SUNDAY BUSINESS, © Sunday Business

Serb hackers target military

By Mark Watts & Jat Gill

Security fears rise as NATO e-mail is hit by daily raids

April 11 1999 - THE US Department of Defense's computer systems are being hit with up to100 hack attacks a day. The rate has risen significantly since the air assault on Yugoslavia, with officials blaming Serbian hackers. Military chiefs are being urged by advisers to toughen defences against cyber-attackers. A hard-hitting new report says security standards are falling far behind and that a "change in culture" is needed before military computer systems are properly protected.
Nato admits that Serbian hackers broke into its web site and jammed its e-mail. Sunday Business disclosed two months ago that a British military satellite control system was hacked. Last year, a "diplomat" was caught in a car outside the GCHQ electronic listening centre lifting data with a laptop from a terminal inside. Computer security specialists say the experience of defence establishments provides lessons for commercial corporations. Companies sustain fewer attacks, but are even less well prepared.

Last month's Melissa virus, a kind of e-mail chain letter although relatively benign forced large companies such as Microsoft to close their e-mail systems. The more threatening Chernobyl virus is expected to strike on 26 April, the 13th anniversary of the nuclear catastrophe, putting at risk data on hard disks. A conference on computer crime is to be staged in London in June. The organisers, the International Conference Group, say: "The late 1990s provide the ideal landscape for the computer criminal: the growing number of commercial mergers is turning already confidential information into an even more valuable commodity".

Growing fears about cyber-wars led the US Department of Defence to commission a study from the National Research Council. "The DoD is in an increasingly compromised position," says the report. "The rate at which information systems are being relied on outstrips the rate at which they are being protected". Department officials accept the report's recommendations but say many are already being followed. A spokeswoman said: "The department has 80 to 100 different attack trials in an average day here in the military systems." None of the hacking caused major disruption, she added.

John Hamre, US deputy secretary of defence, told a closed hearing of congress last month that hackers had found a new way into Pentagon networks. Two weeks ago, US energy secretary Bill Richardson shut down classified computers at three nuclear weapons laboratories, including Los Alamos, due to fears over cyber-security lapses. At Nato's Brussels headquarters, Ian Davis, head of the information systems service, said Serbian hackers had caused a "denial of service "but had not actually hacked into the system. The attack affected Nato's web site, he said, which is not connected to classified systems.

Companies worldwide lose millions because of computer fraud, plus losses hard to quantify from information theft. They use firewall software packages as protection, but Sunday Business disclosed last autumn that such barriers sometimes have "holes".

A report by computer security specialist mi2g says employees up to director level often link their PCs to the internet and bypass the firewall to speed up connections, which leaves them exposed. DK Matai, the firm's managing director, said: "In my experience, financial institutions are hacked successfully every six months". An International Computer Security Association study last year showed that 70% of corporate networks "had security flaws which left them vulnerable to even the most rudimentary malicious attacks". Michel Kabay, ICSA's training director, said a new breed of hackers are carrying out attacks for political motives. They have been dubbed "hacktivists".

Renowned worldwide for the ATCA Briefings. Subscribe now.
Home - Profile - Values - People - Careers - Partners - Contact Us
D2 Banking - Bespoke Security Architecture - Digital Risk Management - Tools

Intelligence Briefings - Brochures - Case Studies -
SIPS Methodology FAQ (pdf)
Keynote Speeches - Articles - News Feeds - Glossary (pdf)
Terms and Conditions - Privacy Policy