U.S. may face net-based holy war

[William Knowles <wk () C4I ORG>]

http://www.computerworld.com/cwi/story/0,1199,NAV47-81_STO53940,00.html

By DAN VERTON
November 13, 2000

As hacker groups in the Middle East threaten to launch a
"cyber-Jihad," or electronic holy war, against companies with ties to
Israel, security experts said Internet security at most U.S. companies
remains woefully inadequate to defend against such attacks.

Pro-Palestinian hacker groups, some of which have links to
international terrorist Osama bin Laden and anti-U.S. terrorist
organizations, have vowed to launch a new round of cyberattacks as
part of an ongoing wave of violence that began this fall between
Israelis and Palestinians. As of last week, pro-Palestinian hackers
had attacked as many as 40 Web sites around the world, and pro-Israeli
groups had hit more than 15.

To date, both sides have managed to penetrate Web servers and deface
Web pages as part of a sustained disinformation campaign, and they
have also been successful in keeping major service providers off-line
through various denial-of-service techniques.

Just last week, hackers attacked Lucent Technologies Inc. However, a
spokesperson for the Murray Hill, N.J.-based company said that no
damage was done and that it was "business as usual" for the site.

A spokesman for the FBI confirmed that the attacks "have moved beyond
what we've seen in the past in terms of sophistication." In fact, some
hackers have been sharing information on specific port vulnerabilities
on individual systems, the spokesman said.

Security and intelligence experts warn that pro-Palestinian groups
have entered a new phase in the conflict that aims to attack "Zionist"
e-commerce sites in the U.S. and Israel, as well as other high-profile
sites that could help publicize their cause.

An intelligence report issued by Internet security firm iDefense Inc.
in Fairfax, Va., uncovered evidence on hacker message boards that
popular U.S. Web sites such as those of Yahoo Inc., CNN and AT&T Corp.
might be on the list. Those companies declined to comment.

There are also clear signs that plans may be in the works for a major
denial-of-service attack against U.S. sites. A pro-Palestinian group
known as Unity has said publicly that if its Web sites are hacked by
opponents, it will begin "attacking Zionist e-commerce sites with
millions of dollars of losses in transactions."

In another case, a member of the Xegypt hacker group who goes by the
name ReALiST posted a message on an Arab hacker bulletin board asking
for help to do just that.

"I'm thinking of installing [Tribal Flood Network 3000] servers and
doing the CNN.com and Yahoo.com thing again any one in, mail me quick
[sic]," the message stated.

Pro-Palestinian hackers have also deployed a FloodNet-type tool known
as "defend," and are currently using it to attack at least seven
targets, according to iDefense.

Defend requests nonexistent pages on targeted sites by calling for Web
site addresses based on the current date to defeat Web-cache-related
security mechanisms, which in the past have prevented hacker
penetrations.

Unheeded Warning

The FBI and security vendors have been issuing warnings about such
attacks, but most U.S. companies nonetheless remain unprepared for
them, experts said.

One recent audit showed that 97% of U.S. firms are vulnerable to the
tactics being used by pro-Palestinian hackers, according to Peggy
Wiegle, CEO of Sanctum Inc., a Santa Clara, Calif.-based company that
has helped defend Israeli government Web sites.

For example, Wiegle said, most sites don't have security software
installed that is capable of blocking hackers who break into back-end
systems through vulnerable Web browser applications such as shopping
carts.

"A badly protected Web site is like a portal into your back-end
systems," said Wiegle.

And timing could be an important factor as U.S. retailers enter what
they expect could be a $19 billion online holiday-sales season. Any
disruption to the holiday season would certainly "make a lot of
noise," said Richard Hunter, managing vice president and research
director for e-metrics at Stamford, Conn.-based Gartner Group Inc.

"Timing is key, because timing is linked to publicity," Hunter said.

However, while attacks could put a temporary damper on online sales,
any large-scale economic impact resulting from such attacks is
unlikely, said Steven Aftergood, an intelligence specialist at the
Federation of American Scientists in Washington.

Martin Libicki, a defense analyst at the Washington-based policy think
tank The RAND Corp., said he agreed and added that the tactics of the
pro-Palestinian hackers may actually hurt their cause.

"Palestinian strategy should attempt to separate the United States
from Israel," Libicki said. "This clueless tactic cannot help but do
the opposite."


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".