[ISN] Hackers target DND computers, break into network
wk at c4i.org
Fri Jul 2 08:27:46 EDT 2004
By David Pugliese
The Ottawa Citizen
Defence Department employees are being targeted by suspicious e-mails
designed to plant viruses and other malicious codes inside military
computers, according to a report obtained by the Citizen.
Most of the details about the incidents, code-named Snow Leopard by
the Canadian Forces, are wrapped in secrecy. But Defence Department
records confirm that hackers were able to gain access to military
computers on at least 10 occasions last year.
In total in 2003, the military's computer response team dealt with 160
incidents ranging from poor cyber security to unauthorized entry into
According to one report produced in December, defence employees were
hit by "suspicious e-mails that appear to be targeting DND individuals
in an attempt to 'social engineer' the installation of malicious
code." At least one computer was compromised by the mystery e-mail.
Social engineering involves the use of deception to try to gain access
to the password of a large computer system or network. For instance,
it can be done through e-mails sent by a hacker posing as an
organization's computer security official and requesting verification
of an individual's password. Malicious code could refer to a variety
of problems, including viruses and worms.
Defence officials are refusing to discuss any aspect of the Snow
Leopard case, so it is not known how many other department or federal
government computers have been compromised, the extent of the attacks,
or if they are continuing.
"There's very much classified (information) around Snow Leopard and
what it entails," said Canadian Forces spokesman Maj. Mike Audette.
"We're not going to discuss in any terms any potential or ongoing
communications computer network security operations."
Patrick Naubert, a computer security specialist, said that even if a
hacker obtains a password through social engineering, there are still
numerous hurdles to overcome before gaining electronic access to the
target's computer network.
Even if access is gained, the hacker must know roughly what they are
looking for, or they face the problem of filtering through thousands
of filenames to find the information they want, noted Mr. Naubert of
Tyger Team Consultants Ltd.
"DND might not actually care about that, since just any hacker gaining
read access to any machine on any of DND's network might be a PR
nightmare, regardless of the fact that DND must have an airgap between
their 'unprotected' network and their 'protected' network," Mr.
It's not the first time that military computers have been compromised.
In 1999, it took a 17-year-old high school student in the U.S. just 10
minutes to breach the Defence Department's computer system. "The DND
site was an easy target," Russell Sanford told the Citizen in 2002.
"It was pretty weak."
Mr. Sanford said he went in and out of the military computer network
over a period of three days. When the Citizen story emerged, Defence
officials acknowledged the breach but claimed the teenager was only
able to infiltrate the department's Internet website which did not
contain any classified information.
But the teenager responded that he had hacked into one of the
department's secure computers via its public website.
While he did not access or intercept any classified data, Mr. Sanford
claimed he could have done so if he had wanted to. Instead he left on
the website tips on how the military could improve its computer
In one of the Snow Leopard cases, an administrative assistant with the
Defence Department's Director of Protocol and Foreign Liaison
distributed a suspicious e-mail with an attachment. The malicious code
was removed and military officials indicated in their December report
that it did not appear the main Defence network computer had been
compromised in that incident.
Most details of the Snow Leopard report, released under the Access to
Information law, have been censored for reasons of national security.
But the incident prompted military officials to warn the Privy Council
Office about the attempts to plant a malicious code on Defence
computers. The Office of Critical Infrastructure Protection and
Emergency Preparedness also issued a security advisory to other
departments about the probes.
"Communications without intelligence is noise; Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
Help C4I.org with a donation: http://www.c4i.org/donation.html
More information about the ISN