Army on hacker alert
- By Dan Verton
- Mar 16, 2000
HOUSTON — The Army has placed its cyberdefense teams on full alert after a known hacker group threatened to take down the Army's World Wide Web home page this Friday.
On Tuesday evening the Army placed its cyberdefenders at the Land Information Warfare center at Fort Belvoir, Va., on full alert after a group known as the Boys from Brazil threatened to hack into the Army home page on Friday.
But today the Army clarified that the hacker group it is watching is Hacking for Girliez, which took down the New York Times' site in September 1998. Most of the hackers' remarks appeared in comment tags, which can be seen in source material but not on a Web page. The tags include such remarks as "'Immature kids' were able to bypass...$25,000 firewalls [and] bypass the security put there."
Philip Loranger, chief of the Command and Control Protect Division in the Army's Information Assurance Office, speaking here at the 2000 Army Directors of Information Management Conference, said the Army is prepared for any attack against the its Web site.
"We've had to activate some countermeasures to protect the Army home page," Loranger said, declining to provide specifics for security reasons. However, he said the countermeasures being put in place do not include disconnecting the Army site from the Internet.
Specific details emerged today on some of the steps the Army has taken in the past few months to prepare for these types of attacks. Lt. Col. James Withers, a systems engineering specialist with the Army signal command, said the Army's regional CERTs have written special software scripts that will help defend against known hacker tactics. The Army also developed Web cache proxy servers that divert Web surfers away from primary servers residing behind firewalls on Army installations.
The Army is also in the process of deploying a protected domain name system architecture that will help the service regain control of all Army Internet sites and network entry points.
"We know the hackers mapped [the old architecture]," Withers said, adding that 90 percent of the Army's global protected DNS architecture should be completed by April.
Loranger demonstrated for conference attendees how simple it is for hackers to exploit known operating system vulnerabilities using widely available hacker tools and standard systems administrator procedures. In fact, Loranger, with the approval of the Army's staff counsel, demonstrated a live hacking of another computer system to show how within minutes hackers can crack into known password vulnerabilities and take over entire systems and networks.
Loranger also said that the lack of international laws governing conduct on the Internet poses real obstacles to the government's ability to respond to foreign-based hacker attacks. Loranger pointed out that some graduate-level computer education schools in India, for example, have established hacking into U.S. government systems as an academic requirement.
Lt. Col. LeRoy Lundgren, program manager for the Army's National Security Improvement Program, said as many as 285,000 network queries were denied by Army security systems last year because of the questionable method used. Lundgren added that the Army has seen an increase in the number of queries originating in foreign countries, particularly China and Bulgaria.