U.S. Heightens Cybersecurity Monitoring

[Dave Farber <dave () farber net>]

http://www.washingtonpost.com/wp-dyn/articles/A46583-2003Mar18.html

U.S. Heightens Cybersecurity Monitoring

By Robert MacMillan
washingtonpost.com Staff Writer
Tuesday, March 18, 2003; 1:19 PM

The Department of Homeland Security is boosting efforts to monitor the
Internet for cyberterrorist and hacking incidents as the nation readies for
war against Iraq.

The announcement was tied to the department's decision last night to raise
the national terrorist threat level to "code orange," indicating a high
risk of terrorist attack. The level was raised after President Bush set a
48-hour deadline for Iraqi leader Saddam Hussein to leave his country or
face a U.S.-led invasion.

"We will continue to monitor the Internet for signs of a potential
terrorist attack and state-sponsored information warfare," Homeland
Security Secretary Tom Ridge said in a press conference Tuesday morning to
announce Operation Liberty Shield, a broad effort to heighten security
throughout the country.

The department said it would work with other government agencies to guard
against cyberattacks, and asked the private sector and Internet users at
large to report "unusual activity or intrusion attempts to DHS or local law
enforcement."

Cybersecurity experts have said during the past several months that an
online attack is more likely as the nation moves toward to war.

"The thing that's interesting is that hacking attacks may not do a lot of
damage, but we'll probably see a lot of interest [from] skilled programmers
in the Middle East, China and Pakistan," said Jim Lewis, director of the
Technology Program at the Center for Strategic and International Studies in
Washington. "We probably will see an effort to do something back [to us]."

Despite the higher possibility of online aggression, the DHS announcement
adds nothing new to the government's cyber-defense measures, said Alan
Paller, research director for the SANS Institute, a security research and
education group based in Bethesda, Md.

"It sounds like what they've been saying each time they raise the alert
level: We're alert, but we're going to be even more alert now," he said.

Homeland Security Department spokesman David Wray acknowledged that the
cybersecurity alert is "nothing different than our previous orange alerts"
issued by the agency.

"The whole purpose of a more active, defensive posture is to make it more
difficult to create the kind of mischief or direct harm that could occur
[from an attack]," he said.

There have been no "specific indications" of an attack, Wray added.

Lewis called the DHS announcement a "feel-good" measure. "[I]t's something
you have to do. It's like on the airplanes when they take off and they say,
'Does everyone have their seatbelt fastened?'"

Most hackers are often more interested in attention than destruction, Lewis
noted, citing "script kiddies" who might deface a government homepage with
the digital equivalent of graffiti.

More pernicious would be an assault on the Internet's underlying
infrastructure. Last October's denial-of-service attack on the Internet's
key root servers was labeled by some experts as the largest ever.

There have been several recent indications that hacking activity continues
unabated.

Last week, hackers exploited a previously unknown security flaw in
Microsoft's Windows 2000 Server to break into an undisclosed number of U.S.
Army computers, according to TruSecure, a Herndon, Va.-based security
company.

The vulnerability resides in one of the Internet's most widely used Web
server platforms. Hackers can exploit the weakness to take control of an
unprotected computer, which then can be used to launch attacks against
other systems. The attack came days after security researchers warned users
to be on the lookout for a new version of the "Code Red" virus, a worm that
first appeared in the summer of 2001 that exploits other holes in the same
Microsoft software.

Much like its predecessor, the new Code Red virus is programmed to spread
for nearly three weeks before "waking up" and directing the collective
power of all infected machines to attack the White House Web site. The worm
is unlikely to do much damage, however, because it exploits a well-known
security hole that most system administrators have already patched,
security experts said.

The government recently consolidated many of its cybersecurity operations
into newly created Homeland Security Department in an attempt to centralize
its Internet monitoring and protection activities.

Among the additions to the department is the Global Early Warning
Information System, which will use data from the telecom sector to monitor
the flow of Internet traffic. Another project, the Cyber Warning
Information Network, is expected to function as a separate data network
that government officials and the communications industry can use as a
hotline in case an attack takes out the World Wide Web and traditional
telephone communications.

washingtonpost.com staff writer Brian Krebs contributed to this report.



------ End of Forwarded Message

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/