Skip to main content

Computer Security: Hackers Penetrate DOD Computer Systems

T-IMTEC-92-5 Published: Nov 20, 1991. Publicly Released: Nov 20, 1991.
Jump To:
Skip to Highlights

Highlights

GAO discussed the intrusions of Dutch hackers into Department of Defense (DOD) unclassified, sensitive computer systems during Operation Desert Storm/Shield. GAO noted that: (1) computer hackers from the Netherlands penetrated 34 DOD sites attached to Internet, an unclassified network composed of smaller networks nationwide and overseas, between April 1990 and May 1991; (2) the hackers had access to unclassified, sensitive information regarding military personnel, logistics, and weapons systems development data, which can be highly sensitive during times of international conflict; (3) the hackers generally gained access to the DOD computer systems by weaving their way on Internet through university, government, and commercial systems; (4) the most common weaknesses hackers exploited to gain access into military sites were accounts with easily guessed passwords, well-known security holes in computer operating systems, and vendor-supplied accounts; (5) the majority of the hackers' activities were aimed at modifying the system to obtain system administrator privileges and to create new privileged accounts and establish methods for later entry; and (6) in most cases a university, contractor, or DOD official notified system administrators of an intrusion which prompted them to either secure their system or temporarily leave the vulnerability open to determine the intruder's identity. GAO believes that: (1) security weaknesses that permitted the intrusions highlight inadequate DOD attention to computer security; and (2) poor password management, failure to maintain audit trails, and inadequate computer security training all contributed to the intrusions.

Full Report

Topics

Computer accountsComputer crimesComputer networksComputer securityComputer systemsConfidential communicationsData transmissionFederal records managementHackersInformation systemsInternetPasswordsSystems managementNetwork administrators