[ISN] USAF: Threats to information systems on the rise

From: Wanja Eric Naef (IWS) (w.naefat_private)
Date: Mon Apr 30 2001 - 15:10:23 PDT

Threats to information systems on the rise


by Special Agent Daniel Fleeger
Air Force Office of Special Investigations

04/30/01 - ANDREWS AIR FORCE BASE, Md. (AFPN) -- As Air Force reliance on
computers and information systems has grown, so has the propensity for
adversaries to exploit them to do damage.

The Air Force has experienced a steady increase in the number of attacks
against its information systems, and experts agree that the number of
attacks is only going to increase.

One reason is the availability, ease of use, and sophistication of publicly
available computer-attack software. Such attacks once required the skills of
a computer expert. They can now be achieved by the novice computer user
armed with easily obtained software.

The novice attacker is not the only threat. In general terms, computer and
information systems attackers can be grouped into five major categories.

The foreign intelligence service operative is an aggressive adversary who
attempts to exploit the information infrastructure for intelligence
purposes. He or she can identify members, evaluate their level of access to
information of intelligence value, and even recruit their services -- all in
cyberspace. There are significant advantages to doing business this way,
such as easily concealing one's identity and gaining information rapidly.

The cyberterrorist attack goes beyond mere computer intrusions, denials of
service or defacing of Web pages to actual destruction of data or systems.
Use of the Internet and other information systems give terrorist groups a
global and near real-time command and control communications capability.
Because such groups have limited resources, and electronic intrusion can
help them achieve their objectives at minimal cost, it's expected that
cyberterrorism will increase.

Organized crime targets computer systems to commit fraud, acquire and
exploit proprietary information, and steal funds. Criminal organizations use
electronic intrusion to hinder police investigations, collect intelligence,
destroy or alter data on investigations, and monitor the activities of

Hackers, not too many years ago, were motivated primarily by curiosity about
computer systems and network operations. In most cases, they were unlikely
to engage in serious criminal activities. In contrast, today's hackers
appear to be motivated by greed, revenge and politics, and their actions
have become more malicious. They are more likely to aim their attacks not
just at individuals, but also at enterprise information systems.

The malicious insider, who has legitimate access to proprietary information
and mission-critical systems, poses a significant threat because of having
trusted status and familiarity with security practices. When an insider
betrays his trust, he has a much greater opportunity and ability to do harm
than anyone on the outside. Moreover, he is less likely to be detected. The
malicious insider, motivated by greed, revenge, or even political ideology,
can act alone or with outsiders.

The threats to Air Force information systems are numerous and significant.
To combat them, the Air Force Office of Special Investigations brings to
bear a number of capabilities, including defensive briefings to high-risk
units and personnel, countermeasures against technical surveillance devices
(or "bugs"), computer crime investigators who specialize in combating crimes
against computers and information systems and counterintelligence

But OSI can't do it alone. Everyone with access to computers and information
systems is a partner in the war against cyber threats. If you detect
intrusion activity, or receive unsolicited or suspicious e-mail, or discover
new software or tools on your computer, or witness unescorted visitors in
your work area, you should immediately contact your security manager or the
local OSI detachment.

Familiarize yourself with the signs that an insider might be up to no good.
Be wary of an insider who shows a keen interest in hacking techniques and
system vulnerabilities. Take note if an insider has configured his or her
computer to provide capabilities that it shouldn't have. Other traditional
indicators may be observable too, such as unexplained affluence, abnormal
requests for information, and a propensity for security violations.


Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site

ISN is hosted by SecurityFocus.com
To unsubscribe email LISTSERVat_private with a message body of

This archive was generated by hypermail 2b30 : Wed May 02 2001 - 01:42:24 PDT