A Year Ago: Pentagon and hackers in 'cyberwar'
The Pentagon has been warning about a future computer war. Well, the future is now, and the war is on
For two days in January, hackers repeatedly tapped into military computers at Kelly Air Force Base in San Antonio, California -- the centre for the most sensitive Air Force intelligence, the kind of information critical to American troops now on patrol over Iraq and in Bosnia.
NBC News has learned the attack was a sophisticated, coordinated assault through computer networks in Canada, Norway and Thailand. The hackers didn't receive top secrets but the Pentagon's number two man, Deputy Secretary of Defence John Hamre, says the United States is essentially engaged in an all-out cyberwar. "The department is experiencing fairly sophisticated challenges right now," said Hamre.
For the past several months, so-called cyberterrorists, operating from as many as 15 locations worldwide, have launched a series of coordinated attacks on Pentagon computers -- as many as 100 per day. The attackers remain unidentified and since anyone with a computer is a potential enemy, experts warn the United States military is vulnerable to a sneak attack. "It's not a matter of if America has an electronic Pearl Harbour -- it's a matter of when," said Rep. Curtis Weldon, R-Penn.
At Kelly, the hackers were trying to enter a server that controls a number of sensitive computers at the base and other bases in the San Antonio area. Among the computers targeted were those of the Air Intelligence Agency, the Air Force Information Warfare Centre and a Joint Chiefs of Staff command-and-control operation. Officials said it was the most sophisticated attack yet on Pentagon computers. "What is clear is that the attacks were coordinated," said Steven Northcutt, head of the intrusion centre at the US Naval Surface Warfare Centre in Virginia, which tracked the assault. "But exactly how many people are driving it is not clear," he said.
The attack so worried the Pentagon that it called in the FBI, which has launched a criminal investigation. Officials said the attacks were coordinated to increase the "stealth and firepower" of the perpetrators and were "difficult to detect" because they were planted in "a large volume of identical traffic that is too massive to process without specialised techniques".
A copy of the Navy's briefing on the attacks, called 'Internet Threat Briefing -- Stealth and Coordinated Probes and Attacks', shows an "evolution of the cat-and-mouse game hackers and administrators play", said Peter Durham, MSNBC's network security analyst. "This is a new strategy, not a new weapon," said Durham, who reviewed the briefing. "Each attack is a regular, familiar kind of attack. What is different is the way it's being executed."
Durham said what distinguishes this attack is that it came from a number of different, unrelated locations, which makes tracking it difficult. But the military is making some progress. New technology developed by the Navy did detect the attacks on Kelly Air Force Base, but failed to find the hackers themselves. Several experts said such an attack wouldn't have even been detected at all a few months ago but the government has been quietly setting up cyberwar early-warning operations at the Pentagon, CIA and the National Security Agency over the past year.
In a speech last November, National Security Council Terrorism coordinator Richard Clarke said Department of Defence Web sites are being visited regularly by foreign governments. US officials said none of these nations is believed to have aggressive plans and attribute their 'pinging' of sensitive systems to an extension of their economic espionage activities.
In speeches and interviews, Clarke has been unsparing in his declarations of the threat. He told The New York Times in a recent interview: "I'm talking about people shutting down a city's electricity, shutting down 911 systems, shutting down telephone networks and transportation systems. You black out a city, people die. Black out lots of cities, lots of people die. It's as bad as being attacked by bombs."
"An attack on American cyberspace is an attack on the United States, just as much as a landing on New Jersey," he said. "The notion that we could respond with military force against a cyberattack has to be accepted."
President Bill Clinton recently proposed spending $1.5bn (£93m) in fiscal 2000 to shore up the nation's defences against cyberterrorism. Specifics on the threat are hard to come by, say experts. One of the few instances where the United States has in any way detailed the threat came last week after Hamre described the Kelly Air Force Base attack before Weldon's committee. Afterward, Weldon described what Hamre told the committee as a "siege by a coordinated, organised attack".
Sources tell NBC News that a top-secret intelligence document written in 1996 identified Israel and France as trying to penetrate sensitive US government and commercial computers. "French and Israeli attempts were noted" in the report, a source familiar with the document said. A second source in the US government confirmed the two countries' attempts. This effort is reportedly centred in two places inside the US intelligence community. One is the Critical Technologies Branch of the CIA's Office of Science and Weapons Research. The other is the Infowar Support Centre, also known as G42, at the National Security Agency.
Both are involved in the American effort to have cyberweapons available to retaliate against an enemy who goes after US systems or to use these weapons to disable enemy defences in a war. Pentagon officials insist the military's deepest secrets are still safe, but they admit that as these computer terrorists become more sophisticated, this is one war that's getting tougher to fight.
Jim Miklaszewski covers the Pentagon for NBC News and Robert Windrem is an investigative producer specialising in the US military.