Autor: lbs_at_phys.ufl.edu
Data: Mon 07 Nov 1994 - 05:29:57 MET
The Washington Times
November 3, 1994
Air base no match for boy with modem ;
Computer hackers pick big targets
by Arnaud de Borchgrave
A computer hacker recently attacked a U.S. Air Force base, where he
compromised the security of 30 systems, and penetrated more than 100 other
systems before he was caught in a 26-day international electronic manhunt.
The victims included the South Korean Atomic Research Institute, NASA, the
Goddard Space Flight Center in Greenbelt and the Jet Propulsion Laboratory in
California, according to James Christy, director of computer crime
investigations for the Air Force Office of Special Investigations.
Mr. Christie recounted the story at a conference on global organized crime
convened by the Center for Strategic and International Studies (CSIS).
He also said that in a general security test his own investigators were able
to break into 88 percent of Defense Department computer systems. Only 4
percent, he said, realized they were under electronic assault.
After 30 Air Force systems were compromised by an attack against the Rome
Air Development Center at Griffith Air Force Base in Rome, N.Y., Mr. Christy
led a team of investigators to the scene.
He said they quickly traced the attacks to 10 different locations and later
concluded that two hackers were involved. They also found that six different
"sniffers" were gathering IDs and passwords for other systems.
Mr. Christy said despite an elaborate technical surveillance system set up
in Rome, N.Y., they could not pinpoint the location of the attackers. "They
were looping and weaving through a dozen countries and three continents," Mr.
Christy said.
The investigators then turned to their informants' network on the Internet
- the global network of computer systems, with an estimated 20 million users in
130 countries - and said, "We're getting hit by two individuals, someone using
the name Data Stream and the other Kuji. Would someone please tell us who these
people are and where they are?"
An informant came forward on the Internet and told Mr. Christy's
investigators he had an e-mail conversation with Data Stream in January. He
also said he knew Data Stream liked to attack military sites "because they were
so insecure."
It turned out Data Stream lived in Britain and had his own electronic
bulletin board, from which they got his phone number.
Mr. Christy then called Scotland Yard in London. British detectives began
monitoring Data Stream, and within two hours U.S. investigators had a
"correlation."
Every time there was an intrusion at Griffith Air Force Base, Mr. Christy
said, "Data Stream was on line, using fraudulent phone methods, or 'freaking,'
to get out of the U.K."
"From log-on in Britain until Data Stream surfed his way into the Rome Air
Development Center at Griffith usually took 30 minutes," he said. "During that
time he had looped through several South American countries, back to half a
dozen European countries, over to Mexico and up to Rome in New York. From Rome,
Data Stream picked off another 100-plus victims downstream."
Meanwhile, Scotland Yard's finest had circled the culprit's house in London.
But Data Stream suddenly did what computer investigators call a "world mount."
He bobbed and weaved again, this time all the way to South Korea. Once
there, he picked clean all the disk space from the South Korean Atomic Research
Institute and moved the data over to the Rome Air Development Center.
At that point Mr. Christy decided to abort the arrest and monitor a little
longer. When the search warrant was finally executed, British detectives found
a 16-year-old boy sitting in front of a keyboard on the third floor of the
house. When the youth realized they had come to arrest him, he dropped to the
floor, curled up in a fetal position and cried.
The Air Force still has no idea who Kuji is.
"He is even more sophisticated," said Mr. Christy, "and presumably just as
young."
Dain Gary, the head of the Defense Department-funded Computer Emergency
Response Team (CERT), told the CSIS conference that in 1990 his organization
responded to 132 incidents of electronic assault against civilian targets. Such
incidents now average almost 200 per month.
CERT's 14 top-of-the-line computer wizards are putting in 12-hour days.
They operate round-the-clock and man a 24-hour hot line.
"Everything from corporate proprietary design issues to pending secret
mergers, to currency flows, has been reduced to electronic format and is subject
to stealing or sabotage by electronic means," Mr. Gary said.
The problem, as CERT sees it, "is one of lack of understanding and awareness
and a lack of training and technical competence on the part of the user
community."
"The technology of software is changing every 12 to 18 months, the hardware
every 36 to 48 months," he said. "And users are not keeping abreast of what's
happening. The bad guys are. The operators, for the most part, are
blissfully unaware, to say nothing about the law enforcement and regulatory
agencies."
Mr. Gary said 96 percent of the banks, corporations and institutions that
CERT determined were being penetrated did not know what was happening to them.
Donn Parker, who has written five books on computer crime and information
security and has spent 24 years dealing with computer security, said he had
interviewed 200 so-called "computer criminals."
"They all seem to have one problem in common," he said. "How much money
should I steal or how much money should I move? Once you get the money in
electronic form, it is only where you put the decimal point that matters.
"In interviewing career criminals, embezzlers within large companies, we
find that if they try to steal too much money, they will be caught. We also
found that if you do not take enough money you are going to be caught because
you do not have enough then to hire a good lawyer and accountant and travel well
to stay free.
"So they have learned from experience to strike the kind of balance that
will not draw attention. That average now ranges from 2 to 3 million dollars.
You are relatively safe moving this amount very rapidly around the world."
The CSIS conference also heard that Britain's National Criminal Intelligence
Service now estimates global money laundering at $500 billion a year and that
profits from global organized crime now total about $1 trillion a year.
To archiwum zostało wygenerowane przez hypermail 2.1.7 : Wed 19 May 2004 - 15:46:53 MET DST