Posted at 5:31 p.m. PST Saturday, Dec. 9, 2000

Pentagon reports more hacker attacks BY WALTER PINCUS Washington Post WASHINGTON -- The Defense Department suffered more than 22,000 electronic attacks on its computer systems in 1999 and about 14,000 in the first seven months of this year, the Pentagon's chief information officer said.

The vast majority of those attacks were either harmless or caused only petty harassment, but in a few cases, hackers believed to be working for foreign countries have broken into unclassified computer systems and downloaded large amounts of information, said Arthur Money, the assistant secretary of defense for command, control, communications and intelligence.

Pentagon officials said that, to the best of their knowledge, the Department of Defense's classified computer systems have not been breached.

The Pentagon was able to make an accurate count of the number of attacks for the first time last year, because at the end of 1998 it installed devices to monitor attempts by hackers to penetrate its computers.

In 1999, the Pentagon detected 22,144 attempts to probe, scan, hack into, infect with viruses or disable its computers. About 3 percent (or more than 600) of those incidents caused temporary shutdowns or other damage. About 1 percent (or roughly 200) were intrusions by hackers who managed to break into unclassified computer systems.

So far this year, officials said, the number of attacks is up about 10 percent, and the percentage that have caused damage or resulted in intrusions is about the same.

In an interview, Money predicted that the number of attacks is only ``going to increase'' in the future.

A majority of the attacks that cause damage ``come through vulnerabilities in existing software, most of it from commercial companies'' such as Microsoft, Netscape and Lotus, he said.

Although the Pentagon is ``putting more and more effort into testing'' off-the-shelf software and is working with major software companies in the design stages, Money said, ``there is hardly any way to prevent'' vulnerabilities from creeping into the millions of lines of commercial computer code written not only in the United States, but also in India, Ireland, Israel and other countries.

Money said that on many of the programs, Defense Department experts do not know where the code is written.

Many of the vulnerabilities are unintentional, but some appear to be ``trapdoors'' deliberately left by software writers to allow intrusions, and others are ``back doors'' that were designed to help systems administrators but have been ``discovered by kids and hackers and used to harass the systems,'' a Pentagon official said, speaking on condition of anonymity.

As a result, the official added, ``we are not buying such off-the-shelf products in our most sensitive systems.''

The Defense Department has about 10,000 computer systems and 1.5 million individual computers.

http://www0.mercurycenter.com/svtech/news/breaking/merc/docs/042207.htm

-- Martin Thompson (mthom1927@aol.com), December 10, 2000