Cyber attack reveals need for more security

It was early morning on the first Monday in February when analysts at the US Air Force's national computer monitoring centre …

It was early morning on the first Monday in February when analysts at the US Air Force's national computer monitoring centre in San Antonio, Texas, started seeing an unusual series of red warning flags pop up on their screens, indicating unauthorised intrusions into about half a dozen electronic networks around the United States. The analysts had become accustomed to spotting hundreds of suspicious entries a day into Air Force systems, but these were different. They followed a pattern. They appeared to be coming first from Harvard University, and later from other educational institutions in Utah and Texas, entering unclassified networks by exploiting a vulnerability in the Solaris operating system widely used at defence installations.

The hackers turned out to be two 16-year-old high school students in northern California, assisted by another teenager in Israel, according to US officials. But for nearly a month they led defence and law enforcement authorities on their biggest cyber chase yet. Unsure where the attacks were originating or how many hackers were involved, the Deputy Defence Secretary, Mr John Hamre notified President Clinton early in the search that the intrusions might be the first shots of a genuine cyber war, perhaps by Iraq as it faced a renewed threat of US airstrikes.

The episode left the Pentagon badly shaken. And it added urgency to initiatives for raising the nation's defensive barriers and establishing a national policy for cyber security. Despite numerous studies warning of the growing risk of cyber attack, Pentagon authorities were caught with their guard down. They lacked sufficient monitoring devices to detect intrusions on computer networks at military installations. They also had no plan for co-ordinating a response to a broad cyber assault.

Even after government investigators were able to determine that some kind of systematic electronic break-in was under way, legal restrictions on tracing through cyberspace slowed their pursuit of the hackers across multiple Internet service providers in the United States and abroad.

READ MORE

Many of these same problems had been underscored eight months earlier, during a first-of-its-kind exercise run by the Pentagon's Joint Staff. Teams from the National Security Agency, equipped with off-the-shelf computers and widely available hacker programmes for stealing passwords and probing network vulnerabilities, demonstrated they could disrupt computer operations at major military commands and interrupt electrical power and emergency phone service in several US cities.

Pentagon officials say this exercise, followed by the real scare in February, constituted a one-two punch that has pushed them into bolstering the Pentagon's defences against cyber attack. As part of the broader government initiative, the FBI is expanding its computer crime centre with representatives from the Pentagon and other departments to provide better co-ordination. And the Justice Department is drafting new guidelines to facilitate the surveillance and pursuit of hackers.

But while the government acts to protect its systems, experts say the commercial networks that control utilities, telephones, air traffic, banking and other critical economic sectors also remain vulnerable to the kinds of electronic attacks that could undermine national security. The concern is that by penetrating these systems, terrorists or hostile states would be able to deny essential services to whole sections of the country, sowing chaos and compromising military and law enforcement operations.

In devising its new cyber policy, the US government opted against trying to prescribe computer protection measures for the private sector. It is counting on self-interest to propel companies into identifying their vulnerabilities, installing improved detection systems and entering information-sharing arrangements with other firms and government authorities.

But many specialists in the field are convinced that real progress will not come until the United States suffers an "electronic Pearl Harbour". By their nature, experts say, unauthorised electronic intrusions can be difficult to detect. Hackers can disguise their probes. They also can cover their tracks by bouncing through many Internet provider stations before zeroing in on their targets. Under current law, investigators need a court order to trace back beyond the most immediate Internet service provider.

This helps explain why US defence and law enforcement authorities had trouble in February making sense of the unusual pattern of suspicious intrusions that showed up on the screens at the Air Force Computer Emergency Response Team.

"We got a sense something was wrong, but we couldn't figure out where it was coming from," said a senior Air Force official in Washington involved in the search.

The weakness in the Solaris operating system that the intruders were exploiting was one that military administrators had been alerted about and told to patch last December. But many had failed to heed the warning.

As the attacks spread through multiple servers in the United States, as well as sites in the United Arab Emirates, Germany, France, Israel and Taiwan, US investigators sought nine court orders to pursue the electronic trail.

Without alerting the hackers, investigators denied them access to new sites and steered them to ones already compromised, providing them essentially worthless downloads while the traces continued. The trail ended finally at a house in Cloverdale in California.

"Everything we learned in Eligible Receiver, we relearned in Solar Sunrise," Mr Hamre said. "In big organisations, you learn things slowly. But there's nothing like a real-world experience to bring the lessons home."