The incident seemed alarming enough: a breach of a Cisco Systems network in which an intruder seized programming instructions for many of the computers that control the flow of the Internet.

Now federal officials and computer security investigators have acknowledged that the Cisco break-in last year was only part of a more extensive operation–involving a single intruder or a small band, apparently based in Europe–in which thousands of computer systems were similarly penetrated.

Investigators in the United States and Europe say they have spent almost a year pursuing the case involving attacks on computer systems serving the American military, NASA and research laboratories.
The break-ins exploited security holes on those systems that the authorities say have now been plugged, and beyond the Cisco theft, it is not clear how much data was taken or destroyed. Still, the case illustrates the ease with which Internet-connected computers–even those of sophisticated corporate and government networks–can be penetrated, and also the difficulty in tracing those responsible.

Government investigators and other computer experts sometimes watched helplessly while monitoring the activity, unable to secure some systems as quickly as others were found compromised.

The case remains under investigation. But attention is focused on a 16-year-old in Uppsala, Sweden, who was charged in March with breaking into university computers in his hometown. Investigators in the American break-ins ultimately traced the intrusions back to the Uppsala university network.

The FBI and the Swedish police said they were working together on the case, and one FBI official said efforts in Britain and other countries were aimed at identifying accomplices. “As a result of recent actions” by law enforcement, an FBI statement said, “the criminal activity appears to have stopped.”

The Swedish authorities are examining computer equipment confiscated from the teenager, who was released to his parents’ care. The matter is being treated as a juvenile case.

Investigators who described the break-ins did so on condition that they not be identified, saying that their continuing efforts could be jeopardized if their names, or in some cases their organizations, were disclosed.

Computer experts said the break-ins did not represent a fundamentally new kind of attack. Rather, they said, the primary intruder was particularly clever in the way he organized a system for automating the theft of computer log-ins and passwords, conducting attacks through a complicated maze of computers connected to the Internet in as many as seven countries.

The intrusions were first publicly reported in April 2004 when several of the nation’s supercomputer laboratories acknowledged break-ins into computers connected to the TeraGrid, a high-speed data network serving those labs, which conduct unclassified research into a range of scientific problems.

from [url=http://news.com.com/Net+attack+called+broad%2C+long+lasting/2100-7349_3-5701207.html?tag=sas.email]News dot com[/url]

---

Filed under: Security - @ May 11, 2005 4:04 am