March 5, 1999 - CNN Online
WASHINGTON (CNN) -- Defense Department computers are under a "coordinated, organized" attack from hackers, according to Rep. Curt Weldon (R-Pennsylvania), who held a classified hearing on the problem.
Weldon told CNN Thursday night that Deputy Secretary of Defense John Hamre briefed lawmakers at last week's hearing on a specific breach of cyber security that represents a "coordinated, organized" attempt to gain access to classified information in Pentagon computers.
"There is an attack under way. You can basically say we are at war," said Weldon.
Trail leads to Russia
Pentagon sources say investigators traced a number of the attacks to sites in Russia, but it was not known whether the sources were government or non-governmental.
Investigators also could not rule out the possibility the computer attacks were coming from elsewhere and were simply channeled through Russia.
Classified Air Force computer systems at Kelly Air Force Base in San Antonio, Texas, came under attack on January 7 and 8 from a number of locations around the world, sources told CNN, but they were detected and stopped by newly developed Defense Department systems.
Weldon says this was "not a typical hacker," and that the attacks seemed to be targeting specific systems.
Solar Sunrise: Preparation for attack?
Pentagon officials say no classified computer systems have been breached, but Rep. Weldon said there was fear that the attackers may have penetrated systems that could lead to access to classified systems.
A year ago, Hamre told lawmakers about Solar Sunrise, a series of attacks in February 1998 that targeted Pentagon computers.
"The attacks were widespread, systematic and showed a pattern that indicated they might be the preparation for a coordinated attack on the Defense Information Structure," said Hamre of Solar Sunrise in his unclassified written testimony Tuesday.
Guarding cyber Pentagon
"The attacks targeted key parts of Defense Networks at a time we were preparing for possible military operations against Iraq."
The Solar Sunrise incident led to the establishment of 24-hour, 7-days-a-week online guard duty at important military computer sites.
This increased vigilance has led, in turn, to increased reports of cyber attacks, officials say.
Preparing for World War Web
by Jackie Cohen
(IDG) -- The next world war could be waged on the Net.
At least that's what security pundits are saying, following President Clinton's request for $2.8 billion of the budget to go toward fighting "exotic forms of terrorism," from chemical warfare to online attacks.
Combating these menaces will "dominate national defense in the next century," Clinton said. The requested expenditures would include hiring "computer experts who could respond quickly to electronic terrorist attacks," said Clinton.
Picture this scenario: North Korea hires 35 hackers to crack U.S. defense systems with commercially available equipment and software downloaded from the Internet. Their mission: to prevent the U.S. Air Force from flying over Korea.
Without actually breaking any countries' laws, the 35 tricksters work their way into the power grids and 911 emergency phone lines in 12 U.S. cities, and shut them down. With a similar degree of ease, the nefarious hackers then gain control of 36 computers at the Pentagon. All of this happens within four days. And army and navy generals are unable to tell that the ludicrous commands they are receiving from the warped systems are bogus.
The Pentagon recently ran a simulation of this hypothetical event, an exercise it called the Cyber Receiver, to illustrate the threat to national security. Now security activists are pointing to such examples in the wake of Clinton's commitment to fighting cyber warfare.
"We as consumers are all vulnerable to such attacks," insists James Adams, CEO of iDefense and author of The Next World War: Computers Are the Weapons and the Front Line Is Everywhere – A Study Of Information Warfare, along with 11 other treatises on such topics. Adams recently founded Infrastructure Defense, or iDefense, whose mission is to "defend the critical infrastructure from cyberspace threats."
Adams' organization is effectively a consultancy looking to cash in on a heightened level of security hysteria. Not content to use the word "hacking" to describe security breaches, Adams sounds the alarm bell with cries of "cyber terrorism." These acts can include one nation attacking another in a time of war, economic espionage, criminal theft or blackmail, or your more traditional hacking by disenchanted employees and geeks with nothing better to do on a Saturday night, according to Adams.
Alas, there is no security system strong enough to battle all of these fiends, but iDefense says it will help businesses find the right security solutions. The firm plans to build up "red teams" – squads of superhackers who will test the strength of systems that purport to be secure. This will be part of a certification methodology that iDefense will use to evaluate and guarantee the safety of company infrastructures and Web sites.
Microsoft has joined as a "charter member" of the organization, helping iDefense hatch its plans. IDefense is also trying to solicit Fortune 500 companies to join, at $1 million a pop, says Adams.
Companies may be willing to fork over the cash to protect themselves. "We believe it's important to protect our national security. Most of the security protecting the public is owned by the private sector," says Adam Stone, a VP at Microsoft. "We have a lot of products in installations that are required to be secure: in law enforcement, the legal profession and national security. All of the big wars in this country never happened here, but with pervasive computing, it could happen here. Let's prevent it."
