E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Source: NewsFactor Network

Posted on May 18, 2001

      A hacking group, most likely Russian-based, has stolen thousands of files in consistent attacks over the past three years from the Pentagon and other government agencies, according to an article written by a National Security Agency (NSA) consultant. The sophisticated attempts amount to "the most persistent and serious computer attack against the United States to date," wrote James Adams.

      The attacks were first detected in March 1998, Adams reports, and have been investigated extensively since then in a project code-named Moonlight Maze. After researchers traced the attacks to seven Russian Internet addresses, a complaint was filed with the Russian government.

Passive Action

      So far, the complaint has apparently been the most active form of redress for the attacks, and it is not clear that the Russian government will do anything to stop the attacks.

      There is little more that law enforcement officials can do other than track the attacks, Dion Stempfley, principal security engineer at Riptech, Inc., a computer security company, told NewsFactor Network. Stempfley was a part of the Defense Information Systems Agency team that detected the break-ins.

      "There's little desire to do engagement [online]. But it's not like you watch and do nothing either...[Security officials] tend to do more in terms of evidence collecting -- that's the way law enforcement does business."

      "What we don't have are mechanisms to stimulate the network to see what [the hackers'] computing looks like online."

      The added complications of international espionage and the entire process of affidavits and warrants also make prosecution very difficult. "Many things don't bode well for international relations" in the process, Stempfley said. "Whether or not that passive mode is prudent is not for me to decide."

Security Tradeoff

      But there is much more that Defense Department (DoD) officials could do in order to prevent such attacks, or at least protect themselves from them, Fred Cohen, a principal member of the technical staff at Scandia National Laboratories in Albuquerque, New Mexico, told NewsFactor.

      "[The DoD] makes the trade between convenience and security all the time."

      One way, according to Cohen, in which the DoD compromises its security is that "they choose Microsoft Windows over a much more secure operating system. They have Java script in their browser."

      For what it is worth, Cohen adds, "DoD is doing a much better job than they were doing five years ago; and in five years, they'll be doing a much better job than now."

Security Impasse

      On one point, Cohen agrees with Stempfley: there is not much the U.S. government can do to retaliate, other than to request that the Russian government help stop the hackers.

      Adams reports in his article that the Russians have denied any prior knowledge of the attacks and that the phone numbers associated with the Internet sites were inactive.

      Still, Cohen is adamant that the group is not only organized but has backing. "The organization behind them wants them to continue. This is an organized group of people, probably with funding," he said.

      Moreover, he was certain that "the Russian government is providing cover of some sort. There are people who know who they are."

Security Debacle

      The attacks have been called "massive" by government security officials and continue unabated.

      Adams wrote, "The hackers have built 'back doors' through which they can re-enter the infiltrated systems at will and steal further data. They have also left behind tools that reroute specific network traffic through Russia."

      According to Cohen, the U.S. government will continue to have a hard time stopping the infiltrators. As he puts it, "Someone says 'There, that's the person.' What are you going to do, bomb them?"

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.