Content area
Full Text
Protecting government computer systems from hackers is vital to national security. It's also increasingly difficult.
Every 20 minutes someone tries to penetrate a Defense Department computer network. But not all of the intruders are outsiders. Defense officials are increasingly concerned about trusted employees seeking restricted data.Just as troubling is that many intrusions could be prevented if workers followed basic security procedures. While computers have become central to agency operations across government, security has not.
A case in point: A few months ago, 27-year-old computer whiz Shawn Key hacked into a federal agency's computer network. (He spoke about the agency on the condition that it not be identified.) For national security purposes, the office Key broke into was supposed to have no more than a handful of carefully controlled modems through which employees could access the Internet. Instead, Key found more than 500 modems on the system-a mother lode for any hacker intent on wreaking havoc. Just days before the modems were discovered, network administrators had issued an order expressly forbidding the use of extraneous modems.
Fortunately for the agency, Key is what he calls an "ethical hacker," working to protect organizations against intrusions by "nonethical hackers": disgruntled employees, precocious teen-agers trying to embarrass institutions by posting electronic graffiti, and terrorists intent on damaging national security. As a systems engineer at the computer security firm J.G. Van Dyke and Associates in Bethesda, Md., Key's job is to probe client computer systems for security breaches. And there are plenty of breaches at federal agencies.
In recent months, Key says, he has repeatedly hacked into federal computer systems where the network administrator's password was blank, essentially giving him-and any other hacker-a key to the network and all the data managed there. With such access, a hacker could shut down the system, install or delete software, read, modify or delete data, and cover his tracks, avoiding detection altogether. As for the 500 excess modems Key recently encountered, agency employees were probably plugging laptop computers with built-in modems into phone jacks at their desks to connect to the Internet, he says, not realizing they were compromising security.
The vulnerability of federal agencies to computer attacks is growing, says Michael Vatis, director of the FBI's National Infrastructure Protection Center, one...