http://www.usatoday.com/life/cyber/tech/2001/10/9/cyberwar-usat.htm By Jon Swartz USA TODAY 10/09/2001 SAN FRANCISCO For 3 years, a shadowy group of computer hackers has broken into hundreds of computer networks and stolen thousands of top-secret files on Pentagon war-planning systems and NASA technical research. Dubbed the "Moonlight Maze" group, the hackers continue to elude the FBI, the CIA and the National Security Agency, despite the biggest cyberprobe ever. And while no one knows what is being done with the classified information, some fear the thefts may be the work of terrorists or that the information could be sold to terrorists. "I'm not saying it is a terrorist group. But it could be," says James Adams, senior fellow at the Center for Strategic and International Studies, a research group chaired by former senator Sam Nunn. What is clear is that the hackers' success exposes the vulnerability of computer networks in the USA at the height of the information age. A coordinated terrorist attack, experts say, could topple the Internet, muting communications and e-commerce and paralyzing federal agencies and businesses. "We are picking up signs that terrorist organizations are looking at the use of technology" to attack the USA, Congress was told last month by Michael Vatis, director of the Institute for Security Technology Studies at Dartmouth College and former head of the FBI's National Infrastructure Protection Center. Alarmed by the Sept. 11 attacks, government and security experts are clamoring for the USA the world's most wired nation to craft better cyberdefenses. They want tougher laws against hackers and more resources and closer cooperation between agencies to thwart attacks. While the Internet is now so dispersed that a debilitating physical attack is unlikely, an electronic one could destabilize major parts of the USA's communications grid and economy, government and security. More than online stock trading would be affected. A successful electronic attack could interrupt power supplies to millions of homes, disrupt air traffic control systems, thus airlines, shut down water supplies, cut off access to emergency 911 services and delay millions of dollars in financial transactions. That's because critical U.S. infrastructures are increasingly tied to the Internet. And many government agencies and companies are ill-prepared to defend themselves against cyberattacks despite repeated warnings and hacker break-ins. "Computer networks are the roads and bridges of the information age," says Stanton McCandlish of the Electronic Frontier Foundation, a civil-liberties group. "They are prime terrorist targets." Technologically savvy Sen. Robert Bennett, R-Utah, agrees: "There is a real vulnerability and an opportunity for bad guys to inflict serious damage." The cyberstrikes that U.S. officials fear may not come from Osama bin Laden's al-Qa'eda terrorist organization despite its broad use of technology. That group seems intent on dramatic attacks on physical symbols like the World Trade Center, experts say. The Internet, by contrast, is a vast collection of millions of computers, network switches, data lines, cables and satellites. But cyberattacks could be launched by other terrorists or nations such as Iraq that support terrorism and who government officials say are developing cyberwarfare capabilities. During NATO airstrikes of Serbia and Kosovo in 1999, some NATO Web sites were disabled by Serbian-sponsored computer hackers, NATO says. And, in recent years, Web sites for the Defense Department and White House have been shut down by hackers. 'Most vulnerable society' Cyberattacks grow more serious as the Internet grows more important. Nearly $1 trillion in goods and services will be sold via the Internet this year, market researcher Gartner says. And the Net is essential to businesses and workers as a key communications tool. "The U.S. is the most vulnerable society because we're the most wired," Sen. Bennett says. Here is how experts assess the chances that a cyberattack would succeed: Very likely. Electronic warfare is the most feared threat. It could come in the form of denial-of-service attacks, in which hackers overwhelm Web sites with junk data, rendering them useless. Other electronic attacks include computer worms and viruses malicious computer programs that spread via the Net and can invade personal computers and erase data, deface Web sites and clog up the Internet so much that it, too, becomes useless. This year, four computer worms and viruses rated as "high risk" by leading security firms have cost companies and consumers $5 billion in damage and cleanup costs. The "Nimda" worm, which infiltrated 1 million computers, slowed the Internet and forced some companies to shut down employee Internet access. Earlier this year, the Code Red worm knocked out public access to several major consumer Web sites. Nimda surfaced after the Sept. 11 attacks. No evidence links either worm to the attacks. But the proliferation of worms shows that few systems are immune. "The consensus among hackers is that the entire Internet infrastructure can easily be disabled temporarily and in some cases (for) a long time," says Peter Neumann, principal scientist of research firm SRI International. No wonder. Last year, the General Accounting Office, the investigative arm of Congress, found that the 24 largest government agencies, including the Defense and Treasury departments, inadequately protect their computer networks. An August GAO audit of the Commerce Department, which compiles economic data, showed that hackers could gain access. Several months earlier, a probe into the Department of Health and Human Services found similar weaknesses in that department's network. The agency processed more than $200 billion in Medicare expenditures in fiscal 2000. "We need a Manhattan Project for counterterrorism technology," Vatis says. Vulnerabilities have been known. In 1997, the Joint Chiefs of Staff launched a cyberattack exercise, code-named Eligible Receiver, to test computer defenses. Using hacking tools posted on the Internet, a team of 35 hackers broke into the power grids of nine U.S. cities and cracked their 911 emergency systems. Another group hacked Pentagon computers, crippling U.S. war-planning operations. A second exercise in 1999, code-named Zenith Star, exposed similar flaws in key infrastructures. Likely. State-sponsored computer warfare is aimed at the USA. The electronic trail following the Moonlight Maze cyberthieves led in 1999 to a Moscow Internet address. But that could be a fake trail, government officials say. One theory: The group is a "sophisticated, well-funded national agency," Adams says. More than 30 countries, including Russia and Iraq, have developed "asymmetrical warfare" strategies targeting vulnerabilities in U.S. computer systems. Because of U.S. military superiority, the countries see electronic warfare as their best bet to puncture U.S. defenses, military experts say. American intelligence is closely monitoring China, which has established a special information-warfare group. Pentagon officials refer to it as "the Great Firewall of China." A coordinated physical and electronic attack offers a more chilling scenario. Terrorists blow up structures, then hack the power grid and emergency systems in those cities, complicating rescue efforts. Meanwhile, a computer worm wipes out financial records. "It's a classic bin Laden tactic," says David Thompson, security analyst at Meta Group. "It multiplies the effects of a physical attack." Unlikely. The cutting of hundreds of fiber-optic cables which carry Internet traffic between major hubs knocks out portions of the Net. Such an operation would require intimate knowledge of where key data hubs are, which only a handful of Internet firms know. It also would require a herculean effort. Some fiber cables are underwater and "you'd need a submarine," says Sunny Vanderbeck, CEO of Web-hoster Data Return. Plus, such an attack would be short-lived because Internet traffic would be automatically rerouted around damaged areas, he says. Very unlikely. The bombing of Internet facilities, such as major data hubs, cripples the Internet. "Nearly impossible," says Weston Nicolls, a former member of the National Security Agency now at security firm Telenisus. That's because the Internet resembles a cobweb of geographically dispersed facilities. There are major routing hubs in Silicon Valley, Washington, Chicago, Dallas and New Jersey, market researcher IDC says. They link hundreds of Internet service providers and are fed data from regional routing hubs in such cities as Los Angeles and Miami. Then, there are miles and miles of cable, hundreds of Internet data centers that run Web operations and thousands of satellites that link companies to the Net. Built to survive Because there is no single key structure and many backup systems, any successful attack would require a series of strategic bombings and would take more time and skill than the Sept. 11 attacks, Internet experts say. "The Internet was built to withstand a nuclear disaster," adds IDC analyst Steve Harris. "When (East Coast) phone service was down Sept. 11, e-mail was working all day. The Internet is resilient." It would also require huge amounts of inside information from the likes of AT&T, Uunet, Sprint and other telecom companies. Uunet, which handles a significant chunk of global online traffic, has not disclosed locations of its network hubs for years for competitive and security reasons. Also, once-vulnerable physical Internet locations have been made less susceptible. MAE West is a carrier exchange located in San Jose, Calif. It routes Internet traffic primarily in the Western USA. It and its Eastern counterpart, MAE East, were once considered prime targets. But, fearing attack, backup systems were set up in recent years. If either is knocked out, traffic is automatically rerouted. "The government built several more as insurance," says cybersecurity lawyer Matt Yarbrough. Still, more is needed many say. "Sept. 11 was an overdue wake-up call," Neumann says. Lawmakers are pushing an antiterrorism bill that, among other things, defines hacking of "secure" government computers as terrorist acts. The Bush administration also named Richard Clarke, who currently heads the government's counterterrorism team, to focus on cybersecurity efforts. "The U.S. Is a target," Bennett says. "But we're probably the most capable to wage this kind of warfare if attacked." - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Oct 10 2001 - 02:16:18 PDT