Crackers Set Sights on Submarines

by James Glave

5:02am 24.Apr.98.PDT

The cracker group that claimed earlier this week to have stolen US Department of Defense networking software is gearing up to release another suite of sensitive programs.

The group, called Masters of Downloading, or MOD, say that on 1 or 2 May they will release a set of programs used to track and communicate with submarines.

In an Internet relay chat interview Thursday with Wired News, a 24-year-old Russian member of MOD said the group will release the submarine programs, "and more after that." He declined to identify himself and he would not elaborate on what the sub programs actually do -- stating only that "we have so much more to show you."

[No warning about the unreliable nature of IRC? Any 12 year old could claim to be with this group, and there would be no way of knowing. Over time, Glave seems to rely on this type of source more and more.]

"Information warfare is a very genuine threat," said the cracker, who claimed his group pilfered the networking software from a Windows NT server at the Defense Information Systems Agency (DISA).

Yesterday, a DISA spokeswoman said that the theft of the software, called the Defense Information Systems Network Equipment Manager (DEM), in no way represented a threat to national security.

"There is no national security risk posed by this being in the wrong hands," said Betsey Flood, who added that the intrusion was being treated as a "serious matter."

"The software is an unclassified application, it does not contain classified information, and it does not perform control of classified systems," said Flood.

But the MOD member said that DISA was playing down the threat.

"The DEM may be unclassified, but the information it can give can lead to highly classified data being compromised," the cracker said.

"The fact that the DEM software was fully configured makes all the difference -- we know the servers and networks that it connects to and we also had a lot of logs and generated reports from when it was run previously," he said.

To prove his point, he outlined exactly how the configured software could be exploited.

"We could launch the DEM program using the DISA systems as a trusted gateway, thus gaining very important router/repeater information about the DISA," he said.,/p>

"We could then either reconfigure/shut down the equipment, or attempt to compromise it to change routes through systems we 'own,' then sniff from the owned DISA boxes," he said, describing a process of setting an invisible recorder to capture keystrokes or network traffic on a system.

[This still doesn't describe any REAL threat to controlling submarines. This is careful wording aimed at hyping the software by giving vague 'we can do this' type statements.]

But a system administrator with the Department of the Air Force said that the group's claims are overblown.,/p>

"So what if they stole a copy of the software that the Department of Defense uses to manage its networks. All that it shows is that the DOD has to pay millions to software companies for obscure software to manage its networks instead of buying off-the-shelf software like NT or Novell," said the sysadmin, who spoke on condition of anonymity.

"If it is just a simple tracking program that says 'this sub is going out over here,' then it's no big deal.... But if it had operational information like where the subs were, or where their missiles are targeted -- then that's something to be concerned about," the administrator said.

The MOD member said that he had been hacking for almost a decade, that he didn't worry about being caught, and that, as a hedge, he keeps all his private information cloaked with powerful 2048-bit encryption. Further, he said that he was browsing inside US Defense Department systems during the interview with Wired News.

The hacker confirmed earlier reports that MOD did not have hostile intentions, and he brushed off earlier comments that the group could sell the sensitive software.

[Yet in another article, they claimed they could sell this and other software to international terrorists or hostile foreign powers..]

"We spoke of selling it purely as an option to emphasize the DEM software's value when fully configured for operation with generated logs and reports, as the version we have comes with," he said.

"Our goals are to demonstrate the power of 15 or so individuals over large organizations, through publicizing break-ins and data retrieved," he said.

In February, US Attorney General Janet Reno announced that she would ask Congress for US$64 million to fund a new US center for fighting cybercrime. The National Infrastructure Protection Center would be a hub for a renewed counterattack on hackers around the world.

"Janet Reno needs to stand back and take a reality check," said the hacker.

"Any networked system cannot, and will not be entirely secure. It all depends how much of an element of 'human error' has been in the setup of the system through naiveté, etc.," he said.

As previously reported, the US Department of Defense says it keeps top-secret communications on a network called SIPRNET that is physically disconnected from servers on the Internet.

But MOD says they have found that is not always the case.

"The administrative Naval Space Command systems are on the Internet and they contain a lot of 'interesting' data regarding weapons and communications technologies that are to be used by the DOD including energy weapons specifications," the hacker said.

But the Air Force systems administrator remained unimpressed by the group's threats of potential cyberwar.

"In the end, what does the theft of this software mean?" asked the administrator. "In the long run, not much. In the short term, the DOD will spend a few millions to tighten up computer security even more."

"Does it affect the ability of the US military? Not at all.... even though the DOD likes to use computers, it's people and firepower that win wars. Computers only make the use of combat forces more effective," he said.

Editor's Note: Because of the anonymous nature of IRC, the real-world identity of the MOD member in this interview could not be confirmed.

[So here is the warning, at the very end of the article. And despite the anonymous nature of IRC, it will not hinder them from printing this material.]
[ This is getting silly. The DoD leaves their software all over the place I remember a few years ago when I found an FTP site with a copy of SPI. SPI is a COPS like program that the DoE wrote and makes available only to DoE, DoD and their contractors. Search and you will find. - aleph1 ]

main page ATTRITION feedback