[ISN] The new Trojan war
InfoSec News
isn at c4i.org
Tue Aug 23 14:17:05 EDT 2005
Forwarded from: William Knowles <wk at c4i.org>
http://www.fcw.com/article90262-08-22-05
By Frank Tiboni
Aug. 22, 2005
In mythology, the Greeks found an innovative way to avoid Troy's
defenses. By offering the gift of a huge horse - hollowed out and
filled with soldiers - the Greeks were able to bypass Troy's defenses
and attack from the inside.
Today the Pentagon faces a similar situation. Adversaries have been
attacking Defense Department computer networks in attempts to bypass
the United States' formidable defenses and attack from the inside out.
Defense and industry officials describe DOD networks as the Achilles'
heel of the powerful U.S. military. Securing military networks is even
more critical in an increasingly transformed military in which
information is as much a weapon as tanks and assault rifles.
DOD networks have been breached. Department officials acknowledged
hackers attacked military networks almost 300 times in 2003 -
sometimes by cyber Trojan horses, which can operate within an
organization's network. DOD officials say intrusions reduced the
military's operational capabilities in 2004.
The pace of the attacks has accelerated as adversaries honed in on
this perceived weakness. DOD tallied almost 75,000 incidents on
department networks last year, the most ever.
Top U.S. military cyberwarriors recently said that adversaries probe
DOD computers within minutes of the systems' coming online. The
cyberwarriors described DOD's computer network defense strategy as a
battle of attrition in which neither side has an advantage. Retired
Army officers and industry officials say Chinese hackers are the
primary culprits.
During the past five years, Chinese hackers have successfully probed
and penetrated DOD networks. In one intrusion, they used a Trojan
horse - a program containing malicious code in an e-mail or adware -
to obtain data on a future Army command and control system.
DOD takes the intrusions seriously. One of the military's proposals to
strengthen its networks is building fake networks, sometimes called
"Honeynets," which divert attackers from critical systems.
Yet some industry officials say Chinese hackers have already obtained
the technology to challenge the U.S. military and its evolving
network-centric warfare strategy, which connects systems to send
information to warfighters faster.
Many networks
DOD operates 3.5 million PCs and 100,000 local-area networks at 1,500
sites in 65 countries, and it runs thousands of applications on 35,
major voice, video and data networks, including the Non-Classified IP
Router Network, which is connected to the Internet and the Secret IP
Router Network, which is not.
The networks provide combat information to civilians, warfighters and
analysts in support or warfare roles, but the networks represent a key
vulnerability.
DOD networks were hacked 294 times in 2003, said retired Air Force Lt.
Gen. Harry Raduege during an industry luncheon briefing in December
2004. He is the former commander of the Joint Task Force for Global
Network Operations (JTF-GNO), the organization that operates and
defends DOD networks.
Department networks remained under attack in 2004, spurring Paul
Wolfowitz, the former deputy secretary of Defense, to issue a memo
telling the services to redouble cybersecurity efforts.
"Recent exploits have reduced operational capabilities on our
networks," he wrote in an Aug. 15, 2004, memo.
"Our adversaries are able to inflict a substantial amount of
harassment and a measurable amount of damage upon DOD communications
networks at practically no cost to themselves," Army Col. Carl Hunt,
JTF-GNO's director of technology and analysis, co-wrote in "Net Force
Maneuver: A NetOps Construct."
Hunt did not name those harassing or hacking DOD networks. However,
Army officers and industry officials pointed to Chinese hackers as the
primary culprits.
"The Chinese were doing this on a regular basis," said Jack Keane, the
former Army vice chief of staff who retired last year. He now works as
a military consultant and advises URS. "That's a given. They're very
aggressively getting capability."
Keane said he received briefings on China's hacking of DOD networks.
"It's common knowledge in the Pentagon," he said.
He knew of no instances in which hackers penetrated DOD networks.
However, a retired Army officer who worked in information assurance
remembers a hacking three years ago at Aberdeen Proving Ground, Md.,
where the service tests weapon systems.
The retired Army officer, who now works in systems integration in
industry and requested anonymity, said a Chinese hacker used a Trojan
horse to penetrate a network there and downloaded information on the
capabilities of a future Army command and control system for eight
months before the service detected a security breach. The system was a
prototype under development testing at Aberdeen.
The retired Army officer said the Aberdeen hacking is similar to
intrusions during the past three years at other Army bases. The
breaches caused the service to spend tens of millions of dollars to
rebuild networks. In those incidents, hackers penetrated systems at
Fort Campbell, Ky., home of the 101st Airborne Division; Fort Bragg,
N.C., home of the 82nd Airborne Division; and Fort Hood, Texas, home
of the 4th Infantry Division.
DOD has also said that the Chinese have targeted military networks.
"Beijing has focused on building the infrastructure to develop
advanced space-based command, control, communications, computers,
intelligence, surveillance and reconnaissance and targeting
capabilities," the Pentagon said in a report issued last month. "The
People's Liberation Army has likely established information warfare
units to develop viruses to attack enemy computer systems and
networks, and tactics to protect friendly computer systems and
networks."
Army documents on weaknesses in its computer network defenses and
vulnerabilities in 10 systems include one that appears to show
networks under attack by China.
Although DOD officials believe improved network management and
vigilance would prevent 90 percent of hackings, 10 percent may still
occur because they involve new intrusion methods.
"The threat is becoming more aggressive and sophisticated," said Army
Brig. Gen. Dennis Via, deputy commander of JTF-GNO.
*==============================================================*
"Communications without intelligence is noise; Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*
More information about the ISN
mailing list