Hackers attack Naval War College computer network, taking down

This is hitting the mainstream now with AP reporting widely, so I think it qualifies for LBN.


Hackers attacked the computer network at the Naval War College in Newport, taking down the school's network for more than two weeks, including some e-mail services and the college's website.

The Navy Cyber Defense Operations Command in Norfolk, Va., detected the intrusion around Nov. 16 and took the system offline, spokesman Lt. Cmdr. Doug Gabos said. He said the unclassified network was used by students.

...

The Naval War College bills itself as the Navy's leading centre of strategic thought and national security policy.

Investigators were trying to determine the extent of the intrusion, Gabos said. They planned to upgrade firewalls and make other unspecified improvements.

http://www.theage.com.au/news/Technology/Hackers-attack-Naval-War-College-computer-network-taking-downschools-Web-site-email/2006/12/06/1165080982569.html



Those of us in security have known about this for some time and it appears to be much worse than would appear from the AP story. Note this story from Federal Computer Week

http://www.fcw.com/article96957-11-30-06-Web

which I posted previously in the Computer group and in my journal:

...

The college will probably have to replace all the computers affected by the attack, Paller
said. That's the only confidence-building measure step you can take, he said. When very professional people get through your defenses, their ability to hide is much greater than your ability to find them.


The ommerce Department's Bureau of Industry and Security replaced hundreds of computers after recent network attacks. The bureau is responsible for deciding which technologies should be available for export to countries such as China.

Chinese attacks on DOD systems are far more widespread than is publicly known, Paller said, but almost all attacks remain classified. The problem is thousands of times bigger than what you hear, he said.

...

The college also includes the Naval Strategic Studies Group, which is tasked with developing strategies for cyberwarfare. Its Web site is also down.



This earlier article talks about CNO Stragic Studies Group at NWC to develop strategies for fighting in cypberspace and discusses a "1000 ship vitual navy". Looks like they just sank a bunch of our virtual navy.

http://www.military.com/features/0,15240,119664,00.html

And this still happened?

Sounds like there's some 'splaining to be done...

It could be something as simple as lecture notes being compromised. If they can you get to view SWF or PDF files on most systems (XP, Linux, Mac), even fully patched ones, are no longer secure. While such an infected computer would not affect the most secure systems, it would cause havoc elsewhere among a lot of systems.

But the compromises could be much greater. That compromised SWF/PDF file to enable the builtin microphone to eavesdrop on defense planning at the NWC or elsewhere.

Even worse are the risks from pre-infected hardware boards or chips, nearly all of which are produced offshore. These are almost impossible to detect and prevent. Try finding compromised micro-code in a processor chip if it were inserted during the chip design phase.

While that would take a lot of effort and risk to accomplish, think of being able to disrupt weapons systems, communications, satellites, ... or voting machines.


The problem is that, just as previous admirals underestimated the danger from airplanes to warships, the current ones haven't realized that they/we have probably already lost the ability to protect nearly all technology infrastructure from attacks.

or if you give this technology to other countries that probably shouldn't have it you are asking for trouble. If they can attack this network and bring it down for 2 weeks you know they attacked much more complicated and much more important networks in the past. I wouldn't be suprised if a lot of those attacks go undetected.

I work for a company that purchases different products for labs around the country. A few weeks ago they found a bunch of top secret information from Los Alamos during a drug bust at a meth lab. These people used firewire flash drives to gain total control of a system. A day later we got hundreds of orders for firewire port locks.

Yet this was an obvious threat that should have been discovered by them long before someone exploited it and there are a lot of people with minimal amount of education in how computer memory is stored that could have told them having open firewire ports on secure computers was a very very bad idea. But the problem is with all the money we spend our government is inefficient in fighting these types of cyber attacks and it will eventually lead to a very bad country that doesn't like us having access to every piece of classified information ever stored on a government computer. I won't even get into the privacy issues that go along with this when you take into account agencies like the IRS which store all our personal records.

The fact that the Naval War College has already taken several weeks and the public/cover story keeps changing with each "fact" that slips out makes me suspect that this attack, however it was mounted, was able to gain access to a larger number of systems. I have no hard info. The official story is that this just affected non-classified student systems. But this is no ordinary "college" and these are not your typical "students".

And incidents like you described with firewire or with other vulnerabilities are starting to cause problems in everyday situations, shutting down things like laboratory equipment or patient monitoring systems. Using MS Windows in process systems was and is a very bad idea, particularly when combined with the use of off-the-shelf hardware with accessible connections or wireless of some type.

I don't like having my life put at risk through someone's cell phone, pda, or digital camera getting too near something else.

OUCH

That's pretty extreme.

I would imagine that wiping or replacing all the hard drives and flashing the BIOSes would be sufficient.

Rather than hiding in the bios, hide in the firmware for the video card, or in the disk controller firmware and the bad-block replacement area. It is increasingly difficult to even find the BIOSes for a lot of the new hardware.

and I gurantee they attacked other, much more important agencies in the past and in the present. Your typical 13 year old script kiddie doesn't know how to embed software within memory outside of the hard drive let alone having it spread throughout a network.

at least hacking into voting machines and tabulators is impossible!

When Jeb Bush was governor, he called in some of the most knowledgeable computer science specialist in Florida to begin a new Cyber Crime unit. Now, the Cyber Crime unit is a good idea, but you can very well expect him to have followed the Bush hiring procedure, and selected only the most Republican-minded candidates. i.e. people who don't like government. I happen to know of one person he did call up. The guy was anti-government regulation and a teacher in a computer class in a nearby college.

Now stop and think. Once these people get displaced, or worse, if they're not displaced, imagine the damage they can do, since they know best how to hack into the network that they created in the last few years?

nt