[ISN] Wartime Internet Security Is 'Business as Usual'

From: InfoSec News (isnat_private)
Date: Thu Mar 27 2003 - 23:28:41 PST

  • Next message: InfoSec News: "[ISN] Army taps DMS for wartime comm"

    http://www.washingtonpost.com/wp-dyn/articles/A37785-2003Mar27.html
    
    By Robert MacMillan
    washingtonpost.com Staff Writer
    Thursday, March 27, 2003
    
    Federal officials last week warned that the Iraq war may prompt
    hackers to attack data systems and critical networks. But for the most
    part, Internet security firms aren't changing their standard
    procedures to accommodate the higher threat level -- because for them,
    vigilance is par for the course.
    
    "It's business as usual," said Vincent Weafer, the chief virus
    researcher for Symantec Security Response, who said the average U.S.  
    corporation already gets hit with about "30 major attacks" weekly. The
    Internet is under constant attack from a variety of online threats,
    with as many as 10 to 15 new viruses or other malicious code attacking
    online systems every day, Weafer said.
    
    There has been an increase in online attacks and other hacker activity
    since the beginning of the war, but not at the level anticipated by
    the Homeland Security Department in an alert it issued last Tuesday.
    
    "We have already seen a clear increase in the number of Web site
    defacements, but on the other hand we haven't seen very much on the
    virus front," said Mikel Albrecht, a virus researcher at F-Secure
    Corp. in Finland.
    
    U.K.-based antivirus firm Sophos Inc. said hacker activity since the
    onset of the Iraq war is similar to spikes in activity tied to
    particularly contentious football matches, said spokeswoman Carole
    Thierault.
    
    "We don't tend to change our method of working," she said. "We always
    want everybody to be suspicious."
    
    F-Secure reported approximately 10,000 Web site defacements, with U.S.  
    government sites getting hit with slogans like "Make love, not war,"  
    while a private site was pasted with the message, "Kill Saddam!"
    
    The relative calm doesn't mean hackers aren't trying to find
    weaknesses in western systems. Mark Rasch, former head of the Justice
    Department's computer crimes unit, said that there has been more
    probing activity, where unknown assailants scan networks to determine
    whether they are secure or have open ports that can be attacked. This
    activity, he said, has come from Egypt, Amsterdam and other areas
    throughout the Middle East and Europe.
    
    "It's the electronic equivalent of walking down the streets and
    checking that the doors are locked," he said. "It's usually the
    prelude to an attack."
    
    U.S. government systems have not seen a significant increase in
    hacking or intrusion attempts, said Homeland Security Department
    spokesman David Wray. "We obviously see the reports of defacements
    that appear to be coming from pro-Islamic groups, but those are on
    essentially public systems," he said.
    
    What worries the Homeland Security Department is not hackers taking
    down Web sites, it's organized terrorist groups like al Qaeda that
    have shown more than a passing interest and skill in harnessing
    computers to try to disable or damage communications networks and
    critical infrastructures like the public water supply.
    
    Last June, The Washington Post reported that hackers, possibly from
    the Middle East or East Asia, had probed utility systems to study
    emergency telephone networks, electricity and water storage systems
    and nuclear power plants and gas facilities.
    
    Bruce Schneier, co-founder of Cupertino, Calif.-based Counterpane
    Internet Security Inc., said cyberterrorism or an online "war" is
    nearly impossible.
    
    "Politically sponsored hacking is a gross overstatement," Schneier
    said, noting that carrying off an attack that could disable the
    Internet is an unlikely scenario at best.
    
    Rasch said that it could happen, "but it would require a tremendous
    amount of success, knowledge and planning. You'd have to really know
    what you're going after."
    
    Symantec's Weafer said that most attacks, including one last October
    that brought down nine of the 13 root servers that support the
    Internet, cannot get around the fact that when online traffic is
    disrupted or blocked in one place, it tends to flow through thousands
    of alternate channels instead.
    
    "If you look at the Code Reds, the Nimdas, the DDOS's against DNS
    servers, the Internet itself is extremely resilient," he said.  
    "[Sometimes] you see localized attacks, and communications get slower
    ... but you have to allow for that."
    
    The most widely reported hack of the past week appears to have been
    carried out by patriot hackers from the United States. The Qatar-based
    Al Jazeera television network said that hackers knocked its Arabic and
    English Web sites offline several times, according to Tuesday wire
    reports. The sites still were inaccessible at deadline today, and
    Reuters was reporting that an American flag had been placed on the Al
    Jazeera site at one point today.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Mar 28 2003 - 01:49:17 PST