http://www.wired.com/news/business/0,1367,58139,00.html By Joanna Glasner March 21, 2003 PT As the Department of Homeland Security urges Americans to be on high alert for potential acts of cyberterrorism, many computer security experts say military conflict doesn't change the fact that the Net is already a pretty dangerous place. "When it really gets down to it, we're getting security attacks on a daily basis," said Vincent Weafer, director of Symantec Security Response. On an average day, the security software maker hears of five to 15 new viruses. In a typical year, it finds several thousand widespread vulnerabilities in computer systems. Web users and publishers fend off denial-of-service attacks and intruders seeking to steal crucial data on a daily basis. Still, Homeland Security Secretary Tom Ridge's decision this week to raise the nation's threat level to orange, indicating a high risk of terrorist attacks, is causing computer security specialists to step up their vigilance. Ridge said his agency "will continue to monitor the Internet for signs of a potential terrorist attack, cyberterrorism, hacking and state-sponsored warfare." The department also encouraged companies and individual Internet users to report unusual activity or intrusion attempts to agencies like the National Infrastructure Protection Center. "We want to hear about probes, hacking attempts at sites and actual intrusions. We would rather hear about everything, and sift through to find ones that form part of a broader pattern and are more troubling," said David Wray, Homeland Security spokesman. Although the department did not disclose information about specific acts of cyberterror to watch out for, Internet security and monitoring firms view the warning as a good reason to keep closer tabs on all suspicious activity. "During a higher alert, the threshold of what we think is worth looking at is set to a lower point," said Lloyd Taylor, vice president of technology for Keynote Systems, a Web performance and testing service. Activity that would not usually be tagged as suspicious will be given a closer look, just in case. According to Keynote's Internet Health Report, which is an hourly snapshot of online traffic, several network hotspots experienced congestion on Thursday. Keynote said traffic patterns were mostly normal in the two days leading up to war, although some military websites were difficult to access. In particular, the U.S. Army's public homepage experienced severe problems that started Monday and appear to be associated with Web server capacity issues, according to Keynote's data. The U.S. Marine Corps' public site also had problems on Wednesday that appeared to be associated with bandwidth capacity. As these examples illustrate, Taylor doesn't expect that a cyberterror attack would focus on slowing the Internet as a whole. That would be difficult, he said, considering Internet traffic can travel over so many alternate routes if a portion of a particular network is down. It's more likely that attackers would attempt to cripple individual sites. While he doesn't track the motives behind security breaches, Brian King, an Internet security analyst at the CERT Coordination Center, said the volume of reported intrusions and attacks collected by his organization have been fairly steady in recent weeks. However, King said he has seen a high volume of distributed denial-of-service attacks. These are often orchestrated by intruders who break into broadband-connected home computers and use them as a launch pad for other attacks. In most cases, Symantec's Weafer said, the best way to protect against cyberterror attacks is to maintain sound security: Install a firewall and keep it updated, update virus definitions and install security patches, and turn off unnecessary services or settings that could allow intruders to get in. In other words, Weafer advises doing most of the things home users know they're supposed to do but often neglect. But while cyberterror is a threat, Weafer said few security breaches are politically motivated. The prospect of financial gain, or the desire to show off technical skill, more often drive network intruders. Still, Homeland Security's Wray says it's common to see more politically motivated hacks in times of conflict. "In times of heightened political tension, we have traditionally seen a spike in hacking and computer intrusions or attempted intrusions," he said. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Sat Mar 22 2003 - 03:10:26 PST