Have Crackers Found Military's Achilles Heel?

By: James Glave

12:27pm 21.Apr.98.PDT

http://www.wired.com/news/news/technology/story/11811.html

In what may be one of the first demonstrations of the potential of cyber warfare, an international cracking group claims it has stolen a suite of programs used to run classified US military networks and satellites.

The group, calling itself Masters of Downloading, or MOD, said in a statement that it had stolen the software -- the Defense Information Systems Network Equipment Manager (DEM) -- from the Defense Information Systems Agency, the branch of the Defense Department in charge of classified computer networks.

[It is well circulated that 'MOD' is nothing more than a media hoax among the hacker community.]

"This may help you to realize the reality of the threat of information warfare against the United States of America, as well as the DEM software's obvious value to global organizations and individuals," said the statement, which was supplied to Wired News by an anonymous representative of the group.

The statement detailed the capabilities of the DEM software, and was accompanied by a number of image files that depicted the program's interfaces. The software's authenticity was confirmed by John Vranesevich of the computer security site AntiOnline. Vranesevich said he obtained a copy from MOD last Thursday and tested it after first unplugging his computer from the Internet.

[And does this verify where it came from? Or if it is classified?]

Vranesevich, who has tracked the computer underground for five years, said that the theft of a classified network control program pointed to a threat far more serious than the routine Web server intrusions of recent months.

[Vranesevich couldn't recall a major event that was reported in half a dozen magazines and newspapers involving a hacker and email bombs three years ago. Five years tracking the underground?]

"This is one of the first times we've seen a group of hackers whose goal was not to commit acts of Internet graffiti by defacing low-security Web pages, but [instead] to actually target, plan, and retrieve software suites designed for military use," said Vranesevich.

[First time?! LOD and the *original* MOD was a group of hackers that had no Internet graffiti agenda. Since then, countless groups have come and gone that had no intention of defacing web sites. To say something like this shows he has not been around for a few months, or he is fabricating this to make the group seem more dramatic.]

Last month, Vranesevich was the first to interview Ehud Tenebaum, the Israeli teen at the center of a federal investigation into widespread attacks on US military computer systems. But those attacks pale in comparison, he says.

"[The deliberate theft of classified software] puts this group on a whole other playing field," said Vranesevich, who added that the group is comprised of 15 individuals, including eight Americans, five Britons, and two Russians. The group is not affiliated with Tenebaum, known as the Analyzer.

[Independent military personell have verified that the software stolen was NOT classified at all.]

MOD said that the software is used to remotely monitor and manage military computer-related equipment, including routers, repeaters, switches, military communication networks, and GPS satellites and receivers. The suite's top-level interface is designed to "manage all the computer-related equipment used by the United States military," the statement read.

With the DEM software, the group claims, the entire Defense Information Systems Network could be shut down for a period of time. "This is definitely not a good thing for the United States military, as they depend heavily on their computer systems and networks to quickly share data and information from anywhere in the world," the statement said.

MOD went into detail over two particular software components, one of which allows a user with access to monitor or shut down T1 links used by the military. The other program concerns Global Positioning System satellites, which are used to establish precise coordinates for weapons targeting and the navigation of commercial aircraft.

"Although the DEM software cannot be used to send data to the GPS satellites, it can be used to track the satellites and pinpoint their exact whereabouts, as well as the frequency ranges they use and other operational information," said the MOD statement.

MOD claims it first obtained the software in October 1997 but did nothing with it at first, to be sure that they were not being tracked.

Although the Defense Information Systems Agency public affairs office declined to comment, a mission statement on the agency's Web site clarifies its role within the Department of Defense: "DISA will be the preeminent provider of information systems delivery support to our warfighters and others as required by the DoD, under all conditions of Peace and War."

MOD members were not immediately available for comment, either, but in an interview with Vranesevich last Friday, group members said their intentions were not hostile.

"We have the power to do so, but at this time we have no intentions to launch such a [military] attack," a member told Vranesevich. Another member also told Vranesevich that he had obtained a separate piece of software used to communicate with submarines.

Gene Spafford, director of the computer security research center COAST, said that the intrusion, if true, didn't surprise him.

"I don't think anyone who is familiar with government security has ever believed it to be as secure as claimed," Spafford said.

Spafford added that he was not familiar with DISA systems, but that any distributed system is vulnerable, and that many government systems are configured "for convenience and not need."

The group claimed that they stole the software from a Windows NT server at DISA, and that about 30 individuals worldwide presently have copies.

"When you have a system that is distributed such that others can manipulate it, you open it up to not just security problems but also erroneous operations," Spafford said. "[You get] people who don't have training and [you get] accidents. It is a standard systems design question."

In an interview with Vranesevich, the group offered some network security advice for the US government.

"It's simple: take all [classified] military systems off the Internet, place only [unclassified] Web servers on the Internet [and] keep the rest on a purely internal network," the MOD member said.

[Wow. That sums up the CURRENT and PAST DOD standards for networked computers. Breech of these rules subjects the user to stiff penalty.]

main page ATTRITION feedback