Information Warfare: <b>December 22, 2000</b>

December 22, 2000

Going After the Big Guy; Trying to hack into someone else's computer network has become a major indoor sport. Naturally, hacking some nets gains you more points than others. The biggest score is the U.S. military. The Department of Defense runs some 10,000 different networks, using 1.5 million PCs. Most of these nets are linked to the Internet, providing access for malicious hackers worldwide. Some 2,000 of the Pentagon's nets are critical, controlling essential functions like command and control, logistics, nuclear weapons, research and intelligence.

In 1999, the Pentagon detected some 22,000 attempts to hack into their systems. Most of these were amateurs, often teenage "script kiddies" employing easy-to-use tools widely available on the web. In 2000, there were about ten percent more attempted hacks. About three percent of these attempts caused some web pages or local nets to be shut down for a short time. About one percent of the hacks actually got into a site, but none were able to get into classified databases or take control of critical functions. Or at least no such hacks were detected. What worries Pentagon computer security experts is the number of professionals who are trying to get in. Even during the 1980s, long before the Internet and the World Wide Web became widely available, Soviet intelligence agencies were hiring hackers to get into Pentagon networks. Some of these attempts succeeded, or at least they got in and were later found out. A professional hacker wants to get in, take information, and not be caught. Classified information stolen that way is a lot more valuable than when you get it and your hack is detected. Some of the recent successful hacks were traced back to military organizations in China and Russia. Both countries deny that they were trying to hack the Pentagon.

It was the military that created the Internet, but they did not use it in a big way until civilians got access in the early 1990s and the World Wide Web appeared in the mid-1990s. No one expected the web to have such a enormous impact on how people communicated. Soldiers, as well as civilians, eagerly took advantage of the many opportunities presented by the web. Faced with all the clamor for military web use from their own troops, the generals gave in and began using the web everywhere, even on the battlefield. Very quickly, however, everyone was reminded how easy it was to hack into other peoples web sites and the computer servers they ran on. But hacking wasn't the only problem.

In early 2000, a Pentagon task force took a close look at 800 major military web sites. They found 1300 instances where sensitive, or even classified, information was available. Shortly thereafter, most U.S. military web sites were shut down for "reorganization." When these sites came back on line, there were a lot more restrictions on who could see what. Either you needed a military account (.mil) or a password to get to the good stuff. Less visible were the frantic changes made to try and keep the hackers at bay.

The basic problem is that the best defense against hackers is well trained systems administrators (sysadmins) keeping your network software up to date and secure. Most hacks, especially the professional ones, are the result of software that was poorly installed or not updated with the latest patches and protections. The demand for good sysadmins made young soldiers trained in these skills a hot item on the civilian market. The military had a hard time getting these troops to re-enlist. The military had a hard time just training enough sysadmins, and often military servers and nets were run by anyone in the vicinity who admitted they "knew something about PCs".

The sysadmin shortage was attacked by providing better centralized support for military web sites. The military also began using their own teams of hackers to periodically attack their own sites and networks to see how secure they were. The weak sites got more attention. It wasn't a perfect solution, but it was better than the earlier anarchy.

At the same time, the Pentagon went on the offensive. The most sensitive sites were given the most attention, something that was not always done in the past. To cut down on the amateur attacks that succeeded, false files, labeled to appear as top secret, were placed on servers hard disks. These files were decoys, to entice intruders to stick around long enough for the hackers to be traced and caught. A few well publicized prosecutions would discourage many casual hackers. The professionals are another matter. These hackers are careful and skillful. They will hack into a site and just look around to find traps, and how security is set up. The professional hackers will then come back and do some real damage. It's not just stolen files that are a worry, but the planting of programs that can be set off later, as in during wartime, to trash the network and it's files, or send operational data to the enemy.

No one has pulled off a major network attack yet, but the potential is there. Because the United States has more PCs and networks than any other nation, it appears to be the most vulnerable to such an offensive. But most of the work on network security is being done in the U.S. No one knows how likely web warfare is, but no one believes it is impossible. Someone will eventually become the victim of a "Pearl Harbor" attack delivered by hackers. Until that time, everyone is eligible for this dubious honor.