Soon to be a movie Hackers could be planning major attack, says White House

[Dave Farber <dave () farber net>]

Subject: Hackers could be planning major attack, says White House

Hackers could be planning major attack, says White House
By Shane Harris
sharris () govexec com
A new computer worm infecting a popular World Wide Web technology is proof
that computer hackers have grown more sophisticated and could be preparing
a significant attack, according to a senior White House official.
Marcus Sachs, director of communication and infrastructure protection at
the White House Office of Cyberspace Security, said hackers driven to "the
back streets and back alleys of the Internet" by intense law enforcement
scrutiny following the Sept. 11 attacks have quietly been building new
threats. The new worm, widely known as Slapper, is a prime example of their
abilities, he said.
Officials believe millions of devices are vulnerable to Slapper, which is a
computer code that burrows into a server, the program that provides the
files that constitute Web pages. It enters through a well-known weakness in
the Secure Socket Layer (SSL) that connects servers to the Internet. Once
inside, the worm forces the server to seek out other infected machines,
forming an army of so-called "zombies" that could bombard Web sites with
bogus requests for information, causing a massive traffic jam on the
Internet.
The attack method, known as a distributed denial-of-service attack, has
been used to disrupt service on sites such as Yahoo! and eBay. Attacks last
year by other worms, such as Code Red and Nimda, caused billions of dollars
in damage and targeted some government Web sites, including a White House
server.
The Slapper worm was identified two months ago, but federal officials still
are concerned that many infected or at-risk organizations and individuals
haven't taken adequate steps to protect themselves. The FBI's National
Infrastructure Protection Center has found four variants of the worm, and
notes that rates of new infection have declined. However, the agency also
has warned that between 25,000 and 30,000 servers have already been
infected. A steady buildup of infections preceded the Code Red and Nimda
attacks.
Sachs said Slapper represents a "double barrel" feat of hacker engineering,
because it targets two well-known devices that have long been considered
quite secure. The Apache server the worm attacks and the hole in the SSL
connection through which it enters are open source products, meaning their
design is publicly available. Sachs said there has been a longstanding myth
that open source technologies are safer than proprietary systems because
their design can be improved by anyone who wants to examine them. The
Slapper worm is helping to dispel that notion, he said.
The SSL vulnerability exists on a number of products, but Slapper is
infecting only Apache servers that use the device.
Computer security experts believe Slapper is an evolution of previous worms
and viruses because it includes some of the capabilities of its
predecessors. It allows a remote attacker to hijack and command the
infected system, and it may cause network disruption when the zombie
systems communicate with one another, according to the Computer Emergency
Response Team Coordination Center, a federally funded security research
organization run by Carnegie Mellon University in Pittsburgh.
Some believe Slapper is a sign of threats to come. "These types of worms
have the potential of becoming the much bigger problem out there," said
Vincent Weafer, senior director of the Symantec Anti Virus Research Center
in Santa Monica, Calif., who worked with the FBI to investigate Code Red
and other worms.
Advisories from the center and the FBI list a number of steps to protect
systems against Slapper.

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To unsubscribe or update your address, click
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/