[ISN] The new Trojan war

InfoSec News isn at c4i.org
Tue Aug 23 14:17:05 EDT 2005

Forwarded from: William Knowles <wk at c4i.org>


By Frank Tiboni
Aug. 22, 2005 

In mythology, the Greeks found an innovative way to avoid Troy's 
defenses. By offering the gift of a huge horse - hollowed out and 
filled with soldiers - the Greeks were able to bypass Troy's defenses 
and attack from the inside.

Today the Pentagon faces a similar situation. Adversaries have been 
attacking Defense Department computer networks in attempts to bypass 
the United States' formidable defenses and attack from the inside out.

Defense and industry officials describe DOD networks as the Achilles' 
heel of the powerful U.S. military. Securing military networks is even 
more critical in an increasingly transformed military in which 
information is as much a weapon as tanks and assault rifles.

DOD networks have been breached. Department officials acknowledged 
hackers attacked military networks almost 300 times in 2003 - 
sometimes by cyber Trojan horses, which can operate within an 
organization's network. DOD officials say intrusions reduced the 
military's operational capabilities in 2004. 

The pace of the attacks has accelerated as adversaries honed in on 
this perceived weakness. DOD tallied almost 75,000 incidents on 
department networks last year, the most ever.

Top U.S. military cyberwarriors recently said that adversaries probe 
DOD computers within minutes of the systems' coming online. The 
cyberwarriors described DOD's computer network defense strategy as a 
battle of attrition in which neither side has an advantage. Retired 
Army officers and industry officials say Chinese hackers are the 
primary culprits.

During the past five years, Chinese hackers have successfully probed 
and penetrated DOD networks. In one intrusion, they used a Trojan 
horse - a program containing malicious code in an e-mail or adware - 
to obtain data on a future Army command and control system.

DOD takes the intrusions seriously. One of the military's proposals to 
strengthen its networks is building fake networks, sometimes called 
"Honeynets," which divert attackers from critical systems.

Yet some industry officials say Chinese hackers have already obtained 
the technology to challenge the U.S. military and its evolving 
network-centric warfare strategy, which connects systems to send 
information to warfighters faster.

Many networks

DOD operates 3.5 million PCs and 100,000 local-area networks at 1,500 
sites in 65 countries, and it runs thousands of applications on 35, 
major voice, video and data networks, including the Non-Classified IP 
Router Network, which is connected to the Internet and the Secret IP 
Router Network, which is not. 

The networks provide combat information to civilians, warfighters and 
analysts in support or warfare roles, but the networks represent a key 

DOD networks were hacked 294 times in 2003, said retired Air Force Lt. 
Gen. Harry Raduege during an industry luncheon briefing in December 
2004. He is the former commander of the Joint Task Force for Global 
Network Operations (JTF-GNO), the organization that operates and 
defends DOD networks.

Department networks remained under attack in 2004, spurring Paul 
Wolfowitz, the former deputy secretary of Defense, to issue a memo 
telling the services to redouble cybersecurity efforts.

"Recent exploits have reduced operational capabilities on our 
networks," he wrote in an Aug. 15, 2004, memo.

"Our adversaries are able to inflict a substantial amount of 
harassment and a measurable amount of damage upon DOD communications 
networks at practically no cost to themselves," Army Col. Carl Hunt, 
JTF-GNO's director of technology and analysis, co-wrote in "Net Force 
Maneuver: A NetOps Construct."

Hunt did not name those harassing or hacking DOD networks. However, 
Army officers and industry officials pointed to Chinese hackers as the 
primary culprits.

"The Chinese were doing this on a regular basis," said Jack Keane, the 
former Army vice chief of staff who retired last year. He now works as 
a military consultant and advises URS. "That's a given. They're very 
aggressively getting capability."

Keane said he received briefings on China's hacking of DOD networks. 
"It's common knowledge in the Pentagon," he said.

He knew of no instances in which hackers penetrated DOD networks. 
However, a retired Army officer who worked in information assurance 
remembers a hacking three years ago at Aberdeen Proving Ground, Md., 
where the service tests weapon systems.

The retired Army officer, who now works in systems integration in 
industry and requested anonymity, said a Chinese hacker used a Trojan 
horse to penetrate a network there and downloaded information on the 
capabilities of a future Army command and control system for eight 
months before the service detected a security breach. The system was a 
prototype under development testing at Aberdeen.

The retired Army officer said the Aberdeen hacking is similar to 
intrusions during the past three years at other Army bases. The 
breaches caused the service to spend tens of millions of dollars to 
rebuild networks. In those incidents, hackers penetrated systems at 
Fort Campbell, Ky., home of the 101st Airborne Division; Fort Bragg, 
N.C., home of the 82nd Airborne Division; and Fort Hood, Texas, home 
of the 4th Infantry Division.

DOD has also said that the Chinese have targeted military networks. 
"Beijing has focused on building the infrastructure to develop 
advanced space-based command, control, communications, computers, 
intelligence, surveillance and reconnaissance and targeting 
capabilities," the Pentagon said in a report issued last month. "The 
People's Liberation Army has likely established information warfare 
units to develop viruses to attack enemy computer systems and 
networks, and tactics to protect friendly computer systems and 

Army documents on weaknesses in its computer network defenses and 
vulnerabilities in 10 systems include one that appears to show 
networks under attack by China.

Although DOD officials believe improved network management and 
vigilance would prevent 90 percent of hackings, 10 percent may still 
occur because they involve new intrusion methods.

"The threat is becoming more aggressive and sophisticated," said Army 
Brig. Gen. Dennis Via, deputy commander of JTF-GNO.

"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
C4I.org - Computer Security, & Intelligence - http://www.c4i.org

More information about the ISN mailing list