Warning on Iraqi Hackers and U.S. Safety

[InfoSec News <isn () c4i org>]

Forwarded from: Richard Caasi <rcaasi () ucsd edu>

http://www.nytimes.com/2003/01/17/technology/17HACK.html

By ERIC LICHTBLAU 
January 17, 2003
 
WASHINGTON, Jan. 16 - Intelligence officials are concerned that a
recent rise in electronic attacks against government and military
computer networks in the United States may be the work of pro-Iraqi
hackers and could signal a "potential crisis" in national security,
according to a classified F.B.I. assessment.

The assessment, prepared last week by the National Infrastructure
Protection Center at the Federal Bureau of Investigation, warned
intelligence officials that the attacks, which have been relatively
limited, are likely to grow more widespread and "more dangerous" as
tension over a possible war against Iraq grows.

American intelligence analysts say they have long been concerned by
the notion that Al Qaeda could use computers to wage terror -
disrupting water treatment plants or nuclear facilities, for instance.
Experts say the link between Iraq and computer hacking may have been
underestimated and poses a growing threat to United States security.

"Iraq is certainly among the places in the world that we think a
cyberattack might well be launched from," Representative Robert E.
Andrews of New Jersey, a Democrat on the House Armed Service Committee
who has been active on cyberwarfare issues, said in an interview.

Mr. Andrews noted that computer attacks were difficult to trace and
could be damaging, which he said met Iraq's goals. "A cyberattack
really fits Saddam Hussein's paradigm for attacking us," he said.

No one appears to have been arrested in the attacks, and the F.B.I.
assessment did not divulge the number of recent hackings or how
successful they were. Nor did it disclose how the authorities traced
the motive or origin of the attacks, but it blamed "ideologically
motivated, pro-Iraq" hackers who have expressed opposition to United
States activities in the Middle East and support for Islamic
extremists.

There is some skepticism over whether Mr. Hussein's regime has the
technical capability or the desire to initiate such attacks.

Gordon Johndroe, a spokesman for the Department of Homeland Security,
said, "We are concerned about groups sympathetic to Iraq" hacking into
government computer systems. But he added that there was no evidence
that Mr. Hussein's regime had done so.

"I wouldn't tie this in to a state-run operation," Mr. Johndroe said.
"Iraq is more interested in obtaining weapons of mass destruction -
chemical, biological and nuclear - than in pursuing the sophisticated
skills and equipment necessary for a successful cyberattack."

Officials at Iraq's mission to the United Nations did not return phone
calls seeking comment.

Military and F.B.I. officials declined to discuss the Iraq issue
specifically. In a statement, the bureau acknowledged that in general,
as international tensions increase, cybercrime "often escalates."

"It can be state sponsored or encouraged, or come from domestic
organizations or individuals independently," the statement said.

The military said it worked constantly to prevent hacking at the 3
million computers and 10,000 local area networks in its information
infrastructure.

"The fact is, we are attacked and we defend on a daily basis," said
Tim Madden, a spokesman for Maj. Gen. J. David Bryan, commander of the
military's Joint Task Force-Computer Network Operations.

Mr. Madden said, "Less than 2 percent of those attacks are successful
in that the intruders gained root-level access."

But American military analysts have become so concerned about the
recent increase in activity that last week they raised the alert
status on the threat of pro-Iraqi hackers to the level of a "possible
crisis," the F.B.I. assessment said. Military officials declined to
explain how the threat system works or the reasons any changes might
be made.

The assessment said recent computer disruptions have included Web
defacements, "denial of service" attacks that can disrupt or paralyze
a network, and hacking "probes" and "scans" aimed at testing the
vulnerability of a network.

The F.B.I.'s assessment described these recent disruptions as
relatively low level. But it warned that as tensions with Iraq
escalated, "more dangerous courses of action" by Iraqi-affiliated
hackers - including more widespread denial-of-service attacks and the
injection of worms or viruses that can damage programs - were
"increasingly possible."

The F.B.I. predicted that "hacking activity will continue during the
next 90 days and will increase as allied pressure on Iraq mounts."

The report said hacker groups controlled hundreds of automated search
robot networks that could be used to attack government systems. And it
warned that many powerful, easy-to-use tools were available on public
Internet sites.

Michael Vatis, former director of the F.B.I. cybercrime unit, said
even relatively unsophisticated hackers could significantly damage
systems that control a wide range of national security interests.

Iraq is thought to have been developing an information warfare program
in recent years, but it is probably lagging behind more sophisticated
countries like China and Russia, said Mr. Vatis, who is now director
of the Institute for Security Technology Studies at Dartmouth College.

"I would suspect they're at a middling stage," he said. "But even a
middling capability can cause serious harm."

Mr. Vatis cautioned that tracing an electronic attack is a notoriously
difficult task. In the case of denial-of-service attacks, hackers can
hide their identities by penetrating hundreds of computer networks and
turning them into "zombies" to use against a target system, he said.

He pointed to an episode in 1998 in which hackers penetrated United
States military computers and briefly disrupted troop exercises in the
Persian Gulf. The authorities originally suspected Iraqi agents, but
they ultimately traced the attack to two California teenagers.

"You can't assume that your military adversary is responsible," Mr.
Vatis said.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.