(6 of 7)
Last October a Pentagon's Defense Science Board panel warned of an info-attack threat well beyond that posed by the hackers who have been irritating the Pentagon for years. "This threat arises from terrorist groups or nation-states, and is far more subtle and difficult to counter than the more unstructured but growing problem caused by hackers," the high-level board said. "A large, structured attack with strategic intent against the U.S. could be prepared and exercised under the guise of unstructured 'hacker' activities." The U.S., it added, might not even know it is under attack. "There is no nationally coordinated capability to counter or even detect a structured threat." Such a strike could "cripple U.S. operational readiness and military effectiveness" by delaying troop deployments and misrouting cargo planes, trains and ships.
Hackers may be the new mercenaries, available to the highest bidder. During the Gulf War, according to Pentagon officials, a group of Dutch hackers offered to disrupt the U.S. military's deployment to the Middle East for $1 million. Saddam Hussein spurned the offer. The potential for disruption was great, says Steve Kent, a private computer-security expert in Cambridge, Massachusetts, and a member of a Pentagon advisory panel on defensive information warfare. "In the Gulf War the military made extensive use of the Internet for its communications, and it would have suffered had the Iraqis decided to take it out."
A secret national-intelligence report being prepared by the CIA concludes that while there have been no clear attacks yet on the military's computer facilities, foreign intelligence services already are probing U.S. computers. A top Justice Department computer-security expert says five of the last seven identified intruders into the Pentagon's mainframes were foreigners. Retired Air Force Colonel Alan D. Campen, author of The First Information War, a 1992 book that described information technologies used during Desert Storm, says he got "requests for copies of the book from embassies all over the world." The Chinese army uses it in a course it teaches on infowarfare.
While the military's actual war-fighting computers are generally deemed secure, those supporting other vital areas--such as payroll, personnel, transportation and spare parts--are handled by poorly guarded Pentagon computers linked by scantily protected public-communications channels. The military's computers are probed by outsiders close to 500 times a day, Pentagon experts believe. But only about 25 of those are detected, and only two or three of those detected are reported to security officials. This penetrability is a legacy of computers designed for ease of use and accessibility to the Internet (itself a Pentagon creation). The toughest Pentagon computer to crack is the first one; once inside, nearly 90% of the other computers linked to the first computer will recognize the intruder as a legitimate user. "Hackers say our computers are crunchy on the outside," says Van Wyk, "but soft and chewy on the inside."