Hackers target DND computers, break into network

[William Knowles <wk () c4i org>]

http://www.canada.com/ottawa/ottawacitizen/news/story.html?id=9c7140f5-576f-4c2a-b6dd-d11126882264

By David Pugliese
The Ottawa Citizen
2004.07.02

Defence Department employees are being targeted by suspicious e-mails 
designed to plant viruses and other malicious codes inside military 
computers, according to a report obtained by the Citizen. 

Most of the details about the incidents, code-named Snow Leopard by 
the Canadian Forces, are wrapped in secrecy. But Defence Department 
records confirm that hackers were able to gain access to military 
computers on at least 10 occasions last year. 

In total in 2003, the military's computer response team dealt with 160 
incidents ranging from poor cyber security to unauthorized entry into 
high-level systems. 

According to one report produced in December, defence employees were 
hit by "suspicious e-mails that appear to be targeting DND individuals 
in an attempt to 'social engineer' the installation of malicious 
code." At least one computer was compromised by the mystery e-mail. 

Social engineering involves the use of deception to try to gain access 
to the password of a large computer system or network. For instance, 
it can be done through e-mails sent by a hacker posing as an 
organization's computer security official and requesting verification 
of an individual's password. Malicious code could refer to a variety 
of problems, including viruses and worms. 

Defence officials are refusing to discuss any aspect of the Snow 
Leopard case, so it is not known how many other department or federal 
government computers have been compromised, the extent of the attacks, 
or if they are continuing. 

"There's very much classified (information) around Snow Leopard and 
what it entails," said Canadian Forces spokesman Maj. Mike Audette. 
"We're not going to discuss in any terms any potential or ongoing 
communications computer network security operations." 

Patrick Naubert, a computer security specialist, said that even if a 
hacker obtains a password through social engineering, there are still 
numerous hurdles to overcome before gaining electronic access to the 
target's computer network. 

Even if access is gained, the hacker must know roughly what they are 
looking for, or they face the problem of filtering through thousands 
of filenames to find the information they want, noted Mr. Naubert of 
Tyger Team Consultants Ltd. 

"DND might not actually care about that, since just any hacker gaining 
read access to any machine on any of DND's network might be a PR 
nightmare, regardless of the fact that DND must have an airgap between 
their 'unprotected' network and their 'protected' network," Mr. 
Naubert explained. 

It's not the first time that military computers have been compromised. 
In 1999, it took a 17-year-old high school student in the U.S. just 10 
minutes to breach the Defence Department's computer system. "The DND 
site was an easy target," Russell Sanford told the Citizen in 2002. 
"It was pretty weak." 

Mr. Sanford said he went in and out of the military computer network 
over a period of three days. When the Citizen story emerged, Defence 
officials acknowledged the breach but claimed the teenager was only 
able to infiltrate the department's Internet website which did not 
contain any classified information. 

But the teenager responded that he had hacked into one of the 
department's secure computers via its public website. 

While he did not access or intercept any classified data, Mr. Sanford 
claimed he could have done so if he had wanted to. Instead he left on 
the website tips on how the military could improve its computer 
security. 

In one of the Snow Leopard cases, an administrative assistant with the 
Defence Department's Director of Protocol and Foreign Liaison 
distributed a suspicious e-mail with an attachment. The malicious code 
was removed and military officials indicated in their December report 
that it did not appear the main Defence network computer had been 
compromised in that incident. 

Most details of the Snow Leopard report, released under the Access to 
Information law, have been censored for reasons of national security. 

But the incident prompted military officials to warn the Privy Council 
Office about the attempts to plant a malicious code on Defence 
computers. The Office of Critical Infrastructure Protection and 
Emergency Preparedness also issued a security advisory to other 
departments about the probes. 



*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
----------------------------------------------------------------
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
================================================================
Help C4I.org with a donation:   http://www.c4i.org/donation.html
*==============================================================*



_________________________________________
Help InfoSec News with a donation: http://www.c4i.org/donation.html