Security Through Strength

The GUARDIAN Newswire

Volume I, Issue 9

DataLynx, Inc.
6633 Convoy Court
San Diego, CA 92111
(619) 560-8112 (phone)
(619) 560-8114 (fax)
http://www.dlxguard.com

NETSCAPE SERVER CRACKED

Integrated Computing Engines of Cambridge, Massachusetts used an $83,000
computer to break the 40-bit DES encryption scheme used in NetScape's
Commerce Server. In a previous effort, French students employed 120
workstations and two supercomputers to crack NetScape's encryption technique.


INCREASED ATTACKS ON DOD

The U.S. Senate Subcommittee on Permanent Investigations has released
its findings on computer security incidents during 1995. They report that the
number of attacks on Department of Defense (DoD) computers and networks
increased by 80%. The estimated total is reported to be 250,000 separate
assaults in 1995 ( see: http://www.epic.org/security/GAO_DOD_security.html )
The same Subcommittee also reported that banks and other large corporations
lost $800 million last year because of attacks on computer systems.

According to another report from the General Accounting Office (GAO),
approximately two-thirds of the attacks on DoD computers were successful
and resulted in unauthorized use of computer systems. The DoD conducted
a test study and found that only 4% of these break-ins were detected, although
three-quarters of the detected intrusions were reported.

Fortunately, most of these attacks were directed at unclassified computers
linked to the Internet and not the classified, internal government networks.
However, the GAO noted that computer hackers have occasionally seized
control of entire systems that support logistics, financial data, and weapons
research and development. More importantly, the GAO report also states,
"The potential exists for foreign terrorists to disrupt U.S. defense operations
by disabling the collection and communication of intelligence data or the
controls for issuing military orders." The GAO report further stated that such
break-ins are "either a multi-million dollar nuisance to defense or a serious
threat to national security."


FEDS USE DATA TAP

In the first case of its type, the U.S. Department of Justice (DOJ) used a
court-ordered data tap on a computer network in pursuit of Julio Cesar Ardita,
a citizen of Argentina charged with illegally breaking into government computer
systems via the Internet. The DOJ believes that Ardita breached a computer
system at Harvard University's Faculty of Arts and Sciences and obtained
passwords that later permitted him to successfully assault networks at NASA,
the U.S. Navy, and other government installations. The federal court-order
permits the DOJ to monitor Internet T-1 access sites, intranet trunk lines, and
data transmitted across the net for evidence of criminal activity for a period of
thirty days.


1995 & 1996 SECURITY SURVEYS

The Ernst & Young/Information Week (EY/IW) and the FBI/Computer Security
Institute (FBI/CSI) security surveys indicate disturbing trends in today's computing
environment. Both surveys point out an alarming increase in the number of
computer break-ins.

Completed in November 1995, the EY/IW study reported that 20% of 1290
companies surveyed experienced a computer break-in within the previous year.
Meanwhile, the Spring 1996 FB/CSI report shows 42% of 428 respondents
experienced unauthorized computer use in the last 12 months. The attacks
varied from brute-force password guessing to scanning and spoofing.

Both surveys indicate a changing trend: - the most common threats to
computer systems now include a slightly greater risk from external attacks
via the Internet and modem connections than from internal sources. In past
years, internal risks from disgruntled or untrained personnel were seen as the
major threat, comprising about 80% of computer-security incidents.

Another change involves the type of person conducting the illegal assault on
computer systems. In the past, it was more than likely the perpetrators would
be considered "hackers" from the electronic underground whereas the current
threat is just as likely to be a foreign or domestic business competitor or, in the
case of attacks on government systems, a member of foreign government
intelligence services. The EY/IW survey uncovered some painfully expensive
facts:



The FBI/CSI survey discovered similarly distressing facts:




WHATEVER HAPPENED TO...?

Justin Tanner Peterson, also known as "Agent Steal", you may recall was the
one who pulled off the electronic heist of $150,000 from Heller Financial in Glendale,
California. Peterson's criminal career started in 1991 when he was picked up
for hacking into TRW and other databases in Dallas. The subsequent police investigation
uncovered more offenses and Peterson ultimately received a federal indictment
that included eight counts of breaking into TRW computer systems. The indictment
also charged Peterson with possession of stolen passwords, assuming false identities,
and fraudulently obtaining credit cards.

Peterson cooperated with law enforcement officials and began a complicated
involvement in an "undercover capacity" with the federal government. Court
records in Los Angeles show that FBI Agents and the U.S. Attorney's Office
bargained in 1991 to have Peterson released from jail in Texas to conduct
"investigations".

Peterson would often speak about his undercover work with the FBI and other
agencies to bring down fellow hackers. Indeed, Peterson assisted in the case
against Kevin Mitnick and Kevin Poulsen (see GUARDIAN News, April and
July 1996). As former co-hackers, Peterson and Poulsen conspired together
to pull off computer break-ins at Pacific Bell - the same offenses which lead to
Poulsen's arrest.

Due to a series of delayed sentencings after his case was transferred to California,
Peterson remained out of jail under FBI supervision from September of 1991 through
October 1993. Eventually, his case was re-opened and Peterson plead guilty to six
counts and faced a maximum sentence of 40 years confinement and a $1.5 million
fine.

When questioned by a government attorney in October of 1993 if he had been
breaking the law while on bail, Peterson affirmed that he had. Later that same
day, Peterson confided in a friend, "I've got a big problem and I'm splitting."
Peterson vanished during a meeting with his lawyer and Assistant U.S. Attorney
David Schindler when he stepped out for a drink of water and never came back.
Peterson later remarked, "The FBI raided my house and found radio detection
equipment that I acquired illegally to trace [Kevin] Mitnick. I panicked and ran."


According to law enforcement officials, Peterson's "big problem" was breaking
into computer systems at federal investigative agencies and credit card information
bureaus. He is also alleged to have illegally acquired over 40 passwords to "secure"
computer systems.

On August 23, 1994 after spending nearly a year on the run, Peterson was
apprehended after a foot-chase that commenced when he was spotted getting
out of a BMW just two blocks from the FBI's West Los Angeles offices. Just
weeks before his arrest, Peterson stated during a telephone interview, "I wouldn't
want the powers I have to be in the wrong hands... someone with malicious
intentions."

On March 27, Peterson appeared before the U.S. District Court of Los Angeles
and plead guilty to the electronic wire heist at Heller Financial. He originally faced
a maximum sentence of up to 60 years in jail and fines of $2 million for conspiracy,
mail fraud, illegal interception of wire/electronic communications, money-laundering,
and removal of property to prevent seizure. He was awarded and is still serving a 36
month jail sentence (with another 36 months of supervisory detention to be served
concurrently). His sentence also includes an order to pay $38,686 in restitution.



KEVIN MITNICK UPDATE

The most publicized hacker track-down and capture story in history still drags
on without conclusion (see GUARDIAN News, April 1996). Originally scheduled
for sentencing on July 15 of this year, Kevin Mitnick's appearance before the
Central U.S.District Court of California has been postponed until September 30,
1996.

To recap the Mitnick case, he was arrested February 15th last year for breaking
into a long list of computers and telecommunications equipment. Some of his
capers include breaking into:


Originally charged with 23 offenses and facing several hundred thousand
dollars in fines, Mitnick is expected to have all but one charge dropped and
face a maximum of an eight month sentence. Mitnick's lawyer, John Yzurdiaga,
said Mitnick still faces additional charges, but will not discuss details because
they are under "negotiation".

For more information about the Mitnick case, two books have been released:
"Takedown" and "The Fugitive Game - On Line with Kevin Mitnick". "Takedown"
is co-written by New York Times reporter John Markhoff and Tsutomu Shimomura
and portrays Mitnick in a nearly demonic light. The Fugitive Game" is authored by
Jonathan Littman and depicts Mitnick in a much less caustic fashion and as more
of 'the hunted' than as 'the hunter'.

The hardcopy edition of The GUARDIAN Newswire is free for DataLynx Customers, all others $24.00 per year. Contact DataLynx for subscription information.

Copyright ®1997 DataLynx, Inc.
Security Through Strength


The document above is the GUARDIAN Newswire, Volume I, Issue 9