Return-Path: <sentto-279987-3445-1004061530-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Thu, 25 Oct 2001 19:00:07 -0700 (PDT) Received: (qmail 30241 invoked by uid 510); 26 Oct 2001 01:58:14 -0000 Received: from n15.groups.yahoo.com (216.115.96.65) by 204.181.12.215 with SMTP; 26 Oct 2001 01:58:14 -0000 X-eGroups-Return: sentto-279987-3445-1004061530-fc=all.net@returns.onelist.com Received: from [10.1.4.54] by n15.groups.yahoo.com with NNFMP; 26 Oct 2001 01:58:45 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 26 Oct 2001 01:58:49 -0000 Received: (qmail 34738 invoked from network); 26 Oct 2001 01:58:49 -0000 Received: from unknown (10.1.10.27) by l8.egroups.com with QMQP; 26 Oct 2001 01:58:49 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta2 with SMTP; 26 Oct 2001 01:58:47 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id f9Q1wqb22255 for iwar@onelist.com; Thu, 25 Oct 2001 18:58:52 -0700 Message-Id: <200110260158.f9Q1wqb22255@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Thu, 25 Oct 2001 18:58:51 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:U.S..tries.to.protect.self.on.crucial.front] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit U.S. tries to protect self on crucial front MIKE TONER Copyright 2001 The Atlanta Constitution The Atlanta Journal and Constitution National Guardsmen patrol the airport. Corporations screen their mail for suspicious packages. But as America tightens its defenses against chemical, biological and nuclear terrorism, there is mounting concern over one realm where national borders are still poorly defended: cyberspace. As the unseen information "infrastructure" binds the country ever more tightly in its web of bits and bytes, experts fear that it presents an inviting, and all too vulnerable, target for terrorists and other criminals. The Sept. 11 terrorists clearly had a working familiarity with computers, encrypted messages and the Internet. Mohamed Atta and other hijackers used laptop computers and Internet cafes for e-mail messages. Based on what is currently known, however, cyberspace was for them more a tool of terror than a target. But experts say that just as those terrorists turned the nation's transportation system into an unexpected weapon of terror, the information highway could be both the means, and the objective, of future terrorist operations. "Information technology pervades all aspects of our daily lives," says Tom Ridge, the Bush administration's director of homeland security. "Disrupt it, destroy it or shut it down, and you shut down America as we know it." The world is now so heavily dependent on the "connectivity" of the Internet and other networks that any major disruptions can have far-reaching consequences. More than 109 million computer systems are currently linked to the Internet. As the number grows daily, so do the speed and destructive capabilities of computer viruses and worms. In 1999, the Melissa virus, initially launched by a New Jersey hacker from an X-rated Web site and spread around the world by e-mail, did an estimated $80 million in damage to corporate and government computer systems. A year later, the "I Love You" virus, which propagated in the Philippines, cost an estimated $10 billion in lost work time. On Sept. 18, just seven days after the terrorist attacks, a new virus named Nimda virus (admin spelled backward) provided a new and more dramatic reminder of the vulnerabilities of the interconnected Net. "Within an hour of the time it was first reported, numerous organizations were telling us that they were paralyzed by the worm," says Richard Pethia, director of the Computer Emergency Response Team at Carnegie Mellon University, a federally funded clearinghouse for computer security information. "By the end of the day, more than 100,000 computers had been affected." Although all systems recovered, the specter of so many systems being brought to their knees so quickly, at such a critical time, underscored the dangers. A new analysis by Symantec, which makes anti-virus software, last week warned that the next generation of Nimda-like viruses and worms might be even more devastating --- capable of using "mass-mailing" techniques that could infect every PC connected to the Internet within 20 minutes. To improve the security of cyberspace, the Bush administration earlier this month appointed Richard Clarke, once the national counterterrorism coordinator in the Clinton White House, to be the president's special adviser for cyberspace security. Clarke's task will be to prepare for what he calls "the war next time" by coordinating government and industry efforts on electronic security. "America has built cyberspace, and America must now defend its cyberspace," he warned. His first action was to call for construction of a secure government voice and data network, called Govnet, to be used for critical government functions. If approved, the alternative to the Internet, which would be completely isolated from the commercial or private networks, would likely take years to build and cost billions of dollars. Some experts dismiss the threat of cyberterrorism as a low-grade threat perpetrated by misguided hackers and electronic "ankle biters." Others see it as an "electronic Pearl Harbor" waiting to happen. But while many Americans might think of hacking, computer worms and fast-spreading viruses as a disruptive nuisance, in recent years, cyberattacks have begun to mirror the political tensions in the physical world. During this year's dispute between the United States and China over the EP-3 spy plane, U.S. Internet sites were swamped by a wave of coordinated computer network intrusions that included the defacement of more than 1,200 Web sites. The sites included the White House, the U.S. Air Force and the Energy Department. Michael Vatis, director of the Institute for Security Technology Studies at Dartmouth College, a government-funded research center that focuses on counterterrorism and computer security, says the "massive and sustained weeklong campaign of cyberattacks" was organized by hacker groups that included the Honker Union of China and the Chinese Red Guest Network Technology. "In light of the fact that these activities were highly visible and no arrests were made by Chinese officials, it can be assumed that they were at least tolerated, if not directly supported by Chinese authorities," Vatis says. "What we saw coming out of China was a massive amount of hacking --- coordinated attacks that amounted to nothing less than low-grade information warfare," says Chris Ruland, the director of Atlanta-based Internet Security Systems X-Force, a team of elite computer security specialists who try to keep the company's 8,000 corporate customers one step ahead of cybercriminals. ISS saw a spike in computer attacks on Sept. 11 that prompted the issuance of an "Alert-Con 3" warning to its customers that reflects increasing hacker attacks at what the company calls "unusually high levels" --- just one stage short of "a catastrophic problem" requiring "immediate, decisive action" by system operators. "The past six months have witnessed a clear escalation in the number of politically motivated cyberattacks, often embroiling hackers from around the world in regional disputes," Vatis says. "Although initially relatively benign, recent attacks have increasingly targeted vital communications and infrastructure systems." The first cyberattacks linked to the Sept. 11 attacks were actually aimed by pro-American hacker vigilantes against targets they believed were linked to terrorists. In October, members of a hacker group calling itself Yihat, for Young Intelligent Hackers Against Terrorism, claimed to have penetrated the network of the Arab National Bank in Saudi Arabia, downloaded the account records of a few customers and promised to turn them over to the FBI. The bank has tightened its security. Retaliation was swift. A Pakistani hacker group calling itself G-Force defaced two U.S. government Web sites --- leaving the equivalent of electronic graffiti --- and promised to attack hundreds more to protest the U.S. military raids in Afghanistan. Other cyberattacks have been more serious. Pakistani hacker groups have repeatedly penetrated computer systems operated by the Indian Parliament, the Indian Institute of Science, and the Bhabha Atomic Research Center, where they downloaded possibly sensitive research information. Indian hackers regularly sabotage Pakistani sites as well. During NATO's bombing campaign in Yugoslavia in 1999, Serbian hackers --- now believed to have been employed by the Yugoslav military --- mounted sustained cyberattacks on NATO servers that periodically brought them to a standstill. And in the Middle East, as tensions between Israelis and Palestinians have escalated in the streets, the tempo of attacks has also increased in cyberspace. Israeli hackers have mounted sustained "denial of service" assaults --- shutting down Web sites by overloading them --- against the Palestinian Authority and the pro-Palestinian groups Hezbollah and Hamas, and released destructive computer worms and electronic Trojan horses against other Palestinian sites. Palestinians have countered with a "cyberjihad" that temporarily shut down sites belonging to the Israeli Parliament, the Israeli Defense Forces, the Foreign Ministry and the Tel Aviv Stock Exchange. One group, operating under the name Unity, has outlined a four-phase strategy of escalation, which would eventually conclude with cyberattacks on communications systems and foreign targets. In recent months, law enforcement authorities have been increasingly proactive in trying to head off more trouble in cyberspace. Five days before the Sept. 11 attacks, 80 FBI and other federal agents raided the offices of InfoCom Inc., a Richardson, Texas, company that provided Internet service to 500 clients, many of them in the Middle East. The FBI shut down company Internet services and froze some of its bank accounts. So far, authorities have not disclosed any motives for the raid, but InfoCom's attorney, Arch McColl, says the company is a merely a group of Palestinian "computer nerds" who are victims of guilt by association. In early October, police from Scotland Yard shut down a "Jihad" Web operated by a London chef, 43-year-old Sulayman Balal Zainulabidin, who was charged under the British Terrorism Act with "providing training or instruction in the making of firearms, explosives or chemical, biological or nuclear weapons." In the long run, new tactics may be needed to defend electronic frontiers. One proposal from Sen. Ron Wyden (D-Ore.) calls for a pool of experts that would be on call to respond to any emergency. "What this country needs is essentially a technology equivalent of the National Guard," Wyden says, a "National Emergency Technology Guard that in times of crisis would be in a position to mobilize our nation's information technology community to action." Others call for even more sweeping measures. What is needed today is essentially a "Manhattan Project" for counterterrorism technology, says Vatis. "A significant portion of that effort should focus on technology to secure the information infrastructure that provides the foundation for much of our economy and national security." ------------------------ Yahoo! Groups Sponsor ---------------------~--> Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide! http://us.click.yahoo.com/yQix2C/33_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:57 PST