Experts: Cyberspace could be next target

[InfoSec News <isn () c4i org>]

http://www.usatoday.com/life/cyber/tech/2001/10/9/cyberwar-usat.htm

By Jon Swartz 
USA TODAY
10/09/2001 

SAN FRANCISCO For 3 years, a shadowy group of computer hackers has
broken into hundreds of computer networks and stolen thousands of
top-secret files on Pentagon war-planning systems and NASA technical
research. Dubbed the "Moonlight Maze" group, the hackers continue to
elude the FBI, the CIA and the National Security Agency, despite the
biggest cyberprobe ever. And while no one knows what is being done
with the classified information, some fear the thefts may be the work
of terrorists or that the information could be sold to terrorists.
"I'm not saying it is a terrorist group. But it could be," says James
Adams, senior fellow at the Center for Strategic and International
Studies, a research group chaired by former senator Sam Nunn.

What is clear is that the hackers' success exposes the vulnerability
of computer networks in the USA at the height of the information age.
A coordinated terrorist attack, experts say, could topple the
Internet, muting communications and e-commerce and paralyzing federal
agencies and businesses.

"We are picking up signs that terrorist organizations are looking at
the use of technology" to attack the USA, Congress was told last month
by Michael Vatis, director of the Institute for Security Technology
Studies at Dartmouth College and former head of the FBI's National
Infrastructure Protection Center.

Alarmed by the Sept. 11 attacks, government and security experts are
clamoring for the USA the world's most wired nation to craft better
cyberdefenses. They want tougher laws against hackers and more
resources and closer cooperation between agencies to thwart attacks.

While the Internet is now so dispersed that a debilitating physical
attack is unlikely, an electronic one could destabilize major parts of
the USA's communications grid and economy, government and security.

More than online stock trading would be affected. A successful
electronic attack could interrupt power supplies to millions of homes,
disrupt air traffic control systems, thus airlines, shut down water
supplies, cut off access to emergency 911 services and delay millions
of dollars in financial transactions.

That's because critical U.S. infrastructures are increasingly tied to
the Internet. And many government agencies and companies are
ill-prepared to defend themselves against cyberattacks despite
repeated warnings and hacker break-ins.

"Computer networks are the roads and bridges of the information age,"
says Stanton McCandlish of the Electronic Frontier Foundation, a
civil-liberties group. "They are prime terrorist targets."

Technologically savvy Sen. Robert Bennett, R-Utah, agrees: "There is a
real vulnerability and an opportunity for bad guys to inflict serious
damage."

The cyberstrikes that U.S. officials fear may not come from Osama bin
Laden's al-Qa'eda terrorist organization despite its broad use of
technology. That group seems intent on dramatic attacks on physical
symbols like the World Trade Center, experts say. The Internet, by
contrast, is a vast collection of millions of computers, network
switches, data lines, cables and satellites.

But cyberattacks could be launched by other terrorists or nations such
as Iraq that support terrorism and who government officials say are
developing cyberwarfare capabilities. During NATO airstrikes of Serbia
and Kosovo in 1999, some NATO Web sites were disabled by
Serbian-sponsored computer hackers, NATO says. And, in recent years,
Web sites for the Defense Department and White House have been shut
down by hackers.

'Most vulnerable society'

Cyberattacks grow more serious as the Internet grows more important.
Nearly $1 trillion in goods and services will be sold via the Internet
this year, market researcher Gartner says. And the Net is essential to
businesses and workers as a key communications tool. "The U.S. is the
most vulnerable society because we're the most wired," Sen. Bennett
says. Here is how experts assess the chances that a cyberattack would
succeed:

Very likely. Electronic warfare is the most feared threat. It could
come in the form of denial-of-service attacks, in which hackers
overwhelm Web sites with junk data, rendering them useless. Other
electronic attacks include computer worms and viruses malicious
computer programs that spread via the Net and can invade personal
computers and erase data, deface Web sites and clog up the Internet so
much that it, too, becomes useless.

This year, four computer worms and viruses rated as "high risk" by
leading security firms have cost companies and consumers $5 billion in
damage and cleanup costs. The "Nimda" worm, which infiltrated 1
million computers, slowed the Internet and forced some companies to
shut down employee Internet access. Earlier this year, the Code Red
worm knocked out public access to several major consumer Web sites.

Nimda surfaced after the Sept. 11 attacks. No evidence links either
worm to the attacks. But the proliferation of worms shows that few
systems are immune.

"The consensus among hackers is that the entire Internet
infrastructure can easily be disabled temporarily and in some cases
(for) a long time," says Peter Neumann, principal scientist of
research firm SRI International.

No wonder. Last year, the General Accounting Office, the investigative
arm of Congress, found that the 24 largest government agencies,
including the Defense and Treasury departments, inadequately protect
their computer networks. An August GAO audit of the Commerce
Department, which compiles economic data, showed that hackers could
gain access. Several months earlier, a probe into the Department of
Health and Human Services found similar weaknesses in that
department's network. The agency processed more than $200 billion in
Medicare expenditures in fiscal 2000. "We need a Manhattan Project for
counterterrorism technology," Vatis says.

Vulnerabilities have been known. In 1997, the Joint Chiefs of Staff
launched a cyberattack exercise, code-named Eligible Receiver, to test
computer defenses. Using hacking tools posted on the Internet, a team
of 35 hackers broke into the power grids of nine U.S. cities and
cracked their 911 emergency systems. Another group hacked Pentagon
computers, crippling U.S. war-planning operations. A second exercise
in 1999, code-named Zenith Star, exposed similar flaws in key
infrastructures.

Likely. State-sponsored computer warfare is aimed at the USA.

The electronic trail following the Moonlight Maze cyberthieves led in
1999 to a Moscow Internet address. But that could be a fake trail,
government officials say. One theory: The group is a "sophisticated,
well-funded national agency," Adams says.

More than 30 countries, including Russia and Iraq, have developed
"asymmetrical warfare" strategies targeting vulnerabilities in U.S.
computer systems. Because of U.S. military superiority, the countries
see electronic warfare as their best bet to puncture U.S. defenses,
military experts say.

American intelligence is closely monitoring China, which has
established a special information-warfare group. Pentagon officials
refer to it as "the Great Firewall of China."

A coordinated physical and electronic attack offers a more chilling
scenario. Terrorists blow up structures, then hack the power grid and
emergency systems in those cities, complicating rescue efforts.
Meanwhile, a computer worm wipes out financial records. "It's a
classic bin Laden tactic," says David Thompson, security analyst at
Meta Group. "It multiplies the effects of a physical attack."

Unlikely. The cutting of hundreds of fiber-optic cables which carry
Internet traffic between major hubs knocks out portions of the Net.
Such an operation would require intimate knowledge of where key data
hubs are, which only a handful of Internet firms know. It also would
require a herculean effort. Some fiber cables are underwater and
"you'd need a submarine," says Sunny Vanderbeck, CEO of Web-hoster
Data Return. Plus, such an attack would be short-lived because
Internet traffic would be automatically rerouted around damaged areas,
he says.

Very unlikely. The bombing of Internet facilities, such as major data
hubs, cripples the Internet. "Nearly impossible," says Weston Nicolls,
a former member of the National Security Agency now at security firm
Telenisus.

That's because the Internet resembles a cobweb of geographically
dispersed facilities. There are major routing hubs in Silicon Valley,
Washington, Chicago, Dallas and New Jersey, market researcher IDC
says. They link hundreds of Internet service providers and are fed
data from regional routing hubs in such cities as Los Angeles and
Miami. Then, there are miles and miles of cable, hundreds of Internet
data centers that run Web operations and thousands of satellites that
link companies to the Net.

Built to survive

Because there is no single key structure and many backup systems, any
successful attack would require a series of strategic bombings and
would take more time and skill than the Sept. 11 attacks, Internet
experts say.

"The Internet was built to withstand a nuclear disaster," adds IDC
analyst Steve Harris. "When (East Coast) phone service was down Sept.
11, e-mail was working all day. The Internet is resilient."

It would also require huge amounts of inside information from the
likes of AT&T, Uunet, Sprint and other telecom companies. Uunet, which
handles a significant chunk of global online traffic, has not
disclosed locations of its network hubs for years for competitive and
security reasons.

Also, once-vulnerable physical Internet locations have been made less
susceptible. MAE West is a carrier exchange located in San Jose,
Calif. It routes Internet traffic primarily in the Western USA. It and
its Eastern counterpart, MAE East, were once considered prime targets.

But, fearing attack, backup systems were set up in recent years. If
either is knocked out, traffic is automatically rerouted. "The
government built several more as insurance," says cybersecurity lawyer
Matt Yarbrough.

Still, more is needed many say. "Sept. 11 was an overdue wake-up
call," Neumann says. Lawmakers are pushing an antiterrorism bill that,
among other things, defines hacking of "secure" government computers
as terrorist acts. The Bush administration also named Richard Clarke,
who currently heads the government's counterterrorism team, to focus
on cybersecurity efforts.

"The U.S. Is a target," Bennett says. "But we're probably the most
capable to wage this kind of warfare if attacked."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.