The level and sophistication of this attack on the Department of Defense's systems suggests that professionals conducted this attack with significant resources at their disposal and an interest in the national security secrets of the United States. The data mining operation was so successful that, while detected, still managed to make-off with a significant amount of information.
Since the attack, the United States responded in a number of critical ways. Almost immediately upon learning of the threat, the Pentagon required all defense employees to change sensitive passwords, though this requirement was even hacked by the attackers, allowing them to change their tactics accordingly (Vistica, 1999; Bridis, 2001). Other, longer-range responses will hopefully have more success in preventing future attacks such as the Moonlight Maze attack. For instance, the assistant secretary of defense for command, control, communications and intelligence -- Arthur Money -- stated that the Pentagon's primary unclassified computer system was so significantly compromised by the attacks as to render it unusable. Within a few months of discovery of the infiltration of the system, the Department of Defense decided to route all of the communications that previously went through that network through eight large electronic gateways, in the hope that this will make monitoring of traffic and access easier. The Pentagon has also ordered that $200 million be spent on new encryption technology for all systems, including intrusion detection technology, new firewalls, and password encryption (Drogin, 1999). These efforts are designed to cinch up many of the cybersecurity "holes" discovered in the wake of the Moonlight Maze incident. Of course, all of these efforts occurred after sensitive data had already been pilfered over a period of years.
The most usual response of the government, and the ultimate aim of its efforts, has been punitive in nature: track down the offenders and punish them. If the hackers prove to be civilians, then the U.S. government is prepared to fully prosecute them for this intrusion in their systems. if, on the other hand, the perpetrator is found to be another nation, then the government will likely consider a retaliatory cyber-attack against that nation in retaliation. To that end, new offensive protocols have been added to the agency that controls the military's computer systems, and increased funding has been provided for such operations over the coming years (Bridis, 2001). Perhaps, the most significant effect to emerge from the Moonlight Maze incident was increased communication and coordination between various law enforcement and intelligence agencies such as the FBI, CIA, NSA, and others. Up until this point, coordination of information between these agencies had been mediocre at best (Bridis, 2001; Kitfield, 2000).
Moonlight Maze demonstrated how an uncoordinated response would be ultimately ineffective against such a coordinated attack on sensitive military computer systems. This increased cooperation and coordination that emerged after Moonlight Maze, in fact, ultimately led to the Department of Homeland Security in the wake of the September 11th attacks, to further improve inter-agency coordination. Whether or not the enhanced coordination between these agencies as well as the increased security measures at the Department of Defense will deter or help ward off cyber-attacks is, as of yet, unclear.
Case Study #2: Fermilab File-Sharing Fiasco
In June 2002, computer system administrators at the Fermi National Accelerator Laboratory near Chicago, Illinois discovered that an unidentified hacker had broken into the computer system at the laboratory (Van, 2003). This breach of data security was treated with extreme caution and concern. Immediately, the lab issued a full alert and shutdown of the computer systems for three days while determinations could be made as to the extent of the presumed attack. Fermilab is responsible for the integrity of the United States nuclear arsenal. As such, any breach of data security at the lab stands as a significant break of national security. If the case had evolved into an example of malicious hacking or directed terrorism, the results for national security could have been exceptionally disastrous. As the case makes evident, however, this breach of data security occurred for very different reasons that we might ordinarily expect and consisted of no real malicious intent. Nonetheless, the apparent ease with which the hacker was able to exploit a weakness in such a crucial system of the U.S. Department of Energy should give us pause. If this had been a willfully malicious hack of Fermilab, the results for national security could have been extremely adverse.
Technicians at Fermilab first discovered that there might be a problem after noticing that scheduled backups of the system were taking much longer than normal (Goodwin, 2003). Disturbingly, this was apparently the only reason that the breach of security was even noticed in the first place. If it had not been for the fact that hacker in question was actively using Fermilab's system resources for his own purposes, the breach of security might not have ever been noticed. if, for example, the hacker had intended only to access the system and retrieve sensitive data, based on this case it seems questionable whether or not anyone would have even noticed until long after the hacker had left -- if ever.
An investigation coordinated between the U.S. Department of Energy, which oversees operations at Fermilab, and Scotland Yard ultimately led investigators to the culprit behind this incredible breach in national security. In an unremarkable neighborhood in East London, investigators arrested Joseph McElroy, then sixteen years old, who had illicitly gained access to the seventeen Fermilab computers. Since attempted hacks occur against Fermilab frequently, its generally high levels of security and the sensitivity of the data it oversees makes it an attractive target, investigators may have expected to find a computer mastermind when they arrested McElroy. Many hackers of this apparent caliber attempt hacks into systems such as Fermilab for political reasons, for personal prestige in the hacking community, or even for criminal or terrorist purposes. What they discovered, however, in the person of McElroy was something entirely different.
Rather than an individual intent on hiding the nature of his crime, making some political statement, or even overthrowing the U.S. government, investigators found a young boy perfectly willing to admit his guilt and work with the police to explain what he had done and how he had done it. McElroy's purposes were not malign -- save for the simple reality that he did knowingly hack into a private, government no less, computer system. McElroy's purpose was simple: he wanted to appropriate the bandwidth storage capacity of an online computer network in order to store hundreds of gigabytes of pirates music, movies, and software that he and his friends could share (Leyden, 2004; Teen hacker, 2004). McElroy apparently had no intention of accessing sensitive information on the Fermilab networks -- or any information, for that matter. He only wanted to access the system so that he could partition off a section of it for his own illegal storage uses.
In fact, interestingly, McElroy told investigators that he had no idea the Fermilab system was an offshoot of the U.S. government, specifically the U.S. Department of Energy. He was under the mistaken impression that the system was owned and operated by a U.S. university, not the government. Apparently, McElroy and his friends had been targeted university and academic computer systems for some time, largely because he was under the impression that universities did not have to pay for Internet access (Goodwin, 2003). The aim was always to section off portions of an academic system and then use that storage space to share illegally obtained files between him and his friends, to whom he gain express access codes and passwords to the compromised system. The hacking job by McElroy was conducted with relative impunity because he did not expect a university computer network to have the resources to track him down and exact punitive judgment from him. His inability or unwillingness to more effectively cover his tracks meant that security specialists working for the U.S. government were able to track down McElroy's location within hours because of the access logs he had left behind in the system. This rapid response is to be expected from a government installation that handles such sensitive information, though once more it is worth point out that the quick response of the security team at Fermilab was only possible after two-weeks of breached security by a teenager from London (Van, 2003). McElroy spent two weeks with access to multiple computers on the Fermilab network. That he was interested in file sharing and did not have more malicious goals should be seen as a welcome bit of luck, but certainly no reason for the U.S. government's cybersecurity teams to pat themselves on the back for a job well done.
The attack, though perhaps infiltration would be a better description, of the Fermilab computer network took the computer network offline for three days while the extent of the hack was determined and the nature of the damage inflicted was evaluated. Total costs of repairs to the affected…