[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Air Force hacks Navy? Eeeek!
Read this. It's from the Electronic Telegraph, a neat web site in the UK.
This article was later posted to comp.risks, and hence, Risks Forum digest,
which is where I found it. The paragraphs have been numbered for easy
reference.
----------------------------------------------------------------------------
(paragraph 0)
http://www.telegraph.co.uk/et/
(paragraph 1)
A few clicks and then the e-mail message entered the ship's control
system...
War of the microchips: the day a hacker seized control of a US battleship
(paragraph
2)
BY SIMPLY dialing the Internet and entering some well-judged keystrokes, a
young US air force captain opened a potentially devastating new era in
warfare in a secret experiment conducted late last September. His target was
no less than gaining unauthorised control of the US Navy's Atlantic Fleet.
(paragraph
3)
Watching Pentagon VIPs were sceptical as the young officer attempted to do
something that the old Soviet Union had long tried to do and failed. He was
going to enter the very heart of the United States Navy's warships - their
command and control systems.
(paragraph
4)
He was armed with nothing other than a shop-bought computer and modem. He
had no special insider knowledge but was known to be a computer whizzkid,
just like the people the Pentagon most want to keep out.
(paragraph
5)
As he connected with the local node of the Internet provider, the silence
was tangible. The next few seconds would be vital. Would the world's most
powerful navy be in a position to stop him?
(paragraph
6)
A few clicks and whirrs were the only signs of activity. And then a
seemingly simple e-mail message entered the target ship's computer system.
(paragraph
7)
First there was jubilation, then horror, back on dry land in the control
room at the Electronic Systems Centre at Hanscom Air Force Base in
Massachusetts. Within a few seconds the computer screen announced "Control
is complete."
(paragraph 8)
Out at sea, the Captain had no idea that command of his multi-million-dollar
warship had passed to another. One by one, more targeted ships surrendered
control as the codes buried in the e-mail message multiplied inside the
ships' computers. A whole naval battle group was, in effect, being run down
a phone-line. Fortunately, this invader was benevolent. But if he could do
it ...
(paragraph 9)
Only very senior naval commanders were in the know as the
"Joint Warrior" exercise, a number of experiments to test defence systems,
unfolded between September 18-25. Taking over the warships was the
swiftest and most alarming of the electronic "raids" - and a true shock
for US military leaders. "This shows we have a long way to go in
protecting our information systems," said a senior executive at the
airbase where the experiment was conducted.
(paragraph 10)
The exact method of entry remains a classified secret. But the Pentagon
wanted to the first to test the extent of their vulnerability to the new
"cyberwarriors" - and had the confidence to admit it.
(paragraph 11)
Now they believe they know what they are dealing with and the defences are
going up.
(paragraph 12)
Reply to Electronic Telegraph - [email protected]
Electronic Telegraph is a Registered Service Mark of The Telegraph plc
--------------------------------------------------------------------------
This sounds very fantastic, like the plot of a movie. Indeed, _Hackers_
featured a "worm" that took over control of the ballast of oil tankers.
Perhaps this is a case of a journalist being a good writer but not fully
understanding the topic at hand.
Does anyone know how true this article is? Or where we could find more
info? If it is true, then this is almost scary.
Let's pick the article apart:
In paragraph (1), the author refers to "the day a hacker siezed control
over a US battleship." I assume that "hacker" and "battleship" are being
used loosely, as, as noted in an IW-list posting that I received a few
minutes ago, there are no currently active US battleships. (?)
In paragraphs (2) and (5), the author refers to the "hacker" "dialing the
internet" and "[he] connected with the local node of the Internet
provider." This implies that the whole operation was conducted over the
internet. Do battleships even have internet connections? They may. But
the military certainly wouldn't dialup through a civilian ISP where their
data goes through unknown hands to perform a very secret operation.
Everything is doubtlessly encrypted - was the attack performed with or
without keys? Or was the crypto somehow bypassed?
The intruder is referred to as "young US air force captain" in par 2, a
"young officer" in par 3, a "computer whizzkid" in par 4, an "invader" in
par 8, and a "cyberwarrior" in par 10. Who was he? I would assume that
it was more likely a group of people who were "in the know." Even the
average "Joe Hacker" (is there such a thing?) would have trouble
controlling a "batteship" let alone through an ASCII connection.
In par 2, the author states that the intruder was attempting to gain
"unauthorised control of the US Navy's Atlantic Fleet" (sic). If these
were indeed "Joint Warrior" experiments, then it would be authorized.
Throughout the article, references are made to the attack beginning
with "a simple email message." This could be possible, but it seems
that a higher means of control would be necessary.
Anyhow, the whole article seems factually incorrect. I'm very
interested in finding out more on what ACTUALLY happened, tho..
Tobin Fricke
[email protected]