Hackers are invading Department of Defense computers -- again, sayeth Pentagon apparatchiks, in a spate of stories erupting in the mainstream media near you.
On Friday the 13th of this month, Defense Electronics magazine featured a piece entitled "Pentagon looks for answers to massive computer attack." The massive computer attack by -- you guessed it, unnamed hackers -- comprised incidents on all of eleven systems.
To put this in perspective, we can go to a recently published book: William Arkin's "The US Military On-line." Arkin's tome catalogs only those DoD systems that hang out a shingle -- a Website on-line. These systems comprise 1,500 sites, even by the author's standard -- a very, very, very low ball number of the actual sites DoD has connected to the Net. Eleven of 1,500 potential sites yields a hit rate of about 7 tenths of one percent, which by journalistic and Pentagon standards is a massive attack, but by common sense standards, is less than statistical noise.
The Defense Electronics piece featured anonymous Pentagon sources (see the Joseph K definition for "source" this month) leaking that "Dutch hackers" were responsible, according to the National Security Agency. The "Dutch hackers" were thought to be doing this in reaction to the U.S. build-up in the Persian Gulf. Further, they were seizing a computer in the United Arab Emirates, from which they were basing attacks.
On Wednesday, Feb. 25, Pentagon apparatchiks had backed off on the Dutch-hackers-in-league-with-Saddam conspiracy theories and substituted it with a non-specific hacker "contest" just in time for the US media to pick up the ball. Deputy Secretary of Defense John Hamre, second to Defense Secretary William Cohen, called it a "hacker game." And he offered one good cliche, one that would be repeated ad nauseum with little wit or originality in the subsequent media circle-jerk: "I think it was, in many ways, a wake-up call."
ABC's Evening News with Peter Jennings gave the classic example of the big, dumb news organization passing on the received wisdom of the Pentagon without providing context, meaning or even a modicum of hard fact. Reporter Gina Smith delivered a story which did not mention what had been hacked. It did not mention how many sites had been hacked. It did not mention why this would be important, if -- indeed -- it was. Smith did, however, trot out a serious-looking Hamre who repeated the mantra: "I think it was a wake-up call." Sam Nunn was also deployed to warn of imminent "electronic Pearl Harbor." (You can read about how Sam has that phrase memorized in the additional information attached to this piece's "pertinent links.")
On Thursday, the Los Angeles Times' Pentagon correspondent, Paul Richter, delivered a story littered with the same bromides. "Electronic Pearl Harbor" was invoked, this time from the old Defense Science Board report "Information Warfare" written by Science Applications International Corporation mouthpiece, Duane Andrews. ". . . wake-up call" was checked in by Hamre. "A clear and present danger . . ." opined Paul Strassman, another former Pentagon bureaucrat, who -- perhaps -- should work on finding a less ubiquitous writer than Tom Clancy for his nuggets of newspeak. [See end notes.]
Regular readers of Crypt Newsletter will smile in recognition. That's because they know our bureaucrats and military leaders have been using the tired "wake-up call" analogy, along with "electronic Pearl Harbor," since 1994. (Actually, make that 1992.) Time to ask the p.r. copywriters for a new satchel of cliches, don't you think?
Department of Defense sites "attacked" were at Andrews AFB, Maryland; Columbus AFB, Mississippi; Lackland AFB, Texas; Kelly AFB Texas; Gunter Annex, Alabama, Kirtland AFB, New Mexico; Port Hueneme ANG station, southern California; Pearl Harbor; the US Naval Academy, and two systems in Okinawa.
Investigating the massive attack are -- you guessed it, detectives from the Air Force Office of Special Investigations and the Department of Justice.
Friday, FBI agents swooped down on the homes of two minors in Cloverdale, California, north of San Francisco. Although equipment was confiscated, no arrests of "Dutch hackers" were made.
End notes:Indeed, The Los Angeles Times' coverage of hacking at the Department of Defense has been incomprehensibly poor for a publication of such large resource. The paper continues to hold up the bogus number of 250,000 alleged hacks of Dept. of Defense computers provided by the Government Accounting Office in 1996 and debunked by an Air Force computer scientist who led the briefings to that investigative arm. The number constituted everything from botched log-in attempts by legitimate users to trivial "finger" queries from others on the Internet.
In additional news, Pentagon alarums were so absurd they moved a real Dutch journalist -- the Groene Amsterdammer's foreign editor -- to contact Crypt News about the scare. Quite sensibly, he was skeptical of Department of Defense leaks that "Dutch hackers" were rifling the U.S. military to any great extent.
While much of the mainstream media in the United States seemed taken in by the story, all of the people Crypt News spoke with were not. And if the Pentagon's aim was to arouse interest in a problem in need of a drastic fix, because of the way the media handles these types of stories, it only ensured the opposite -- that more trivial hacks will be aimed at the target.
And this is only basic teen psychology.
Think for a moment. If you were a high school or college student and you saw any of the network television broadcasts of a plump, somewhat confused-looking Pentagon official issuing declarations of imminent doom to teams of reporters, you'd be jazzed. Even if you hadn't actually had anything to do with such trivial hacks, you might even be tempted to boast that you did on Internet Relay Chat. And if there were any .gov or .mil sites you knew of at all with compromised security -- even if of no importance whatsoever -- you would be into them in a New York minute.
So far, this has been the case, too.
At the foot of this piece you'll find a link to a hacker fanzine featuring pieces on the Pentagon hackers. The psychology is immediately recognizable along with the mentoring of the Cloverdale teenager by another more accomplished, an Israeli called The Analyzer.
Datamation magazine made a 1995 April Fool's joke of a story in which a hacker claimed a conviction or arousing the ire of lawmen was his first credential in gaining entry to the computer security job market. Life often imitates lit in cyberspace, mostly because the average Net dweller can't think of anything better to do. And so it is with The Analyzer who -- in Reuters dispatches -- says he coached the Cloverdale hackers because he wanted to pass the torch, retire from annoying DoD system administrators and move into computer security work.
In sort-of related news: DID YOU KNOW Crypt Newsletter is banned in the United Arab Emirates? It's true. Crypt Newsletter is censored from inquisitive Web surfers out of Dubai and parts close-by for being a dangerous Internet publication.
Other pertinent links for your reading pleasure: