Online Security Is Pentagon's Latest Battle
By John Schwartz
The Department of Defense announced yesterday that it was briefly pulling its computers off the Internet to upgrade security by installing hardier "firewall" protection between computer systems that are accessible to the outside world and those that should not be.
Noting the recent spate of hacker attacks on government Web sites, Pentagon spokesman Kenneth Bacon said the upgrade is part of a long-term computer security effort: "This is much more protective than reactive."
In fact, the Defense Department is engaged in long-term planning that could completely move its unclassified networks off the Internet and on to a proprietary system. The GNIE project (Global Network Information Enterprise, pronounced "genie") will unveil this major proposal this summer, said DOD spokeswoman Susan Hansen. "A lot of systems over the years have been patched together," she said, and "of course, you're only as strong as your weakest link."
Skirmishes between federal law enforcement officials and computer intruders have been intensifying in recent weeks. Hackers angered by about 20 recent FBI raids on suspected members of the loose-knit computer underground have launched a variety of attacks on Web sites maintained by the FBI, the Senate, the Interior Department and the White House.
"For those who do this for whatever kind of sport it provides them, they'll be found, and they'll be prosecuted," White House press secretary Joe Lockhart said yesterday.
Securing government Web sites against attack is difficult because the sites are designed for open access; that's why security-conscious computer managers separate Web computer systems from those that contain critical internal information.
In the case of the FBI computer intrusions, for example, "these are not the internal systems that contain classified or top-secret information," said Justice Department spokeswoman Carole Florman. "Those systems have not been at risk, and they have not been compromised."
Instead, she said, the attacked sites are "the FBI's vehicle for communicating with the public. . . . What they are really doing is denying access to the American public to the information available on that Web site."
FBI agents across the country have been focusing on a gang that calls itself "Global Hell." The agents appear to be going after leading members of the group and some peripheral figures, hoping to find bigger players, said John Vranesevich, founder of antionline.com, a Web site that tracks hacker activity.
Vranesevich called the hacker response "a tantrum," saying that "many of them are now realizing for the first time that everything they've been doing for the past few months [has] been watched."
Those targeted by the raids say that the agents are casting a very broad net. Paul Maidman, 18, was asleep when FBI agents entered his apartment. The New Jersey teen's mother had already left for work for the day when a half-dozen armed agents grabbed Maidman's computer and began hours of questioning.
Noting that he has no relationship with Global Hell but that he has sat in on Internet chats where its members have congregated, Maidman said, "I'm not really counting on getting it [the computer] back any time soon." He added that he has shied away from computer mischief since he turned 18.
Maidman said that while the experience with the government agents was intimidating, "they were actually really nice." When his 12-year-old sister woke up, "they made her waffles," he said.
Experts in computer crime said the government reaction constitutes just the latest wave of law enforcement efforts to curtail computer mischief.
"It's immensely foolish of the hacker underground to step up its assaults on law enforcement sites," said Michael Godwin, author of the book "Cyber Rights."
"These two cultures regard each other with such deep antagonism and distrust that you might have to call in [veteran diplomat] Richard Holbrooke to sort it out," Godwin said.
© Copyright 1999 The Washington Post Company