- By Bob Brewin
- Feb 26, 2007
China ramped up attacks — court documents labeled them nefarious — against networks at Sandia National Laboratories within only a day of the start of the Iraq war. Those activities were described in internal e-mail messages that authorities introduced as evidence in a wrongful dismissal suit that a former computer security employee of Sandia filed against that institution. Shawn Carpenter
is the backhacker who won a $4.3 million judgment against Sandia this month. Carpenter, who began investigating the attacks using a technique known as backhacking, wrote in a March 2003 e-mail message that he detected a significant increase in scans of Sandia networks “within 24 hours of the commencement of military action in Iraq.” Those scans originated from addresses in China.
Carpenter traced some of those probes back to the data communications division of the Chinanet Sichuan Province Network, operated by China Telecom.
Carpenter reported in another e-mail message produced during the lawsuit that foreign probes or attacks against Sandia networks increased 30 percent to 50 percent within days after the United States invaded Iraq March 18, 2003. Investigators traced some of those attacks to China and others to Germany, France, India and Turkey.
The attacks included attempts to get into Sandia labs’ data networks and the labs’ videoconferencing network. I suspect the attackers were not hoping to get a live view of Sandia Peak.
Carpenter eventually took the evidence he collected in his backhacking to the FBI and the Army. Sandia subsequently canned him for not following, among other things, the labs’ security policies.
Based on the reporting conducted at Federal Computer Week in the past two years about the war with China in cyberspace, it seems like we need backhackers like Carpenter more than ever.Why bother with passwords?
Carpenter discovered during his tour in Computer Security Operations at Sandia that the lab had a rather lackadaisical approach to security. For example, a hacker was easily able to penetrate a system running Microsoft SQL server because the systems administrator password was set at null or blank, according to a 2002 e-mail message that Carpenter sent to his superiors in the labs’ computer security department.
In another example that Carpenter reported via e-mail in November 2004, he found an unprotected account for a tape device at Sandia that made it easy to discover passwords and root around in a group of computers for weeks without anyone noticing.
Carpenter also discovered a Brazilian hacker poking around Sandia networks in early 2003. The hacker installed sniffer utilities and backdoors. Network registrations that Carpenter traced to that Brazilian hacker included the name “jyhad.org,” which alarmed Carpenter, but evidently not his bosses.
Maybe that’s because there are not many jihadists in New Mexico — yet.What the heck does LGS mean?
That’s what the Interceptor
asked Jim Orefice
, who was once a veep at AT&T and Lucent, when he handed me his card at the AFCEA International Spacecomm Conference in Colorado Springs last month.
It stands for nothing, Orefice said. “Turn the card over,” he added. Alcatel merged with Lucent in December 2006, and the back of Jim’s business card is devoted to explaining where LGS fits in with the new Alcatel/Lucent.
Under the headline — that’s right, a bold-faced headline on the back of a business card — that read, “Who we are…,” I found out that LGS is the successor to the former Lucent and Alcatel Government Solutions business units, but it is an independent subsidiary of Alcatel/Lucent. The card’s message extols the company’s leadership in all kinds of networking.
So I asked Jim, “Does LGS really mean Lucent Government Solutions? “No”, he said emphatically. “It means nothing.”
While you ponder this nothingness, please help me with the next item.What does 1105govinfo mean?
According to my new e-mail address, [email protected]
. — 1105govinfo is whom I now work for. The name is part of a corporate branding effort to create a new identity after Federal Computer Week’s owner bought Government Computer News, Washington Technology, the FOSE — which also means nothing — trade show and a few other pubs earlier this year.
My corporate masters just love this new identity. But it confuses me and the people I deal with by e-mail. They’ve called me and asked if I have a new job with a public relations firm. Or worse, they haven’t received my e-mail because spam filters spotted the 1105govinfo.com and thought it a bit suspicious looking. Spam filters don’t care about branding.
I am supposed to get new business cards highlighting the 1105govinfo brand, and I’m going to suggest we follow the LGS example of explaining on the back of the card what it means because I am too confused and tired to go through it repeatedly.
If you have thoughts on our or LGS’ branding moves, please send them to me with the word loopy in the subject line at that easy to remember address, [email protected]
.Intercept something? Send it to [email protected].