October 10th, 2006 
admin 
An intriguing aspect of national defense systems is the computerization and networking of them. The fast explosion of the internet, once a closed defense system, has lead to network connections to sensitive defense and intelligence systems. In 1994, two hackers broke into Rome laboratory in New York. Rome laboratory is the Air Force’s premier command and control research facility. For three full days, the hackers went about snooping on the network undetected. They also assumed the identity of personnel to gain entry into other connected sites like NASA and Wright Patterson Air Force Base. During that time, these individuals copied sensitive national defense data to foreign computers. Only one of the hackers was ever caught. As you can imagine, this quickly caught the attention of the US government.
But despite all the warnings, security breaches, like the one above, continued. During 1995, an attacker from Argentina broke into systems at the Naval Research Laboratory, Los Alamos, and NASA. The attacker had access to sensitive national information on weapons systems, radar defense systems, aircraft design, etc. There are other tales of Russian, Chinese, and other attackers accessing very sensitive defense documents, test, etc. But this is only one part of the warfare that is actively taking place.
Other tactics aim at political statements of power. The “Code Red” attack in July 2001 was one of the worst worms to date. It exploited a security hole in Microsoft’s IIS web server. The attacks originated from China, hence the name, and aimed to bring governmental sites down. This was a denial of service attack. Other sites displayed a message “hacked by Chinese.”
And there are plenty of attacks aimed at disrupting ecommerce. One such virus was the Nimda virus. It occurred one week after the September 11th attacks. The problem, in terms of media coverage, was that it happened right after the World Trade Center attack. Most people would be hard pressed to even remember it. But the Nimda virus (admin spelled backwards) took aim at Wall Street, among other targets. The result was $3 billion lost. And the unnerving thing is that the attackers were never caught. They were phantoms. But events like these really underscore an even more disturbing fact. Most of these attacks didn’t attach deadly payloads. What I mean is that they didn’t aim to destroy the systems they compromised. It’s almost like they were reconnaissance. They were a sort of trial run for things to come.
In 1999, the Department of Defense (DOD) initiated a penetration test that they code named “Eligible Receiver.” With the full blessing of the Pentagon, the small tiger team of seasoned hackers went about their work. Within days, they had taken control of Pentagon systems and the National Military Command Center. Suddenly, the Pentagon was very interested in cyber security – and it is no wonder.
But the attacks continue. And what makes a networked world so great also makes it really bad. Now, whole supervisory control data acquisition systems (SCADA) can be exploited. These are the controls that guide our power grids in the US. These controls have been pen (penetration) tested by tiger teams. Tiger teams have shown that they can take control of these systems. You may be thinking that just turning off the power is not a bad thing. The problem is that they can do much more than just turn power off. They can give false readings to attendants. And these attendants can be fooled into taking actions which permanently damage power grid components. That could mean loss of power for a long time. And the scope of the problem has been purported to be national. If that’s true, we have a very big problem on our hands.
One thing is for sure. This type of activity is not going to decrease. The attacks are becoming more frequent and more skillful. And many within military ranks decry this type of “attack” as pithy. Maybe this is because it’s hard to attach physical loss of life with it. But consider for a moment the financial havoc of some of these types of attacks. That financial damage has a very real impact on military funding, infrastructure, etc. And that, though indirectly, could lead to real loss of life. And what of compromised intelligence? It can’t be good for enemies to acquire that type of information. How’s that for understatement?
Sources: May, 1996 Report to Congress entitled “Computer Attacks at Department of Defense Pose Increasing Risks,” and
Posted in 
