ugnet_: HACKERS CRACK CANADIAN DEFENCE

[Edward Mulindwa]

Hackers Crack Canadian Defense Department By Jim Bronskill Canadian Press 7-15-4   Ottawa -- Determined computer hackers broke through federal firewalls several times last year, gaining access to Defense Department networks. A newly obtained report on security breaches at the department in 2003 also reveals dozens of internal lapses. Computer security has become a high-profile concern in federal circles in light of cyber-terrorism, operations mounted by foreign intelligence services and, more often, the sloppy practices of employees. The Defense Department's Computer Incident Response Team tracked a total of 160 events � from digital break-ins to dodgy e-mail procedures � last year. Located in Ottawa at the Canadian Forces network operations centre, the team defends department computers by monitoring intrusion detection systems, zeroing in on threats and issuing alerts. A declassified version of the team's report was released to The Canadian Press under the Access to Information Act. It provides an indication of the difficulties faced by federal agencies such as the Defense Department in keeping their sprawling information holdings secure from interlopers. The Canadian Security Intelligence Service has warned that it is almost impossible to eliminate network vulnerabilities entirely because computer systems and attack tools are in a constant state of evolution. Other documents released by Defense underscore the high degree of confidentiality attached to such issues. Many of the records are classified top secret, with much of the information withheld from release due to its perceived sensitivity. The response team's report notes five instances of �unauthorized privileged access� to Defense networks, considered the most serious of seven categories of breaches. They also logged five cases of �unauthorized limited access� and 35 instances of �malicious logic� � the attempted introduction of viruses, worms or other unwanted programs into a computer system. There were 110 cases of �poor security practice� on the part of employees, by far the most common problem last year. Of these, the majority involved concerns about the security of e-mail transmissions. Others stemmed from use of Internet Relay Chat messaging and the popular KaZaa file-sharing service, inappropriate storage of materials, and unauthorized Web postings. Another case involved improper access to a network. No one from the Defense Department was available Tuesday to discuss the security cases. Several of the documents released by Defense were prepared by the Communications Security Establishment, the highly secretive federal agency with the dual role of electronic spy service and protector of federal computer systems. The records indicate CSE focused on issues including the potential exploitation of wireless communication networks, suspicious probes of systems and the general methods employed by hackers. It appears CSE also undertook an analysis of the so-called Blaster worm that infected computers last August. � Copyright 2004 Bell Globemedia Publishing Inc. All Rights Reserved. http://www.globetechnology.com/servlet/story/RTGAM. 20040713.wfedhack0713/BNStory/Technology    The Mulindwas Communication Group "With Yoweri Museveni, Uganda is in anarchy"             Groupe de communication Mulindwas "avec Yoweri Museveni, l'Ouganda est dans l'anarchie"