http://rtnews.globetechnology.com/servlet/ArticleNews/tech/RTGAM/20021225/wcybe1225a/Technology/techBN/ Canadian Press December 25, 2002 Vancouver - The fight against terrorism and the prospect of hostilities with Iraq have the sentinels of cyberspace bracing for trouble. Experts say it's only a matter of time before someone mounts a concerted, politically motivated attack on the Internet or a piece of computer-dependent infrastructure such as the electrical grid. Despite growing security awareness, especially in the wake of the Sept. 11, 2001, terrorist attacks, many critical systems remain open to intrusion and disruption, authorities in both the private and public sectors agree. "The problem at this point is that the vulnerabilities are so numerous one has a hard time trying to decide where to start," said Andrew McAllister, director of cyber protection at the federal Office of Critical Infrastructure and Emergency Preparedness. There's no published evidence such a strike has taken place yet and some experts believe cyber attacks remain more of a nuisance threat for now. The Canadian Security Intelligence Service, responsible for assessing the cyber threat, won't reveal which potentially hostile groups or countries have the capability. A July 2001 CSIS report, citing U.S. sources, included Iraq on a list of countries developing the ability to mount "information operations." But it's inevitable a terror group or hostile state will try something, said Michael Vatis, director of the Institute for Security Technology Studies at Dartmouth College in New Hampshire. "Frankly, I've been a little bit surprised that we haven't seen something yet from al-Qaeda or one of its sympathizers because of the ease and low cost of doing it," he said. "That's why I do believe it's just a matter of time." Mr. Vatis was the first director of the U.S. National Infrastructure Protection Centre, founded in 1998 and under FBI control before becoming part of the new Department of Homeland Security. The centre served as a model for Mr. McAllister's two-year-old agency, which operates under the Department of National Defence. It's true, said Mr. Vatis, that to date cyber attacks have added up mostly to costly disruptions of e-commerce and Web vandalism by what Mr. McAllister called "hacktivists." Mr. Vatis said he doesn't even use the term cyber terrorism because it's misleading. But a study that Mr. Vatis did in the wake of Sept. 11 found cyber attacks increased concurrent with political flare-ups in the Middle East, between Indian and Pakistan and the war in Kosovo. Mr. Vatis said he believes hostile countries may be more of a threat than terrorists. "I think it really behooves the U.S. and its allies to prepare for the eventuality of cyber attacks against us, especially when we engage in any sort of conventional military action or response in cyberspace," he said. The redundancies built into critical systems make it hard for any one cyber attack to bring a country to its knees, David Charters of the Centre for Conflict Studies at the University of New Brunswick has said. But the tools for cyber attacks are readily available for terrorists or others who want them. "I don't think we know enough to say whether they have it now or not, given the ease with which the capability can be acquired by anybody," said Mr. Vatis. "You can literally go and download the capability from a hacker Web site." One of the most serious recent attacks occurred in October, knocking out three of the world's 13 Internet domain-name root servers, which verify Internet addresses for Web surfers. Traffic was rerouted to backups but the Internet could have been crippled if more of the servers been shut down. There are between 65,000 and 70,000 virus and malicious code threats worldwide, said Vincent Gullotto, senior director of research at antivirus software-maker McAfee. Mr. Gullotto said the purveyors are still largely traditional hackers out to make a name for themselves. "We haven't really seen anything from my perspective that purely says al-Qaeda's been involved or somebody that works for some fundamentalist group," he said. "We have seen virus writers add into their mix here and there some political statement." But governments and corporations are reluctant to publicize serious attacks, Mr. Gullotto added. "If someone from al-Qaeda has found a way to hack themselves into some Department of Defence operation, we're not going to hear about that," he said. One ominous trend has been a change in the origin of attacks, said John Gantz, chief research officer for Boston-based IDC Inc., an information-technology consulting firm. Until a year ago, about 60 per cent of intrusions into corporate systems came from inside — disgruntled or larcenous employees. Today it's reversed. "We basically believe a war with Iraq will galvanize the hacker parts of the terrorist factions," said Mr. Gantz. System security has become the No. 1 priority among chief executives, he said, and spending on security-related software is the fastest growing area of information technology. "Security is now becoming more important than usability," added Mr. McAllister. But he said the problem is computer networks have evolved with openness in mind. "You'd assume hopefully that nobody else would want to do anything bad to your system," said Mr. McAllister. "We can no longer make those assumptions. "So now we're stuck with systems that have been developed and written for usability, openness and remote access. The question is, who's remotely accessing your system now?" Mr. McAllister agreed that it takes a highly skilled person to do serious damage but said the expertise is spreading rapidly. "It only takes one to show up in your Internet back yard to really ruin your day," he says. "So really what we're finding is it's not a question of if, it's a question of when." The approach to defending against such attacks worries the experts. As recently as last July, the U.S. General Accounting Office — similar to Canada's Auditor-General — warned of "pervasive weaknesses" in federal information security. "Because of our government's and our nation's reliance on interconnected computer systems to support critical operations and infrastructures, poor information security could have potentially devastating implications for our country," Robert Dacey, the office's director of information-security told a congressional hearing. That interconnectedness links government and industry and spans borders, Mr. McAllister noted. "Everything's so interdependent now that the ripple effect of an event in one sector or one set of services has a more profound impact on other services now," he said. Key sectors, such as banking and air-traffic control, may have hardened computer systems but other industries may not be doing all they should, said Mr. Gantz. "One of the fastest-growing software package areas is intrusion detection," he said. "They're putting in the software but they're still not necessarily manning a desk 24-7 to see if there is an intrusion." Mr. Vatis said tracing and countering cyber attacks also becomes more difficult outside the small group of developed countries such as Canada, Britain and the United States that traditionally work together. "As Internet use increases much more rapidly in developing countries, for instance, I fully expect to see that problem of non-co-operation grow significantly," he said. INTERNET THREATS Web defacement and semantic attack: Often politically motivated, vandalizing Web sites or subtly changing Web page content with false information. Domain-name service attack: Interfering with domain-name servers that verify Internet address and connect Web surfers to sites, redirecting them to incorrect or counterfeit sites. Distributed denial of service attack: Common hacker attack that swamps system with information requests, dangerous if highly co-ordinated against key infrastructure such as banking, communications and transportation. Worms: Often harmless attacks that exploit weaknesses in software but considered a cheap method of delivering a destructive attack if necessary. Attacks on routers: Routers are the Internet's traffic cops. Systems considered less vulnerable than other computers but lack of diversity leaves them open to knockout punch if attacker can find a flaw. Infrastructure attacks: Vulnerabilities of systems that control financial institutions, voice communications, electrical grid or water distribution not well understood. Source of threat list: Cyber Attacks During the War on Terrorism, by Michael Vatis - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Dec 27 2002 - 09:52:58 PST