor or shut down T1 links used by the
military. The other program concerns Global Positioning System satellites,
which are used to establish precise coordinates for weapons targeting and
the navigation of commercial aircraft.

"Although the DEM software cannot be used to send data to the GPS
satellites, it can be used to track the satellites and pinpoint their
exact whereabouts, as well as the frequency ranges they use and other
operational information," said the MOD statement.

MOD claims it first obtained the software in October 1997 but did nothing
with it at first, to be sure that they were not being tracked.

Although the Defense Information Systems Agency public affairs office
declined to comment, a mission statement on the agency's Web site
clarifies its role within the Department of Defense:  "DISA will be the
preeminent provider of information systems delivery support to our
warfighters and others as required by the DoD, under all conditions of
Peace and War." 

MOD members were not immediately available for comment, either, but in an
interview with Vranesevich last Friday, group members said their
intentions were not hostile.

"We have the power to do so, but at this time we have no intentions to
launch such a [military] attack," a member told Vranesevich. Another
member also told Vranesevich that he had obtained a separate piece of
software used to communicate with submarines.

Gene Spafford, director of the computer security research center COAST,
said that the intrusion, if true, didn't surprise him.

"I don't think anyone who is familiar with government security has ever
believed it to be as secure as claimed," Spafford said.

Spafford added that he was not familiar with DISA systems, but that any
distributed system is vulnerable, and that many government systems are
configured "for convenience and not need." 

The group claimed that they stole the software from a Windows NT server at
DISA, and that about 30 individuals worldwide presently have copies.

"When you have a system that is distributed such that others can
manipulate it, you open it up to not just security problems but also
erroneous operations," Spafford said. "[You get] people who don't have
training and [you get] accidents. It is a standard systems design

In an interview with Vranesevich, the group offered some network security
advice for the US government.

"It's simple: take all [classified] military systems off the Internet,
place only [unclassified] Web servers on the Internet [and] keep the rest
on a purely internal network," the MOD member said. 

[Wow. That sums up the CURRENT and PAST DOD standards for
 networked computers. Breech of these rules subjects the user to stiff penalty.]