Base battles computer hackers

It seems unlikely to think about a prowler trying to sneak into Wright-Patterson Air Force Base. But every day, people try to gain unseen entrance to the base by remotely probing its computer network, sometimes by accident and others times with nefarious intent. It happens 2.8 million times a day, the near equivalent of every Chicago resident trying once daily.

The number of probes has catapulted compared to just three years ago, said Ben Striks, chief of software and network security for the 88th Air Base Wing Communications Group at the base.

“We used to see about 2,000 to 3,000 a week,” Striks said. “At that time we thought the number was large.”

One reason for the huge spike could be attributed in the rise of botnets, or thousands of “zombie” computers that are secretly coded to do a hacker’s automated bidding, though the user is unaware.

Gen. Bruce Carlson, commander of the Air Force Materiel Command, headquartered at Wright-Patt, said that while about 70 percent of the 2.8 million probes a day are electronic “wrong turns” that folks take while browsing the Web. But some are not so innocent.

“Some of them are serious probes, probably in the neighborhood of 3,000 to 4,000 a day,” Carlson said. “These people are looking for a hole, looking for a way to get in, so they can download data.”

Striks said that he deploys numerous layers of security to protect the base network, each one increasingly restrictive, using a mix of internal applications and off-the-shelf products.

“There are certainly some commercial tools that are very good, that corporations have access to,” he said.

Striks declined to say which products, in specific, they use.

The base regularly puts out large amounts of information in the public domain where hackers “try to rattle the windows until they find an open one to get in,” Striks said.

And while 2.8 million probes a day are nearly impossible to keep track of, the Air Force perks up when an “e-truder” makes it past the first layer of defense.
“If we see anomalies in the network we can focus on that, peel it back and see exactly what we are up against,” Striks said.

Carlson said hackers make repeat attempts to access the network, but couldn’t say whether repeat offenders were other sovereigns, suburban hackers or possible terrorists because it would put the Air Force at a disadvantage.

“We have done a lot of hard work, forensic work, to make sure that we know where they came from,” Carlson said.

Earlier this month, American officials, speaking off the record to the Financial Times, disclosed that hackers connected to the Chinese People’s Liberation Army had successfully penetrated a Pentagon computer network in June that resulted in 1,500 computers being taken offline.

But Wright-Patt makes an attractive target too.

It hosts a worldwide logistics system, a world-class laboratory research function and is the top acquisition and development center in the U.S. Air Force. More than 60 associate organizations representing a large range of Air Force and U.S. Department of Defense activities are housed there and they are all interlinked on the same IT infrastructure.

“(Intruders) download anything,” Carlson said. “Access rosters, telephone numbers, supply lists; some of it is useful and some of it is not.”

However, protecting the computer infrastructure from the outside is only half the battle, Striks said. One of the greatest liabilities the government, and similarly companies, face is their own employees.

“The biggest threat comes from the inside,” he said.

Wright-Patt is the largest single site employer in Ohio and one of the largest employers among Air Forces bases worldwide with about 24,000 civilian and enlisted employees.

Employees often operate without the mind-set of protecting the network, he said, sometimes visiting sites that glean information from the computers or inadvertently downloading malicious software that can compromise data on a workstation or the entire network.
Employees often operate without the mind-set of protecting the network, he said, sometimes visiting sites that glean information from the computers or inadvertently downloading malicious software that can compromise data on a workstation or the entire network.

To counteract such a scenario, Striks said the Air Force pours a lot of money and time into educating its members about their security responsibility, equipping them with an educational “sidearm” to protect the networks.

“Common users are going to need constant training and the person who has the administrator password will have an increased level of training,” Striks said.

Within the past 18 months, the Air Force has begun to severely clamp down on its service members’ Internet and Intranet freedom on government machines. Instead of giving people access to all the networks and drives, personnel are only given access to drives and servers they need to access, he said.

“We have taken the rights away, to a great extent, from the users to prevent damage,” Striks said.

Wright-Patt is not alone in its efforts to fight cyber intrusions though.

In September, the Secretary of the Air Force announced the start of a temporary Cyberspace Command at Barksdale Air Force Base, La., that is responsible for organizing, training and equipping forces to conduct sustained global operations in and through cyberspace.

Speaking in March, Gen. Ronald Keys, the Air Combat Command commander, said, “Almost everything I do is either on the Internet, an Intranet or some type of network. Yet, everyone out there knows that hackers can (potentially) get into my network and slow down or corrupt (it) or cause me to lose faith in the networks or shut them down completely.”

Striks said that in the end, though, IT security relies upon trusting Air Force service members and employees to wield their educational sidearm.

“We put a certain level of trust to our people,” he said.

Leave reply

Back to Top