The Electronic Intrusion Threat to National Security and Emergency Preparedness (NS/EP) Internet Communications An Awareness Document December 2000 Office of the Manager National Communications System 701 South Courthouse Road Arlington, VA 22204-2198 TABLE OF CONTENTS EXECUTIVE SUMMARY............................................................................................................... ES-1 1. OVERVIEW AND SCOPE............................................................................................................ 1 2. BACKGROUND ............................................................................................................................ 3 2.1 NS/EP FUNCTIONS ................................................................................................................... 4 2.1.1 NS/EP Responsibilities ........................................................................................................ 4 2.1.2 NS/EP Communications Services and the Functions They Support........................................ 4 2.1.3 NS/EP Community’s Current Dependence on the Internet .................................................... 5 2.2 INTERNET DESCRIPTION........................................................................................................ 5 2.2.1 Internet Technology............................................................................................................. 6 2.2.2 The Internet and Security..................................................................................................... 6 2.3 NS/EP FUNCTIONS AND THE INTERNET .............................................................................. 7 2.3.1 NS/EP Dependence on Dedicated TCP/IP Networks............................................................. 7 2.3.2 Current NS/EP Dependence on the Internet ......................................................................... 9 2.3.3 Evolving Technologies, Applications, and Protocols .......................................................... 10 2.3.4 Implications of Electronic Intrusion................................................................................... 10 2.4 CONVERGENCE ISSUES........................................................................................................ 10 2.4.1 Challenges to Network Convergence.................................................................................. 11 2.4.2 Implications of Convergence on NS/EP Services ................................................................ 12 3. TOOLS AND TECHNIQUES ..................................................................................................... 13 3.1 MALICIOUS SOFTWARE ....................................................................................................... 13 3.2 DENIAL OF SERVICE ATTACKS........................................................................................... 15 3.3 OTHER SECURITY CONCERNS ............................................................................................ 17 3.3.1 Mobile Code: Java and ActiveX......................................................................................... 17 3.3.2 Rogue Applets ................................................................................................................... 18 3.3.3 Embedded Code ................................................................................................................ 18 3.4 TRENDS................................................................................................................................... 18 4. THREATS.................................................................................................................................... 20 4.1 FOREIGN AGENCIES.............................................................................................................. 20 4.1.1 Motivation......................................................................................................................... 20 4.1.2 Capabilities....................................................................................................................... 24 4.1.3 State of Affairs................................................................................................................... 26 4.1.4 Implications ...................................................................................................................... 28 4.2 TERRORIST AND RADICAL ORGANIZATIONS .................................................................. 28 4.2.1 Motivation......................................................................................................................... 29 4.2.2 Capabilities....................................................................................................................... 31 4.2.3 Implications ...................................................................................................................... 33 4.3 CRIMINALS AND CRIMINAL ORGANIZATIONS ................................................................ 34 4.3.1 Motivation......................................................................................................................... 35 4.3.2 Capabilities....................................................................................................................... 35 4.3.3 Implications ...................................................................................................................... 39 4.4 HACKERS ................................................................................................................................ 40 4.4.1 Motivation......................................................................................................................... 40 4.4.2 Capabilities....................................................................................................................... 43 4.4.3 Implications ...................................................................................................................... 45 4.5 INSIDERS................................................................................................................................. 45 4.5.1 Motivation......................................................................................................................... 47 4.5.2 Capabilities....................................................................................................................... 48 4.5.3 Insider Incidents................................................................................................................ 50 i 4.5.4 Implications ...................................................................................................................... 51 5. CONCLUSIONS .......................................................................................................................... 53 APPENDIX A: NCS MEMBERS................................................................................................... A-1 APPENDIX B: NS/EP COMMUNICATIONS SERVICES AND THE FUNCTIONS THEY SUPPORT.........................................................................................................B-1 APPENDIX C: EVOLVING TECHNOLOGIES, APPLICATIONS, AND PROTOCOLS ......... C-1 APPENDIX D: AWARENESS ....................................................................................................... D-1 GOVERNMENT ACTIVITIES........................................................................................................ D-1 JOINT GOVERNMENT-INDUSTRY ACTIVITIES........................................................................ D-5 APPENDIX E: ACRONYMS..........................................................................................................E-1 APPENDIX F: GLOSSARY ...........................................................................................................F-1 APPENDIX G: REFERENCES...................................................................................................... G-1 LIST OF FIGURES FIGURE 2-1: INTERNET HOST NUMBERS: 1969 - 1999................................................................................ 3 TABLES TABLE 2-1: NS/EP-RELATED DEDICATED TCP/IP NETWORKS................................................................... 8 TABLE B-1: NS/EP SERVICES AND FUNCTIONS ......................................................................................B-2 ii EXECUTIVE SUMMARY One of the most significant roles of any government is to protect its citizens and their property. In fulfilling this role, the responsibility of some government agencies include protection from attacks by adversary nations and terrorists, and the destruction caused by natural as well as man-made disasters. By enabling an immediate and coordinated response to all emergencies, national security and emergency preparedness (NS/EP) communications are a vital component of federal emergency response strategies. Traditionally, federal departments and agencies have primarily used voice communications to support NS/EP functions. However, to increase efficiency and decrease costs, the Government is expected to leverage new information technologies. This drive for efficiency is fueling a move toward the increased use of the Internet, e- Government, and information technology (IT) applications to deliver NS/EP functions and responsibilities. The threat posed by electronic intrusion grows concurrently with the increased use of electronic media, widespread availability of intrusion tools