Hackers see serious flaws in U.S. computer networks

· ANY OF SEVEN COMPUTER experts from the nation's leading "hackers think tank "would need only a half-hour to cripple the Internet in the United States, one of them says.

BY ROB WELLS

The Associated Press

WASHINGTON — In a sober, methodical tone, a computer hacker known as "Mudge" described for a Senate committee how he could snoop on the computer activities of thousands of unsuspecting citizens.

"Let's say I have taken over MCI's network, which Would not be a tremendously difficult thing to do," Mudge told the Senate Governmen tal Affairs Committee yesterday. He described disrupting another major corporate computer network that he couldn't access, forcing its traffic to flow over lines he could monitor.

"Now I can learn everything they're doing, I can watch their movements, I can stop their move ments, I can issue requests on their behalf," said the computer consul tant. "You'd be surprised how much stuff I can do on networks now."

The testimony of Mudge and six more computer hackers — identified

by their "hacker" names because of their sensitive activities — was the focal point of a hearing exploring weaknesses in the nation's computer networks.

Skepticism over daims

Some Internet security experts were highly skeptical of the hackers' claims; Mudge boasted that within a half-hour, any of the seven could cripple the Internet in the United States.

But the hackers and new govern ment reports raised troubling ques tions about the security of the na tion's public and private computer networks.

Sen. John Glenn, D-Ohio, said the testimony pointed to a threat to national security.

"If you look at this, in some ways it's a whole new way of making warfare," Glenn said of attacks on sensitive computer systems.

The General Accounting Office,

an arm of Congress, released two studies at the hearing saying that the State Department's unclassified computer system is vulnerable to hackers and terrorists, and that the Federal Aviation Administration has numerous weaknesses in the phys ical security of its computers.

"This work has revealed a dis turbing picture of our government's lack of success in protecting federal assets from fraud and misuse, sensi tive information from inappropriate disclosure and critical operations from disruption," Gene Dodaro of the GAO said in a statement to the panel.

'Little defense against it'

A presidential commission re ported in October that it found "no evidence of an impending cyberat tack" but cautioned that "we have little defense against it." It also cited an "unprecedented national risk" be- cause computer and telephone sys tems have linked the nation's public works, including power plants, rail lines and banking networks.

The seven Boston-area computer experts who testified belong to what has been described as the nation's

leading "hackers think tank," known as LOpht (pronounced "loft").

All said they hold day jobs con sulting or working in the technology industry and turn their after-hour efforts to exposing weaknesses in major computer networks or brand- name software, such as Microsoft's Windows NT.

"I'm informed that you think that within 30 minutes the seven of you could make the Internet unusable for the entire nation. Is that correct?" asked the committee's chairman, Sen. Fred Thompson, R-Tenn.

"That's correct," replied Mudge.

He went on to describe a process

to separate "the different major long- haul providers," such as AT&T, so its network couldn't exchange infor mation with other major networks, such as MCI.

Scott Bradner, vice president for standards at the Internet Society and a senior technical consultant to Har vard University, said MCI and other corporations that provide ide the back bone to the Internet have private communications links with other companies that can't be accessed from public networks.

But he acknowledged that securi ty problems threaten portions of the Internet.