At 01:57 PM 12/22/95 -0500, fc@all.net (Fred Cohen) wrote:

I thought the ET article indicated an exaguration, but if it's true that there are no Battleships in the US Navy anymore and that the attack was run using DoD crypto equipment and networks, it's a heck of a lot different than buying an off-the-shelf Internet package and taking down the fleet.

I have no doubt that someone with enough expertise, classified knowledge and equipment, access, and assistance can get some limited control over some US Navy ships for some period of time - but I seriously doubt that a computer whizzkid can take over the fleet from a PC via Email.

Depends on how much of a firewall the Navy's got; it may be that the guy really did a dialin to the Pentagon using passwords, or maybe that the ship really does have network connections without adequate security. People _do_ build dialin and other gateways to get around corporate firewalls, in spite of company policy; wouldn't surprise me if the military has the same problem. About 20 years ago, you could dial an FX line in Des Moines which connected to a line at Offutt AFB in Nebraska and autorotored to a radio circuit up to Looking Glass. Looking Glass had a small PBX; you could dial a 2-digit extension to reach somebody on the plane, or dial back down to the ground. At one point, the radio officer on the plane noticed two lights on on the PBX when nobody on the plane was talking on the phone; the rapidly ensuing investigation found a guy in the barracks using a 16-button Autovon phone dialing through the system to call his buddies in Guam. As one might expect, the phone lines coming down from Looking Glass are authorized to call anywhere in the world, at any precedence/preemption level they want to :-) While I don't personally know either the radio officer or the guy who got busted, I do have a friend who was around there when it happened... And similar nonsense is probably still possible today, unless Murphy's left the military. #-- # Thanks; Bill # Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281 # .... Heading back to The Big Phone Company