http://www.wired.com/news/politics/0,1283,54382-2,00.html By Michelle Delio 10:05 a.m. Aug. 7, 2002 PDT In a Chicken Little-like incident that flew under virtually every computer security experts' radar, the FBI's National Infrastructure Protection Center bravely predicted and monitored a ferocious cyberattack Tuesday morning on U.S. computer systems, launched by an army of European enemy hackers. Never mind that no independent Internet traffic monitoring service or security expert had even noticed that any sort of cyberattack had occurred. The FBI's National Infrastructure Protection Center warned of the impending widescale hacker attacks in an alert issued on Monday. Then, on Tuesday, according to wire reports, Richard Clarke -- the Bush administration's top official for cyber-security -- said, "There was a real spike in Internet traffic at odd hours. It was clearly unusual because it was five-times and seven-times normal, but it didn't take anything down." Perhaps there may have been a brief rise in Internet traffic early Tuesday morning -- but it was a mere blip on the screen if anything, security experts said. But the general consensus is that Monday's alert was a self-created crisis caused by an over-reactive, publicity-seeking government agency, sparked by the idle online conversations of a band of young and aspiring "hackers" who had threatened to attack U.S. sites in retaliation for the Aug. 1 arrest of 14 Italian hackers in Milan. "It is bizarre," ventured Vern Paxton, senior scientist with the International Computer Science Institute in Berkeley, California. "And if there were political cyberattacks, then they appear miserably unsuccessful. What sort of politically motivated attacker targets East Coast sites at 2 a.m., EDT?" The "enemy" combatants appear to be a half-dozen, evidently clueless Italian youngsters who couldn't even sort out the time difference between Italy and the East Coast of the United States. Last week, Italian police arrested 14 local hackers, acting on tips received from American officials. The Italian hackers are charged with attacking U.S. government sites, including those belonging to the Army and NASA. And some published news reports indicated that the NIPC's hack attack alert on Monday was based on information provided by Italian authorities. Italian computer security experts said that they had noticed "vague threats" about retaliatory hacks, but dismissed them since the threats appeared to be originating from youngsters. "There was some talk on Italian Internet chat channels about DOSing and defacing American websites last week in response to the Milano arrests," Augustine DelFalco, a security consultant based in Rome, said. "But to me it was apparent that the conversations were being conducted by young teenagers. It's odd that such nonsense should concern your government." "At one point, the kids said they would attack at 9 in the morning, when the American business was just getting started," DelFalco added. "Young children who perhaps didn't know of the time difference?" George Smith, editor of virus and computer security information site vMyths, wondered whether the "spike" in Internet activity that Richard Clarke alluded to occurred before or after the NIPC issued its warning. The Associated Press story, Smith said, gives the impression that the alleged attack occurred a few hours after the NIPC posted its alert. "Knowing the average cyber-ankle-biter, people known to stay up at odd hours, it's not at all unreasonable to entertain the idea that the NIPC alert might have precipitated some nincompoops who had nothing better to do with their time except create a statistical blip in someone's Internet monitoring service," Smith said. But neither Smith nor his colleagues in the security community saw anything unusual yesterday, and no one seemed surprised that the NIPC's alert apparently fizzled. "The NIPC and Richard Clarke do have an excellent track record of warning about cyberattacks and cyber-badness that is often only visible to them," Smith said. Such warnings of invisible menaces include the NIPC's 1999 alert warning that every nation whose name began with the letter "I" would target American computer systems on Jan. 1, 2000. That warning was followed by another prediction of worldwide hack attacks on Jan. 1, 2001, and the impending fall of the Internet due to the Code Red worm last summer. Since the NIPC doesn't have a sterling reputation among many security experts, more time and energy was devoted to attempts to figure out what might have induced them to issue their latest alert rather than hardening websites and systems. Some believe that the latest NIPC warning may have been a rather desperate move made in the hopes of gaining publicity and proving the agency's value. According to Rob Rosenberger, also of vMyths, it appears the CERT Coordination Center, a federally funded research lab focused on computer security, has decided to sever what Rosenberger described as its "co-dependent relationship" with the NIPC. Rosenberger mentioned this rumor at his keynote speech Tuesday at CERT's annual computer security conference. "NIPC believes they need CERT's technical prowess if they want to survive politically. I tend to agree," Rosenberger said. "But if CERT doesn't want to continue the relationship, I imagine they'll suffer the classic symptoms of a co-dependent breakup. I can imagine NIPC wailing how the relationship must continue in order to save the world from future cyber-terrorism. 'Honey, I swear, just give me one more chance, I need you'...." "So who knows?" Rosenberger added. "The NIPC's latest PR move could be a manifestation of a co-dependent breakup in progress." Whatever motivated Monday's warning, security experts believe that the NIPC shouldn't issue public alerts about issues that concern Web and systems administrators. "It seems to me that warnings of attacks against the Internet infrastructure and large websites don't really require a public announcement," said security researcher Richard Smith. "A private e-mail list for system administrators should be good enough." - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Aug 08 2002 - 03:46:40 PDT