Debunking the 250k figure..

Pentagon trashed for putting "spin" on cyber attacks. 

SAN FRANCISCO (Wired) [2.26.98] - The disclosure by the Pentagon that 
"cyber attacks" had been waged against at least 11 military computer 
systems is either politically motivated scaremongering or evidence of
technical ignorance, system administrators and computer security
experts say.
In a breakfast meeting with reporters Wednesday, deputy secretary of
defense John Hamre sent headline writers to maximum alert when he said
that in recent weeks, a small number of individuals had launched a
"highly organized and systematic" attack on the Pentagon's computer
Only unclassified materials such as logistical and administrative data
had been probed or accessed, Hamre said. He declined to provide
specifics, citing the need for secrecy pending an investigation.
But one source, a former defense contractor employee familiar with
federal computer technology and security, was suspicious of Hamre's
agenda in making the unprompted announcement.
"Most administrators are loathe to admit mistakes like this," the
source said, "which makes me really wonder if the report even
originated inside the technical group at the Pentagon."
The source said that Hamre's statements may be politically motivated,
designed to build support for increased Defense Department funding in
an era when government coffers are shrinking.
Hamre reportedly said the Defense Department has been attempting in
recent years to update its systems against security attacks, but that
"We have to do a good deal more in this area," he said.
Hamre made the remarks to the Defense Writers Group, an exclusive
cadre of journalists affiliated with national news media
Pentagon public affairs officials refused to provide a transcript of
the meeting, or comment on what was said. Early news stories reported
Hamre's comments rather uncritically and did little to clarify the
nature of the attacks.
Hamre himself was not specific about whether or not hackers were
attempting to query federal systems -- such as merely opening up a
telephone connection to a federal machine linked to the Internet, or
sending such a machine a harmless "ping" request -- or genuinely
getting in.
All high-profile computer systems are commonly queried by curious
computer users running programs such as "port scanners" that knock on
network doors, and only identify if any are open.
One source told Wired News that up until a year ago, every attempt to
open a telnet connection -- a common networking scheme used to operate
computers remotely -- to a government system was considered an attack.
Sorting out exactly what happened with the "cyber attacks" is a tricky
"This has all the appearances of just being a game," Hamre told the
reporters. "Somebody trying to get in so they can say they got in," he
According to a Washington Post report Thursday, intruders attempted to
enter four Navy and seven Air Force systems and had actually accessed
administrative information in some cases.
"That could be anything, on any computer they own," said James Wilson,
system administrator for CruxNET.
"Someone probably broke into their Web server again," said Wilson. "It
happens to all major government servers every once in a while. That is
why the Web servers have absolutely no connection to anything near
being valuable," Wilson said.
This physical isolation of sensitive information from public networks
is a standard network security practice known as compartmentalizing.
For the government to leave even payroll information accessible to an
Internet, sources said, suggests negligence.
Peter Neumann, moderator of the RISKS Digest mailing list -- a weekly
roundup of intrusions and security threats around the world --
confirmed that no sensitive information was available through
government Web sites. Neumann suggested that there is a difference
between attempted break-ins, which are routine, and actual
penetrations, which are not.
"When you hear a report that a system is under attack, it doesn't mean
that anyone penetrated it," said Neumann, adding that "The stuff
that's on the Internet is there because it's supposed to be
disseminating information."
Another source said that if systems really were compromised beyond
routine Web page hacks, then the administrators at those sites need a
lesson in basic TCP/IP security.
"If it's been going on for weeks, and they haven't been able to stop
it, well then clearly their skills are lacking," he said. "Fool me
once, shame on you. Fool me twice, shame on me," the administrator
"Being attacked isn't a big deal, and should be expected of any site
that is well known, and the admins should be prepared to deal with
it," the source said.
But the larger question of protecting valuable and sensitive data --
beyond human resources files -- is a much more serious matter, said
Neumann, who was an advisor to the President's Commission on Critical
Infrastructure Protection.
That report examined the vulnerability of the nation's key energy and
communications infrastructures.
The report is still largely classified, but last fall Neumann said
that the upshot is that as far as critical infrastructure goes, "we're
in bad shape."
Still, despite Hamre's announcement, Neumann said that hard data on
intrusions doesn't come easily.
"It's very hard to get the correct numbers of how many things are
actually broken into," he said. "They don't talk about it."