[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Air Force hacks Navy? Eeeek!
At 01:57 PM 12/22/95 -0500, [email protected] (Fred Cohen) wrote:
>I thought the ET article indicated an exaguration, but if it's true that
>there are no Battleships in the US Navy anymore and that the attack was
>run using DoD crypto equipment and networks, it's a heck of a lot
>different than buying an off-the-shelf Internet package and taking down
>the fleet.
>
>I have no doubt that someone with enough expertise, classified knowledge
>and equipment, access, and assistance can get some limited control over
>some US Navy ships for some period of time - but I seriously doubt that
>a computer whizzkid can take over the fleet from a PC via Email.
Depends on how much of a firewall the Navy's got; it may be that
the guy really did a dialin to the Pentagon using passwords,
or maybe that the ship really does have network connections
without adequate security. People _do_ build dialin and other
gateways to get around corporate firewalls, in spite of
company policy; wouldn't surprise me if the military has the same problem.
About 20 years ago, you could dial an FX line in Des Moines which
connected to a line at Offutt AFB in Nebraska and autorotored to a radio
circuit up to Looking Glass. Looking Glass had a small PBX; you could dial a
2-digit extension to reach somebody on the plane, or dial back down
to the ground. At one point, the radio officer on the plane noticed
two lights on on the PBX when nobody on the plane was talking on the phone;
the rapidly ensuing investigation found a guy in the barracks using
a 16-button Autovon phone dialing through the system to call his buddies
in Guam. As one might expect, the phone lines coming down from Looking Glass
are authorized to call anywhere in the world, at any precedence/preemption
level they want to :-) While I don't personally know either the radio
officer or the guy who got busted, I do have a friend who was around
there when it happened... And similar nonsense is probably still possible
today, unless Murphy's left the military.
#--
# Thanks; Bill
# Bill Stewart, [email protected], Pager/Voicemail 1-408-787-1281
# .... Heading back to The Big Phone Company