Yet another U.S. Department of Defense organization is having its
computer systems shut down and closely examined for evidence of successful
hacker penetration. This time it's the National Defense University (NDU) in
Washington, DC. Last month, it was the Navy War College in Rhode Island. NDU is
similar to the War Colleges each of the services have, but teaches subjects of
use to all military officers, and at a somewhat higher level.
NDU situation is different from that of the Navy War College. There does not
appear to be a hacker attack, or at least one that was obvious. Instead, the
NDU is shutting down its network (including email access) for a month, to
coincide with the break between semesters, for "maintenance". No one
is giving out details, so it appears that there is suspicion that the NDU
network was penetrated, but that the intrusion was not detected. This is what
hackers always try to do. Get in without being seen, so you can collect useful
data for as long as you can remain hidden. These are the most dangerous
penetrations, and hacker groups (especially those sponsored by criminal gangs
and governments) are getting better at pulling off this sort of thing.
The United States has organizations that develop penetration tools, and others
that study hostile hackers, and what they do. It is known that the number of
undetected penetrations is going up, and it may be anticipation of that, which
is shutting down the NDU networks for a month.
NDU computers contain much more valuable data than can be found at the Navy War
College. If the NDU system has been penetrated, you not only want to find out
that, but also when, and to what extent.
NDU was hit, and the attack was traced back to China, it would be the fourth
time in six months that this has happened. Chinese hackers were believed
responsible for the penetration at the Naval War College servers. The results
of that investigation may be related to all the activity at NDU.
Department of Defense has a lot to worry about, because they have more
computers (about five million) than people (about three million). These PCs are
operating on some 12,000 different networks, and most of these are in turn
connected with the Internet.