[iwar] Another military system oops

From: Charles Preston (cpreston@sinbad.net)
Date: 2002-08-17 16:21:37


Return-Path: <sentto-279987-5198-1029626742-fc=all.net@returns.groups.yahoo.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Sat, 17 Aug 2002 16:29:08 -0700 (PDT)
Received: (qmail 20909 invoked by uid 510); 17 Aug 2002 23:24:10 -0000
Received: from n24.grp.scd.yahoo.com (66.218.66.80) by all.net with SMTP; 17 Aug 2002 23:24:10 -0000
X-eGroups-Return: sentto-279987-5198-1029626742-fc=all.net@returns.groups.yahoo.com
Received: from [66.218.67.193] by n24.grp.scd.yahoo.com with NNFMP; 17 Aug 2002 23:25:43 -0000
X-Sender: cpreston@gci.net
X-Apparently-To: iwar@yahoogroups.com
Received: (EGP: mail-8_0_7_4); 17 Aug 2002 23:25:41 -0000
Received: (qmail 42113 invoked from network); 17 Aug 2002 23:25:41 -0000
Received: from unknown (66.218.66.217) by m11.grp.scd.yahoo.com with QMQP; 17 Aug 2002 23:25:41 -0000
Received: from unknown (HELO mta-2.gci.net) (208.138.130.83) by mta2.grp.scd.yahoo.com with SMTP; 17 Aug 2002 23:25:41 -0000
Received: from mmp-1.gci.net ([208.138.130.80]) by mta-2.gci.net (Netscape Messaging Server 4.15) with ESMTP id H10H2S02.O6U for <iwar@yahoogroups.com>; Sat, 17 Aug 2002 15:25:40 -0800 
Received: from graywolf3.gci.net ([24.237.10.246]) by mmp-1.gci.net (Netscape Messaging Server 4.15) with ESMTP id H10GWO03.93Z for <iwar@yahoogroups.com>; Sat, 17 Aug 2002 15:22:00 -0800 
Message-Id: <5.1.0.14.2.20020816204732.02d28dd8@mail.gci.net>
X-Sender: cpreston@mail.gci.net
X-Mailer: QUALCOMM Windows Eudora Version 5.1
To: iwar@yahoogroups.com
X-eGroups-From: Charles Preston <cpreston@gci.net>
From: Charles Preston <cpreston@sinbad.net>
X-Yahoo-Profile: cpreston_2000
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Sat, 17 Aug 2002 15:21:37 -0800
Subject: [iwar] Another military system oops
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.20
X-Spam-Level: 

http://news.com.com/2100-1001-954179.html?tag=fd_top


Military computers' data exposed

By  Reuters
August 16, 2002, 5:28 PM PT


Tens of thousands of U.S. military and government computers containing 
sensitive information are easily accessible over the Internet, a computer 
security firm that cracked the networks said on Friday.

Military encryption techniques, correspondences between generals, recruits' 
Social Security and credit card numbers and other sensitive data are often 
stored on Internet-connected computers that use easily guessed passwords 
or, in some cases, no passwords at all, said an official at San Diego 
security firm ForensicTec Solutions.

"We were kind of shocked at the security measures, or lack thereof," said 
ForensicTec President Brett O'Keefe.



A spokesman for the Army confirmed that an unclassified network was 
breached and that no classified material was believed to have been exposed.

"While any intrusion is significant, particularly when it discloses 
personal information about our soldiers, the data compromised did not 
affect national security," said Army Col. Ted Dmuchowski, director of 
information assurance in the chief information office/G6.

The Army's computer defense system detected the breach, which occurred 
because of several "miscues" in the process, said Dmuchowski, responding 
via e-mail to questions.

ForensicTec consultants came across the network for the U.S. Army's Fort 
Hood base in Texas while working with another client earlier this summer, 
O'Keefe said.

 From there, they were able to access internal networks at other military 
bases, as well as civilian agencies like the National Aeronautics and Space 
Administration, the Department of Energy and the Department of 
Transportation, he said.

Computers were easily cracked by guessing common passwords such as the 
user's name, or even by typing in "password," O'Keefe said.

Although they were not able to access any classified information, the 
security consultants were able to find e-mail messages between generals and 
other high-ranking officers, as well as recruits' Social Security and 
credit card numbers, he said.

They also found records describing radio encryption techniques, 
laser-targeting systems and data about couriers carrying secret documents, 
he said.

More sensitive information might be available, as the consultants only 
checked a few of the tens of thousands of computers that could be accessed, 
he said.

To prevent intrusions, the Army is instructing its field units to ban the 
use of older, inherently weak machines in processing any sensitive data and 
inserting state-of-the-art security hardware and software technologies into 
Army systems and network, reviewing polices and procedures, Dmuchowski said.

Last year there were tens of thousands of attempts to breach the Army 
networks, but less than a half of a percent of them turned into actual 
intrusions, he said.

"On a scale of 1 (lowest) to 10 (highest) this is a 2.5," Dmuchowski said. 
"The intrusion occurred on the unclassified network of an Army tactical 
unit in its garrison location--this was not the Pentagon."

Computer trespassing is a felony crime in the United States, and computer 
hackers could face beefed-up penalties including life in prison under a 
bill that passed in the House of Representatives earlier this year. But 
O'Keefe said ForensicTec consultants felt they needed to highlight the lax 
security so that it could be improved.

"Yes, it was a risk for us to come forward, but if we didn't, who's to say 
the next person to come across these networks would do the right thing?" he 
said. 


------------------------ Yahoo! Groups Sponsor ---------------------~-->
4 DVDs Free +s&p Join Now
http://us.click.yahoo.com/pt6YBB/NXiEAA/Ey.GAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2002-10-01 06:44:32 PDT