[22 May 1996] Testifying before the Senate Governmental Affairs Committee, General Accounting Office (GAO) representatives Keith Rhodes and Jack Brock released a report criticizing security in DoD computer systems holding sensitive but unclassified (SBU) information. According to the testimony, the DoD estimated that these systems are subjected to a total of about 250,000 "probes" each year, although this number was acknowledged to be only a guess. The testimony indicated that about 65% of in-house attempts to penetrate these systems succeeded (a somewhat lower fraction than previously reported), that only a small fraction of these penetrations were detected, and that a similarly small fraction of detected penetrations were reported.

The report, entitled "Information Security: Computer Attacks at Department of Defense Pose Increasing Risks," calls for improved training of system administrators and other measures to improve the security of these systems. It is be available from GAO as document AIMD 96-84, as an ASCII or Adobe PDF file from the US Government Printing Office WAIS server (select GAO Reports and search for "[AIMD-96-84]" or "Information Security"), and as an Adobe PDF file at the GAO web site, currently in the "New Reports" section, at . http://www.gao.gov/new.items/ai96084.pdf

Jim Christy of the Air Force Office of Special Investigations described an intrusion in spring 1994 into the Air Force Rome Laboratory's computer systems about two years ago by a 16-year old UK youth known as "Datastream Cowboy," who was apprehended. Another hacker involved, known as "Kuji," was never located. The reported cost of recovering from the intrustion was about $500,000. Planned testimony by Cliff Stoll, Peter Neumann, and Robert Anderson was postponed when committee members had to return to the Senate floor to vote.