Hacking the Air Force
According to recent reports, bad guys have been hacking into secret Air Force computers. It seems the Black Hats were after the secret plans to our new, top secret fighter jet, the F-35 Lightening II. Apparently, the hackers couldn't get enough information just be reading news stories about the top-secret plane. (You can read a related article from CNN here.)
The government and its corporate allies in this endeavor (designing the plane, not hacking) say that no sensitive data was compromised. They say the really secret stuff is kept on computers that don't connect to the Internet for security reasons. I said, "Oh yea? Show me." Then the colonel said, "Ok, it's just right over? Hey, wait a minute! You almost got me."
Though it's true that there are bad guys out there constantly trying to get into computer systems, it's also true that few of them succeed. The level of skill for these people range from Script Kiddies (morons on the net who read how to get into obvious security flaws and just have to try it) all the way up to the People's Cyber Warfare Task Force of the Chinese military. The computers they are trying to hack also have quite a range, from the home PC of people with no computer skills, all the way up to sensitive Air Force fighter plane computers.
One of the servers I run was under attack just the other day. Someone was trying desperately to get through to the email server on my machine. We know what they were trying because they went after port 25 which is used only for email. The main network firewall blocked the attack, but if it hadn't, the local firewall would have blocked that port. If, somehow, the attacker got in, there is no software that will respond to that port on my machine because I disallow email on it, as a security measure. Keep in mind that I'm not even one of the extra paranoid administrators.
The military has standards for computer security. Most of the few breeches that do occur are the result of human error, and then usually on the part of a civilian contractor. There have been even rarer cases where the perpetrator has been a spy, but that almost never happens.
The People's Cyber Warfare Task Force will usually go after two main targets. The first is an attempt to intercept and read military communications. This has less to do with hacking and is pretty much what our National Security Agency (NSA) is supposed to do. The second will be to go after softer civilian targets such as the power grid or financial systems. They may also consider it funny to go into a series of databases to mark a large portion of the population as "deceased" so that half the American population would be "virtually dead". (Mental note: see what sort of money I can get as a virtual assassin.)
One of my favorite security toys is the so called Honey Pot. This is a computer that one expects to get hacked, so you put false data, false security, and the ability to surreptitiously watch the bad guys "sneak" through. My ultimate dream is to have a honey pot where, if there is more than one person inside, the system would reconfigure such that the next obvious target for the black hat is the connection for one of the other bad guys. That would be funny.
I have no doubt that there are forces trying to get at the military's big secrets. I have no doubt that the military would play down any breech in security. I also have no doubts that the Rebel Alliance will find nothing in the stolen plans that will pose a threat to the Death Star. Still, our military computers are about as secure as it gets and it's still more secure than having a bunch papers scattered around and being carried by drunken messengers.