[ISN] Unleashing the dogs of cyber-war on Iraq!

From: InfoSec News (isnat_private)
Date: Fri Mar 07 2003 - 00:32:37 PST

  • Next message: InfoSec News: "[ISN] UT Austin hack yields personal info on thousands"

    Forwarded from: William Knowles <wkat_private>
    
    http://www.salon.com/tech/feature/2003/03/06/iraq_geeks/index.html
    
    By Brian McWilliams
    March 6, 2003  
    
    Like an artist concealing his signature in the background of a 
    painting, Loay Edmon Al-Botany tucks his name in the source code of 
    Web pages at BabilOnline, the site he manages for Saddam Hussein's son 
    Uday. 
    
    Al-Botany, a lifelong resident of Baghdad, says his work for the 
    government-controlled Iraqi newspaper site doesn't pay very well -- 
    the equivalent of 100 U.S. dollars per month. But he considers himself 
    lucky to have one of the few Internet jobs in the country, and a 
    high-profile position at that. 
    
    Any day now, however, it could all come crashing down from a U.S.-led 
    invasion of Iraq, says Al-Botany. 
    
    "If USA attack Iraq, the first thing [they will do] is a cyber-war," 
    he says. 
    
    Al-Botany, 30, remembers well the U.S. bombing of Baghdad in 1991, 
    which targeted telecommunications and power systems. This time around, 
    many observers predict that the U.S. will also deploy viruses, 
    government-trained hackers, and special electromagnetic pulse bombs to 
    knock out Iraq's computers and other sensitive electronic equipment. 
    
    But if the U.S. wants to cut off Iraq's access to the Internet, it 
    need only give a nod to operators of a satellite farm in the woods 
    west of Atlanta, or to a similar facility in the English countryside. 
    
    An analysis of network records and routing patterns shows that Iraq's 
    only Internet service provider, the State Company for Internet 
    Services (SCIS), appears to send and receive nearly all of its traffic 
    over satellite hookups provided by Atlanta International Teleport of 
    Douglasville, Ga., and by SMS Internet of Rugby, Warwickshire. 
    
    Whenever Al-Botany or other Iraqis send an e-mail or browse the Web, 
    their bits leave Iraq via SCIS's satellite modems, bounce off orbiting 
    satellites, and touch down again in satellite dishes run by AIT and 
    SMS, which connect them to the Internet backbone in Georgia and 
    England, respectively. 
    
    This provision of Internet access may not be legal. A 1990 executive 
    order prohibits U.S. firms from exporting "goods, technology or 
    services" to Iraq. And a U.N. trade embargo has similarly sanctioned 
    member nations from dealing with Iraq. 
    
    But it's obvious that if predictions about the U.S. launching 
    "offensive computer operations" against Baghdad are correct, George W. 
    Bush and Tony Blair clearly have Saddam right where they want him. 
    
    On instructions from the U.S. or U.K. governments, AIT and SMS could 
    effectively disable e-mail and Web access for Iraq's government and 
    citizens. 
    
    Surprisingly, Iraqi computer specialists appear oblivious to their 
    network's vulnerability to attack. And even though they vow they will 
    get their networks back up and running if they are attacked, they are 
    also in no position to fight back. 
    
    Al-Botany, a graduate of Al-Mansour University College, one of Iraq's 
    top private technical schools, was surprised to learn that the headers 
    of his e-mails to a reporter showed that the messages actually 
    originated from AIT's network. According to a reverse DNS look-up, the 
    Internet protocol (IP) address from which the e-mails originated, 
    65.217.28.52, corresponds to the domain name 
    "host52.atlantateleport.com." 
    
    Similarly, Al-Botany was unaware that BabilOnline.net and another site 
    he manages, Iraq2000.com, as well as the Iraq government's main Web 
    site, Uruklink.net, are all connected to the Internet through 
    England-based SMS Networks. 
    
    AIT representatives did not respond to repeated requests by Salon for 
    information about their services to Iraq. 
    
    Maggie Corke, a representative of SMS, says the company does not have 
    any Iraqi customers nor does it market its services in Iraq. Corke did 
    acknowledge that SMS provides satellite services to Transtrum, a unit 
    of the Lebanon-based ISP TerraNet. 
    
    TerraNet's Alaa Sami Kadhem is listed as the registrant and 
    administrative contact in the domain record for BabilOnline.net. Sami 
    is also listed as the registrant of Iraq's Warkaa.net and 
    Baghdadlink.net sites. 
    
    Sami and TerraNet representatives did not respond to interview 
    requests. 
    
    Iraq's use of AIT and SMS was likely brokered by a consortium called 
    the Arab Organisation of Satellite Communications (ARABSAT), according 
    to Lucy Norton, an analyst with London-based World Markets Research 
    Center. 
    
    ARABSAT, which is headquartered in Saudi Arabia, arranges deals with 
    European and U.S. communications providers on behalf of Arab League 
    nations. Following an eight-year suspension, ARABSAT reestablished 
    links with Iraq's Ministry of Transport and Communications in 1999, 
    Norton said. 
    
    However, U.S. companies providing data communications services to 
    Iraq, even indirectly, are in violation of U.S. law and could be 
    subject to fines and penalties, according to Rob Nichols, a spokesman 
    for the U.S. Treasury Department's Office of Foreign Assets Control. 
    
    Iraq's vulnerability to cyber-attack doesn't end with its fragile 
    network connections. A myriad of bugs and misconfigurations in its 
    software make the embattled country's Internet-connected systems ripe 
    for hack attacks. 
    
    Iraq's DNS servers, key machines that route traffic to various 
    computers in a network, are misconfigured to allow "zone transfers," a 
    reconnaissance technique used by hackers to target vulnerable 
    machines. 
    
    A closer examination of one of the DNS servers, nic1.baghdadlink.net, 
    reveals that it may be running a collection of outdated software with 
    numerous high-risk security vulnerabilities. The apparent bugs in the 
    system, located at IP address 62.145.94.1, include some that 
    potentially give a remote attacker the ability to take control of the 
    server. 
    
    At least one of Iraq's Web servers has already been infected with a 
    computer virus. The system, located at the address 62.145.94.17, last 
    week was attempting to spread the Nimda computer worm to the computers 
    of unprotected Windows users. The server currently is unreachable. 
    
    Considering the variety of security flaws in Iraq's computer networks, 
    it's a miracle they haven't been turned inside out by vigilante 
    hackers, according to computer security experts. 
    
    "I'd expect to see some defacement activity, at the very least. It's 
    almost as though they're extending an invitation to be hacked," says 
    Robert G. Ferrell, a government security researcher. Ferrell said 
    would-be attackers may suspect, as he does, that the Iraqi systems are 
    being closely monitored by U.S. authorities. 
    
    Al-Botany and other Iraqi "geeks" blame much of their country's 
    Internet backwardness on trade sanctions, which make it difficult to 
    obtain current versions of software or up-to-date training. 
    
    Indeed, visiting Iraq's Web sites is like stepping back into the 
    Internet of the late 1990s. A marquee scrolls across the garishly 
    colored home page at Iraq2000.com, which hosts information about 
    Iraq's Olympic teams as well as access to numerous Iraqi newspapers. 
    Patriotic music blares on demand. 
    
    "Internet languages like Java and HTML, we didn't learn those because 
    Iraq did not have the Internet until recently," says "Sameer," an 
    Iraqi computer scientist who asked that his real name not be 
    published. 
    
    After emigrating to the U.S. in 2000, Sameer discovered that his 
    technical skills were anachronistic in the U.S job market. Though 
    successful in the competitive Iraqi college, he has been unable to 
    find work as a programmer. Recently laid off from his job in computer 
    support, Sameer now lives with and depends for support on his brother. 
    
    The dearth of broadband Internet connections, or even affordable home 
    dial-up access, creates further difficulties for Iraq's computer 
    elite. 
    
    Ahmed Al-Shalchi, a computer engineer and 1992 graduate of the 
    government-run University of Technology in Baghdad, says his only way 
    onto the Internet is from a dial-up modem connection at his workplace, 
    where he repairs PCs. Sometimes Al-Shalchi logs on from public 
    Internet centers. But a home connection is out of his financial reach, 
    he says. 
    
    Given the relatively poor skills and resources of some of Iraq's best 
    and brightest computer geeks, how capable is the country of conducting 
    cyber-warfare? 
    
    "There is nothing to suggest that the Iraqi government has the 
    capability for using cyber-warfare," says Ahmed Shames, an Iraqi who 
    emigrated in 1996 and now resides in London. Shames, chairman of the 
    Iraqi Prospect Organization, a group of young Iraqi expatriates 
    calling for the overthrow of Saddam, says it is unlikely that Iraq's 
    ruler has marshaled a cyber-war contingent. 
    
    Similarly, Sameer says he has not heard of any Iraqi computer experts 
    being drafted into such service. Instead, he said it was more probable 
    that Saddam would attempt to recruit offensive computer mercenaries 
    from abroad. 
    
    Even the author of a recent novel about U.S.-Iraq cyber-war concedes 
    it is doubtful that Saddam has sufficient home-grown talent to harm 
    the U.S. with computer attacks. Bill Neugent, chief engineer for 
    cyber-security at Mitre Corporation and author of "No Outward Sign" 
    (Writers Club Press, 2002), says Iraq could, however, enlist help from 
    sympathetic Muslims in the West. In his book, Iraqi-Americans living 
    in Washington attack U.S. government systems to frame Iraq and goad 
    the U.S. to retaliate. 
    
    Instead of cultivating its cyber-war readiness, Iraq's government 
    appears to be focusing its technical prowess on spying on and 
    restricting its citizens' use of the Internet. Shames says Iraqis must 
    assume that every message they send or receive is being monitored by 
    Big Brother. 
    
    Sometimes, as in the case of Sameer's sister back in Baghdad -- a 
    teacher and one of the lucky Iraqis to have Internet access at home -- 
    e-mail service mysteriously stops for weeks. 
    
    "I don't know why. Maybe it is just a technical problem. Or maybe 
    someone is blocking the account," says Sameer. 
    
    To evade the state's widely publicized snooping, some savvy Iraqis 
    have set up webmail accounts at providers such as Yahoo, as if 
    calculating that the probable surveillance by U.S. intelligence 
    authorities is less dire. 
    
    But there are few means around the government's blockades of 
    "objectionable" Web content, which, besides porn, includes domain 
    registration sites, according to Heider Sati, an Al-Mansour graduate 
    now running his own London-based IT consulting firm. The restriction, 
    perhaps designed to muzzle protest speech, means Iraqis are unable to 
    register and create their own Web sites. (Sati says he registered and 
    hosts alMansourCollege.net, on behalf of his alma mater, for free.) 
    
    Despite these limitations, some of Iraq's geeks say they would suffer 
    if the country lost its Internet connection, whether due to 
    conventional bombs or cyber-attacks. 
    
    "[It's] just like having drugs," said Al-Shalchi of his dependence on 
    e-mail and Web access. 
    
    But for average Iraqis, the Internet is likely still an unreliable 
    luxury, not a necessity. Richard M. Smith, a U.S. computer expert, 
    notes that a counter on the home page of Uruklink.net shows that the 
    vast majority of the site's visitors are from the U.S. 
    
    Like many Iraqi citizens and expatriates with relatives still in the 
    country, Sati is guarded about his views on the outcome of the 
    potential war and refuses to comment on his views of Saddam. But he 
    did say that if a U.S. strike takes out Iraq's network, he and others 
    will quickly work to restore alternative service to citizens. 
    
    "There are many people like me who would do anything to help the 
    Iraqis, as we all feel that this is our responsibility toward Iraq," 
    says Sati. 
    
    Sati's circumspection lapses a bit, however, as he describes dreams of 
    a day when he can return to Iraq and help lay new fiber networks, beef 
    up the country's hardware, and otherwise retool its Internet networks. 
    
    Even Al-Botany seems to be anticipating big changes ahead. His Web job 
    with SCIS, he says, doesn't pay enough for him to own a car or a house 
    for himself, his wife, and his toddler son. With his contract with the 
    Iraqi government due to run out in six months, Al-Botany asks whether 
    a reporter could help him find a job in the United States. 
    
    
     
    *==============================================================*
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    ================================================================
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    *==============================================================*
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Mar 07 2003 - 02:59:50 PST