Cybersecurity Recent Case Studies of Cybersecurity Breaches Term Paper

Pages: 16 (4325 words)  ·  Bibliography Sources: 6  ·  File: .docx  ·  Topic: Education - Computers


Recent Case Studies of Cybersecurity Breaches in the United States: The Event, the Method, and the Response

The Russian (?) Moonlight Maze Attack

Perhaps one of the most infamous cyber-attacks on the United States occurred in the late 1990s, codenamed Moonlight Maze by the FBI investigation team that evaluated the extent of the infiltration into the Department of Defense by unknown individuals. First detected in 1998, a series of coordinated infiltrations of sensitive U.S. computer networks was conducted (Kitfield, 2000). At this stage, it is still uncertain who conducted these cyber-attacks, though there is some circumstantial evidence linking the attacks to parties based in Russia (Bridis, 2001). As one of the most extensive attacks on data sensitive to the national security of the United States with perpetrators still unknown, Moonshine Maze stands as a testament to the extreme damage that can be wreaked by the concerted efforts of hackers who attack information systems controlled by the United States government.Buy full Download Microsoft Word File paper
for $19.77

Term Paper on Cybersecurity Recent Case Studies of Cybersecurity Breaches Assignment

Moonlight Maze is one of the most significant cyber-attacks in U.S. history. Though the immediate suspects were Russian, there has been no definitive proof that Russia as a nation had anything at all to do with the attacks on the Department of Defense computer systems. It could have easily been civilians in Russia, another nation cleverly obscuring its tracks, or an individual anywhere in the world bouncing through a computer server in Russia before launching the attack (Vistica, 1999; Bridis, 2001). All that is know for certain is that huge quantities of data was extracted from the government computer systems, amounting to millions of pages of downloaded text. The entire email in-box of one colonel was entirely extracted by the hackers. As far as could be immediately determined, no classified information was uncovered by the hackers, though there is plenty of sensitive information to be found on the unclassified systems. Department of Defense computer networks routinely handle records about military logistics, personnel information, emails, and planning. More extreme is the possibility that the unearthed data could include very sensitive information such as classified naval codes and information on missile guidance systems (Vistica, 1999; Drogin, 1999; Bridis, 2001).

The hackers were apparently working from a location in Russia, though this could not be definitively established due to the nature of the infiltration. All that is known for certain is that the hack into Department of Defense computers had been going on for more than a year and that it is entirely unclear how much information was made off with during that time. This is due in part to the fact that in addition to raiding information directly from the Pentagon, the hackers also used that point of entry to enter other sensitive systems throughout the U.S. government. These included networks at nuclear research labs associated with the Energy Department, NASA, and numerous university research facilities (Drogin, 1999). Investigators reiterate that the attackers obtained no known classified information, but the general uncertainty surrounding Moonlight Maze makes this claim dubious at best.

As to the identity of the attackers, investigators had little to go on. Circumstantial evidence seemed to point to a Russian operation probably originating in an office complex somewhere near Moscow. The computers used in the attack were tied to Internet servers about twenty miles outside of Moscow, and the pattern of intrusions suggests someone who worked on the project on weekdays between 8am and 5pm, excluding Russian holidays. This pattern of attack led many investigators to the possible conclusion that the attacks were coordinated and possibly sponsored by a Russian intelligence agency (Drogin, 1999). Whether or not this is actually the case is unclear. After all, as will be clear when we consider some of the methods the hackers employed, it seems relatively careless that they would provide such an easy path back to the actual point of origin of the attacks. It is just as likely that the true attackers bounced their efforts through Russian servers and timed the attacks to make them seem as if they were coming from a geographically localized position. The reality is that even years later, investigators are still uncertain.

The attacks against the United States government systems were apparently coming from a Russian computer system just outside of Moscow. Despite this discovery, no definitive determination could be made that the Russians were actually behind the attack. After all, there could have been someone physically sitting in Russia using computer resources there who was working for an entirely different party. It is also entirely feasible that the attackers simply bounced their efforts off of a computer system in Russia and that investigators were unable to determine the actual point of origin (Interview, 2003). This makes identification of responsible parties and intent incredibly difficult. In either eventuality, a Russian origin or not, the long-range nature of the attacks -- occurring over a period of years -- and the systematic way in which they were conducted suggests supreme planning and organization by the attackers themselves. It is doubtful that those responsible for the cyber-assault were random hackers looking for notoriety or another challenge. It is much more likely that this represents the coordinated efforts of an individual or group with interests that run contrary to the national security of the United States.

While it is unclear who was sitting on the other end of that computer or what their interests were, some information has been reconstructed about the methods and techniques employed by the hackers to gain access to the Department of Defense computer networks. In the spring and summer of 1999, the U.S. Navy first documented the use of low bandwidth attacks by unknown parties, to which they responded with recommended cyber-countermeasures (Drogin, 1999). In the course of the investigation regarding the intensely coordinated and wide-ranging attacks, the FBI unearthed a number of techniques and methods used by the hackers to not only gain access to the systems, but also to cover their tracks quite effectively.

Unfortunately for the national security, the computer networks at the Department of Defense were not effectively protected against cyber-attack at that time. Most of the material taken by the hackers was data that had been cued up to print on a networked printer. This means that it is not behind a secure firewall or not encrypted in any fashion (Interview, 2003). In other words, no matter how securely encrypted or protected sensitive data might have been at the attacked computer networked -- and there's little indication that this was the case -- much of the stolen data was simply taken without any difficulty from storage points at networked printers, the proverbial weak link in the cybersecurity system. Security specialists were convinced that the firewalls between the unclassified and classified sections of the Department of Defense network would have prevented any active mining of classified information, but this is unclear. The extent of the attack is not fully known and, what's more, classified information often makes its way into unclassified systems. By simply sifting through the information that was taken, it could be possible to construct information regarding classified and sensitive data (Vistica, 1999). In short, this attack opened the Department of Defense wide and laid bare many of its most sensitive secrets and documents.

The hackers obscured their presence in the system by using easily obtainable software known as Loki, after the Norse god of mischief. The software cleverly masks infiltrations to make them appear to be nothing more than web browsing by internal users (Bridis, 2001). This makes it more difficult for system administrators and security specialists to even notice that there is a problem occurring. Any attack will simply appear to be regular use by authorized users. Further, much of the attack was automated -- rather than actively check the government system to see if new data had been found and was ready for download, the hackers installed software sensors within the network that would notify the hackers of changes by modifying a private website that was hosted in Britain. Rather than expose themselves to Department of Defense security administrators, the hackers simply checked the innocuous website periodically and then only actively invaded the compromised system when it was absolutely necessary to retrieve newly gleaned information (Bridis, 2001).

As a final testament to the sophistication of this operation, investigators came to believe that the hackers had even gone to such lengths as to install eavesdropping software into university systems as early as 1997. The universities chosen were ones at which some researchers worked on sensitive defense contracts that would give them access to military labs via the Internet. The eavesdropping software allowed these hackers to glean usernames and passwords of these researchers and then pose as them to gain deeper access into government systems (Bridis, 2001). By approaching the government systems in this roundabout fashion, the attackers took advantage of generally less secure university systems and then used the information found there to piggyback themselves into more secure government sites, from which information sensitive to national security… [END OF PREVIEW] . . . READ MORE

Two Ordering Options:

Which Option Should I Choose?
1.  Buy full paper (16 pages)Download Microsoft Word File

Download the perfectly formatted MS Word file!

- or -

2.  Write a NEW paper for me!✍🏻

We'll follow your exact instructions!
Chat with the writer 24/7.

Analyzing the Cyber Security Phenomenon Essay

Risk Minimization and Loss Prevention in Small Term Paper

Cyber-Citizen, USA Cyber-Citizen USA the Debate Research Paper

Computer Security Research Paper

Measuring Awareness Term Paper

View 200+ other related papers  >>

How to Cite "Cybersecurity Recent Case Studies of Cybersecurity Breaches" Term Paper in a Bibliography:

APA Style

Cybersecurity Recent Case Studies of Cybersecurity Breaches.  (2007, May 8).  Retrieved September 25, 2020, from

MLA Format

"Cybersecurity Recent Case Studies of Cybersecurity Breaches."  8 May 2007.  Web.  25 September 2020. <>.

Chicago Style

"Cybersecurity Recent Case Studies of Cybersecurity Breaches."  May 8, 2007.  Accessed September 25, 2020.