Wartime Internet Security Is 'Business as Usual'

[InfoSec News <isn () c4i org>]

http://www.washingtonpost.com/wp-dyn/articles/A37785-2003Mar27.html

By Robert MacMillan
washingtonpost.com Staff Writer
Thursday, March 27, 2003

Federal officials last week warned that the Iraq war may prompt
hackers to attack data systems and critical networks. But for the most
part, Internet security firms aren't changing their standard
procedures to accommodate the higher threat level -- because for them,
vigilance is par for the course.

"It's business as usual," said Vincent Weafer, the chief virus
researcher for Symantec Security Response, who said the average U.S.  
corporation already gets hit with about "30 major attacks" weekly. The
Internet is under constant attack from a variety of online threats,
with as many as 10 to 15 new viruses or other malicious code attacking
online systems every day, Weafer said.

There has been an increase in online attacks and other hacker activity
since the beginning of the war, but not at the level anticipated by
the Homeland Security Department in an alert it issued last Tuesday.

"We have already seen a clear increase in the number of Web site
defacements, but on the other hand we haven't seen very much on the
virus front," said Mikel Albrecht, a virus researcher at F-Secure
Corp. in Finland.

U.K.-based antivirus firm Sophos Inc. said hacker activity since the
onset of the Iraq war is similar to spikes in activity tied to
particularly contentious football matches, said spokeswoman Carole
Thierault.

"We don't tend to change our method of working," she said. "We always
want everybody to be suspicious."

F-Secure reported approximately 10,000 Web site defacements, with U.S.  
government sites getting hit with slogans like "Make love, not war,"  
while a private site was pasted with the message, "Kill Saddam!"

The relative calm doesn't mean hackers aren't trying to find
weaknesses in western systems. Mark Rasch, former head of the Justice
Department's computer crimes unit, said that there has been more
probing activity, where unknown assailants scan networks to determine
whether they are secure or have open ports that can be attacked. This
activity, he said, has come from Egypt, Amsterdam and other areas
throughout the Middle East and Europe.

"It's the electronic equivalent of walking down the streets and
checking that the doors are locked," he said. "It's usually the
prelude to an attack."

U.S. government systems have not seen a significant increase in
hacking or intrusion attempts, said Homeland Security Department
spokesman David Wray. "We obviously see the reports of defacements
that appear to be coming from pro-Islamic groups, but those are on
essentially public systems," he said.

What worries the Homeland Security Department is not hackers taking
down Web sites, it's organized terrorist groups like al Qaeda that
have shown more than a passing interest and skill in harnessing
computers to try to disable or damage communications networks and
critical infrastructures like the public water supply.

Last June, The Washington Post reported that hackers, possibly from
the Middle East or East Asia, had probed utility systems to study
emergency telephone networks, electricity and water storage systems
and nuclear power plants and gas facilities.

Bruce Schneier, co-founder of Cupertino, Calif.-based Counterpane
Internet Security Inc., said cyberterrorism or an online "war" is
nearly impossible.

"Politically sponsored hacking is a gross overstatement," Schneier
said, noting that carrying off an attack that could disable the
Internet is an unlikely scenario at best.

Rasch said that it could happen, "but it would require a tremendous
amount of success, knowledge and planning. You'd have to really know
what you're going after."

Symantec's Weafer said that most attacks, including one last October
that brought down nine of the 13 root servers that support the
Internet, cannot get around the fact that when online traffic is
disrupted or blocked in one place, it tends to flow through thousands
of alternate channels instead.

"If you look at the Code Reds, the Nimdas, the DDOS's against DNS
servers, the Internet itself is extremely resilient," he said.  
"[Sometimes] you see localized attacks, and communications get slower
... but you have to allow for that."

The most widely reported hack of the past week appears to have been
carried out by patriot hackers from the United States. The Qatar-based
Al Jazeera television network said that hackers knocked its Arabic and
English Web sites offline several times, according to Tuesday wire
reports. The sites still were inaccessible at deadline today, and
Reuters was reporting that an American flag had been placed on the Al
Jazeera site at one point today.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.