The paranoia that paid off

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.guardian.co.uk/online/story/0,3605,941970,00.html

April 24, 2003
The Guardian 

The war in Iraq was supposed to dramatically raise the likelihood of a
major cyberterrorist attack against the US and its allies. Some even
predicted a "digital Pearl Harbor", an electronic assault that could
have shut down power plants, crippled the banking system, or disabled
the air traffic control network.

DK Matai, chairman and chief executive officer of the internet
security firm mi2g, predicted that it was highly likely that "the
launch of a physical attack on Iraq will see counterattacks from
disgruntled Arab, Islamic fundamentalist, and anti-American groups".

Now with the war winding down, fears that Iraq, al-Qaida or even
sympathetic hackers in Russia and China would open up a second front
in cyberspace have turned out to be completely unfounded, with little
or no evidence that either they or anyone else engaged in
cyberterrorism. What happened?

Quite simply, the expected attacks just never materialised. According
to Tim Madden, a spokesman for Joint Task Force-Computer Network
Operations (JTF-CNO), created by the US Strategic Command to handle
network defence and attack, there has been no significant increase in
attempts to infiltrate US military computers since the war began.

Internet security firms confirm that since mid-March, the level of
activity has been almost normal. "We are seeing the same number of
attacks today as we were seeing two months ago," says Vincent Weafer,
senior director of Symantec Security Response. "We just haven't seen
much evidence of any targeted attacks."

The same cannot be said of US activities. It is widely assumed that
JTF-CNO engaged in hacking and electronic warfare against Iraq's
telecommunications and information infrastructure, although the
Department of Defense refuses to provide any specific details due to
the classification of the operations.

There were some instances of war-related hacking over the past few
weeks, but nothing that would be considered cyberterrorism rather than
cybervandalism. Most of what has been seen, apart from a few
opportunistically timed worms and viruses, is a large number of
website defacements, the online equivalent of graffiti. Mikko
Hypponen, the manager of anti-virus research at internet security firm
F-Secure, estimates that altogether, there have been approximately
20,000 website defacements, both pro- and anti-war, since mid-March,
with the vast majority taking place within the first few days.

Website defacements occur frequently, regardless of whether there is a
war going on, and generally do not result in the sort of disruption or
economic damage that can be caused by a virus or worm.

Brian Martin, a security expert with Attrition.org, believes that many
would have been done anyway: "There is absolutely no way to say if it
is up or down, or if these are just targets of opportunity and
[hackers are finding] a different justification for their activity
than the day before."

The Unix Security Guards, a pro-Islamic group with members in Egypt,
Morocco, Kuwait and Indonesia, are thought to be responsible for
hacking hundreds of US government and commercial websites, inserting
into many of them the message that the group was part of the "New Era
of Cyber War We Promised". And despite the FBI cautioning pro-US
hackers against engaging in "patriotic hacking," a group calling
itself the Patriot, Freedom Cyber Force Militia hacked the website of
the Arabic satellite news channel al-Jazeera.

There's curiously little proof that al-Qaida or other terrorist groups
are engaging in cyberterrorism. Robert Andrews, a congressional
representative from the state of New Jersey and a member of the House
select committee on homeland security, concedes that there is "no
evidence on the public record" that any terrorist group has ever
launched an attack on the information infrastructure of the US.

It turns out that the vast majority of network intrusions and hacking
attempts against US computers aren't the work of terrorists hiding out
in caves along the Pakistan/Afghanistan border, or hackers in Russia
or China, but originate within the US. One security firm estimates
that 86% of all "security events" can be traced back to the US. A
crippling hacker attack against America is more likely to be the work
of bored high-school students than al-Qaida.

For example, in 1998, while the US was preparing to launch air strikes
against Iraq in Operation Desert Fox, the Pentagon discovered that its
computer networks had been compromised by an attack that appeared at
first to be the work of either several governments in the Middle East
working together or perhaps even Iraq itself. An investigation by the
FBI revealed the culprits to be two teenagers in California.

Some security experts wonder whether it makes sense to emphasise
cyberterrorism when there is a more immediate danger from cybercrime
and other online maliciousness. The SQL Slammer worm, which struck
computers earlier this year, causing considerable damage, is not
believed to be the work of either terrorists or a hostile government.

"Our networks really are insecure, and there is lots and lots of
crime: that is our biggest problem," says Bruce Schneier, founder and
chief technical officer of Counterpane Internet Security. His hope is
that companies strengthening their security in response to the
perceived risk of cyber terrorism will have the net effect of reducing
what he sees as the real danger -the rising level of criminal activity
online.

There is even a chance that what Schneier hoped for came to pass
during these past few weeks and that the real reason there were no
successful attacks is not because none were attempted, but because
security was adequately strengthened beforehand.

In anticipation of the war, many companies began paying more attention
to the threat of hacker attacks, and beefed up security. Madden says
that because the Department of Defense is forced to "defend its
computer networks against intrusions every day, we had to do very
little to prepare our networks for possible conflict beyond taking
extra precautions to ensure we properly configured our networks and
properly patched our software".

Even if the risk of cyberterrorism during the war was overstated, the
threat of a serious attack by a rogue nation or a terrorist group
remains very real, according to US government agencies.

Recent reports by the FBI and the Department of Homeland Security have
outlined the continuing danger of terrorist groups turning to the
internet. One particular concern is that cyberterrorism might be timed
to coincide with a physical terrorist attack, such as bombing a
building while simultaneously disabling the emergency response system,
to ensure that the maximum number of lives were lost.

Marcus Corbin, an analyst with the Center for Defense Information,
speculates that given the recent show of American military superiority
in Iraq, cyberterrorism might prove attractive to extremist groups
looking for a more level playing field on which to fight.

"The wish, after Iraq, to hurt us will be stronger, so interest in
attacking us through electronic means will grow greatly," he says.  
"Whether those attacks will succeed will depend on how well we can
defend our systems."

Congress Andrews predicts that if the US does not find a way to make
its critical infrastructure more secure, there will be a "significant
cyberattack within the next five years, whether it is on the 911
emergency response system, the power grid, the banking system or the
air traffic control system".

Counterpane's Schneier contends that these kinds of attacks are harder
to execute than simply hacking a server, since most of the computers
critical to running power plants and air-traffic control systems are
usually not connected to the internet.

Disrupting the internet with worms or denial-of-service attacks is not
particularly attractive to terrorist groups since they lack the impact
of a bombing or hijacking. "Not being able to access the internet does
not induce terror or fear in people. Terrorists are out to cause fear,
not inconvenience," he says.

And even should a cyberterrorist attack prevail and shut down the
power grid or disrupt the emergency response system, "these sorts of
outages and problems tend to happen by accident already, so we have
workarounds for them", Schneier argues. "What we don't have
workarounds for are people flying planes into buildings or blowing up
embassies."


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.