Pentagon still under assault from hackers

[InfoSec News <isn () C4I ORG>]

http://news.excite.com/news/r/000808/15/tech-cybersecurity

Updated 3:44 PM ET August 8, 2000

By Jim Wolf

BETHESDA, Md. (Reuters) - Defense Department pleas to computer hackers
to quit mischief-making appear to be falling largely on deaf ears,
making spotting potential national security threats more difficult, a
top Pentagon expert said Tuesday.

Despite recent appeals, "we're not seeing any diminishing" of the pace
of attacks on Defense Department systems, said Richard Schaeffer, who
heads the cyber-security office in the Pentagon arm responsible for
command, control, communications and intelligence.

Last year, a total of 22,144 "attacks" were detected on Defense
Department networks, up from 5,844 in 1998, Air Force Maj. Gen. John
Campbell, then vice director of the Defense Information Systems Agency
(DISA), told Congress in March.

So far this year through Aug. 4, a total of 13,998 such "events" have
been reported, according to Betsy Flood, a spokeswoman for Arlington,
Virginia-based DISA, which provides worldwide communication, network
and software support to the Defense Department.

Updating the statistics in reply to a query from Reuters, she defined
"events" as probes, scans, virus incidents and intrusions.

Schaeffer, at a Bethesda, Maryland, "Web Defense" conference on
business solutions to cyber-crime, said the government would like to
take hackers "out of the equation as much as we can" to make it easier
to track cyber threats possibly tied to foreign foes.

Asked whether he expected recreational hackers to comply with the
Pentagon request, he replied: "Probably not," even though, he said,
the Pentagon was crying "uncle" and telling hackers "you got our
attention."

Along with representatives of the armed services and federal law
enforcement authorities, the Pentagon called on cyber vandals last
month to turn their talents to defense.

Assistant Secretary of Defense Art Money urged hackers at an audience
at "DEF CON 8.0" in Las Vegas to join the government or private
industry and get on the "defense side."

Once an underground event, the eight-year-old DEF CON computer hackers
convention drew 5,000 people.

IMPROVED DETECTION MEASURES

Schaeffer attributed the jump in reported attacks on Defense
Department systems between 1998 and 1999 partly to improved
intrusion-detection procedures and technology, along with stepped-up
awareness and reporting.

But the "sophistication" of attacks was also increasing, he said, and
the often-present "noise floor" from computer hackers "makes it a
whole lot easier for (a serious threat) to slip in."

He said the Pentagon was highly confident that its classified systems
had never been penetrated by hackers, thanks to very strong access
controls, and that only unclassified networks had been pierced.

Richard Thieme, a Milwaukee-based consultant on human dimensions of
technology who chaired the panel at DEF CON at which the Pentagon made
its appeal, said all but 1,000 of last year's reported attacks were
attributed to recreational hackers.

Schaeffer, in an interview with Reuters, said it was "highly probable"
that at least some of the 22,000 attacks last year were mounted by
foreigners probing U.S. security gaps.

But he said he had never seen anything purporting to document any such
effort by China, often cited by U.S. national security experts as
probably actively involved in developing offensive cyber weapons.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".