In 1994, the curious case of two teenagers and their opportunistic and repeated attacks on U.S. Air Force highlighted the volume of attempted incursions experienced by high-profile government targets, along with what can happen when one – or 150 – gets through.

It reads like a script for a potential sequel to the 80s computer misuse movie WarGames. Two teenage hackers with nothing more than home computers and modems breached one of the most secure and significant defense computer networks in the world, with access to systems including air tasking orders (telling pilots what to do in battle). Not once, but more than 150 times in a two-month period.

But this isn’t a screenplay and there’s no talking, chess-obsessed computer on the brink of starting a war. In fact, it’s a testimony document submitted to the Permanent Subcommittee on Investigations, Committee on Governmental Affairs for the U.S. Senate, and the incidents were very real. At the same time the CISSP certification was created to help cybersecurity professionals, a major justification for the need for professional cybersecurity operatives with verified skills was playing out between two locations in the U.K. and several U.S. Air Force and NASA sites.

Under Attack

Even 30 years ago, during the nascent days of distributed computer networking and online connectivity, the U.S. Air Force was already experiencing significant attempts to access its systems. At the time, the Defense Information Systems Agency (DISA) estimated that as many as 250,000 attacks had occurred that year and had been steadily increasing for several years. It was a trend they correctly expected to continue.

Three decades ago, DISA’s internal test results revealed that its own attacks successfully penetrated U.S. Department of Defense (DoD) IT systems 65% of the time. Not all hacker attacks resulted in actual intrusions into computer systems; some were attempts to obtain information on systems in preparation for future attacks, while others were made by the curious or those simply seeking a challenge by trying to break through DoD computer defenses. In U.S. Senate testimony, Air Force officials at Wright-Patterson Air Force Base stated in 1996 that, on average, they received 3,000 to 4,000 attempts to access information each month from countries all around the world.

Datastream Cowboy and Koji

Of these many attempts, it was two people from the U.K. that caused significant concern for the U.S. Air Force and others by their successful intrusion attempts.

In 1994, teenager Richard Pryce, known as “Datastream Cowboy” and 21-year-old Mathew Bevan, called “Kuji”, attacked the U.S. Air Force’s computer systems over 150 times across a two-month period. They targeted the Air Force’s Rome Laboratory in Rome, New York, which gave them access to a much wider array of Defense systems. To make tracing their attacks more difficult, the hackers weaved their way through international phone switches (another crime in itself) to a computer modem in Manhattan. While it didn’t make tracing them impossible, it did significantly complicate matters.

During the attacks, they accessed intelligence messages as well as sensitive air tasking order research data. Air tasking orders are the messages military commanders send during wartime to pilots; the orders provide information on air battle tactics, such as where the enemy is located and what targets are to be attacked. Given the number of military activities taking place with U.S. involvement during the mid 90s, this raised significant concern. The pair also launched other network intrusions from the lab’s computer systems, gaining access to systems at NASA’s Goddard Space Flight Center, Wright-Patterson Air Force Base and Defense contractors around the U.S.

The pair used common tools, such as trojan horse and sniffer programs, to break into the lab’s systems, collect information passing through the network including login credentials. The Air Force claimed in its Senate testimony that the duo taking control of the lab’s network ultimately resulted in 33 subnetworks being taken offline for several days.

The attacks were initially suspected by a systems administrator at the lab who noticed an unauthorized file on her system. After determining that their systems were under attack, Air Force personnel worked to retain control of the lab’s network and systems. They also monitored the activities of the two individuals by establishing an “electronic fishbowl” in which they limited the intruders’ access to one isolated subnetwork. That monitoring played a part in their subsequent arrest.

The Consequences of Infiltrating Military Networks

Richard Pryce (Datastream Cowboy) was quickly apprehended by police in the U.K., due in part to the Air Force’s monitoring and investigative efforts. He was eventually convicted of 12 breaches of the U.K.’s Computer Misuse Act and fined £1,200 (around $1,800 at 1994 exchange rates). Mathew Bevan (Kuji) was caught two years later. His case was eventually dropped by the Crown Prosecution Service as it was deemed no longer in the public interest to pursue it.

The cases against both remained in the U.K. and related to the misuse of the U.K. telephone network. No charges were ever brought in the U.S. It remains unknown what happened to the data stolen from Rome Laboratory.

CISSP – Securing Interconnected Networks

The challenge faced 30 years ago by the U.S. Air Force, a forerunner to the threats faced today, highlighted the need for updated and consistent policies, processes and technologies relating to IT and network security. Vulnerability assessments, internal reporting of attacks, correction of known vulnerabilities, and damage assessments are normal activity now, but were not standard operating procedure then.

This was one of the factors that the CISSP certification sought to address and support, with Communication and Network Security a key domain of the CISSP exam. Even 30 years ago, the promise of interconnected systems was beginning to be realized with the liberalization of access to the internet with inexpensive modems and other hardware, as well as the arrival of the first consumer always-on internet connections. Today, network security is a fundamental element of all aspects of IT, cybersecurity, communication, ecommerce and more. It is weaved through the CISSP certification and supporting continuous professional education (CPE) efforts, to ensure members are equipped to respond to increasingly complex and resourced network intrusion attempts.