Ottawa aiming to thwart cyber-terrorists

[InfoSec News <isn () c4i org>]

http://www.globetechnology.com/servlet/story/RTGAM.20030626.gttwcybe/BNStory/Technology/

By CHRISTOPHER GULY
Special to The Globe and Mail 
June 26, 2003

OTTAWA - Stepping up its war against on-line terrorism, the federal
government is launching an effort to anticipate and stop cyber-attacks
before they happen.

In addition to having agents scour the Internet to get the latest buzz
from hacker chat groups, a key tool available to Ottawa could be
so-called honey pots -- special decoy computer systems placed on the
Net that are designed to be easily penetrated and gather detailed
information about attacks, including the techniques perpetrators use.

"We've been really good at fixing problems, but we now want to build
on that experience to work with Canada's allies, federal government
departments and private sector organizations in being able to analyze
the types of threats and attacks we need to prepare for," Tim Larson,
spokesman for the Communications Security Establishment (CSE), an arm
of the Department of National Defence, explained at a recent symposium
in Ottawa.

Simon Gauthier, who last month became the federal government's deputy
chief information officer, says the "potential for a significant and
serious incident happening on the Internet is absolutely real" and
could extend well beyond a basement hacker launching a widespread
denial-of-service assault to a major terrorist strike targeting air
navigation systems or North America's electrical power grid.

Trouble is, no one yet knows how this cataclysmic event might occur,
and there's little Canada and other countries can do at the moment to
prevent it, Mr. Gauthier says. "We're still at the bow-and-arrows
stage with the technology we employ -- intrusion-detection systems,
virus checkers and so on -- which are still in their infancy. We
haven't reached a warfare level of protection, which is where we need
to go."

So far, Ottawa has created a Cyber Incident Co-ordination System
(CICS), a national "protection, detection, response and recovery"  
initiative involving officials from the RCMP, the Canadian Security
Intelligence Service and other government departments, according to
Jim Harlick, assistant deputy minister of the Office of Critical
Infrastructure Protection and Emergency Preparedness (OCIPEP), which
also is affiliated with the Defence Department.

Currently, OCIPEP issues "alerts" when a threat, vulnerability or
incident affecting the federal government or other sectors of Canada's
critical infrastructure have the potential to be seriously affected,
as well as "advisories" when the risk is considered to be limited in
scope but having possible impact. The government office also releases
"information notes" about cyber-security issues that are not as time
sensitive.

OCIPEP recently released an advisory over the so-called Fizzer worm,
which last month infected computers around the world through malicious
e-mails sent to Microsoft Outlook addresses.

A survey published in 2002 by the U.S.-based Computer Security
Institute concluded that 90 per cent of 500 corporations, government
agencies and medical, financial and educational institutions had
detected security breaches in their systems the previous year.

David McMahon, a senior security engineer with Ottawa-based Electronic
Warfare Associates-Canada Ltd., an information technology security
company that collects and disseminates information about computer
threats, offers a more sobering statistic. He estimates that every
connection to the Net in Canada is attacked at least 400 times a week.  
And "large, visible organizations could expect to get 10 times that
amount per week." Though firewalls and intrusion-detection systems
will log all activity, malicious or not, and trigger security alarms,
most companies and organizations ignore those reports and thus remain
unaware that they're being assaulted, he says.

"Attacks are at such a high level, because they can be automated --
and do occur at the speed of light," Mr. McMahon says.

Much of that activity is the result of people using automated software
to search for security holes, explains Mr. McMahon, who also serves as
a security consultant for the CSE. Such software has become easily
accessible over the Internet. However, he adds that less than 1 per
cent of cyber-assaults are the result of sophisticated hackers
targeting specific sites.

"The bad guys often lose their way when trying to get their hands on
key critical systems, so they go for the low-hanging fruit they can
access from systems that are easier to penetrate."

Mr. McMahon says it's also important to scan the Net for intelligence
about hacker activity.

"There's a certain amount of chatter and noise on the Internet about
scams, groups sizing up sites or systems, or targeting countries or
companies," he says. "So, it's important to pay attention to what's
going on and get a hold of a target list to warn those on it they
might be attacked by someone who is planning to exploit a system's
vulnerability. It's about finding out who's planning to do what and
why and, at the very least, getting them kicked off their Internet
service provider. But we're not there yet."

Perpetrators tend to be young people with advanced computer skills who
are out to cause mischief and who might, on occasion, gain access to
credit-card numbers from e-commerce sites to make some money on the
side, Mr. McMahon says. "In Canada, there are less than a dozen of
what I would call elite hackers."

Not as common but potentially more dangerous is the pairing of
sophisticated hackers with organized crime groups, state-sponsored
espionage programs and terrorists.

However, Mr. McMahon doesn't believe the most serious cyber-threats
will come from the usual terrorist suspects, such as al-Qaeda, Hamas,
Hezbollah or the Tamil Tigers, or from such rogue states as North
Korea, which either have "pedestrian" technological abilities or
rudimentary telecommunications infrastructures.

He says the one group to keep an eye on is Aum Shinri Kyo, the
Japanese cult not linked to any terrorist attacks since its 1995 sarin
gas assault on Tokyo's subway system but which potentially poses the
greatest threat, since many of its followers possess advanced computer
skills.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.