FC: Is menace of "cyberwar" overstated or not?

From: Declan McCullagh (declanat_private)
Date: Fri Apr 25 2003 - 07:42:20 PDT

  • Next message: Declan McCullagh: "FC: Ashcroft lauds Ed Meese, says "keep liberty burning bright!""

    [It would be unwise to dismiss, as more systems are networked, the 
    possibility of actual physical harm performed remotely and electronically. 
    But it may require special knowledge possessed by insiders and in general 
    is far less a threat than other, traditional forms of vandalism and 
    sabotage. --Declan]
    
    ---
    
    From: "Richard M. Smith" <rmsat_private>
    To: <JALewisat_private>, <declanat_private>
    Subject: RE: Menace of Cyber War! Be Scared! Film at 11
    Date: Fri, 25 Apr 2003 10:20:46 -0400
    Message-ID: <000f01c30b35$dd5ae640$550ffea9@rms>
    MIME-Version: 1.0
    Content-Type: text/plain;
    	charset="us-ascii"
    Content-Transfer-Encoding: 7bit
    X-Priority: 3 (Normal)
    X-MSMail-Priority: Normal
    
    Hi Jim,
    
    These few incidents probably qualify as cyberattacks against critical
    infrastructure:
    
       Juvenile computer hacker cuts off FAA tower
       http://www.usdoj.gov/criminal/cybercrime/juvenilepld.htm
    
       Net saboteur faces 41 months
       http://www.nwfusion.com/news/2002/0304lloyd.html
    
       Aussie hacker jailed for sewage attacks
       http://cooltech.iafrica.com/technews/837110.htm
    
    Two of them were done by insiders.
    
    Richard
    
    ---
    
    Reply-To: "Peter Rojas" <peteat_private>
    From: "Peter Rojas" <peteat_private>
    To: <declanat_private>
    Subject: Re: Menace of Cyber War! Be Scared! Film at 11
    Date: Fri, 25 Apr 2003 10:34:31 -0400
    
    Declan,
    
    Hey, I don't like to engage in this kind of self-promotion, but I just wrote
    a piece about how the threat of cyberterrorism during the war in Iraq was
    grossly overstated:
    http://www.guardian.co.uk/online/story/0,3605,941970,00.html
    
    Cheers,
    
    Peter
    
    
    Fears of cyberterrorism during the war on Iraq proved unfounded, says Peter
    Rojas, but increased online security will benefit us all
    
    Thursday April 24, 2003
    The Guardian
    
    The war in Iraq was supposed to dramatically raise the likelihood of a major
    cyberterrorist attack against the US and its allies. Some even predicted a
    "digital Pearl Harbor", an electronic assault that could have shut down
    power plants, crippled the banking system, or disabled the air traffic
    control network.
    DK Matai, chairman and chief executive officer of the internet security firm
    mi2g, predicted that it was highly likely that "the launch of a physical
    attack on Iraq will see counterattacks from disgruntled Arab, Islamic
    fundamentalist, and anti-American groups".
    
    Now with the war winding down, fears that Iraq, al-Qaida or even sympathetic
    hackers in Russia and China would open up a second front in cyberspace have
    turned out to be completely unfounded, with little or no evidence that
    either they or anyone else engaged in cyberterrorism. What happened?
    
    Quite simply, the expected attacks just never materialised. According to Tim
    Madden, a spokesman for Joint Task Force-Computer Network Operations
    (JTF-CNO), created by the US Strategic Command to handle network defence and
    attack, there has been no significant increase in attempts to infiltrate US
    military computers since the war began.
    
    Internet security firms confirm that since mid-March, the level of activity
    has been almost normal. "We are seeing the same number of attacks today as
    we were seeing two months ago," says Vincent Weafer, senior director of
    Symantec Security Response. "We just haven't seen much evidence of any
    targeted attacks."
    
    The same cannot be said of US activities. It is widely assumed that JTF-CNO
    engaged in hacking and electronic warfare against Iraq's telecommunications
    and information infrastructure, although the Department of Defense refuses
    to provide any specific details due to the classification of the operations.
    
    There were some instances of war-related hacking over the past few weeks,
    but nothing that would be considered cyberterrorism rather than
    cybervandalism. Most of what has been seen, apart from a few
    opportunistically timed worms and viruses, is a large number of website
    defacements, the online equivalent of graffiti. Mikko Hypponen, the manager
    of anti-virus research at internet security firm F-Secure, estimates that
    altogether, there have been approximately 20,000 website defacements, both
    pro- and anti-war, since mid-March, with the vast majority taking place
    within the first few days.
    
    Website defacements occur frequently, regardless of whether there is a war
    going on, and generally do not result in the sort of disruption or economic
    damage that can be caused by a virus or worm.
    
    Brian Martin, a security expert with Attrition.org, believes that many would
    have been done anyway: "There is absolutely no way to say if it is up or
    down, or if these are just targets of opportunity and [hackers are finding]
    a different justification for their activity than the day before."
    
    The Unix Security Guards, a pro-Islamic group with members in Egypt,
    Morocco, Kuwait and Indonesia, are thought to be responsible for hacking
    hundreds of US government and commercial websites, inserting into many of
    them the message that the group was part of the "New Era of Cyber War We
    Promised". And despite the FBI cautioning pro-US hackers against engaging in
    "patriotic hacking," a group calling itself the Patriot, Freedom Cyber Force
    Militia hacked the website of the Arabic satellite news channel al-Jazeera.
    
    There's curiously little proof that al-Qaida or other terrorist groups are
    engaging in cyberterrorism. Robert Andrews, a congressional representative
    from the state of New Jersey and a member of the House select committee on
    homeland security, concedes that there is "no evidence on the public record"
    that any terrorist group has ever launched an attack on the information
    infrastructure of the US.
    
    It turns out that the vast majority of network intrusions and hacking
    attempts against US computers aren't the work of terrorists hiding out in
    caves along the Pakistan/Afghanistan border, or hackers in Russia or China,
    but originate within the US. One security firm estimates that 86% of all
    "security events" can be traced back to the US. A crippling hacker attack
    against America is more likely to be the work of bored high-school students
    than al-Qaida.
    
    For example, in 1998, while the US was preparing to launch air strikes
    against Iraq in Operation Desert Fox, the Pentagon discovered that its
    computer networks had been compromised by an attack that appeared at first
    to be the work of either several governments in the Middle East working
    together or perhaps even Iraq itself. An investigation by the FBI revealed
    the culprits to be two teenagers in California.
    
    Some security experts wonder whether it makes sense to emphasise
    cyberterrorism when there is a more immediate danger from cybercrime and
    other online maliciousness. The SQL Slammer worm, which struck computers
    earlier this year, causing considerable damage, is not believed to be the
    work of either terrorists or a hostile government.
    
    "Our networks really are insecure, and there is lots and lots of crime: that
    is our biggest problem," says Bruce Schneier, founder and chief technical
    officer of Counterpane Internet Security. His hope is that companies
    strengthening their security in response to the perceived risk of cyber
    terrorism will have the net effect of reducing what he sees as the real
    danger -the rising level of criminal activity online.
    
    There is even a chance that what Schneier hoped for came to pass during
    these past few weeks and that the real reason there were no successful
    attacks is not because none were attempted, but because security was
    adequately strengthened beforehand.
    
    In anticipation of the war, many companies began paying more attention to
    the threat of hacker attacks, and beefed up security. Madden says that
    because the Department of Defense is forced to "defend its computer networks
    against intrusions every day, we had to do very little to prepare our
    networks for possible conflict beyond taking extra precautions to ensure we
    properly configured our networks and properly patched our software".
    
    Even if the risk of cyberterrorism during the war was overstated, the threat
    of a serious attack by a rogue nation or a terrorist group remains very
    real, according to US government agencies.
    
    Recent reports by the FBI and the Department of Homeland Security have
    outlined the continuing danger of terrorist groups turning to the internet.
    One particular concern is that cyberterrorism might be timed to coincide
    with a physical terrorist attack, such as bombing a building while
    simultaneously disabling the emergency response system, to ensure that the
    maximum number of lives were lost.
    
    Marcus Corbin, an analyst with the Center for Defense Information,
    speculates that given the recent show of American military superiority in
    Iraq, cyberterrorism might prove attractive to extremist groups looking for
    a more level playing field on which to fight.
    
    "The wish, after Iraq, to hurt us will be stronger, so interest in attacking
    us through electronic means will grow greatly," he says. "Whether those
    attacks will succeed will depend on how well we can defend our systems."
    
    Congress Andrews predicts that if the US does not find a way to make its
    critical infrastructure more secure, there will be a "significant
    cyberattack within the next five years, whether it is on the 911 emergency
    response system, the power grid, the banking system or the air traffic
    control system".
    
    Counterpane's Schneier contends that these kinds of attacks are harder to
    execute than simply hacking a server, since most of the computers critical
    to running power plants and air-traffic control systems are usually not
    connected to the internet.
    
    Disrupting the internet with worms or denial-of-service attacks is not
    particularly attractive to terrorist groups since they lack the impact of a
    bombing or hijacking. "Not being able to access the internet does not induce
    terror or fear in people. Terrorists are out to cause fear, not
    inconvenience," he says.
    
    
    And even should a cyberterrorist attack prevail and shut down the power grid
    or disrupt the emergency response system, "these sorts of outages and
    problems tend to happen by accident already, so we have workarounds for
    them", Schneier argues. "What we don't have workarounds for are people
    flying planes into buildings or blowing up embassies."
    
    · Send comments: online.feedbackat_private
    
    
    
    
    -------------------------------------------------------------------------
    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if you include this notice.
    -------------------------------------------------------------------------
    To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/
    Declan McCullagh's photographs are at http://www.mccullagh.org/
    Like Politech? Make a donation here: http://www.politechbot.com/donate/
    -------------------------------------------------------------------------
    



    This archive was generated by hypermail 2b30 : Fri Apr 25 2003 - 08:35:49 PDT