[ISN] Feds Alert to Web Security Threat

From: InfoSec News (isnat_private)
Date: Sat Mar 22 2003 - 00:50:21 PST

  • Next message: InfoSec News: "[ISN] DOD aims psy-ops at Iraqi officers"

    http://www.wired.com/news/business/0,1367,58139,00.html
    
    By Joanna Glasner
    March 21, 2003 PT
    
    As the Department of Homeland Security urges Americans to be on high
    alert for potential acts of cyberterrorism, many computer security
    experts say military conflict doesn't change the fact that the Net is
    already a pretty dangerous place.
    
    "When it really gets down to it, we're getting security attacks on a
    daily basis," said Vincent Weafer, director of Symantec Security
    Response.
    
    On an average day, the security software maker hears of five to 15 new
    viruses. In a typical year, it finds several thousand widespread
    vulnerabilities in computer systems. Web users and publishers fend off
    denial-of-service attacks and intruders seeking to steal crucial data
    on a daily basis.
    
    Still, Homeland Security Secretary Tom Ridge's decision this week to
    raise the nation's threat level to orange, indicating a high risk of
    terrorist attacks, is causing computer security specialists to step up
    their vigilance.
    
    Ridge said his agency "will continue to monitor the Internet for signs
    of a potential terrorist attack, cyberterrorism, hacking and
    state-sponsored warfare." The department also encouraged companies and
    individual Internet users to report unusual activity or intrusion
    attempts to agencies like the National Infrastructure Protection
    Center.
    
    "We want to hear about probes, hacking attempts at sites and actual
    intrusions. We would rather hear about everything, and sift through to
    find ones that form part of a broader pattern and are more troubling,"  
    said David Wray, Homeland Security spokesman.
    
    Although the department did not disclose information about specific
    acts of cyberterror to watch out for, Internet security and monitoring
    firms view the warning as a good reason to keep closer tabs on all
    suspicious activity.
    
    "During a higher alert, the threshold of what we think is worth
    looking at is set to a lower point," said Lloyd Taylor, vice president
    of technology for Keynote Systems, a Web performance and testing
    service. Activity that would not usually be tagged as suspicious will
    be given a closer look, just in case.
    
    According to Keynote's Internet Health Report, which is an hourly
    snapshot of online traffic, several network hotspots experienced
    congestion on Thursday. Keynote said traffic patterns were mostly
    normal in the two days leading up to war, although some military
    websites were difficult to access.
    
    In particular, the U.S. Army's public homepage experienced severe
    problems that started Monday and appear to be associated with Web
    server capacity issues, according to Keynote's data. The U.S. Marine
    Corps' public site also had problems on Wednesday that appeared to be
    associated with bandwidth capacity.
    
    As these examples illustrate, Taylor doesn't expect that a cyberterror
    attack would focus on slowing the Internet as a whole. That would be
    difficult, he said, considering Internet traffic can travel over so
    many alternate routes if a portion of a particular network is down.  
    It's more likely that attackers would attempt to cripple individual
    sites.
    
    While he doesn't track the motives behind security breaches, Brian
    King, an Internet security analyst at the CERT Coordination Center,
    said the volume of reported intrusions and attacks collected by his
    organization have been fairly steady in recent weeks.
    
    However, King said he has seen a high volume of distributed
    denial-of-service attacks. These are often orchestrated by intruders
    who break into broadband-connected home computers and use them as a
    launch pad for other attacks.
    
    In most cases, Symantec's Weafer said, the best way to protect against
    cyberterror attacks is to maintain sound security: Install a firewall
    and keep it updated, update virus definitions and install security
    patches, and turn off unnecessary services or settings that could
    allow intruders to get in. In other words, Weafer advises doing most
    of the things home users know they're supposed to do but often
    neglect.
    
    But while cyberterror is a threat, Weafer said few security breaches
    are politically motivated. The prospect of financial gain, or the
    desire to show off technical skill, more often drive network
    intruders.
    
    Still, Homeland Security's Wray says it's common to see more
    politically motivated hacks in times of conflict.
    
    "In times of heightened political tension, we have traditionally seen
    a spike in hacking and computer intrusions or attempted intrusions,"  
    he said.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Sat Mar 22 2003 - 03:10:26 PST