Forwarded from: Richard Caasi <rcaasiat_private> http://www.nytimes.com/2003/01/17/technology/17HACK.html By ERIC LICHTBLAU January 17, 2003 WASHINGTON, Jan. 16 - Intelligence officials are concerned that a recent rise in electronic attacks against government and military computer networks in the United States may be the work of pro-Iraqi hackers and could signal a "potential crisis" in national security, according to a classified F.B.I. assessment. The assessment, prepared last week by the National Infrastructure Protection Center at the Federal Bureau of Investigation, warned intelligence officials that the attacks, which have been relatively limited, are likely to grow more widespread and "more dangerous" as tension over a possible war against Iraq grows. American intelligence analysts say they have long been concerned by the notion that Al Qaeda could use computers to wage terror - disrupting water treatment plants or nuclear facilities, for instance. Experts say the link between Iraq and computer hacking may have been underestimated and poses a growing threat to United States security. "Iraq is certainly among the places in the world that we think a cyberattack might well be launched from," Representative Robert E. Andrews of New Jersey, a Democrat on the House Armed Service Committee who has been active on cyberwarfare issues, said in an interview. Mr. Andrews noted that computer attacks were difficult to trace and could be damaging, which he said met Iraq's goals. "A cyberattack really fits Saddam Hussein's paradigm for attacking us," he said. No one appears to have been arrested in the attacks, and the F.B.I. assessment did not divulge the number of recent hackings or how successful they were. Nor did it disclose how the authorities traced the motive or origin of the attacks, but it blamed "ideologically motivated, pro-Iraq" hackers who have expressed opposition to United States activities in the Middle East and support for Islamic extremists. There is some skepticism over whether Mr. Hussein's regime has the technical capability or the desire to initiate such attacks. Gordon Johndroe, a spokesman for the Department of Homeland Security, said, "We are concerned about groups sympathetic to Iraq" hacking into government computer systems. But he added that there was no evidence that Mr. Hussein's regime had done so. "I wouldn't tie this in to a state-run operation," Mr. Johndroe said. "Iraq is more interested in obtaining weapons of mass destruction - chemical, biological and nuclear - than in pursuing the sophisticated skills and equipment necessary for a successful cyberattack." Officials at Iraq's mission to the United Nations did not return phone calls seeking comment. Military and F.B.I. officials declined to discuss the Iraq issue specifically. In a statement, the bureau acknowledged that in general, as international tensions increase, cybercrime "often escalates." "It can be state sponsored or encouraged, or come from domestic organizations or individuals independently," the statement said. The military said it worked constantly to prevent hacking at the 3 million computers and 10,000 local area networks in its information infrastructure. "The fact is, we are attacked and we defend on a daily basis," said Tim Madden, a spokesman for Maj. Gen. J. David Bryan, commander of the military's Joint Task Force-Computer Network Operations. Mr. Madden said, "Less than 2 percent of those attacks are successful in that the intruders gained root-level access." But American military analysts have become so concerned about the recent increase in activity that last week they raised the alert status on the threat of pro-Iraqi hackers to the level of a "possible crisis," the F.B.I. assessment said. Military officials declined to explain how the threat system works or the reasons any changes might be made. The assessment said recent computer disruptions have included Web defacements, "denial of service" attacks that can disrupt or paralyze a network, and hacking "probes" and "scans" aimed at testing the vulnerability of a network. The F.B.I.'s assessment described these recent disruptions as relatively low level. But it warned that as tensions with Iraq escalated, "more dangerous courses of action" by Iraqi-affiliated hackers - including more widespread denial-of-service attacks and the injection of worms or viruses that can damage programs - were "increasingly possible." The F.B.I. predicted that "hacking activity will continue during the next 90 days and will increase as allied pressure on Iraq mounts." The report said hacker groups controlled hundreds of automated search robot networks that could be used to attack government systems. And it warned that many powerful, easy-to-use tools were available on public Internet sites. Michael Vatis, former director of the F.B.I. cybercrime unit, said even relatively unsophisticated hackers could significantly damage systems that control a wide range of national security interests. Iraq is thought to have been developing an information warfare program in recent years, but it is probably lagging behind more sophisticated countries like China and Russia, said Mr. Vatis, who is now director of the Institute for Security Technology Studies at Dartmouth College. "I would suspect they're at a middling stage," he said. "But even a middling capability can cause serious harm." Mr. Vatis cautioned that tracing an electronic attack is a notoriously difficult task. In the case of denial-of-service attacks, hackers can hide their identities by penetrating hundreds of computer networks and turning them into "zombies" to use against a target system, he said. He pointed to an episode in 1998 in which hackers penetrated United States military computers and briefly disrupted troop exercises in the Persian Gulf. The authorities originally suspected Iraqi agents, but they ultimately traced the attack to two California teenagers. "You can't assume that your military adversary is responsible," Mr. Vatis said. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Sat Jan 18 2003 - 03:52:50 PST