Russia hacking stories refuted

Although the FBI is still investigating the incident, Pentagon officialsand security experts refute claims that the Russian government officiallytook part in a computer break-in that reportedly resulted in the theft ofsensitive naval codes and missile-guidance data.

Reported through media outlets in Europe and the United States as OperationMoonlight Maze, the cyberattack reportedly took place between January andMay. The attack was first reported in March, when deputy secretary of DefenseJohn Hamre met with members of Congress during a closed briefing to discusswhat was then described as a coordinated and organized attempt to penetrateDOD networks. Pentagon officials said no classified networks had been breached[FCW, March 8].

A spokesperson for DOD's Joint Task Force for Computer Network Defense,the group responsible for directing DOD efforts to stop or contain damageand restore DOD network functions operations, declined to comment on theincident while the investigation is ongoing. The FBI also declined to comment.

While sources have confirmed that the FBI has visited Moscow to investigatethe origins of the cyberattack, a DOD spokesperson called recent media coverageof the incident "a combination of outright fabrications, distortions andincorrect quotations," adding that military secrets were not compromised.

Anton Nossik, chief editor of Russia's only online daily newspaper,Gazeta.ru, said FBI officials arrived in Moscow in March to investigatean intrusion into various DOD satellite control systems, and they receivedthe full cooperation of the Russian government as well as local Internetservice providers, including himself.

Industry sources, who spoke to FCW on condition that they not be identified,said they warned DOD officials in January about the existence of an unusualhigh-speed communications pipe linking various research and developmentfacilities in Moscow with the United States. According to the sources, thenetwork was of such high capacity that it appeared to be an attempt by theRussians to hide a major offensive command and control network within aring of research laboratories.

Evidence Found?

One of the sources, who works for a major Internet domain registrationfirm, said he found copies of DOD duty rosters, network maps and photographsof DOD facilities residing on servers belonging to the research laboratories.

The media articles that have speculated about the Russian link "neithercontain nor refer to any evidence linking hacks to any of Russia's governmentagencies," Nossik said. "We have 1.7 million Internet users [in Russia,and] not all of them are affiliated with the KGB," the former Soviet Unionintelligence agency.

"Were the FBI assuming for a moment that hacker attacks were sponsoredby Russian government agencies, they wouldn't have turned to Russian authoritiesfor assistance," Nossik said. "Normally, you don't involve a suspect ininvestigating a crime he's supposed to have committed."

George Smith, editor of the Crypt Newsletter and author of the book,The Virus Creation Labs, said the so-called offensive C2 network in Moscow"sounds like a good description of a common playground for teenage hackers Russian, American, European or Asian."

As far as the pictures of DOD facilities and other materials that sourcesclaim to have found on Russian systems, Smith said that type of material can be found in many placeson the Internet.

"Portions of DOD are prone to yell 'cyberwar' at just about any potentialmisuse of cyberspace," he said.

According to Nossik, the Russians, with the help of U.S. firms suchas Sprint, MCI WorldCom's UUnet and others, installed a 2 megabit communicationslink between Moscow and the United States three years ago.

In addition, major European long-haul communications carriers such asNorTel Networks Corp. and Russia-based Fintelecom also became involved inthe effort to connect Russia to the West.

"Nowadays, Russian links to the West are quite numerous, and their totalcapacity can be boldly estimated in hundreds of megabits," Nossik said.Furthermore, most research labs in Moscow lease their network access fromcommercial ISPs, he said.

"Laying a T-3 [communications link] over the Atlantic to relay dutyrosters or naval codes back to Moscow seems totally unnecessary," Nossiksaid. "To steal pictures, maps, duty rosters, naval codes or passwords,you don't have to sit at anything more serious than a 33.6 [kilobits/sec]modem connection, which is available to anyone in Moscow."

Not So Obvious

Allen Thomson, a former CIA analyst, said it would be strange for Russia'sintelligence apparatus to tip its hand by running a large-scale operationinstead of discretely developing capabilities to use in a time of greaterneed.

"At the moment, I get the impression that this is likely a nonofficialaction by some person or persons ticked off at the U.S. over Kosovo," Thomsonsaid.

However, Thomson did not discount the possibility of that the personcould be a rogue member of the Russian intelligence service.

Featured

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.