[ISN] Warning on Iraqi Hackers and U.S. Safety

From: InfoSec News (isnat_private)
Date: Sat Jan 18 2003 - 01:20:17 PST

  • Next message: InfoSec News: "Re: [ISN] Why I should have the right to kill a malicious process on your machine"

    Forwarded from: Richard Caasi <rcaasiat_private>
    
    http://www.nytimes.com/2003/01/17/technology/17HACK.html
    
    By ERIC LICHTBLAU 
    January 17, 2003
     
    WASHINGTON, Jan. 16 - Intelligence officials are concerned that a
    recent rise in electronic attacks against government and military
    computer networks in the United States may be the work of pro-Iraqi
    hackers and could signal a "potential crisis" in national security,
    according to a classified F.B.I. assessment.
    
    The assessment, prepared last week by the National Infrastructure
    Protection Center at the Federal Bureau of Investigation, warned
    intelligence officials that the attacks, which have been relatively
    limited, are likely to grow more widespread and "more dangerous" as
    tension over a possible war against Iraq grows.
    
    American intelligence analysts say they have long been concerned by
    the notion that Al Qaeda could use computers to wage terror -
    disrupting water treatment plants or nuclear facilities, for instance.
    Experts say the link between Iraq and computer hacking may have been
    underestimated and poses a growing threat to United States security.
    
    "Iraq is certainly among the places in the world that we think a
    cyberattack might well be launched from," Representative Robert E.
    Andrews of New Jersey, a Democrat on the House Armed Service Committee
    who has been active on cyberwarfare issues, said in an interview.
    
    Mr. Andrews noted that computer attacks were difficult to trace and
    could be damaging, which he said met Iraq's goals. "A cyberattack
    really fits Saddam Hussein's paradigm for attacking us," he said.
    
    No one appears to have been arrested in the attacks, and the F.B.I.
    assessment did not divulge the number of recent hackings or how
    successful they were. Nor did it disclose how the authorities traced
    the motive or origin of the attacks, but it blamed "ideologically
    motivated, pro-Iraq" hackers who have expressed opposition to United
    States activities in the Middle East and support for Islamic
    extremists.
    
    There is some skepticism over whether Mr. Hussein's regime has the
    technical capability or the desire to initiate such attacks.
    
    Gordon Johndroe, a spokesman for the Department of Homeland Security,
    said, "We are concerned about groups sympathetic to Iraq" hacking into
    government computer systems. But he added that there was no evidence
    that Mr. Hussein's regime had done so.
    
    "I wouldn't tie this in to a state-run operation," Mr. Johndroe said.
    "Iraq is more interested in obtaining weapons of mass destruction -
    chemical, biological and nuclear - than in pursuing the sophisticated
    skills and equipment necessary for a successful cyberattack."
    
    Officials at Iraq's mission to the United Nations did not return phone
    calls seeking comment.
    
    Military and F.B.I. officials declined to discuss the Iraq issue
    specifically. In a statement, the bureau acknowledged that in general,
    as international tensions increase, cybercrime "often escalates."
    
    "It can be state sponsored or encouraged, or come from domestic
    organizations or individuals independently," the statement said.
    
    The military said it worked constantly to prevent hacking at the 3
    million computers and 10,000 local area networks in its information
    infrastructure.
    
    "The fact is, we are attacked and we defend on a daily basis," said
    Tim Madden, a spokesman for Maj. Gen. J. David Bryan, commander of the
    military's Joint Task Force-Computer Network Operations.
    
    Mr. Madden said, "Less than 2 percent of those attacks are successful
    in that the intruders gained root-level access."
    
    But American military analysts have become so concerned about the
    recent increase in activity that last week they raised the alert
    status on the threat of pro-Iraqi hackers to the level of a "possible
    crisis," the F.B.I. assessment said. Military officials declined to
    explain how the threat system works or the reasons any changes might
    be made.
    
    The assessment said recent computer disruptions have included Web
    defacements, "denial of service" attacks that can disrupt or paralyze
    a network, and hacking "probes" and "scans" aimed at testing the
    vulnerability of a network.
    
    The F.B.I.'s assessment described these recent disruptions as
    relatively low level. But it warned that as tensions with Iraq
    escalated, "more dangerous courses of action" by Iraqi-affiliated
    hackers - including more widespread denial-of-service attacks and the
    injection of worms or viruses that can damage programs - were
    "increasingly possible."
    
    The F.B.I. predicted that "hacking activity will continue during the
    next 90 days and will increase as allied pressure on Iraq mounts."
    
    The report said hacker groups controlled hundreds of automated search
    robot networks that could be used to attack government systems. And it
    warned that many powerful, easy-to-use tools were available on public
    Internet sites.
    
    Michael Vatis, former director of the F.B.I. cybercrime unit, said
    even relatively unsophisticated hackers could significantly damage
    systems that control a wide range of national security interests.
    
    Iraq is thought to have been developing an information warfare program
    in recent years, but it is probably lagging behind more sophisticated
    countries like China and Russia, said Mr. Vatis, who is now director
    of the Institute for Security Technology Studies at Dartmouth College.
    
    "I would suspect they're at a middling stage," he said. "But even a
    middling capability can cause serious harm."
    
    Mr. Vatis cautioned that tracing an electronic attack is a notoriously
    difficult task. In the case of denial-of-service attacks, hackers can
    hide their identities by penetrating hundreds of computer networks and
    turning them into "zombies" to use against a target system, he said.
    
    He pointed to an episode in 1998 in which hackers penetrated United
    States military computers and briefly disrupted troop exercises in the
    Persian Gulf. The authorities originally suspected Iraqi agents, but
    they ultimately traced the attack to two California teenagers.
    
    "You can't assume that your military adversary is responsible," Mr.
    Vatis said.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Sat Jan 18 2003 - 03:52:50 PST