Security Scene Errata


Posted at 1:39 a.m. PST Monday, December
15, 1997
Computer intrusion prompted Air Force
security review

DAYTON, Ohio (AP) -- Steven Liu may have given the Air Force a wakeup call.  The
24-year-old computer programmer faces up to two years in prison after admitting he
gained access to a military computer system managed at Wright-Patterson Air Force Base. 

Liu, a Chinese national who worked for a military contactor, was accused of downloading
passwords from the $148 million computer database, which tracks the combat readiness of
Air Force aircraft and missile systems around the world. 

Col. William Colmer, who manages the computer system, said in U.S. District Court last
week that the intrusion led to a review of thousands of other Air Force information
systems worldwide to check for other possible weak spots. 

Colmer said software to upgrade security for the Wright-Patterson system had been
available but was not in use at the time of the incident. 

``It was not installed and not in place because we made the decision to use the funding
we had for other things,'' he said. 

Karen Matthews, a computer crime investigator for the Air Force's Office of Special
Investigations, said Liu twice downloaded a password file -- last November and December
-- that would have given him ``super, super access'' to the system. 

"super, super access"? Why does this sound like the AFOSI agent doesn't 
know what "root" or "administrator" access is? Or does "super, super" access 
mean more than just "super" access?

Matthews, whose investigation was aided by Mandarin-speaking FBI agents, determined that
Liu neither destroyed nor altered information in the system and did not create a Trojan
horse, or ``back door,'' so he could enter the system again after passwords were
changed. 

But she said the Air Force cannot be sure he did not supply information that was in the
computer to others -- or that others did not access the system before the passwords were
changed and security upgraded. 

She said the probe turned up weaknesses in the computer system and that the intrusion
probably accelerated the security upgrade. 

Liu said he accidentally discovered the password file and used it to try to find his job
performance evaluation. He said he never tried to access the Air Force computer system. 

Liu, who appeared in court Thursday, pleaded guilty in March to two misdemeanor counts
of intentionally accessing a computer without authorization. His sentencing date has
been set. 

Liu said he has lost his job and has had to rely on savings, borrowed money and
donations of friends to survive. 

``I feel very sorry for what I did,'' Liu said. ``This caused a lot of troubles and
almost destroyed me.''