Return-Path: <sentto-279987-1723-1000136729-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Mon, 10 Sep 2001 08:47:03 -0700 (PDT) Received: (qmail 13519 invoked by uid 510); 10 Sep 2001 15:45:50 -0000 Received: from n31.groups.yahoo.com (216.115.96.81) by 204.181.12.215 with SMTP; 10 Sep 2001 15:45:50 -0000 X-eGroups-Return: sentto-279987-1723-1000136729-fc=all.net@returns.onelist.com Received: from [10.1.4.54] by hp.egroups.com with NNFMP; 10 Sep 2001 15:45:29 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_3_2_1); 10 Sep 2001 15:45:28 -0000 Received: (qmail 88223 invoked from network); 10 Sep 2001 15:34:34 -0000 Received: from unknown (10.1.10.142) by l8.egroups.com with QMQP; 10 Sep 2001 15:34:34 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta3 with SMTP; 10 Sep 2001 15:34:28 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id IAA06987 for iwar@onelist.com; Mon, 10 Sep 2001 08:01:58 -0700 Message-Id: <200109101501.IAA06987@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Mon, 10 Sep 2001 08:01:58 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:JTF-CNO-Battles-Surging-Tide-Of-More-Destructive-Computer-Attacks] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Defense Information and Electronics Report September 7, 2001 JTF-CNO Battles Surging Tide Of More-Destructive Computer Attacks DOD's Joint Task Force for Computer Network Operations office is permanently on an "at-war footing" because of the constant computer attacks against Pentagon computer networks, according to JTF-CNO commander Army Maj. Gen. Dave Bryan. The threats to Defense Department computer networks continue to increase in number, sophistication and destructive potential, according to Bryan, who leads the task force responsible for defending DOD computer systems. "Because we consider ourselves at war, we maintain an at-war footing. A 24-by-seven-by-365, fully manned watch, in which we have computer analysts, network experts and . . . real time sensors," Bryan said. Both the people that attack DOD computers and the tools they use to do the attacking have increased in number and sophistication, Bryan said. Computer criminals are no longer primarily teenage hackers with too much time on their hands, he said. The other, more serious, threats to DOD networks fall into three groups, Bryan explained. They are foreign governments, terrorist and dissident organizations, and spies. Although the cyber-adversaries have various political motivations, enemy states and terrorist groups turn to information warfare for the same reasons, Bryan said. First of all, because the U.S. military capability is far superior to most nations, information warfare is an "asymmetric" alternative to traditional military confrontation. The ratio of risk to reward is much lower. A computer attacker runs no risk of being killed during the attack. Secondly, these groups know the United States and its military are greatly dependent on information technology systems, so that the systems DOD uses to be more effective can actually become liabilities. Lastly, enemies know the U.S. is an open society, which is reluctant to block Internet gateways that provide easy access for attackers. The United States, in a sense, is a potential adversaries' "best dream come true in terms of the potential for our capabilities to be exploited," Bryan said. In addition, recent arrests of FBI counterintelligence agent Robert Hansen and National Reconnaissance Office systems administrator Brian Regan, is evidence that the threat from espionage is still alive in the wake of the Cold War, he said. A case can be made, he argued, that the threat from espionage is "on a scale unprecedented" in America's history, and both Hansen and Regan exploited their access to networked, classified information. The Viruses and worms that attacked computer networks worldwide have also become more menacing. The progression from the "Melissa" virus in the spring of 1999 to the two versions of the "Code Red" worm that infected Pentagon computers last month is illustrative of this increasing sophistication. The Code Red worm, in fact, had more than twice the effect on DOD systems than worms that were seen as recently as January, Bryan said. The "Anna Kournikova" worm that appeared then, for example, caused only very minor problems for DOD. Code Red, by contrast, caused the department to shut down access to several of its Internet gateways in response to the scanning activity that the worm caused in computers it affected (Defense Information and Electronics Report, Aug. 31, 2001, p1). "In just a few months [attacks] went from very simple worms to complex worms, to worms that by their very infection technique caused denial-of-service scanning against networks," Bryan said. While infection techniques are getting more vicious, the sheer numbers of attempts to infiltrate DOD computers continue to rapidly increase, according to Bryan. In 1998 the number of detected unauthorized "events" against DOD computers was 5,844, according to Bryan's briefing. By 2000, that number had increased to 23,662. So far this year, there have already been 28,106 of these events. Bryan predicts there will be more than 40,000 by year's end. While these numbers reflect everything from harmless, and perhaps even accidental, attempts at unauthorized access, the skyrocketing volume does indicate that malicious intrusion attempts are also increasing, according to Bryan. Although DOD computers are increasingly threatened, Bryan claimed the JTF-CNO is doing a better job defending against those threats. Of the 28,106 "events" detected so far this year, for example, there have been just 369 successful intrusions. The vast majority of those intrusions, moreover, were due to vulnerabilities that the JTF-CNO has seen before and that are easily preventable, he said. One of the problems that they are working to remedy, for example, is that some DOD employees fail to adhere to the department's policy of having difficult-to-guess passwords. The word "password," Bryan said, is the most common password at DOD. Only 1 percent -- less than four -- of the intrusions were new intrusion methods that necessitated intense analysis, Bryan indicated. Formed through the merger of the Joint Task Forces for Computer Network Attack and Defense, the U.S. Space Command task force changed its name to JTF-CNO April 2, when responsibility for computer network attack capability was formally transferred to SPACECOM. In response to the increasing quantity and quality of threats, the JTF-CNO has steadily increased its "optempo," or operational rate of activity, Bryan said. So far this year, the JTF-CNO has participated in eight major computer network defense and attack exercises involving the various unified commands. The task force has also dealt with the real-world occurrence of six major virus attacks in five months, including three variants of the Code Red virus in just nine days last month, according to Bryan's briefing. To keep up with the larger number of events, the optempo of the five month-old JTF-CNO is continuing to increase. They are "very quickly expanding and manning," getting additional funding for better technology, participating in partnerships with the private-sector to increase the technical capabilities of their people, and pushing "in the policy and legal world for expanded authority" to pursue their mission, Bryan said. -- Hampton Stephens ------------------------ Yahoo! Groups Sponsor ---------------------~--> Do you need to encrypt all your online transactions? Secure corporate intranets? Authenticate your Web sites? Whatever security your site needs, you'll find the perfect solution here! http://us.click.yahoo.com/wOMkGD/Q56CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:41 PDT