[ISN] Cyberspace sentinels brace for trouble

From: InfoSec News (isnat_private)
Date: Fri Dec 27 2002 - 04:11:24 PST

  • Next message: InfoSec News: "Re: [ISN] Computer Attack and Defense As Spectator Sport"

    Canadian Press
    December 25, 2002
    Vancouver - The fight against terrorism and the prospect of
    hostilities with Iraq have the sentinels of cyberspace bracing for
    Experts say it's only a matter of time before someone mounts a
    concerted, politically motivated attack on the Internet or a piece of
    computer-dependent infrastructure such as the electrical grid.
    Despite growing security awareness, especially in the wake of the
    Sept. 11, 2001, terrorist attacks, many critical systems remain open
    to intrusion and disruption, authorities in both the private and
    public sectors agree.
    "The problem at this point is that the vulnerabilities are so numerous
    one has a hard time trying to decide where to start," said Andrew
    McAllister, director of cyber protection at the federal Office of
    Critical Infrastructure and Emergency Preparedness.
    There's no published evidence such a strike has taken place yet and
    some experts believe cyber attacks remain more of a nuisance threat
    for now.
    The Canadian Security Intelligence Service, responsible for assessing
    the cyber threat, won't reveal which potentially hostile groups or
    countries have the capability.
    A July 2001 CSIS report, citing U.S. sources, included Iraq on a list
    of countries developing the ability to mount "information operations."
    But it's inevitable a terror group or hostile state will try
    something, said Michael Vatis, director of the Institute for Security
    Technology Studies at Dartmouth College in New Hampshire.
    "Frankly, I've been a little bit surprised that we haven't seen
    something yet from al-Qaeda or one of its sympathizers because of the
    ease and low cost of doing it," he said. "That's why I do believe it's
    just a matter of time."
    Mr. Vatis was the first director of the U.S. National Infrastructure
    Protection Centre, founded in 1998 and under FBI control before
    becoming part of the new Department of Homeland Security.
    The centre served as a model for Mr. McAllister's two-year-old agency,
    which operates under the Department of National Defence.
    It's true, said Mr. Vatis, that to date cyber attacks have added up
    mostly to costly disruptions of e-commerce and Web vandalism by what
    Mr. McAllister called "hacktivists."
    Mr. Vatis said he doesn't even use the term cyber terrorism because
    it's misleading.
    But a study that Mr. Vatis did in the wake of Sept. 11 found cyber
    attacks increased concurrent with political flare-ups in the Middle
    East, between Indian and Pakistan and the war in Kosovo.
    Mr. Vatis said he believes hostile countries may be more of a threat
    than terrorists.
    "I think it really behooves the U.S. and its allies to prepare for the
    eventuality of cyber attacks against us, especially when we engage in
    any sort of conventional military action or response in cyberspace,"  
    he said.
    The redundancies built into critical systems make it hard for any one
    cyber attack to bring a country to its knees, David Charters of the
    Centre for Conflict Studies at the University of New Brunswick has
    But the tools for cyber attacks are readily available for terrorists
    or others who want them.
    "I don't think we know enough to say whether they have it now or not,
    given the ease with which the capability can be acquired by anybody,"  
    said Mr. Vatis. "You can literally go and download the capability from
    a hacker Web site."
    One of the most serious recent attacks occurred in October, knocking
    out three of the world's 13 Internet domain-name root servers, which
    verify Internet addresses for Web surfers.
    Traffic was rerouted to backups but the Internet could have been
    crippled if more of the servers been shut down.
    There are between 65,000 and 70,000 virus and malicious code threats
    worldwide, said Vincent Gullotto, senior director of research at
    antivirus software-maker McAfee.
    Mr. Gullotto said the purveyors are still largely traditional hackers
    out to make a name for themselves.
    "We haven't really seen anything from my perspective that purely says
    al-Qaeda's been involved or somebody that works for some
    fundamentalist group," he said.
    "We have seen virus writers add into their mix here and there some
    political statement."
    But governments and corporations are reluctant to publicize serious
    attacks, Mr. Gullotto added.
    "If someone from al-Qaeda has found a way to hack themselves into some
    Department of Defence operation, we're not going to hear about that,"  
    he said.
    One ominous trend has been a change in the origin of attacks, said
    John Gantz, chief research officer for Boston-based IDC Inc., an
    information-technology consulting firm.
    Until a year ago, about 60 per cent of intrusions into corporate
    systems came from inside  disgruntled or larcenous employees. Today
    it's reversed.
    "We basically believe a war with Iraq will galvanize the hacker parts
    of the terrorist factions," said Mr. Gantz.
    System security has become the No. 1 priority among chief executives,
    he said, and spending on security-related software is the fastest
    growing area of information technology.
    "Security is now becoming more important than usability," added Mr.  
    But he said the problem is computer networks have evolved with
    openness in mind.
    "You'd assume hopefully that nobody else would want to do anything bad
    to your system," said Mr. McAllister. "We can no longer make those
    "So now we're stuck with systems that have been developed and written
    for usability, openness and remote access. The question is, who's
    remotely accessing your system now?"
    Mr. McAllister agreed that it takes a highly skilled person to do
    serious damage but said the expertise is spreading rapidly.
    "It only takes one to show up in your Internet back yard to really
    ruin your day," he says. "So really what we're finding is it's not a
    question of if, it's a question of when."
    The approach to defending against such attacks worries the experts.
    As recently as last July, the U.S. General Accounting Office  similar
    to Canada's Auditor-General  warned of "pervasive weaknesses" in
    federal information security.
    "Because of our government's and our nation's reliance on
    interconnected computer systems to support critical operations and
    infrastructures, poor information security could have potentially
    devastating implications for our country," Robert Dacey, the office's
    director of information-security told a congressional hearing.
    That interconnectedness links government and industry and spans
    borders, Mr. McAllister noted.
    "Everything's so interdependent now that the ripple effect of an event
    in one sector or one set of services has a more profound impact on
    other services now," he said.
    Key sectors, such as banking and air-traffic control, may have
    hardened computer systems but other industries may not be doing all
    they should, said Mr. Gantz.
    "One of the fastest-growing software package areas is intrusion
    detection," he said. "They're putting in the software but they're
    still not necessarily manning a desk 24-7 to see if there is an
    Mr. Vatis said tracing and countering cyber attacks also becomes more
    difficult outside the small group of developed countries such as
    Canada, Britain and the United States that traditionally work
    "As Internet use increases much more rapidly in developing countries,
    for instance, I fully expect to see that problem of non-co-operation
    grow significantly," he said.
    Web defacement and semantic attack: Often politically motivated,
    vandalizing Web sites or subtly changing Web page content with false
    Domain-name service attack: Interfering with domain-name servers that
    verify Internet address and connect Web surfers to sites, redirecting
    them to incorrect or counterfeit sites.
    Distributed denial of service attack: Common hacker attack that swamps
    system with information requests, dangerous if highly co-ordinated
    against key infrastructure such as banking, communications and
    Worms: Often harmless attacks that exploit weaknesses in software but
    considered a cheap method of delivering a destructive attack if
    Attacks on routers: Routers are the Internet's traffic cops. Systems
    considered less vulnerable than other computers but lack of diversity
    leaves them open to knockout punch if attacker can find a flaw.
    Infrastructure attacks: Vulnerabilities of systems that control
    financial institutions, voice communications, electrical grid or water
    distribution not well understood.
    Source of threat list: Cyber Attacks During the War on Terrorism, by
    Michael Vatis
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Dec 27 2002 - 09:52:58 PST