A Bunch of Hacks

How vulnerable are the nation’s computer networks? How much devastation can cyberattacks wreak? According to Mi2g, a digital security company, digital attacks caused an estimated $185 billion to $226 billion in economic damage in 2003. Here are some events from recent history that show why.

Eligible Receiver. This is the code name for a 1997 Defense Department exercise. DoD assigned a team from the National Security Agency to see it it could hack into Pentagon computer networks using only publicly available computers and hacking software. No problem, as it turned out. The team took control of Pacific Command Center computers, as well as power grids and 911 systems. A few years later, on the PBS series Frontline[i], John Hamre, deputy secretary of defense from 1997 to 1999, acknowledged that for “the first three days of Eligible Receiver, nobody believed we were under cyberattack.”

Moonlight Maze. The Defense Information Systems Agency discovered that computer systems at the Pentagon, NASA, other government agencies, universities and research labs had been under attack for nearly two years, since March 1998. The attackers broke into hundreds of computer networks, stealing information on contracts, research and unclassified military data, including troop data and maps of military installations. Investigators, who dubbed the investigation Moonlight Maze, traced the hackers to Russia, but the Russian government denied any knowledge of the attacks. Because of the sophisticated “back doors” the attackers built, they continued stealing data for at least three years after the break-ins were discovered.

Code Red. This fast-propagating worm, which struck in July 2001, infected some 260,000 computers in its first 12 hours by exploiting a hole in Microsoft IIS Web servers. In its first variation, affected computers were used to bombard the White House website in a denial-of-service attack-which was thwarted. Many other websites were defaced with the words, “Hacked by Chinese.”

Nimda. “Admin” spelled backward. This worm disrupted the U.S. financial sector a week after Sept. 11. LIke Code Red, it exploited flaws in Microsoft IIS Web servers, though on a much broader scale. It spread via e-mail attachments, infected webpages and other computers linked on a network. Despite the timing, the worm was not linked to the Sept. 11th terrorist attacks.

Slammer. This worm hit computers on Jan. 25, 2003, by exploiting a flaw (for which a patch had been written) in Microsoft’s SQL Server 2000 software. It disrupted ATM systems and airline reservation systems, infected a number of large financial institutions and snarled the Internet. Ninety percent of its damage was done in the first 10 minutes, making it, at that time, the fastest cyberattack in history.

Blaster. Aimed mainly at businesses, this worm also was designed to overwhelm one of Microsoft’s technical assistance websites. It infected computers running Microsoft Windows.

SoBig.F. Bigger than big. Launched in August 2003, it sent itself to all the e-mail addresses in a user’s computer, propagating so rapidly that, for a time, one of every 17 e-mails of total e-mail traffic was a copy of the worm.

Mydoom. SCO Group, a Utah-based software company that has made news by claiming IBM is illegally running pieces of its Unix code in their Linux system, was the target of this worm. It struck in January and succeeded in shutting down SCO’s website, as well as clogging e-mail systems all over the country.