SANDIA RED TEAM HACKS ALL DEFENSES

July 28, 2000

FEATURES & COMMENTARY

Albuquerque, N.M. — Over the past two years, a group at Sandia National Laboratories known informally as the Red Team has, at customer invitation, either successfully invaded or devised successful mock attacks on 35 out of 35 information systems at various sites, along with their associated security technologies.

Their work – challenged only by a new style of defense, also developed at Sandia, called an “intelligent agent” – demonstrates that competent outsiders can hack into almost all networked computers as presently conformed no matter how well guarded, say spokespeople for the group, formally known as the Information Design Assurance Red Team or IDART.

Networked computers might include e-commerce, transmitted or Net-stored financial data (from credit cards, money-machine cards, and bank accounts), as well as medical data.

Sites investigated by Sandia’s self-described “bad guys” include information systems from two very large corporations and several key government agencies, says team leader Ruth Duggan from the Red Team lab in a restricted area of Sandia, a Department of Energy national security laboratory.

“We found specific weaknesses in every system,” Duggan says.

IDART was started in 1996 by Michael Skroch, now on assignment with DARPA (Defense Advanced Research Projects Agency). DARPA was one of the team’s principal sponsors before Skroch was asked to join that organization as a program manager.

The Red Team’s mode, says team member Ray Parks, is to “role-play the position of an adversary” – a point of view sometimes unexpectedly difficult for system designers to adopt.

In August, DARPA is sponsoring the Red Team to teach a short course to invited government agencies on how to design better information systems by understanding how to think like an attacker.

While the Sandia group’s actions are entirely legal, its adoption of an “outlaw” mindset combined with a willingness to do relatively deep analyses of ways an information system can be penetrated (whether through the Internet or by an insider) has helped test and develop concepts in security technology. Some of these concepts are so advanced they are not yet available in the marketplace.

The typical IDART group, which may consist of three to eight hackers, sometimes explains to clients in advance exactly how and when they will attack. System defenders have time to prepare specific, automatic, and even redundant defenses for their software, platforms, firewalls, and other system components. Yet results disconcert clients every time: their defenses are breached.

“Right now, information system defenders have a very difficult job,” says Duggan. “Our goal is to improve the security of information systems to make the attacker’s job difficult instead.” But the group has a long way to go. “Fortified positions do take us longer to break in,” she says, “but on the order of minutes, not hours.”

“In the past, I’ve been a system defender,” says longtime team member David Duggan. “It’s frankly nice to be on the winning team.” His guileless smile belies the chill of his words. “If I’m an intruder and I merge with background noise, how can you tell I’m there?”

The extraordinarily broad abilities of cyber attackers – from professional hackers to terrorists to state- and corporate-sponsored aggressors – to penetrate any system they desire can result in pilfered information, corrupted data, a change in the order of operations, or a flat denial of services. Any of these, to an individual, is an annoyance. To major corporations, they could result in billions of dollars misplaced or stolen, or in loss of reputation. In a medical or military emergency, an adversary who could intercept messages, corrupt data, and deny access to services could cause catastrophic damage.

To forestall such problems, the Red Team prefers to be called in on the design stage of a system, though it can attack a system already in place to ferret out weak points. “Our job is to understand how systems can be caused to fail, and then to help the customers improve the surety of their systems,” says Sam Varnado, Energy and Critical Infrastructure Center Director.

The group attacks from templates it creates of different types of hackers. The Red Team’s favorite adversary is the cyber terrorist, an adversary model principally developed by Brad Wood, who led the Red Team for two years. Says David Duggan, “We role-play cyberterrorists as people who go after low-hanging fruit in cyberspace, i.e., places people forget to defend. Why attack a firewall when a modem is wide open?” The group assumes cyberterrorists are risk-averse and don’t want to be caught. “The typical hacker, on the other hand, may not care about being caught after he’s done his deed, and maybe even wants the notoriety.”

The Red Team asks company executives about their “worst nightmares” to deduce the targets the company or agency most wants protected. The team assumes cyberterrorists can learn how the system is designed. The Red Team uses only “open-source” attacks – that is, attacks that are publicly available – announced in advance. It still breaks in. Then team members share data on their attack: places, times, and length of defense.

The point, say Red Team members, is not to keep score, but to keep good data. The group tries to demonstrate credibly how an adversary might attack, and then discuss with the customer what it did – a big difference between Sandia and “Red” teams from private companies that run the equivalent of simple computer programs used to test vehicles. Instead, “We find ways the systems can be used other than the way they were intended,” says David Duggan. “We may use their security against them,” says team member Julie Bouchard.

The problem in devising defenses is no one has adversaries sitting under a microscope with probes attached, waiting to be studied.

Another big problem, members of the group say, is that most software these days is written overseas or without validation. Trojan Horses that go off when the adversary chooses to trigger them could be placed in it. Asked why such events haven’t already happened, group members speculate it may be better for adversaries to keep US systems up, in order to extract data from them.

The Red Team participates in attacks that might range from a week to five months. The nature of the work can still raise hackles among defenders, who may sometimes fail to appreciate a friendly attacker. One group member tells clients to say to themselves, “The Red Team is my friend,” and repeat it twice more when tempers grow short.

Sandia does not release the name of IDART’s clients, but describes the IDART process at its web site of http://www.sandia.gov/idart/ . A paper on its work: “New Paradigms in Network Security: Using Red Teams as a measure of systems assurance,” will be presented in Cork, Ireland, at the New Security Paradigms Workshop 2000, sponsored by the Association of Computing Machinery (ACM), Sept. 19-21.

============================================================

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industy updates delivered to you every week!

Supercomputer Research Reveals Star Cluster Born Outside Our Galaxy

July 11, 2020

The Milky Way is our galactic home, containing our solar system and continuing into a giant band of densely packed stars that stretches across clear night skies around the world – but, it turns out, not all of those st Read more…

By Oliver Peckham

Max Planck Society Begins Installation of Liquid-Cooled Supercomputer from Lenovo

July 9, 2020

Lenovo announced today that it is supplying a new high performance computer to the Max Planck Society, one of Germany's premier research organizations. Comprised of Intel Xeon processors and Nvidia A100 GPUs, and featuri Read more…

By Tiffany Trader

Xilinx Announces First Adaptive Computing Challenge

July 9, 2020

A new contest is challenging the computing world. Xilinx has announced the first Xilinx Adaptive Computing Challenge, a competition that will task developers and startups with finding creative workload acceleration solutions. Xilinx is running the Adaptive Computing Challenge in partnership with Hackster.io, a developing community... Read more…

By Staff report

Reviving Moore’s Law? LBNL Researchers See Promise in Heterostructure Oxides

July 9, 2020

The reality of Moore’s law’s decline is no longer doubted for good empirical reasons. That said, never say never. Recent work by Lawrence Berkeley National Laboratory researchers suggests heterostructure oxides may b Read more…

By John Russell

President’s Council Targets AI, Quantum, STEM; Recommends Spending Growth

July 9, 2020

Last week the President Council of Advisors on Science and Technology (PCAST) met (webinar) to review policy recommendations around three sub-committee reports: 1) Industries of the Future (IotF), chaired be Dario Gil (d Read more…

By John Russell

AWS Solution Channel

Best Practices for Running Computational Fluid Dynamics (CFD) Workloads on AWS

The scalable nature and variable demand of CFD workloads makes them well-suited for a cloud computing environment. Many of the AWS instance types, such as the compute family instance types, are designed to include support for this type of workload.  Read more…

Intel® HPC + AI Pavilion

Supercomputing the Pandemic: Scientific Community Tackles COVID-19 from Multiple Perspectives

Since their inception, supercomputers have taken on the biggest, most complex, and most data-intensive computing challenges—from confirming Einstein’s theories about gravitational waves to predicting the impacts of climate change. Read more…

Penguin Computing Brings Cascade Lake-AP to OCP Form Factor

July 7, 2020

Penguin Computing, a subsidiary of SMART Global Holdings, Inc., announced yesterday (July 6) a new Tundra server, Tundra AP, that is the first to implement the Intel Xeon Scalable 9200 series processors (codenamed Cascad Read more…

By Tiffany Trader

Max Planck Society Begins Installation of Liquid-Cooled Supercomputer from Lenovo

July 9, 2020

Lenovo announced today that it is supplying a new high performance computer to the Max Planck Society, one of Germany's premier research organizations. Comprise Read more…

By Tiffany Trader

President’s Council Targets AI, Quantum, STEM; Recommends Spending Growth

July 9, 2020

Last week the President Council of Advisors on Science and Technology (PCAST) met (webinar) to review policy recommendations around three sub-committee reports: Read more…

By John Russell

Google Cloud Debuts 16-GPU Ampere A100 Instances

July 7, 2020

On the heels of the Nvidia’s Ampere A100 GPU launch in May, Google Cloud is announcing alpha availability of the A100 “Accelerator Optimized” VM A2 instance family on Google Compute Engine. The instances are powered by the HGX A100 16-GPU platform, which combines two HGX A100 8-GPU baseboards using... Read more…

By Tiffany Trader

Q&A: HLRS’s Bastian Koller Tackles HPC and Industry in Germany and Europe

July 6, 2020

In this exclusive interview for HPCwire – sadly not face to face – Steve Conway, senior advisor for Hyperion Research, talks with Dr.-Ing Bastian Koller about the state of HPC and its collaboration with Industry in Europe. Koller is a familiar figure in HPC. He is the managing director at High Performance Computing Center Stuttgart (HLRS) and also serves... Read more…

By Steve Conway, Hyperion

OpenPOWER Reboot – New Director, New Silicon Partners, Leveraging Linux Foundation Connections

July 2, 2020

Earlier this week the OpenPOWER Foundation announced the contribution of IBM’s A21 Power processor core design to the open source community. Roughly this time Read more…

By John Russell

Hyperion Forecast – Headwinds in 2020 Won’t Stifle Cloud HPC Adoption or Arm’s Rise

June 30, 2020

The semiannual taking of HPC’s pulse by Hyperion Research – late fall at SC and early summer at ISC – is a much-watched indicator of things come. This yea Read more…

By John Russell

Racism and HPC: a Special Podcast

June 29, 2020

Promoting greater diversity in HPC is a much-discussed goal and ostensibly a long-sought goal in HPC. Yet it seems clear HPC is far from achieving this goal. Re Read more…

Top500 Trends: Movement on Top, but Record Low Turnover

June 25, 2020

The 55th installment of the Top500 list saw strong activity in the leadership segment with four new systems in the top ten and a crowning achievement from the f Read more…

By Tiffany Trader

Supercomputer Modeling Tests How COVID-19 Spreads in Grocery Stores

April 8, 2020

In the COVID-19 era, many people are treating simple activities like getting gas or groceries with caution as they try to heed social distancing mandates and protect their own health. Still, significant uncertainty surrounds the relative risk of different activities, and conflicting information is prevalent. A team of Finnish researchers set out to address some of these uncertainties by... Read more…

By Oliver Peckham

[email protected] Turns Its Massive Crowdsourced Computer Network Against COVID-19

March 16, 2020

For gamers, fighting against a global crisis is usually pure fantasy – but now, it’s looking more like a reality. As supercomputers around the world spin up Read more…

By Oliver Peckham

[email protected] Rallies a Legion of Computers Against the Coronavirus

March 24, 2020

Last week, we highlighted [email protected], a massive, crowdsourced computer network that has turned its resources against the coronavirus pandemic sweeping the globe – but [email protected] isn’t the only game in town. The internet is buzzing with crowdsourced computing... Read more…

By Oliver Peckham

Supercomputer Simulations Reveal the Fate of the Neanderthals

May 25, 2020

For hundreds of thousands of years, neanderthals roamed the planet, eventually (almost 50,000 years ago) giving way to homo sapiens, which quickly became the do Read more…

By Oliver Peckham

DoE Expands on Role of COVID-19 Supercomputing Consortium

March 25, 2020

After announcing the launch of the COVID-19 High Performance Computing Consortium on Sunday, the Department of Energy yesterday provided more details on its sco Read more…

By John Russell

Honeywell’s Big Bet on Trapped Ion Quantum Computing

April 7, 2020

Honeywell doesn’t spring to mind when thinking of quantum computing pioneers, but a decade ago the high-tech conglomerate better known for its control systems waded deliberately into the then calmer quantum computing (QC) waters. Fast forward to March when Honeywell announced plans to introduce an ion trap-based quantum computer whose ‘performance’ would... Read more…

By John Russell

Neocortex Will Be First-of-Its-Kind 800,000-Core AI Supercomputer

June 9, 2020

Pittsburgh Supercomputing Center (PSC - a joint research organization of Carnegie Mellon University and the University of Pittsburgh) has won a $5 million award Read more…

By Tiffany Trader

Global Supercomputing Is Mobilizing Against COVID-19

March 12, 2020

Tech has been taking some heavy losses from the coronavirus pandemic. Global supply chains have been disrupted, virtually every major tech conference taking place over the next few months has been canceled... Read more…

By Oliver Peckham

Leading Solution Providers

Contributors

Nvidia’s Ampere A100 GPU: Up to 2.5X the HPC, 20X the AI

May 14, 2020

Nvidia's first Ampere-based graphics card, the A100 GPU, packs a whopping 54 billion transistors on 826mm2 of silicon, making it the world's largest seven-nanom Read more…

By Tiffany Trader

10nm, 7nm, 5nm…. Should the Chip Nanometer Metric Be Replaced?

June 1, 2020

The biggest cool factor in server chips is the nanometer. AMD beating Intel to a CPU built on a 7nm process node* – with 5nm and 3nm on the way – has been i Read more…

By Doug Black

‘Billion Molecules Against COVID-19’ Challenge to Launch with Massive Supercomputing Support

April 22, 2020

Around the world, supercomputing centers have spun up and opened their doors for COVID-19 research in what may be the most unified supercomputing effort in hist Read more…

By Oliver Peckham

Australian Researchers Break All-Time Internet Speed Record

May 26, 2020

If you’ve been stuck at home for the last few months, you’ve probably become more attuned to the quality (or lack thereof) of your internet connection. Even Read more…

By Oliver Peckham

15 Slides on Programming Aurora and Exascale Systems

May 7, 2020

Sometime in 2021, Aurora, the first planned U.S. exascale system, is scheduled to be fired up at Argonne National Laboratory. Cray (now HPE) and Intel are the k Read more…

By John Russell

Summit Supercomputer is Already Making its Mark on Science

September 20, 2018

Summit, now the fastest supercomputer in the world, is quickly making its mark in science – five of the six finalists just announced for the prestigious 2018 Read more…

By John Russell

TACC Supercomputers Run Simulations Illuminating COVID-19, DNA Replication

March 19, 2020

As supercomputers around the world spin up to combat the coronavirus, the Texas Advanced Computing Center (TACC) is announcing results that may help to illumina Read more…

By Staff report

$100B Plan Submitted for Massive Remake and Expansion of NSF

May 27, 2020

Legislation to reshape, expand - and rename - the National Science Foundation has been submitted in both the U.S. House and Senate. The proposal, which seems to Read more…

By John Russell

  • arrow
  • Click Here for More Headlines
  • arrow
Do NOT follow this link or you will be banned from the site!
Share This