[ISN] The paranoia that paid off

From: InfoSec News (isnat_private)
Date: Thu Apr 24 2003 - 18:45:09 PDT

  • Next message: InfoSec News: "[ISN] Microsoft offers Windows security guide"

    Forwarded from: William Knowles <wkat_private>
    
    http://www.guardian.co.uk/online/story/0,3605,941970,00.html
    
    April 24, 2003
    The Guardian 
    
    The war in Iraq was supposed to dramatically raise the likelihood of a
    major cyberterrorist attack against the US and its allies. Some even
    predicted a "digital Pearl Harbor", an electronic assault that could
    have shut down power plants, crippled the banking system, or disabled
    the air traffic control network.
    
    DK Matai, chairman and chief executive officer of the internet
    security firm mi2g, predicted that it was highly likely that "the
    launch of a physical attack on Iraq will see counterattacks from
    disgruntled Arab, Islamic fundamentalist, and anti-American groups".
    
    Now with the war winding down, fears that Iraq, al-Qaida or even
    sympathetic hackers in Russia and China would open up a second front
    in cyberspace have turned out to be completely unfounded, with little
    or no evidence that either they or anyone else engaged in
    cyberterrorism. What happened?
    
    Quite simply, the expected attacks just never materialised. According
    to Tim Madden, a spokesman for Joint Task Force-Computer Network
    Operations (JTF-CNO), created by the US Strategic Command to handle
    network defence and attack, there has been no significant increase in
    attempts to infiltrate US military computers since the war began.
    
    Internet security firms confirm that since mid-March, the level of
    activity has been almost normal. "We are seeing the same number of
    attacks today as we were seeing two months ago," says Vincent Weafer,
    senior director of Symantec Security Response. "We just haven't seen
    much evidence of any targeted attacks."
    
    The same cannot be said of US activities. It is widely assumed that
    JTF-CNO engaged in hacking and electronic warfare against Iraq's
    telecommunications and information infrastructure, although the
    Department of Defense refuses to provide any specific details due to
    the classification of the operations.
    
    There were some instances of war-related hacking over the past few
    weeks, but nothing that would be considered cyberterrorism rather than
    cybervandalism. Most of what has been seen, apart from a few
    opportunistically timed worms and viruses, is a large number of
    website defacements, the online equivalent of graffiti. Mikko
    Hypponen, the manager of anti-virus research at internet security firm
    F-Secure, estimates that altogether, there have been approximately
    20,000 website defacements, both pro- and anti-war, since mid-March,
    with the vast majority taking place within the first few days.
    
    Website defacements occur frequently, regardless of whether there is a
    war going on, and generally do not result in the sort of disruption or
    economic damage that can be caused by a virus or worm.
    
    Brian Martin, a security expert with Attrition.org, believes that many
    would have been done anyway: "There is absolutely no way to say if it
    is up or down, or if these are just targets of opportunity and
    [hackers are finding] a different justification for their activity
    than the day before."
    
    The Unix Security Guards, a pro-Islamic group with members in Egypt,
    Morocco, Kuwait and Indonesia, are thought to be responsible for
    hacking hundreds of US government and commercial websites, inserting
    into many of them the message that the group was part of the "New Era
    of Cyber War We Promised". And despite the FBI cautioning pro-US
    hackers against engaging in "patriotic hacking," a group calling
    itself the Patriot, Freedom Cyber Force Militia hacked the website of
    the Arabic satellite news channel al-Jazeera.
    
    There's curiously little proof that al-Qaida or other terrorist groups
    are engaging in cyberterrorism. Robert Andrews, a congressional
    representative from the state of New Jersey and a member of the House
    select committee on homeland security, concedes that there is "no
    evidence on the public record" that any terrorist group has ever
    launched an attack on the information infrastructure of the US.
    
    It turns out that the vast majority of network intrusions and hacking
    attempts against US computers aren't the work of terrorists hiding out
    in caves along the Pakistan/Afghanistan border, or hackers in Russia
    or China, but originate within the US. One security firm estimates
    that 86% of all "security events" can be traced back to the US. A
    crippling hacker attack against America is more likely to be the work
    of bored high-school students than al-Qaida.
    
    For example, in 1998, while the US was preparing to launch air strikes
    against Iraq in Operation Desert Fox, the Pentagon discovered that its
    computer networks had been compromised by an attack that appeared at
    first to be the work of either several governments in the Middle East
    working together or perhaps even Iraq itself. An investigation by the
    FBI revealed the culprits to be two teenagers in California.
    
    Some security experts wonder whether it makes sense to emphasise
    cyberterrorism when there is a more immediate danger from cybercrime
    and other online maliciousness. The SQL Slammer worm, which struck
    computers earlier this year, causing considerable damage, is not
    believed to be the work of either terrorists or a hostile government.
    
    "Our networks really are insecure, and there is lots and lots of
    crime: that is our biggest problem," says Bruce Schneier, founder and
    chief technical officer of Counterpane Internet Security. His hope is
    that companies strengthening their security in response to the
    perceived risk of cyber terrorism will have the net effect of reducing
    what he sees as the real danger -the rising level of criminal activity
    online.
    
    There is even a chance that what Schneier hoped for came to pass
    during these past few weeks and that the real reason there were no
    successful attacks is not because none were attempted, but because
    security was adequately strengthened beforehand.
    
    In anticipation of the war, many companies began paying more attention
    to the threat of hacker attacks, and beefed up security. Madden says
    that because the Department of Defense is forced to "defend its
    computer networks against intrusions every day, we had to do very
    little to prepare our networks for possible conflict beyond taking
    extra precautions to ensure we properly configured our networks and
    properly patched our software".
    
    Even if the risk of cyberterrorism during the war was overstated, the
    threat of a serious attack by a rogue nation or a terrorist group
    remains very real, according to US government agencies.
    
    Recent reports by the FBI and the Department of Homeland Security have
    outlined the continuing danger of terrorist groups turning to the
    internet. One particular concern is that cyberterrorism might be timed
    to coincide with a physical terrorist attack, such as bombing a
    building while simultaneously disabling the emergency response system,
    to ensure that the maximum number of lives were lost.
    
    Marcus Corbin, an analyst with the Center for Defense Information,
    speculates that given the recent show of American military superiority
    in Iraq, cyberterrorism might prove attractive to extremist groups
    looking for a more level playing field on which to fight.
    
    "The wish, after Iraq, to hurt us will be stronger, so interest in
    attacking us through electronic means will grow greatly," he says.  
    "Whether those attacks will succeed will depend on how well we can
    defend our systems."
    
    Congress Andrews predicts that if the US does not find a way to make
    its critical infrastructure more secure, there will be a "significant
    cyberattack within the next five years, whether it is on the 911
    emergency response system, the power grid, the banking system or the
    air traffic control system".
    
    Counterpane's Schneier contends that these kinds of attacks are harder
    to execute than simply hacking a server, since most of the computers
    critical to running power plants and air-traffic control systems are
    usually not connected to the internet.
    
    Disrupting the internet with worms or denial-of-service attacks is not
    particularly attractive to terrorist groups since they lack the impact
    of a bombing or hijacking. "Not being able to access the internet does
    not induce terror or fear in people. Terrorists are out to cause fear,
    not inconvenience," he says.
    
    And even should a cyberterrorist attack prevail and shut down the
    power grid or disrupt the emergency response system, "these sorts of
    outages and problems tend to happen by accident already, so we have
    workarounds for them", Schneier argues. "What we don't have
    workarounds for are people flying planes into buildings or blowing up
    embassies."
    
    
     
    *==============================================================*
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    ================================================================
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    *==============================================================*
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Apr 25 2003 - 01:48:35 PDT