Agencies making little progress against cybervandalism
Two men sentenced to prison time, fined for breaking into federal sites
- By Ethan Butterfield
- Jul 29, 2005
Three years after a pair of hackers broke into several federal agency computers and defaced Web sites, industry experts said not enough has been done to prevent further attacks.
'Usually they don't have a lot of money, or time and resources, or the ability a lot of times to go out and secure these things,' said Caleb Sima, founder and chief technical officer of SPI Dynamics of Atlanta, an Internet security firm.
In April 2002, Robert Lyttle of San Francisco and Benjamin Stark of St. Petersburg, Fla., hacked into a computer at NASA's Ames Research Center in Moffett Field, Calif., and stole information about members of the agency's Astrobiology Institute, said assistant U.S. attorney Kyle Waldinger, who prosecuted the case.
'He used that information, which was in the form of a spreadsheet, to deface the home page of the NASA Astrobiology Institute,' Waldinger said. 'In addition, he and his co-conspirator posted their mission statement.'
Calling themselves 'The Deceptive Duo,' Lyttle and Stark stated that their attacks were intended to demonstrate vulnerabilities in the government's computer security systems. The pair also hacked into the Defense Department's Defense Logistics Information Service Web site and the agency's Office of Health Affairs.
Lyttle pleaded guilty to the attacks in March and the U.S. District Court in Oakland, Calif., sentenced him in June to four months in prison, a payment of restitution of $71,181 and three years of probation. Stark, who also pleaded guilty, was sentenced in January to two years of probation and to pay restitution of $29,006.
NASA officials declined to discuss the specifics of the case, but said security is something they have improved since the attacks in 2002.
'We take security very seriously, and over the last couple of years have worked to coordinate our IT security operations, keep them up to date and ensure that people have access to the tools and training they need to do their jobs,' said NASA spokesman Brian Dunbar.
But even with these improvements, private cybersecurity experts said the government still needs to do more to improve security.
'I think they know there's a problem,' said Pete Allor, director of intelligence at Internet Security Systems of Atlanta. 'It's a matter of focus. In the entire government infrastructure there's a lack of focus.'
But as new protection technologies are developed, hackers are creating and sharing new infiltration techniques and technologies. Allor said that a buffer override prevention program, which still is in development, already is being tested for weaknesses by the hacking community.
Sharing knowledge of how to illegally access government computers and Web sites has become big business, said Chris Sonderby, chief of the Computer Hacking and Intellectual Property Unit for the U.S. Attorney's office in San Francisco.
'There are hacker Web sites,' Sonderby said. 'There are chat forums. There are networks of individuals who traffic in information in efforts to gain this type of unauthorized access.'