ad info

CNN.com
 MAIN PAGE
 WORLD
 ASIANOW
 U.S.
 LOCAL
 POLITICS
 WEATHER
 BUSINESS
 SPORTS
 TECHNOLOGY
   computing
   personal technology
   space
 NATURE
 ENTERTAINMENT
 BOOKS
 TRAVEL
 FOOD
 HEALTH
 STYLE
 IN-DEPTH

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

  CNN WEB SITES:
CNN Websites
 TIME INC. SITES:
 MORE SERVICES:
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines
 pointcast
 pagenet

 DISCUSSION:
 message boards
 chat
 feedback

 SITE GUIDES:
 help
 contents
 search

 FASTER ACCESS:
 europe
 japan

 WEB SERVICES:
Computing

Internationally coordinated hack attack detected

September 28, 1998
Web posted at 11:15 AM EDT

by Torsten Busse

From...

(IDG) -- U.S. Department of Defense (DOD) security experts on Friday warned that hackers have a new weapon in their arsenal -- coordinated attacks on government and private networks from multiple locations around the world.

Discovered just this month by the Navy, the attacks are hard to detect since they involve sending two to three malicious data packets among millions of friendly packets from multiple Internet locations around the globe simultaneously in an effort to intrude into a network.

Multiple attackers can farm part of the attack to one Internet address and part of the attack to another, making it hard for existing intrusion-monitoring systems to identify the packets as part of a coordinated attack.

MORE COMPUTING INTELLIGENCE
  IDG.net home page
  InfoWorld home page
  InfoWorld forums home page
  InfoWorld Internet commerce section
  Get Media Grok and The Industry Standard Intelligencer delivered for free
 Reviews & in-depth info at IDG.net
  IDG.net's personal news page
  Subscribe to IDG.net's free daily newsletter for IT leaders
  Questions about computers? Let IDG.net's editors help you
  Search IDG.net in 12 languages
 News Radio
  Fusion audio primers
  Computerworld Minute
     

"What is clear it that the attacks are coordinated," said Stephen Northcutt, head of the intrusion center at the U.S. Naval Surface Warfare Center, in Virginia. "But exactly how many people are driving it is not clear."

At times, as many as 15 different hackers appeared to be involved in the attacks, but it is not clear how many people are actually behind such coordinated attacks, Northcutt said. So far the attacks were directed at nonclassified networks at the DOD and at least at one private, corporate network.

Although no known damage has been caused by the coordinated attacks yet, Northcutt and his colleagues issued a security alert Friday in order to make network administrators aware of the new attack mechanisms.

"We are talking about how hackers are using a weapon, not about a new weapon itself," said Tim Aldrich, another U.S. Navy Surface Warfare Center security analyst.

It has been common for a single attacker to target multiple sites, but now multiple attackers are working together to target either single sites or multiple sites, Aldrich said.

Aldrich and his colleagues assume that the new techniques will be widely used and that it is imperative that intrusion-detection tools, techniques, and tracking databases be developed or modified to detect and respond to this new threat.

For sites with properly engineered Internet security, the new attack mechanism is no more effective than the previous generation of attacks. But sites that are not as secure and have routers with knowledge of an internal network sitting outside a firewall are especially vulnerable, Northcutt said.

The Navy's Shadow (Secondary Heuristic Analysis for Defensive Online Warfare) Intrusion Detection team has developed a new and freely available detection technique to track this new hacking activity. The information can be found at http://www.nswc.navy.mil/ISSEC/CID.

The new hacker technique requires security experts to rethink some of their defense methods, which so far have focused on attacks from one hacker. In a coordinated attack, however, one attacker can do the reconnaissance, while another follows up with the exploit. Detecting attacks requires correlating attack packets with each other, which is difficult if a small amount of them are sent from many locations at the same time, Northcutt said.

The Shadow team is asking anyone who has detected similar patterns of coordinated hacking to share information about them by sending information to shadow@nswc.navy.mil.

Northcutt and other intrusion-detection researchers will gather in San Diego from Feb. 9 to Feb. 13 for the SANS Institute's Intrusion Detection and Response Workshop. For more information on that meeting, see http://www.sans.org or call (719) 599-4303.

The SANS Institute is a network security cooperative research and education organization made up of more than 62,000 system administrators, security professionals, and network administrators.

Torsten Busse is the San Francisco Bureau Chief for the IDG News Service.

Related CNN Interactive stories:
Latest Headlines

Today on CNN

Related IDG.net stories:

Note: Pages will open in a new browser window Related sites:

External sites are not
endorsed by CNN Interactive.

SEARCH CNN.com
Enter keyword(s)   go    help

   
 

Back to the top
© 2000 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.