Re: Prospect of Iraq conflict raises new cyberattack fears

[InfoSec News <isn () c4i org>]

Forwarded from: joerg () fs is uni-sb de
Cc: DAN_VERTON () COMPUTERWORLD COM

Please see my comments inside.

> If history is a guide, any Bush administration plan to remove Saddam
> Hussein from power in Iraq would likely set off a firestorm of
> hacker activity targeting U.S. networks and infrastructure.

Pardon my ignorance, but could someone point me to a substantional
attack against US "infrastructure"? It is well possible that there
might be an increase in site defacements with anti-US, anti-war,
pro-Saddam, whatever else messages. Is that an attack on
infrastructure? I doubt that.

> And those attacks could be greater in number and affect a broader
> cross-section of U.S. businesses than anything seen before,
> according to intelligence experts.

Then again, they could be insignificant and noticed by noone but the
good folks at alldas. Which 'experts' are quoted here?

[snipped]

> However, any significant expansion of the U.S.-led war against
> terrorism, including an invasion of Iraq, could unleash an
> unprecedented wave of hacker activity, intelligence and security
> experts said.

> A second group includes a mixture of U.S. and European-based antiwar
> hackers, said Shaw. "Think about [groups] of young, liberal, elite,
> Western-educated youth [coming out] against the war. It would be a
> lot smaller than the Vietnam generation but could still be potent,"
> he said.

Is there any evidence at all that there indeed IS a group of young,
liberal, elite, western-educated youth hacking against war in Iraq?
Other than self- proclaimed patriots defacing web sites, that is?

> Ruth David, former director of science and technology at the CIA and
> now CEO of Analytic Services Inc. in Arlington, Va., said an
> orchestrated attack exploiting well-known vulnerabilities could be
> launched with little regard for precise targeting, and could cause
> significant disruption and financial loss to the "softest targets,"
> the bulk of which are in the private sector.

This seems to be illogical to me. Either there is an targeted attack,
a "firestorm" aimed at US infrastructure, or there is an attack with
little regard for precise targeting (however that my be
"orchestrated"). Now, the latest Apache worm was pretty much without
targeting. Does that count as an attack on national infrastructure?
Has there been "significant" disruption in the private sector?

> The Bush administration has formally stated that it is the policy of
> the U.S. to respond to cyberattacks by any means appropriate,
> including military action.

I'm sure that the hax0rs of the world fear a cruise missile strike
against their home while defacing another misconfigured box.

> "Such an attack could significantly debilitate U.S. and allied
> information networks," the Dartmouth study concluded. That report
> was written under the guidance of Michael Vatis, a former director
> of the FBI's National Infrastructure Protection Center.

What attack could? The attack on US infrastructure mentioned in the
first chapter? Or the attack on business ("soft spots")? Or maybe the
orchestrated non-targeted attack exploiting well-known security holes?
If it it is possible to disrupt "U.S. and allied information networks"
exploiting well-known security holes then I'm sorry but they'd get
what they deserve. Otherwise I can't see a connection between some
sort of worm, a group of hackers or a bored teenager owning a couple
of boxes with ssl, sshd or whatever and US military information
networks, with a DoS being a possible exception.

> "Since Sept. 11, companies have had to re-examine the various types
> of crises that can impact them, from bioterrorism to computer
> terrorism," said Steve Wilson, president of The Wilson Group, a
> crisis management consulting firm in Columbus, Ohio. "However, it's
> not just the typical hacker they have to be concerned with now. They
> can just as easily be a terrorist target as any government
> installation."

Do they? How is Sept. 11 connected to this? I've yet to see the
powerful cyber attack that takes out critical infrastructure or bigger
parts of the economy in connection with terrorism. Unless a bored
hacker somewhere in the world DoS-ing an ISP because of some IRC war
is labelled a "terrorist" these days.

Best regards,

Jörg




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.