Cyberspace sentinels brace for trouble

[InfoSec News <isn () c4i org>]

http://rtnews.globetechnology.com/servlet/ArticleNews/tech/RTGAM/20021225/wcybe1225a/Technology/techBN/

Canadian Press
December 25, 2002

Vancouver - The fight against terrorism and the prospect of
hostilities with Iraq have the sentinels of cyberspace bracing for
trouble.

Experts say it's only a matter of time before someone mounts a
concerted, politically motivated attack on the Internet or a piece of
computer-dependent infrastructure such as the electrical grid.

Despite growing security awareness, especially in the wake of the
Sept. 11, 2001, terrorist attacks, many critical systems remain open
to intrusion and disruption, authorities in both the private and
public sectors agree.

"The problem at this point is that the vulnerabilities are so numerous
one has a hard time trying to decide where to start," said Andrew
McAllister, director of cyber protection at the federal Office of
Critical Infrastructure and Emergency Preparedness.

There's no published evidence such a strike has taken place yet and
some experts believe cyber attacks remain more of a nuisance threat
for now.

The Canadian Security Intelligence Service, responsible for assessing
the cyber threat, won't reveal which potentially hostile groups or
countries have the capability.

A July 2001 CSIS report, citing U.S. sources, included Iraq on a list
of countries developing the ability to mount "information operations."

But it's inevitable a terror group or hostile state will try
something, said Michael Vatis, director of the Institute for Security
Technology Studies at Dartmouth College in New Hampshire.

"Frankly, I've been a little bit surprised that we haven't seen
something yet from al-Qaeda or one of its sympathizers because of the
ease and low cost of doing it," he said. "That's why I do believe it's
just a matter of time."

Mr. Vatis was the first director of the U.S. National Infrastructure
Protection Centre, founded in 1998 and under FBI control before
becoming part of the new Department of Homeland Security.

The centre served as a model for Mr. McAllister's two-year-old agency,
which operates under the Department of National Defence.

It's true, said Mr. Vatis, that to date cyber attacks have added up
mostly to costly disruptions of e-commerce and Web vandalism by what
Mr. McAllister called "hacktivists."

Mr. Vatis said he doesn't even use the term cyber terrorism because
it's misleading.

But a study that Mr. Vatis did in the wake of Sept. 11 found cyber
attacks increased concurrent with political flare-ups in the Middle
East, between Indian and Pakistan and the war in Kosovo.

Mr. Vatis said he believes hostile countries may be more of a threat
than terrorists.

"I think it really behooves the U.S. and its allies to prepare for the
eventuality of cyber attacks against us, especially when we engage in
any sort of conventional military action or response in cyberspace,"  
he said.

The redundancies built into critical systems make it hard for any one
cyber attack to bring a country to its knees, David Charters of the
Centre for Conflict Studies at the University of New Brunswick has
said.

But the tools for cyber attacks are readily available for terrorists
or others who want them.

"I don't think we know enough to say whether they have it now or not,
given the ease with which the capability can be acquired by anybody,"  
said Mr. Vatis. "You can literally go and download the capability from
a hacker Web site."

One of the most serious recent attacks occurred in October, knocking
out three of the world's 13 Internet domain-name root servers, which
verify Internet addresses for Web surfers.

Traffic was rerouted to backups but the Internet could have been
crippled if more of the servers been shut down.

There are between 65,000 and 70,000 virus and malicious code threats
worldwide, said Vincent Gullotto, senior director of research at
antivirus software-maker McAfee.

Mr. Gullotto said the purveyors are still largely traditional hackers
out to make a name for themselves.

"We haven't really seen anything from my perspective that purely says
al-Qaeda's been involved or somebody that works for some
fundamentalist group," he said.

"We have seen virus writers add into their mix here and there some
political statement."

But governments and corporations are reluctant to publicize serious
attacks, Mr. Gullotto added.

"If someone from al-Qaeda has found a way to hack themselves into some
Department of Defence operation, we're not going to hear about that,"  
he said.

One ominous trend has been a change in the origin of attacks, said
John Gantz, chief research officer for Boston-based IDC Inc., an
information-technology consulting firm.

Until a year ago, about 60 per cent of intrusions into corporate
systems came from inside — disgruntled or larcenous employees. Today
it's reversed.

"We basically believe a war with Iraq will galvanize the hacker parts
of the terrorist factions," said Mr. Gantz.

System security has become the No. 1 priority among chief executives,
he said, and spending on security-related software is the fastest
growing area of information technology.

"Security is now becoming more important than usability," added Mr.  
McAllister.

But he said the problem is computer networks have evolved with
openness in mind.

"You'd assume hopefully that nobody else would want to do anything bad
to your system," said Mr. McAllister. "We can no longer make those
assumptions.

"So now we're stuck with systems that have been developed and written
for usability, openness and remote access. The question is, who's
remotely accessing your system now?"

Mr. McAllister agreed that it takes a highly skilled person to do
serious damage but said the expertise is spreading rapidly.

"It only takes one to show up in your Internet back yard to really
ruin your day," he says. "So really what we're finding is it's not a
question of if, it's a question of when."

The approach to defending against such attacks worries the experts.

As recently as last July, the U.S. General Accounting Office — similar
to Canada's Auditor-General — warned of "pervasive weaknesses" in
federal information security.

"Because of our government's and our nation's reliance on
interconnected computer systems to support critical operations and
infrastructures, poor information security could have potentially
devastating implications for our country," Robert Dacey, the office's
director of information-security told a congressional hearing.

That interconnectedness links government and industry and spans
borders, Mr. McAllister noted.

"Everything's so interdependent now that the ripple effect of an event
in one sector or one set of services has a more profound impact on
other services now," he said.

Key sectors, such as banking and air-traffic control, may have
hardened computer systems but other industries may not be doing all
they should, said Mr. Gantz.

"One of the fastest-growing software package areas is intrusion
detection," he said. "They're putting in the software but they're
still not necessarily manning a desk 24-7 to see if there is an
intrusion."

Mr. Vatis said tracing and countering cyber attacks also becomes more
difficult outside the small group of developed countries such as
Canada, Britain and the United States that traditionally work
together.

"As Internet use increases much more rapidly in developing countries,
for instance, I fully expect to see that problem of non-co-operation
grow significantly," he said.


INTERNET THREATS

Web defacement and semantic attack: Often politically motivated,
vandalizing Web sites or subtly changing Web page content with false
information.

Domain-name service attack: Interfering with domain-name servers that
verify Internet address and connect Web surfers to sites, redirecting
them to incorrect or counterfeit sites.

Distributed denial of service attack: Common hacker attack that swamps
system with information requests, dangerous if highly co-ordinated
against key infrastructure such as banking, communications and
transportation.

Worms: Often harmless attacks that exploit weaknesses in software but
considered a cheap method of delivering a destructive attack if
necessary.

Attacks on routers: Routers are the Internet's traffic cops. Systems
considered less vulnerable than other computers but lack of diversity
leaves them open to knockout punch if attacker can find a flaw.

Infrastructure attacks: Vulnerabilities of systems that control
financial institutions, voice communications, electrical grid or water
distribution not well understood.


Source of threat list: Cyber Attacks During the War on Terrorism, by
Michael Vatis



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.