[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] Military Computers Easily Cracked, Experts Say
Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------
Military Computers Easily Cracked, Experts Say
By Andy Sullivan, August 16, 2002 05:43 PMET
WASHINGTON (Reuters) - Tens of thousands of U.S. military and government
computers containing sensitive information are easily accessible over the
Internet, a computer security firm that cracked the networks said on Friday.
Military encryption techniques, correspondence between generals, recruits'
Social Security and credit-card numbers and other sensitive information is
often stored on Internet-connected computers that use easily guessed
passwords or in some cases no passwords at all, said an official at San
Diego security firm ForensicTec Solutions Inc.
"We were kind of shocked at the security measures, or lack thereof," said
ForensicTec President Brett O'Keefe.
A spokesman for the Army confirmed that an unclassified network was
breached and that no classified material was believed to have been exposed.
"While any intrusion is significant, particularly when it discloses
personal information about our soldiers, the data compromised did not
affect national security," said Army Col. Ted Dmuchowski, director of
information assurance in the chief information office/G6.
The Army's computer defense system detected the breach, which occurred
because of several "miscues" in the process, said Dmuchowski, responding
via e-mail to questions.
ForensicTec consultants came across the network for the U.S. Army's Fort
Hood base in Texas while working with another client earlier this summer,
O'Keefe said.
From there, they were able to access internal networks at other military
bases, as well as civilian agencies like the National Aeronautics and Space
Administration, the Department of Energy and the Department of
Transportation, he said.
Computers were easily cracked by guessing common passwords like the user's
name, or even by typing in "password," O'Keefe said.
Although they were not able to access any classified information, the
security consultants were able to find e-mail messages between generals and
other high-ranking officers and recruits' Social Security and credit-card
numbers, he said.
They also found records describing radio-encryption techniques,
laser-targeting systems and information about couriers carrying secret
documents, he said.
More sensitive information might be available, as the consultants only
checked a few of the tens of thousands of computers that could be accessed,
he said.
To prevent intrusions, the Army is instructing its field units to ban the
use of older, inherently weak machines in processing any sensitive data and
inserting state-of-the-art security hardware and software technologies into
Army systems and network, reviewing polices and procedures, Dmuchowski said.
Last year there were tens of thousands of attempts to breach the Army
networks, but less than a half of a percent of them turned into actual
intrusions, he said.
"On a scale of 1 (lowest) to 10 (highest) this is a 2.5," Dmuchowski said.
"The intrusion occurred on the unclassified network of an Army tactical
unit in its garrison location -- this was not the Pentagon."
Computer trespass is a felony crime in the United States, and computer
hackers could face beefed-up penalties including life in prison under a
bill that passed the House of Representatives earlier this year. But
O'Keefe said ForensicTec consultants felt they needed to highlight the lax
security so that it could be improved.
"Yes, it was a risk for us to come forward, but if we didn't, who's to say
the next person to come across these networks would do the right thing?" he
said.
---------------------------------------------------------------
Liste verlassen:
Mail an infowar -
de-request -!
- infopeace -
de mit "unsubscribe" im Text.