DATE=2/26/98
TYPE=COMPUTER SERIES
NUMBER=7-18054
TITLE=PENTAGON COMPUTER BREAK-IN
BYLINE=DAN NOBLE
TELEPHONE=619-1014
DATELINE=WASHINGTON
EDITOR=SWANEY
CONTENT=
(PHONE QUALITY INSERTS AVAILABLE FROM AUDIO SERVICES)
INTRO: RECENTLY (FYI - WEDNESDAY FEB 25), JOHN HAMRE, THE U.S.
DEPUTY DEFENSE SECRETARY, ANNOUNCED THAT HIS AGENCY'S
COMPUTER NETWORK SUFFERED -- WHAT HE CALLS -- "THE MOST
ORGANIZED AND SYSTEMATIC ATTACK." THE EVENT REMINDS
COMPUTER USERS OF THE IMPORTANCE OF HIGH-TECH SECURITY.
DAN NOBLE HAS DETAILS.
TEXT: THE ILLEGAL ENTRIES INTO THE PENTAGON'S COMPUTERS WERE
MADE INTO UNCLASSIFIED FILES WHICH INCLUDE PAYROLL AND
PERSONNEL DATA. CLASSIFIED NETWORKS USE MUCH MORE
INTENSIVE SECURITY MEASURES. BUT, DEFENSE DEPARTMENT
OFFICIALS SAY BECAUSE OF THE BREAK-IN, OR "HACKING," AS
IT IS OFTEN CALLED, THEY INTEND TO BOLSTER SECURITY EVEN
MORE.
PATRICIA FISHER IS PRESIDENT OF JANUS ASSOCIATES, A
STAMFORD, CONNECTICUT-BASED COMPANY THAT SPECIALIZES IN
COMPUTER SECURITY. SHE SAYS THAT PROBLEMS, LIKE THOSE
FACED BY THE PENTAGON, ARE COMMON.
TAPE CUT ONE -- PAT FISHER (0:17)
"WE FIND, CONSTANTLY, BREAK-INS. WE ALSO FIND THAT THE
ABILITY TO BREAK-IN IS RATHER SIMPLE. THAT'S MOSTLY
DUE, NOT TO SOFTWARE PROBLEMS, ALTHOUGH THERE ARE SOME
OF THOSE, BUT IT IS OFTEN DUE TO ADMINISTRATIVE
PROBLEMS. PEOPLE TAKING SHORT CUTS."
TEXT: ACCORDING TO PAT FISHER, A WIDE VARIETY OF PEOPLE
ATTEMPT TO ILLEGALLY ENTER COMPUTER SYSTEMS. SHE SAYS
THAT THE INCIDENT AT THE PENTAGON APPEARS TO HAVE BEEN A
GAME THAT WAS BEING PLAYED BY A PARTICULAR GROUP OF
HACKERS...
TAPE: CUT TWO -- PAT FISHER (0:19)
"...AND, IT LOOKS LIKE IT WAS ALSO DONE BY A SMALL
NUMBER OF INDIVIDUALS. OTHER THAN THAT, IT'S VERY HARD
TO TRACK WHO THESE PEOPLE ARE BECAUSE THEY COME THROUGH
A VARIETY OF COMPUTERS TO GET TO WHEREVER THEY ARE
TRYING TO GET IN. THEY DO THIS ON PURPOSE, SO THAT YOU
CAN'T TRACK THEM. THAT'S WHAT MAKES IT SO DIFFICULT."
TEXT: SECURITY EXPERTS LIKE PAT FISHER OF JANUS DO A NUMBER OF
THINGS TO IMPROVE SECURITY. THE FIRST THING THEY DO IS
TO EXAMINE A COMPANY'S OR ORGANIZATION'S COMPUTERS TO
DETERMINE WHERE THEIR PROBLEM AREAS ARE, SO THAT THEY
CAN CLOSE THOSE PROBLEMS BEFORE A HACKER GETS INSIDE.
TAPE: CUT THREE -- PAT FISHER (0:27)
"IN OTHER WORDS, IT'S OKAY FOR SOMEONE TO COME TO THE
DOOR, AS LONG AS YOU CAN'T GET THROUGH THE DOOR. YOU
ARE NOT GOING TO KEEP PEOPLE OUT OF THESE WORLDWIDE
NETWORKS, ESPECIALLY THE INTERNET. YOU JUST CAN'T DO
IT. BUT, YOU BETTER HAVE YOUR DOORS AND YOUR WINDOWS
INTO YOUR SITE, LOCKED TO PREVENT THEM. SO, WE
PERIODICALLY TEST ENVIRONMENTS TO MAKE SURE THAT THE
DOORS AND THE WINDOWS ARE REMAINING LOCKED. WE ALSO
PROVIDE SOFTWARE THAT DOES THE SAME THING."
TEXT: ONCE IN PLACE, SAYS PAT FISHER OF JANUS, COMPUTER
SECURITY MEASURES ARE EFFECTIVE DETERRENTS.
TAPE: CUT FOUR -- PAT FISHER (0:54)
"ABSOLUTELY. THERE ARE A NUMBER OF PRODUCTS OUT THERE
THAT ARE VERY, VERY GOOD, AND METHODOLOGIES THAT ARE
VERY, VERY GOOD. BUT, PEOPLE HAVE TO USE THEM.
(///OPT///) IF YOU USE A VERY POOR PASSWORD, OR NO
PASSWORD, OR SOMETHING THAT'S EASILY GUESSED, THEN YOU
MIGHT AS WELL NOT BOTHER WITH SECURITY. WE FOUND,
RECENTLY, A SMALL PROGRAM THAT DOES BRUTE FORCE PASSWORD
CRACKING. THIS IS A SHAREWARE PROGRAM, AVAILABLE OVER
THE INTERNET, AND IT IS ABLE TO CRACK WHAT WE THOUGHT,
BEFORE, WERE VERY SECURE PASSWORDS. SO, (///END OPT///)
PEOPLE HAVE TO BE CONSTANTLY UPGRADING THEIR SECURITY
BECAUSE THERE ARE ALL KINDS OF PROGRAMS ROAMING AROUND
OUT THERE THAT LET UNINITIATED, OR NOT KNOWLEDGEABLE,
PEOPLE GET TO YOUR SITE AND BREAK IN. YOU JUST HAVE TO
BE AWARE OF THAT, ALL THE TIME, AND TAKE MEASURES TO
PREVENT IT."
TEXT: PENTAGON OFFICIALS SAYS THAT THE RECENT BREAK-IN TO ITS
COMPUTER SYSTEM IS SENDING IT A WAKE-UP CALL. SECURITY
FEATURES ARE EXPECTED TO BE UPGRADED. WHAT HAPPENED AT
THE U.S. DEPARTMENT OF DEFENSE CAN HAPPEN ANYWHERE.
27-Feb-98 8:31 AM EST (1331 UTC)
NNNN
Source: Voice of America
.