[ISN] Experts: Cyberspace could be next target

From: InfoSec News (isnat_private)
Date: Wed Oct 10 2001 - 00:37:42 PDT

  • Next message: InfoSec News: "[ISN] Cyber-raid hobbles web users"

    By Jon Swartz 
    SAN FRANCISCO For 3 years, a shadowy group of computer hackers has
    broken into hundreds of computer networks and stolen thousands of
    top-secret files on Pentagon war-planning systems and NASA technical
    research. Dubbed the "Moonlight Maze" group, the hackers continue to
    elude the FBI, the CIA and the National Security Agency, despite the
    biggest cyberprobe ever. And while no one knows what is being done
    with the classified information, some fear the thefts may be the work
    of terrorists or that the information could be sold to terrorists.
    "I'm not saying it is a terrorist group. But it could be," says James
    Adams, senior fellow at the Center for Strategic and International
    Studies, a research group chaired by former senator Sam Nunn.
    What is clear is that the hackers' success exposes the vulnerability
    of computer networks in the USA at the height of the information age.
    A coordinated terrorist attack, experts say, could topple the
    Internet, muting communications and e-commerce and paralyzing federal
    agencies and businesses.
    "We are picking up signs that terrorist organizations are looking at
    the use of technology" to attack the USA, Congress was told last month
    by Michael Vatis, director of the Institute for Security Technology
    Studies at Dartmouth College and former head of the FBI's National
    Infrastructure Protection Center.
    Alarmed by the Sept. 11 attacks, government and security experts are
    clamoring for the USA the world's most wired nation to craft better
    cyberdefenses. They want tougher laws against hackers and more
    resources and closer cooperation between agencies to thwart attacks.
    While the Internet is now so dispersed that a debilitating physical
    attack is unlikely, an electronic one could destabilize major parts of
    the USA's communications grid and economy, government and security.
    More than online stock trading would be affected. A successful
    electronic attack could interrupt power supplies to millions of homes,
    disrupt air traffic control systems, thus airlines, shut down water
    supplies, cut off access to emergency 911 services and delay millions
    of dollars in financial transactions.
    That's because critical U.S. infrastructures are increasingly tied to
    the Internet. And many government agencies and companies are
    ill-prepared to defend themselves against cyberattacks despite
    repeated warnings and hacker break-ins.
    "Computer networks are the roads and bridges of the information age,"
    says Stanton McCandlish of the Electronic Frontier Foundation, a
    civil-liberties group. "They are prime terrorist targets."
    Technologically savvy Sen. Robert Bennett, R-Utah, agrees: "There is a
    real vulnerability and an opportunity for bad guys to inflict serious
    The cyberstrikes that U.S. officials fear may not come from Osama bin
    Laden's al-Qa'eda terrorist organization despite its broad use of
    technology. That group seems intent on dramatic attacks on physical
    symbols like the World Trade Center, experts say. The Internet, by
    contrast, is a vast collection of millions of computers, network
    switches, data lines, cables and satellites.
    But cyberattacks could be launched by other terrorists or nations such
    as Iraq that support terrorism and who government officials say are
    developing cyberwarfare capabilities. During NATO airstrikes of Serbia
    and Kosovo in 1999, some NATO Web sites were disabled by
    Serbian-sponsored computer hackers, NATO says. And, in recent years,
    Web sites for the Defense Department and White House have been shut
    down by hackers.
    'Most vulnerable society'
    Cyberattacks grow more serious as the Internet grows more important.
    Nearly $1 trillion in goods and services will be sold via the Internet
    this year, market researcher Gartner says. And the Net is essential to
    businesses and workers as a key communications tool. "The U.S. is the
    most vulnerable society because we're the most wired," Sen. Bennett
    says. Here is how experts assess the chances that a cyberattack would
    Very likely. Electronic warfare is the most feared threat. It could
    come in the form of denial-of-service attacks, in which hackers
    overwhelm Web sites with junk data, rendering them useless. Other
    electronic attacks include computer worms and viruses malicious
    computer programs that spread via the Net and can invade personal
    computers and erase data, deface Web sites and clog up the Internet so
    much that it, too, becomes useless.
    This year, four computer worms and viruses rated as "high risk" by
    leading security firms have cost companies and consumers $5 billion in
    damage and cleanup costs. The "Nimda" worm, which infiltrated 1
    million computers, slowed the Internet and forced some companies to
    shut down employee Internet access. Earlier this year, the Code Red
    worm knocked out public access to several major consumer Web sites.
    Nimda surfaced after the Sept. 11 attacks. No evidence links either
    worm to the attacks. But the proliferation of worms shows that few
    systems are immune.
    "The consensus among hackers is that the entire Internet
    infrastructure can easily be disabled temporarily and in some cases
    (for) a long time," says Peter Neumann, principal scientist of
    research firm SRI International.
    No wonder. Last year, the General Accounting Office, the investigative
    arm of Congress, found that the 24 largest government agencies,
    including the Defense and Treasury departments, inadequately protect
    their computer networks. An August GAO audit of the Commerce
    Department, which compiles economic data, showed that hackers could
    gain access. Several months earlier, a probe into the Department of
    Health and Human Services found similar weaknesses in that
    department's network. The agency processed more than $200 billion in
    Medicare expenditures in fiscal 2000. "We need a Manhattan Project for
    counterterrorism technology," Vatis says.
    Vulnerabilities have been known. In 1997, the Joint Chiefs of Staff
    launched a cyberattack exercise, code-named Eligible Receiver, to test
    computer defenses. Using hacking tools posted on the Internet, a team
    of 35 hackers broke into the power grids of nine U.S. cities and
    cracked their 911 emergency systems. Another group hacked Pentagon
    computers, crippling U.S. war-planning operations. A second exercise
    in 1999, code-named Zenith Star, exposed similar flaws in key
    Likely. State-sponsored computer warfare is aimed at the USA.
    The electronic trail following the Moonlight Maze cyberthieves led in
    1999 to a Moscow Internet address. But that could be a fake trail,
    government officials say. One theory: The group is a "sophisticated,
    well-funded national agency," Adams says.
    More than 30 countries, including Russia and Iraq, have developed
    "asymmetrical warfare" strategies targeting vulnerabilities in U.S.
    computer systems. Because of U.S. military superiority, the countries
    see electronic warfare as their best bet to puncture U.S. defenses,
    military experts say.
    American intelligence is closely monitoring China, which has
    established a special information-warfare group. Pentagon officials
    refer to it as "the Great Firewall of China."
    A coordinated physical and electronic attack offers a more chilling
    scenario. Terrorists blow up structures, then hack the power grid and
    emergency systems in those cities, complicating rescue efforts.
    Meanwhile, a computer worm wipes out financial records. "It's a
    classic bin Laden tactic," says David Thompson, security analyst at
    Meta Group. "It multiplies the effects of a physical attack."
    Unlikely. The cutting of hundreds of fiber-optic cables which carry
    Internet traffic between major hubs knocks out portions of the Net.
    Such an operation would require intimate knowledge of where key data
    hubs are, which only a handful of Internet firms know. It also would
    require a herculean effort. Some fiber cables are underwater and
    "you'd need a submarine," says Sunny Vanderbeck, CEO of Web-hoster
    Data Return. Plus, such an attack would be short-lived because
    Internet traffic would be automatically rerouted around damaged areas,
    he says.
    Very unlikely. The bombing of Internet facilities, such as major data
    hubs, cripples the Internet. "Nearly impossible," says Weston Nicolls,
    a former member of the National Security Agency now at security firm
    That's because the Internet resembles a cobweb of geographically
    dispersed facilities. There are major routing hubs in Silicon Valley,
    Washington, Chicago, Dallas and New Jersey, market researcher IDC
    says. They link hundreds of Internet service providers and are fed
    data from regional routing hubs in such cities as Los Angeles and
    Miami. Then, there are miles and miles of cable, hundreds of Internet
    data centers that run Web operations and thousands of satellites that
    link companies to the Net.
    Built to survive
    Because there is no single key structure and many backup systems, any
    successful attack would require a series of strategic bombings and
    would take more time and skill than the Sept. 11 attacks, Internet
    experts say.
    "The Internet was built to withstand a nuclear disaster," adds IDC
    analyst Steve Harris. "When (East Coast) phone service was down Sept.
    11, e-mail was working all day. The Internet is resilient."
    It would also require huge amounts of inside information from the
    likes of AT&T, Uunet, Sprint and other telecom companies. Uunet, which
    handles a significant chunk of global online traffic, has not
    disclosed locations of its network hubs for years for competitive and
    security reasons.
    Also, once-vulnerable physical Internet locations have been made less
    susceptible. MAE West is a carrier exchange located in San Jose,
    Calif. It routes Internet traffic primarily in the Western USA. It and
    its Eastern counterpart, MAE East, were once considered prime targets.
    But, fearing attack, backup systems were set up in recent years. If
    either is knocked out, traffic is automatically rerouted. "The
    government built several more as insurance," says cybersecurity lawyer
    Matt Yarbrough.
    Still, more is needed many say. "Sept. 11 was an overdue wake-up
    call," Neumann says. Lawmakers are pushing an antiterrorism bill that,
    among other things, defines hacking of "secure" government computers
    as terrorist acts. The Bush administration also named Richard Clarke,
    who currently heads the government's counterterrorism team, to focus
    on cybersecurity efforts.
    "The U.S. Is a target," Bennett says. "But we're probably the most
    capable to wage this kind of warfare if attacked."
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Wed Oct 10 2001 - 02:16:18 PDT