Featured Research

from universities, journals, and other organizations

Sandia Red Team Hacks All Computer Defenses

Date:
August 3, 2000
Source:
Sandia National Laboratories
Summary:
Over the past two years, a group at Sandia National Laboratories known informally as the Red Team has, at customer invitation, either successfully invaded or devised successful mock attacks on 35 out of 35 information systems at various sites, along with their associated security technologies.

ALBUQUERQUE, N.M. - Over the past two years, a group at Sandia National Laboratories known informally as the Red Team has, at customer invitation, either successfully invaded or devised successful mock attacks on 35 out of 35 information systems at various sites, along with their associated security technologies.

Related Articles


Their work - challenged only by a new style of defense, also developed at Sandia, called an "intelligent agent" - demonstrates that competent outsiders can hack into almost all networked computers as presently conformed no matter how well guarded, say spokespeople for the group, formally known as the Information Design Assurance Red Team or IDART.

Networked computers might include e-commerce, transmitted or Net-stored financial data (from credit cards, money-machine cards, and bank accounts), as well as medical data.

Sites investigated by Sandia's self-described "bad guys" include information systems from two very large corporations and several key government agencies, says team leader Ruth Duggan from the Red Team lab in a restricted area of Sandia, a Department of Energy national security laboratory.

"We found specific weaknesses in every system," Duggan says.

IDART was started in 1996 by Michael Skroch, now on assignment with DARPA (Defense Advanced Research Projects Agency). DARPA was one of the team's principal sponsors before Skroch was asked to join that organization as a program manager.

The Red Team's mode, says team member Ray Parks, is to "role-play the position of an adversary" - a point of view sometimes unexpectedly difficult for system designers to adopt.

In August, DARPA is sponsoring the Red Team to teach a short course to invited government agencies on how to design better information systems by understanding how to think like an attacker.

The mindset of an adversary

While the Sandia group's actions are entirely legal, its adoption of an "outlaw" mindset combined with a willingness to do relatively deep analyses of ways an information system can be penetrated (whether through the Internet or by an insider) has helped test and develop concepts in security technology. Some of these concepts are so advanced they are not yet available in the marketplace.

The typical IDART group, which may consist of three to eight hackers, sometimes explains to clients in advance exactly how and when they will attack. System defenders have time to prepare specific, automatic, and even redundant defenses for their software, platforms, firewalls, and other system components. Yet results disconcert clients every time: their defenses are breached.

"Right now, information system defenders have a very difficult job," says Duggan. "Our goal is to improve the security of information systems to make the attacker's job difficult instead." But the group has a long way to go. "Fortified positions do take us longer to break in," she says, "but on the order of minutes, not hours."

"In the past, I've been a system defender," says longtime team member David Duggan. "It's frankly nice to be on the winning team." His guileless smile belies the chill of his words. "If I'm an intruder and I merge with background noise, how can you tell I'm there?"

The extraordinarily broad abilities of cyber attackers - from professional hackers to terrorists to state- and corporate-sponsored aggressors - to penetrate any system they desire can result in pilfered information, corrupted data, a change in the order of operations, or a flat denial of services. Any of these, to an individual, is an annoyance. To major corporations, they could result in billions of dollars misplaced or stolen, or in loss of reputation. In a medical or military emergency, an adversary who could intercept messages, corrupt data, and deny access to services could cause catastrophic damage.

To forestall such problems, the Red Team prefers to be called in on the design stage of a system, though it can attack a system already in place to ferret out weak points. "Our job is to understand how systems can be caused to fail, and then to help the customers improve the surety of their systems," says Sam Varnado, Energy and Critical Infrastructure Center Director.

Hacker personality templates

The group attacks from templates it creates of different types of hackers. The Red Team's favorite adversary is the cyber terrorist, an adversary model principally developed by Brad Wood, who led the Red Team for two years. Says David Duggan, "We role-play cyberterrorists as people who go after low-hanging fruit in cyberspace, i.e., places people forget to defend. Why attack a firewall when a modem is wide open?" The group assumes cyberterrorists are risk-averse and don't want to be caught. "The typical hacker, on the other hand, may not care about being caught after he's done his deed, and maybe even wants the notoriety."

The Red Team asks company executives about their "worst nightmares" to deduce the targets the company or agency most wants protected. The team assumes cyberterrorists can learn how the system is designed. The Red Team uses only "open-source" attacks - that is, attacks that are publicly available - announced in advance. It still breaks in. Then team members share data on their attack: places, times, and length of defense.

The point, say Red Team members, is not to keep score, but to keep good data. The group tries to demonstrate credibly how an adversary might attack, and then discuss with the customer what it did - a big difference between Sandia and "Red" teams from private companies that run the equivalent of simple computer programs used to test vehicles. Instead, "We find ways the systems can be used other than the way they were intended," says David Duggan. "We may use their security against them," says team member Julie Bouchard.

The problem in devising defenses is no one has adversaries sitting under a microscope with probes attached, waiting to be studied.

The Trojan Horse problem

Another big problem, members of the group say, is that most software these days is written overseas or without validation. Trojan Horses that go off when the adversary chooses to trigger them could be placed in it. Asked why such events haven't already happened, group members speculate it may be better for adversaries to keep US systems up, in order to extract data from them.

The Red Team participates in attacks that might range from a week to five months. The nature of the work can still raise hackles among defenders, who may sometimes fail to appreciate a friendly attacker. One group member tells clients to say to themselves, "The Red Team is my friend," and repeat it twice more when tempers grow short.

Sandia does not release the name of IDART's clients, but describes the IDART process at its web site of http://www.sandia.gov/idart/ . A paper on its work: "New Paradigms in Network Security: Using Red Teams as a measure of systems assurance," will be presented in Cork, Ireland, at the New Security Paradigms Workshop 2000, sponsored by the Association of Computing Machinery (ACM), Sept. 19-21.

###

Sandia is a multiprogram DOE laboratory, operated by a subsidiary of Lockheed Martin Corp. With main facilities in Albuquerque, N.M., and Livermore, Calif., Sandia has major research and development responsibilities in national security, energy, and environmental technologies.


Story Source:

The above story is based on materials provided by Sandia National Laboratories. Note: Materials may be edited for content and length.


Cite This Page:

Sandia National Laboratories. "Sandia Red Team Hacks All Computer Defenses." ScienceDaily. ScienceDaily, 3 August 2000. <www.sciencedaily.com/releases/2000/07/000727081151.htm>.
Sandia National Laboratories. (2000, August 3). Sandia Red Team Hacks All Computer Defenses. ScienceDaily. Retrieved November 28, 2014 from www.sciencedaily.com/releases/2000/07/000727081151.htm
Sandia National Laboratories. "Sandia Red Team Hacks All Computer Defenses." ScienceDaily. www.sciencedaily.com/releases/2000/07/000727081151.htm (accessed November 28, 2014).

Share This


More From ScienceDaily



More Computers & Math News

Friday, November 28, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Recharge Your Phone in 30 Seconds? Israeli Firm Says It Can

Recharge Your Phone in 30 Seconds? Israeli Firm Says It Can

Reuters - Innovations Video Online (Nov. 28, 2014) With consumers demanding more and more from their mobile devices, scientists in Israel and Singapore are developing super fast-charging batteries to power them. Amy Pollock has more. Video provided by Reuters
Powered by NewsLook.com
EU Pushes Google For Worldwide Right To Be Forgotten

EU Pushes Google For Worldwide Right To Be Forgotten

Newsy (Nov. 27, 2014) Privacy regulators recommend Google expand its requested removals to apply to all its web domains. Video provided by Newsy
Powered by NewsLook.com
Predictions Of Tablets' Demise Sound Familiar

Predictions Of Tablets' Demise Sound Familiar

Newsy (Nov. 26, 2014) The tablet's days are numbered, at least according to a recent IDC report. The market-research firm paints a grim outlook for tablets. Video provided by Newsy
Powered by NewsLook.com
Today's Prostheses Are More Capable Than Ever

Today's Prostheses Are More Capable Than Ever

Newsy (Nov. 26, 2014) Advances in prosthetics are making replacement body parts stronger and more lifelike than they’ve ever been. Video provided by Newsy
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:

Breaking News:

Strange & Offbeat Stories


Space & Time

Matter & Energy

Computers & Math

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile: iPhone Android Web
Follow: Facebook Twitter Google+
Subscribe: RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins