SUNDAY BUSINESS, © Sunday Business
Serb hackers target military
By Mark Watts & Jat Gill
Security fears rise as NATO e-mail is hit by daily
April 11 1999 - THE US Department of Defense's
computer systems are being hit with up to100 hack attacks a day. The rate
has risen significantly since the air assault on Yugoslavia, with officials
blaming Serbian hackers. Military chiefs are being urged by advisers to toughen
defences against cyber-attackers. A hard-hitting new report says security
standards are falling far behind and that a "change in culture"
is needed before military computer systems are properly protected.
Nato admits that Serbian hackers broke into its web site and jammed its e-mail.
Sunday Business disclosed two months ago that a British military satellite
control system was hacked. Last year, a "diplomat" was caught in
a car outside the GCHQ electronic listening centre lifting data with a laptop
from a terminal inside. Computer security specialists say the experience of
defence establishments provides lessons for commercial corporations. Companies
sustain fewer attacks, but are even less well prepared.
Last month's Melissa virus, a kind of e-mail chain
letter although relatively benign forced large companies such as Microsoft
to close their e-mail systems. The more threatening Chernobyl virus is expected
to strike on 26 April, the 13th anniversary of the nuclear catastrophe, putting
at risk data on hard disks. A conference on computer crime is to be staged
in London in June. The organisers, the International Conference Group, say:
"The late 1990s provide the ideal landscape for the computer criminal:
the growing number of commercial mergers is turning already confidential information
into an even more valuable commodity".
Growing fears about cyber-wars led the US Department
of Defence to commission a study from the National Research Council. "The
DoD is in an increasingly compromised position," says the report. "The
rate at which information systems are being relied on outstrips the rate at
which they are being protected". Department officials accept the report's
recommendations but say many are already being followed. A spokeswoman said:
"The department has 80 to 100 different attack trials in an average day
here in the military systems." None of the hacking caused major disruption,
John Hamre, US deputy secretary of defence, told a
closed hearing of congress last month that hackers had found a new way into
Pentagon networks. Two weeks ago, US energy secretary Bill Richardson shut
down classified computers at three nuclear weapons laboratories, including
Los Alamos, due to fears over cyber-security lapses. At Nato's Brussels headquarters,
Ian Davis, head of the information systems service, said Serbian hackers had
caused a "denial of service "but had not actually hacked into the
system. The attack affected Nato's web site, he said, which is not connected
to classified systems.
Companies worldwide lose millions because of computer
fraud, plus losses hard to quantify from information theft. They use firewall
software packages as protection, but Sunday Business disclosed last autumn
that such barriers sometimes have "holes".
A report by computer security specialist mi2g says
employees up to director level often link their PCs to the internet and bypass
the firewall to speed up connections, which leaves them exposed. DK Matai,
the firm's managing director, said: "In
my experience, financial institutions are hacked successfully every six months".
An International Computer Security Association study last year showed that
70% of corporate networks "had security flaws which left them vulnerable
to even the most rudimentary malicious attacks". Michel Kabay, ICSA's
training director, said a new breed of hackers are carrying out attacks for
political motives. They have been dubbed "hacktivists".