Vulnerable computers and networks are vital components of the garden-variety spammer who relies on negligent system administrators to improperly configure or fail to maintain computers and networks. These poorly secured and maintained computers and networks form the hubs of the malicious marketplace and allow spammers to send out junk email, engage in click-fraud, or rent their bots out for denial of service attacks.
While small to mid-size companies may not have the resources to adequately secure their information technology infrastructure, large multinational corporations and government agencies should possess the resources to adequately protect their infrastructure.
Spam Relays at the Department of Defense
Unfortunately, there have been numerous corporations and US government agencies that have suffered high-profile breaches of their computers and networks. In particular, Support Intelligence, a network security company based in San Francisco, recently traced a spam email back to a compromised computer at Randolph Air Force Base in Texas. It is unclear how long the computer at Randolph Air Force Base had been compromised and sending out spam, nor is it clear if there were additional infections of systems located at the air base.
This particular infection is not new for the Department of Defense (DoD) nor is it new for the entire US government. In 2004, Operation Web Snare, a Department of Justice (DoJ) supported operation, shut down a number of computers at the DoD and US Senate that had been hijacked by hackers and spammers.
Implications for US National Security
The implications of these infections and hijackings are dire for US national security interests. If a garden-variety spammer can compromise government owned computers and networks it is then trivial for a determined nation-state to penetrate sensitive government owned networks as well. Low-level variety spammers do not possess the same resources or skills as computer hackers trained and funded by nation-states. Rather, the typical spammer relies on automated code designed to seek out and exploit common vulnerabilities, whereas nation-states have the resources to seek out unknown flaws and design “zero-day” exploits designed to penetrate “hardened” computer systems and networks.
A spat of publicly known breaches and penetrations of sensitive government owned computer networks illustrate this point. Over the last few years’ malicious hackers, possibly in concert with nation-states, have attacked the following government networks:
• US State Department (Previous Report)
• US Department of Energy (Previous Report)
• US Commerce Department (Previous Report)
• US Naval War College (Previous Report)
• US Army Information Systems Engineering Command at Fort Huachuca (Previous Report)
• US Defense Information Systems Agency (Previous Report)
• US Naval Ocean Systems Center (Previous Report)
• US Army Space and Strategic Defense installation (Previous Report)
Additional undisclosed breaches of government owned networks have likely occurred. While the networks listed above were not known to contain classified information, when taken in aggregate the information stolen from all these networks could potentially reveal classified information to a determined adversary.
According to Major General William Lord, director of information, services and integration in the Secretary of the Air Force Office of Warfighting Integration and Chief Information Officer, “China has downloaded 10 to 20 terabytes of data from the NIPRNet. They’re looking for your identity, so they can get into the network as you.”
While it is unclear how many of these systems were compromised, the fact that network security companies like Support Intelligence have discovered spam relays on DoD networks indicates that at least some of these systems were compromised as a result of a system administrators negligence or dereliction of duty. These actions could potentially result in a direct threat to US national security.