WASHINGTON -- In what appears to be the most extensive cyber-attack ever aimed at the U.S. government, covert hackers apparently working from Russia have systematically broken into Defense Department computers for more than a year and plundered vast amounts of sensitive information, U.S. officials said yesterday.
Besides penetrating the Pentagon's defenses, the cyber-thieves have raided unclassified computer networks at Energy Department nuclear weapons and research labs, at the National Aeronautics and Space Administration and at numerous university research facilities and defense contractors, officials said. No top-secret classified data is known to have been stolen, however.
Despite an intense FBI-led inquiry code-named "Moonlight Maze," investigators have failed to identify the hackers or to confirm whether espionage was the motive. But circumstantial evidence points heavily toward a Russia-based intelligence-gathering operation, officials said.
"The intrusions appear to have originated in Russia," Michael A. Vatis, director of the FBI's National Infrastructure Protection Center, told a Senate subcommittee Wednesday in the first public confirmation of Moonlight Maze. He said the intruders stole "unclassified but still sensitive information about essentially defense technical research matters."
Other officials said that at least some of the attacks were traced to Internet servers located about 20 miles from Moscow. And the pattern of intrusions suggests that they involve someone working in an office: They occurred on weekdays between 8 a.m. and 5 p.m. Moscow time -- but not on Russian holidays.
"There are very strong indications and it's our belief that it's coming from Russia and that it may be a sponsored [intelligence] activity," a senior Energy Department official said. "This is not random. It's organized."
No classified computers are known to have been breached and no networks have been wrecked or damaged. But the government's unclassified networks contain huge troves of confidential and sensitive data that are potentially valuable to foreign governments, terrorist groups and private companies, officials said.
Defense Department networks, for example, carry records about military logistics, planning, purchases, payrolls and personnel. "It's the magnitude of the extraction that is alarming to us," Arthur L. Money, assistant secretary of defense for command, control, communications and intelligence, said in an interview. The hackers, he noted, "can get insight into sensitive operations" even from unclassified files.
Pub Date: 10/07/99