Defense Agency Mysteriously Severs 2 Computer Networks

For nearly a 24-hour period ending Wednesday night, the Defense Communications Agency severed the links between two nationwide computer networks that were disabled by a computer virus Nov. 3.

There was no immediate explanation for the separation of the two networks, which are used by university, industry and military researchers for nonclassified communications.

The Defense Communications Agency, a component of the super-secretive National Security Agency, confirmed the separation Wednesday night and said it was “routine,” but declined to comment further. Researchers who use the systems were also not told the reason for the disconnection.

Scientists at universities and research centers from Pasadena to Cambridge, Mass., however, said that such a severance was extremely rare, having occurred only about half a dozen times since the networks were established 20 years ago.

Possible Unauthorized Entry

Speculation among researchers centered on the possibility of an attempt at an unauthorized entry into computers on the network, prompting the Defense Communications Agency to cut the ties for security reasons.

“We don’t know exactly what the reason (for the disconnection) is,” said Robert Borchers, who is in charge of computer security at the Lawrence Livermore National Laboratory. “We know that there was some activity on the network, but it did not involve a virus. It was probably a break-in.”

The two networks involved are called ARPANET and MILNET. The former connects university and industrial researchers, while the latter connects researchers at military facilities. They are interconnected through several computers located throughout the country, and are used to send messages and other nonclassified data.

On Nov. 3, as many as 10% of the 60,000 computers connected by the network were disabled by a so-called computer virus--an unauthorized program that was injected into the system, took control of the infected computers, replicated feverishly and transmitted copies of itself to other computers. Robert T. Morris Jr., a graduate student at Cornell University in Ithaca, N.Y., and son of Robert T. Morris Sr., chief of computer security for the National Security Agency, is under investigation by the FBI and a federal grand jury in Syracuse, N.Y., as the suspected originator of the virus.

The virus caused no damage to the computers or loss of data. By replicating rapidly, it simply tied up the computing capacity of the infected computers, preventing normal work from being carried out.

In the latest incident, the links between ARPANET and MILNET were severed late Tuesday.

The severance prevented researchers on one network from contacting researchers on the other network by computer, but did not interfere with the normal operation of each network.

Lt. Col. Thomas Herrick of the Defense Communications Agency said: “We routinely do that (disconnect the networks). We had some difficulties on the mail bridges (between the networks) and we turned them off. We saw no virus.”

But researchers said the disconnection was very unusual.

“The Defense Communications Agency said there were ‘technical difficulties,’ something they have never said before,” said Clifford Stoll, who is in charge of computers at Harvard University. “They (the agency) have been real paranoid since the virus incident, and this may be a first step toward a permanent separation of the two networks.”

Others echoed his suspicions. Computer scientist Kurt Pires of UC Berkeley noted that some institutions may have been improperly making connections between ARPANET and MILNET. “They may have (severed the two networks) to find out who is doing it,” he said.