[iwar] [fc:Cyberspace.Seen.as.Potential.Battleground]

From: Fred Cohen (fc@all.net)
Date: 2001-11-26 16:23:04
Next message: Fred Cohen: "[iwar] [fc:THE.MYSTERY.OF.FLIGHT.587]"
Previous message: Fred Cohen: "[iwar] [NewsBits] NewsBits - 11/26/01 (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200111270023.fAR0N4A17670@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Precedence: bulk
Date: Mon, 26 Nov 2001 16:23:04 -0800 (PST)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:Cyberspace.Seen.as.Potential.Battleground]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Cyberspace Seen as Potential Battleground

By John Schwartz, The New York Times, 11/26/2001
<a href="http://dailynews.yahoo.com/h/nyt/20011124/tc/cyberspace_seen_as_potential_battleground_1.html">http://dailynews.yahoo.com/h/nyt/20011124/tc/cyberspace_seen_as_potential_battleground_1.html>

Government officials are warning that cyberattacks are likely as
retribution for the United States campaign in Afghanistan (news - web
sites).

Government officials are warning that cyberattacks are likely as
retribution for the United States campaign in Afghanistan, and at the
same time, computer security experts are seeing increasingly numerous
and more powerful attacks from traditional hackers.

So far, most technologically proficient attackers are hackers or
insiders with no terrorist intent, while the terrorists are not yet very
proficient, Frank J. Cilluffo, an expert on terrorism at the Center for
Strategic and International Studies in Washington, said during
Congressional testimony in October. But, calling cybersecurity the
"gaping hole" in the nation's infrastructure defense plans, he said, "It
is only a matter of time before the convergence of bad guys and good
stuff occurs."

"While bin Laden may have his finger on the trigger," he added, "his
grandson might have his finger on the mouse."

Such warnings are not new. The President's Commission on Critical
Infrastructure Protection, formed during the Clinton administration,
said in a 1997 report that "our dependence on the information and
communications infrastructure has created new cyber-vulnerabilities,
which we are only starting to understand." Electronic transfers of
money, distribution of electrical power, the responses of emergency
services and military command and control are at risk, that report said.

President Clinton responded by starting such initiatives as the National
Infrastructure Protection Center, an organization within the F.B.I. that
works with law enforcement agencies and private companies to make
systems like the nation's computer networks more secure. 
The early alerts were often dismissed as scaremongering. Dorothy E.
Denning, a Georgetown University professor of computer science, said she
was a skeptic until Sept. 11. "Now I feel a little bit more humbled,"
she said. "You don't know what will surprise us next."

Soon after the terrorist attacks, President Bush named Richard Clarke,
the Clinton administration's counterterrorism czar, as special adviser
for cyberspace security. In an interview earlier this month, Mr. Clarke
said the Bush administration was organizing its counterterrorism efforts
"in a single strategy with people rowing in the same direction." He has
his work cut out for him: Congressional investigators announced recently
that two-thirds of federal agencies failed a governmentwide test of
computer security.

Cyberterrorism is unlikely to be the sole thrust of a terrorist attack,
said Jeffrey A. Hunker, dean of the Heinz School of Public Policy and
Management at Carnegie Mellon University and a former National Security
Council official. Instead, hacking would be used to further complicate
matters, perhaps by taking down key computers in financial or
communications industries, after a bombing. He places cybertools in a
different category from nuclear, biological or chemical "weapons of mass
destruction," which would directly cause injury or death. Cyberthreats,
instead, are considered weapons of mass disruption.

Up to now, most computer attacks could more accurately be defined as
"weapons of mass annoyance," as when intruders commit acts of vandalism
against Web sites. Last month, the National Infrastructure Protection
Center issued a warning that such "cyberprotests," including attacks on
Web sites, were likely.

Computer security experts, however, warn that they have begun seeing
evidence of increasingly potent attacks by hackers. One of the forms of
computer attack that is hardest to defend against, denial of service
attacks, is becoming more common and more disruptive. In a denial of
service attack, one computer is programmed to flood another with junk
messages that slow down the machine's performance and block legitimate
users.

On Oct. 22, the federally financed CERT Coordination Center at Carnegie
Mellon University published a memorandum outlining the nature of the
new, brawnier attacks, including attacks that focus on computers running
Microsoft's Windows operating systems, which have proved more vulnerable
to attack than machines running the Unix operating system. 
Attackers have also employed new "worms," like the recent Nimda, which
transmits destructive activity from computer to computer with greater
efficiency and power than ever before by combining several kinds of
attacks. Increasingly, these programs are being aimed at routers, which
direct traffic throughout the Internet. The effects of these denial of
service attacks "are causing greater collateral damage," warned Kevin J.
Houle, a researcher at the center. 
No computer on the Internet is immune from denial of service attacks,
said Paul A. Vixie, a security expert who spoke at a meeting of the
International Corporation for Assigned Names and Numbers earlier this
month in Marina Del Rey, Calif., not even crucial machines that direct
Web surfers to sites, including the 13 "root" servers and the 10
top-level domain servers. "The only thing that keeps a given server on
the air on any particular day is that no teenager with a $300 computer
is angry enough at that server's operators to feel like punishing them,"
he said in an e-mail interview. 
Security experts who monitor attempts at computer intrusion say that
other new tools and tricks are coming into use in that arena as well. In
recent weeks, computer security experts have come to believe that
malicious hackers have developed tools to take over computers using the
Unix operating system through a vulnerability in a nearly ubiquitous
computer communications protocol known as SSH.

Those experts say that they find the SSH flaw especially worrisome
because it could provide a hacker who successfully attacks it
unrestricted access to a computer. An intruder could gain access to
machines linked to the compromised computer, could destroy all of the
data on the machine or could use it to carry out denial of service
attacks. "It's pretty nasty," said Dan Ingevaldson, a security
researcher at ISS, a major vendor of security software and service.

The weakness in SSH has been identified since early this year, and many
system administrators have fixed the problem with patches, but until
recently the theoretical vulnerability had not been subjected to actual
attack. Recently, however, security experts have noticed a sharp
increase in probes by outsiders of a specific spot in their network
known as Port 22 the part of the system that SSH uses presumably to see
which machines are still open to attack. "They wouldn't be doing the
scanning if it wasn't paying off for them," said Kevin L. Poulsen,
editorial director of a SecurityFocus, a company that provides computer
security information.

New threats are always emerging, but they can be managed with proper
vigilance, said Steve Elgersma, a system administrator for the computer
science department at Princeton University. "We get bombarded by port
scans and probes from all over the world," he said. "We're aware of
them, and they're not getting through."

Most of the cyberworld is in private hands, making a unified defense
difficult, said Senator Robert F. Bennett, Republican of Utah and an
early proponent of greater preparedness against computer attacks.
"Prudence dictates that we are going to have this kind of problem," he
said. "The only question is when, and how seriously."

Mr. Clarke, the cyberterrorism adviser, said that he had already seen a
change in industry attitudes since Sept. 11. Interviewed by telephone
during a trip to Silicon Valley, he said, "I'm getting a remarkably
different perception than I did a year ago" when he was greeted with
skepticism. Now high-technology executives are more willing to talk
about building and buying more secure technologies, he said. "I think
people resonate with that now," he said.

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Stop Smoking Now
Nicotrol will help
http://us.click.yahoo.com/2vN8tD/_pSDAA/ySSFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
Next message: Fred Cohen: "[iwar] [fc:THE.MYSTERY.OF.FLIGHT.587]"
Previous message: Fred Cohen: "[iwar] [NewsBits] NewsBits - 11/26/01 (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:59 PST