Kuji Media Corporation Ltd.

Hacker infiltrates military satellite
By Sean Fleming
Posted: 01/03/1999 at 16:42 GMT

The UK Ministry of Defence has come under attack from a hacker who is allegedly threatening to target military satellites unless a £3 million ransom is handed over.

According to a story in today?s Daily Mail, the hacker has already seized control of one satellite, altering its course. The satellite in question is said to be involved in co- ordinating bombing raids on Iraq. Other targets for the hacker have been GCHQ – the spying operation that listens in on telephone calls and other communications – and a number of UK operations overseas. Officers from the Metropolitan Police Computer Crime Unit are said to be engaged in tracking down the source of the attacks. The authorities are said to have been so concerned about the attack on the satellite that the prime minister, Tony Blair, was informed. High profile hackings are becoming more common. One of the most well known was involved two UK hackers, Datastream Cowboy (Richard Pryce) and Kuji (Mathew Bevan), who caught the CIA’s attention in 1994 after the Pentagon?s computer was broken into. The South Korean atomic research institute was also hacked, provoking fears that World War III might be started by a teenage computer hacker sitting in his bedroom.

Foreign hackers working from overseas via the Internet penetrated sensitive U.S. Government computer systems.

Hacking U.S. Government Computers from Overseas

Foreign-based hacker groups working via the Internet have had substantial success breaking into U.S. Government and defense contractor computer systems holding sensitive but not classified information. There is one publicly known case in which computer break-ins from overseas were sponsored by a foreign intelligence service.

Three Germans in Bremen, West Germany were hired by the Soviet KGB during 1986- 1989 to hack into U.S. Government systems. They penetrated Pentagon systems, NASA networks, Los Alamos National Laboratories and Lawrence Berkeley Laboratories. They were detected by Clifford Stoll, at Berkeley, when he checked out minor discrepancies in the account billings. Stoll later wrote the popular book, The Cuckoo’s Egg, about the case. The three hackers were arrested and convicted of espionage.

The following three cases also show the ability of hackers overseas to penetrate protected domestic U.S. systems via the Internet. In these three cases there was some suspicion of possible foreign intelligence involvement. This could not be confirmed, but also could not be ruled out. Enterprising foreign hackers could collect this information on their own and then sell it to a foreign intelligence service, or a foreign service could sponsor the same kind of operation itself.

Argentine Hacker Intrusion Into Navy Systems

In July 1995 computers in several states and Mexico reported intrusions originating from Harvard University. The hacker apparently lifted user IDs and password information from accounts on a system administered by the university. The U.S. government became concerned in August when an intrusion was detected on a network operated by the U.S. Naval Command, Control and Ocean Surveillance Center (NCCOSC). The intruder broke into the NCCOSC computer and installed sniffer programs to capture the IDs and passwords of legitimate users, and other software that would allow him to alter or destroy network files or to make them inaccessible to users.

After attacking a site in Taiwan, the intruder was monitored while “chatting” on the Internet, using the name Griton. Griton was traced back to Argentina where the moniker was known by Argentine authorities as a computer pirate who specialized in hacking, cracking and phreaking. The subject was soon traced to Buenos Aires and identified as Julio Cesar Ardita, then a 21-year-old student in Buenos Aires at the University of Argentina.

According to news reports, this hacker gained access to a host computer at the Army Research Lab in Edgewood, Maryland; the Naval Research Laboratory in Washington; the California Institute of Technology in Pasadena, California; and the NASA Jet Propulsion Laboratory. Victim sites include 62 U.S. government, 136 U.S. educational, and 31 U.S. commercial facilities. The U.S. Navy, NASA, and Department of Energy’s National Laboratories were high on the list of frequency of penetration.

Ardita was served a warrant and his computer was seized. He admitted responsibility, but claimed he was guilty only of mischief. He was arraigned in December, 1995. The U.S. Department of Justice filed criminal charges against Ardita. Prosecution in the U.S. was initially frustrated by the fact that computer crime is not covered by international agreements for extradition. In December 1997, Ardita agreed to come voluntarily to the United States and plead guilty to unlawfully intercepting electronic communications over a military computer and damaging files on a military computer. In return for Ardita’s agreement to come voluntarily to the United States, he is being sentenced to only three years probation and fined $5,000.1

Although he hacked into important and sensitive government research files on satellites, radiation, and energy-related engineering, Ardita is not accused of obtaining classified information related to national security. To counterintelligence analysts, the hacker’s selection of targets and subject matter suggested a well-defined intelligence collection tasking, but foreign intelligence involvement has not been established. If a foreign intelligence service was involved, it is impossible to know which one, as many countries might have been interested in the information Ardita collected.

The Ardita case was the first time a court-ordered wire tap was used for real-time monitoring of an unknown subject to catch a computer criminal. It demonstrates the ability to chase and identify an international hacker on-line.1

Air Force Rome Development Center Break-In

Two young British hackers, Richard Pryce, age 16, and Mathew Bevan, age 21, broke into U.S. military computer systems. Pryce, who was identified and charged in 1995, allegedly obtained access to files on ballistic weapons research and messages from U.S. agents in North Korea during a 1994 crisis over inspection of nuclear facilities in North Korea. The penetrations were carried out over a period of several months.

Bevan, an information technology technician, was charged in 1996 with conspiracy to gain unauthorized access to computers. Pryce used the on-line nickname of “Datastream Cowboy” while Bevan identified himself as “Kuji.” Kuji was tutoring Datastream in his attempts to break into specific systems. According to news reports, investigators suspected the older culprit of being a foreign agent.

Pryce and Bevan broke into the Rome Air Development Center, Griffiss Air Force Base, NY, and before authorities became aware of their presence (five days later) they had penetrated seven systems, copied files including sensitive battlefield simulations, and installed devices to read passwords of everyone entering the systems. Rome Air Development Center was used as a launching pad for more than 150 intrusions into military, government and other systems including NASA and Wright-Patterson Air Force Base. Large volumes of data were downloaded from penetrated systems. One such data transfer (which was being monitored) involved the downloading of files from the Goddard Space Flight Center to an Internet provider in Latvia. In order to prevent the loss of sensitive data, the monitoring team broke the connection.

In one of these break-ins, Pryce used Rome to access a Korean facility. According to media reports, “For several anxious hours [U.S. authorities] didn’t know whether the intrusion was into a North or South Korean system. The concern was that the North Koreans would trace an intrusion coming from the U.S. and perceive it as an aggressive act of war.” The penetrated system turned out to be the South Korean Atomic Research Institute. The two were arrested after a long investigation by the Air Force Office of Special Investigation and New Scotland Yard.2

Dutch Teen Hackers

A group of Dutch teenagers penetrated computer systems at 34 U.S. military installations during 1990-91. They gained access to information on personnel performance reports, weapons development, and descriptions of movement of equipment and personnel. The systems penetrated included the Naval Sea Systems Command, the Army’s readiness system at Ft. Belvoir, Virginia, and the Army missile research lab at Aberdeen, Maryland.

At least one penetrated system directly supported U.S. military operations in Operation Desert Storm prior to the Gulf War. They copied or altered unclassified data and changed software to permit future access. The hackers were also looking for information about nuclear weapons. Their activities were first disclosed by Dutch television when camera crews filmed a hacker tapping into what was said to be U.S. military test information.

According to an ABC News report, the Dutch hackers had been operating for at least a year reading sensitive information about military plans and operations. Documents obtained by ABC indicate that hackers got so much information about the Patriot Missile that they had to break into several other computers just to find a place to store the data. At one point the intruders shut down computers in Wisconsin and Virginia which were later used to mobilize troops for Desert Storm. Information was gathered on the Patriot rocket launching system, the Navy’s Tomahawk cruise missile, and on the call up of military reserves for the Gulf War. The search words the hackers were particularly interested in were “military,” “nuclear” and “Desert Storm” or “Desert Shield.”

Many of the computer penetrations originated in Geldrop, Holland. At the time, investigators suspected the hackers could have been freelance spies looking for information to sell to the KGB or Iraqi intelligence, but no evidence of foreign intelligence service involvement has been found.

23 Mar 97 SOUTH CHINA MORNING POST: HACKER OF THE WEEK
:The teenage security threat: Asia Intelligence Wire

RICHARD PRYCE

If you had to imagine the number one threat to America’s security, you might go for a terrorist group or a coalition of Iraq, Libya and North Korea. You would be unlikely to select a teenage double bass player at a British music college.

But RICHARD PRYCE, from a north London suburb, can count himself among those who have been elevated to the ranks of major threats to United States national security up there alongside Iraqi leader Saddam Hussein.

Pryce’s claim to fame, or infamy, lies in the way he hacked into America’s deepest defence secrets. At one point, he was even accused of having caused more harm to the US defence and missile systems than Russian intelligence. One might, equally, imagine that such a number one threat would operate from a secret base filled with the latest computers and advanced software. But PRYCE did it all from his bedroom in the suburb of Colindale, with equipment worth a grand total of GBP7SO (HK$9,315).

He was just 16 at the time. PRYCE, who only got a D grade in computer science, obtained the passwords to download super-secret computer records in New York and California, including an Air Force base which deals with sensitive subjects such as artificial intelligence.

When he was brought to trial last week, his solicitor said that officials believed he was being manipulated by an East European outfit.
A US congressional report on computer attacks said he had been seizing control of defence department computers on the direction of an unknown third In the Senate in Washington, PRYCE was accused of “causing more harm than the KGB” and described as the number one threat to US security.
The magistrates took a more lenient view. Fining PRYCE GBP1,200 on Friday, they accepted his innocent motives after he admitted 12 charges of gaining access to the computers.

But they did order his computer equipment to be confiscated.
PRYCE, now 19, was arrested after the US Air Force Office of Special Intelligence investigated the hacking.
They codenamed the unknown culprit “Datastream Cowboy”, and finally got his name from other computer users.

The Pentagon said yesterday it was taking measures to stop its systems coming under computer attack.

Hackers pillaged US files to sell secrets to Saddam
By Tim Reid

HUNDREDS of military secrets, including troop movements and missile capability, were stolen from American government computers and offered to Saddam Hussein during the Gulf war, a former US security expert has admitted.

Computer hackers in the Netherlands used the Internet to steal enough top-secret information potentially to change the course of the war. Luckily for the Allies, the Iraqis ignored the data, probably fearing a hoax, according to intelligence experts.

Dr Eugene Schultz, former head of computer security at the US Department of Energy, has disclosed for the first time how he and colleagues sat helpless as the Dutch hackers pillaged the files across 34 US military sites in the months leading up to the 1991 conflict.

His revelations, to be screened on BBC 2’s Sci Files programme tomorrow, come after the conviction on Friday of a London Teenager for gaining unauthorised access to American defence and missile secrets. Using equipment that cost £750 from local shops, Richard Pryce, 19, broke into computer files of the US Air Force and the Lockheed aerospace company. US military intelligence officials claimed he had caused “more harm than the KGB”. Pryce, of Colindale, north London, who was 16 at the time, was fined £1,200.

Dr Schultz, who was also responsible for protecting the computers of US nuclear weapons sites, told the BBC that the Americans learnt for certain in October 1990 that the information was being offered to Baghdad. Working with the FBI, he pinpointed the source of the attacks to Eindhoven.

The leakage of data was certainly alarming. The Dutch hackers learnt about the exact locations of US troops and the types of weapons they had. They gained information about the Patriot missile’s capability and the movement of American warships in the region.

“We realised that these files should not have been stored on Internet-capable machines,” Dr Schultz said. “They related to our military systems, they related to Operation Desert Shield at the time, and later Operation Desert Storm. This was a huge mistake.”

Once the Dutch hackers had gained access to a military computer site, they simply kept guessing different passwords until the system let them in. Once inside, they could pick and choose the exact information they wanted. The attacks lasted for months.

“We couldn’t do anything about it,” Dr Schultz said. “If we had shut down one machine that they had been getting into, they would have found others to launch the attacks from.”

The full story of Iraqi involvement in this episode is still classified. The CIA will neither confirm nor deny that the hackers tried to sell military secrets to Iraq.