A Bunch of Hacks

How vulnerable are the nation's computer networks? How much devastation can cyberattacks wreak?

. What's this?

April 01, 2004 — How vulnerable are the nation's computer networks? How much devastation can cyberattacks wreak? According to Mi2g, a digital security company, digital attacks caused an estimated $185 billion to $226 billion in economic damage in 2003. Here are some events from recent history that show why.

Eligible Receiver. This is the code name for a 1997 Defense Department exercise. DoD assigned a team from the National Security Agency to see it it could hack into Pentagon computer networks using only publicly available computers and hacking software. No problem, as it turned out. The team took control of Pacific Command Center computers, as well as power grids and 911 systems. A few years later, on the PBS series Frontline[i], John Hamre, deputy secretary of defense from 1997 to 1999, acknowledged that for "the first three days of Eligible Receiver, nobody believed we were under cyberattack."

Moonlight Maze. The Defense Information Systems Agency discovered that computer systems at the Pentagon, NASA, other government agencies, universities and research labs had been under attack for nearly two years, since March 1998. The attackers broke into hundreds of computer networks, stealing information on contracts, research and unclassified military data, including troop data and maps of military installations. Investigators, who dubbed the investigation Moonlight Maze, traced the hackers to Russia, but the Russian government denied any knowledge of the attacks. Because of the sophisticated "back doors" the attackers built, they continued stealing data for at least three years after the break-ins were discovered.

Code Red. This fast-propagating worm, which struck in July 2001, infected some 260,000 computers in its first 12 hours by exploiting a hole in Microsoft IIS Web servers. In its first variation, affected computers were used to bombard the White House website in a denial-of-service attack-which was thwarted. Many other websites were defaced with the words, "Hacked by Chinese."

Nimda. "Admin" spelled backward. This worm disrupted the U.S. financial sector a week after Sept. 11. LIke Code Red, it exploited flaws in Microsoft IIS Web servers, though on a much broader scale. It spread via e-mail attachments, infected webpages and other computers linked on a network. Despite the timing, the worm was not linked to the Sept. 11th terrorist attacks.

Slammer. This worm hit computers on Jan. 25, 2003, by exploiting a flaw (for which a patch had been written) in Microsoft's SQL Server 2000 software. It disrupted ATM systems and airline reservation systems, infected a number of large financial institutions and snarled the Internet. Ninety percent of its damage was done in the first 10 minutes, making it, at that time, the fastest cyberattack in history.

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
RESOURCE CENTER