Read this. It's from the Electronic Telegraph, a neat web site in the UK. This article was later posted to comp.risks, and hence, Risks Forum digest, which is where I found it. The paragraphs have been numbered for easy reference. ---------------------------------------------------------------------------- (paragraph 0) http://www.telegraph.co.uk/et/ (paragraph 1) A few clicks and then the e-mail message entered the ship's control system... War of the microchips: the day a hacker seized control of a US battleship (paragraph 2) BY SIMPLY dialing the Internet and entering some well-judged keystrokes, a young US air force captain opened a potentially devastating new era in warfare in a secret experiment conducted late last September. His target was no less than gaining unauthorised control of the US Navy's Atlantic Fleet. (paragraph 3) Watching Pentagon VIPs were sceptical as the young officer attempted to do something that the old Soviet Union had long tried to do and failed. He was going to enter the very heart of the United States Navy's warships - their command and control systems. (paragraph 4) He was armed with nothing other than a shop-bought computer and modem. He had no special insider knowledge but was known to be a computer whizzkid, just like the people the Pentagon most want to keep out. (paragraph 5) As he connected with the local node of the Internet provider, the silence was tangible. The next few seconds would be vital. Would the world's most powerful navy be in a position to stop him? (paragraph 6) A few clicks and whirrs were the only signs of activity. And then a seemingly simple e-mail message entered the target ship's computer system. (paragraph 7) First there was jubilation, then horror, back on dry land in the control room at the Electronic Systems Centre at Hanscom Air Force Base in Massachusetts. Within a few seconds the computer screen announced "Control is complete." (paragraph 8) Out at sea, the Captain had no idea that command of his multi-million-dollar warship had passed to another. One by one, more targeted ships surrendered control as the codes buried in the e-mail message multiplied inside the ships' computers. A whole naval battle group was, in effect, being run down a phone-line. Fortunately, this invader was benevolent. But if he could do it ... (paragraph 9) Only very senior naval commanders were in the know as the "Joint Warrior" exercise, a number of experiments to test defence systems, unfolded between September 18-25. Taking over the warships was the swiftest and most alarming of the electronic "raids" - and a true shock for US military leaders. "This shows we have a long way to go in protecting our information systems," said a senior executive at the airbase where the experiment was conducted. (paragraph 10) The exact method of entry remains a classified secret. But the Pentagon wanted to the first to test the extent of their vulnerability to the new "cyberwarriors" - and had the confidence to admit it. (paragraph 11) Now they believe they know what they are dealing with and the defences are going up. (paragraph 12) Reply to Electronic Telegraph - et@telegraph.co.uk Electronic Telegraph is a Registered Service Mark of The Telegraph plc -------------------------------------------------------------------------- This sounds very fantastic, like the plot of a movie. Indeed, _Hackers_ featured a "worm" that took over control of the ballast of oil tankers. Perhaps this is a case of a journalist being a good writer but not fully understanding the topic at hand. Does anyone know how true this article is? Or where we could find more info? If it is true, then this is almost scary. Let's pick the article apart: In paragraph (1), the author refers to "the day a hacker siezed control over a US battleship." I assume that "hacker" and "battleship" are being used loosely, as, as noted in an IW-list posting that I received a few minutes ago, there are no currently active US battleships. (?) In paragraphs (2) and (5), the author refers to the "hacker" "dialing the internet" and "[he] connected with the local node of the Internet provider." This implies that the whole operation was conducted over the internet. Do battleships even have internet connections? They may. But the military certainly wouldn't dialup through a civilian ISP where their data goes through unknown hands to perform a very secret operation. Everything is doubtlessly encrypted - was the attack performed with or without keys? Or was the crypto somehow bypassed? The intruder is referred to as "young US air force captain" in par 2, a "young officer" in par 3, a "computer whizzkid" in par 4, an "invader" in par 8, and a "cyberwarrior" in par 10. Who was he? I would assume that it was more likely a group of people who were "in the know." Even the average "Joe Hacker" (is there such a thing?) would have trouble controlling a "batteship" let alone through an ASCII connection. In par 2, the author states that the intruder was attempting to gain "unauthorised control of the US Navy's Atlantic Fleet" (sic). If these were indeed "Joint Warrior" experiments, then it would be authorized. Throughout the article, references are made to the attack beginning with "a simple email message." This could be possible, but it seems that a higher means of control would be necessary. Anyhow, the whole article seems factually incorrect. I'm very interested in finding out more on what ACTUALLY happened, tho.. Tobin Fricke fricke@roboben.engr.ucdavis.edu