Fanatics with Laptops: The Coming Cyber War

[InfoSec News <isn () c4i org>]

Forwarded from: Bob <bob () globaldevelopment org>

http://www.newsfactor.com/perl/story/17784.html

Fanatics with Laptops: The Coming Cyber War
By Tim McDonald
NewsFactor Network
May 16, 2002

The blossoming of the Internet and its universal adoption have
reinforced a trend toward interdependence of the world's political,
economic and social systems.

That increasing interdependence, however, becomes frightening when one
considers that a next-generation cyber terrorist will likely not
represent an aggressive world power.

In terms of present-day vulnerability, such a terrorist could simply
be a lone fanatic wielding a laptop. And the damage could be
staggering.

'Asymmetric Warfare'

A study by the Rand Corporation in the mid-1990s found that it would
be absurdly inexpensive to embark upon a cyber war.

The military call it "asymmetric warfare," which means that the
disadvantaged side must use unconventional weapons against the
wealthier side if it is to have any chance of winning.

Any country that can scrape together the price of a computer manual
and that has a basic understanding of information systems
infrastructure can train and motivate a misguided "patriot."

Anonymous Warfare

Due to recent advances in "attack technology," cyber warfare can be
waged remotely and anonymously. This approach would make it much
harder to find an attacker than it is, for example, to root out Al
Qaeda forces along the border of Pakistan and Afghanistan.

"Because of the advances in attack technology, a single attacker can
relatively easily employ a large number of distributed systems to
launch devastating attacks against a single victim," according to a
report by the Computer Emergency Response Team (CERT), a major center
for Internet security at Carnegie Mellon University.

"As the automation of deployment and the sophistication of attack tool
management both increase, the asymmetric nature of the threat will
continue to grow," the report said.

New Tactics: Poison and Hijacking

CERT pointed out that the number of newly discovered flaws and
vulnerabilities in computer software and Internet infrastructure more
than doubles each year.

Attackers are finding more ways to bypass firewalls and other security
roadblocks. Some of the newer -- and nastier -- tactics involve
attacks on the Internet domain name system (DNS), including cache
poisoning and domain hijacking.

Hackers are increasingly able to disguise the nature of attacks with
anti-forensic tools and "polymorphic" attack tools that evolve
rapidly, even while they are in the act of attacking.

"In the last six months, I would say that we've seen their firepower
increase -- we've seen them knock whole ISPs off the Net," SANS
Institute director Stephen Northcutt told NewsFactor.

"It's pretty hard to know what they're doing at the nation-state
level, but I'd say there's very little doubt they have the same
capability," Northcutt said.

Continuing Consequences

Businesses, especially large corporations, are becoming targets with
increasing frequency. In the right hands, cyber attacks could wreak
untold damage.

According to a CERT report, "[Such attacks] would likely cross
boundaries between government and private sectors and, if
sophisticated and coordinated, would have both immediate impact and
delayed consequences.

"Ultimately, an unrestricted cyber attack would likely result in
significant loss of life as well as economic and social degradation,"
the report added.

War Could Spill Over

As the Arab-Israeli conflict continues to escalate, the odds of a
full-scale cyber war grow. The first Arab-Israeli cyber war erupted in
2000, when Israeli hackers attacked the site of a Hezbollah group in
London. Arabs retaliated by attacking the main Israeli government site
and the Israeli Foreign Ministry's site.

Israel, like the United States, is a prime target. The tiny country
has roughly 1.1 million Internet connections -- more than the number
of connections in all 22 Arab countries combined -- and its economy is
increasingly Internet-dependent.

Arab terrorists also have made it clear that they are aware of which
U.S. corporations do business with Israel. One such company, Lucent
Technologies, found itself under attack in the last Israeli-Arab cyber
skirmish.

U.S. Defenses Improving

How prepared is the United States? Not very, according to analysts.
There has been some improvement, such as the Clinton Administration's
10-step National Plan for Critical Infrastructure, drafted in 1999.

Only in the past year has action been taken, however, by opening
serious discussions about creating separate networks for critical
federal agencies; granting computer security scholarships in return
for national service; and increasing the budget for computer security.

Using students from U.S. military academies as attackers, the
Department of Defense has been running cyber security exercises
against the National Security Agency, the U.S. Air Force's 92nd
Information Warfare Aggressor Squadron, and the Army's Land
Information Warfare Activity.

What they have learned is that the "install-and-patch" system does not
work, especially against a concentrated attack. Operating systems,
they have concluded, need to be designed more securely from the
outset.

Special Response Teams

Federal agencies have been required for two years to report hacking
incidents or cyber attacks to the General Services Administration's
(GSA) FedCIRC.

The GSA, for its part, has been pushing for government agencies to set
up special response teams so that incidents can be reported quickly
and completely, allowing for detection of trends and establishment of
effective counterstrategies.

NASA set up such teams in 1993, while the Federal Aviation
Administration established a team in March, and the Veterans Affairs
agency has taken steps to follow suit.

"September 11th raised awareness," said Sallie McDonald, assistant
commissioner for the Office of Information Assurance and Critical
Infrastructure Protection.

"When agencies started dusting off their disaster recovery plans, they
realized they need to have cyber-disaster recovery plans, too," she
said.

As events in Israel recently have shown, one person with a bomb
strapped to his or her body can take a large economic toll, at an
incalculable human cost.

An equally fanatical individual, with a little more knowledge and a
much lighter load, can, if we do not defend against it, use a laptop
to do unimaginable damage at no personal cost whatsoever.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.