In a cyberwar, the offensive force picks the battlefield, and the other side may not even realize when it’s under attack. Defense Department officials believe the intrusions, which they describe as “sophisticated, patient and persistent,” began at a low level of access in January. Security sleuths spotted them almost immediately and “back-hacked” the source to computers in Russia. Soon, though, the attackers developed new tools that allowed them to enter undetected (although they sometimes left electronic traces that could be reconstructed later). Intelligence sources say the perpetrators even gained “root level” access to some systems, a depth usually restricted to a few administrators. After that, “we’re not certain where they went,” says GOP Rep. Curt Weldon, who has held classified hearings on Moonlight Maze.
As a federal interagency task force begins its damage assessment, a key question is whether the Russians managed to jump from the unclassified (although non-public) systems where they made their initial penetration into the classified Defense Department network that contains the most sensitive data. Administration officials insist the “firewalls” between the networks would have prevented any such intrusion, but other sources aren’t so sure. Besides, one intelligence official admitted, classified data often lurk in unclassified databases. With enough time and computer power, the Russians could sift through their mountains of pilfered information and deduce those secrets they didn’t directly steal. That’s one more thing to worry about, although security officials admit that they have a more pressing concern. The intruders haven’t been spotted on the network since May 14. Have they given up their efforts–or burrowed so deeply into the network that they can no longer even be traced?
