Forwarded from: William Knowles <wkat_private> http://www.time.com/time/europe/magazine/article/0,13005,901020617-260664,00.html BY PAUL QUINN-JUDGE/MOSCOW Jun. 17, 2002/Vol. 159 No. 24 Three flights up a scruffy building in central Moscow, a small paper sign pasted on the wall directs visitors to Directorate R of the Moscow police. R stands for nothing: it was just the next code letter available in 1986 when the police decided to set up their own communications-security branch. These days the Directorate's bread-and-butter work is computer and mobile-phone fraud. But their biggest nightmare - and that of their counterparts in Western Europe and the U.S. - is digital attack. "This, unfortunately, is the future face of terrorism," says Dmitri Chepchugov, head of Directorate R. So far, politically motivated computer attacks have been irritations or embarrassments rather than full-blown catastrophes. Chinese hackers attacked some 1,200 sites, including the White House, the Department of Energy and the Air Force, defacing some sites and putting others temporarily out of service, during a standoff with Washington over a spy plane last year. Russians and Eastern Europeans did the same during the war in Kosovo, and Pakistani and Indian hackers are doing it right now. Over a period of several years, U.S. investigators believe hackers - probably from Russia - tunneled into department of Defense sites and illegally downloaded large quantities of technical defense research, all unclassified, according to the Pentagon. The leap from this kind of sporadic hacking to virtual terrorism is only a matter of time, specialists believe. "After every terrorist attack, security is tightened up and improved," Chepchugov remarks. "But these days you don't need to get a truck bomb into, say, a chemical plant or crash a plane into it. All you need is a group of hackers who get into the computerized control system, knock it out, and trigger a disaster." Michael Vatis - a former head of the FBI's National Infrastructure Protection Center, the lead U.S. federal agency for computer crime, cyberterrorism and cyberespionage - agrees. "We have seen a clear decision by terrorist groups like al-Qaeda to focus on critical infrastructures, financial networks and power grids," says Vatis, now director of the Institute for Security Technology Studies at Dartmouth College. "And they have developed expertise with computer systems for secure communications and planning attacks. The next step is to put the two together." The likely targets would be a country's power or water supply, gas and oil production or storage facilities, telecommunications or banking networks and transport or emergency services. Attackers could try to disrupt these systems during a conventional assault or, even worse, attempt to trigger a disaster by destroying them outright. Most government and many commercial organizations insulate the sensitive parts of their computer systems from the Internet. But it is harder to protect computerized systems from an inside job. This is what happened a little over two years ago in Russia, in an incident that briefly surfaced in the press and was quickly hushed up. In early 2000, officials say, a disgruntled employee of Gazprom, the oil and natural gas monopoly, helped a group of hackers seize for several hours the corporation's computer systems - including those regulating gas flow through the firm's pipelines. Gazprom subsequently denied press reports of the break-in. And, officials add, the politically powerful corporation was furious when the information was made public. "Heads rolled in the Interior Ministry after the newspaper report came out," says another senior official. But, this person adds, "We were very close to a major natural disaster." Chepchugov says there are some indications that at least one radical fundamentalist is showing interest in computers. The imam of Finsbury Park mosque in north London, Abu Hamza al-Masri (also known as Mustafa Kemal) "has gathered around himself a group of computer specialists," Chepchugov says. "This is indirect proof that Muslim extremists understand the potential of computer-based terrorism." Meanwhile, another Russian specialist in computer crime remarks, "I think our American friends are very interested in the Pakistan Hackerz Club [a pro-Pakistan hacker group]," which they apparently suspect of having contacts with radical groups. Al-Qaeda works like any other criminal group in the world of computers, says Anatoly Platonov of the Interior Ministry's Directorate K, which also deals with cybercrime. "They have the money and are looking for the brains." Sooner or later, specialists believe, they will find them. *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Jun 10 2002 - 06:11:15 PDT