[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] NYT 23.11.01: Cyberspace Seen as Potential Battleground
November 23, 2001
Cyberspace Seen as Potential Battleground
By JOHN SCHWARTZ
Government officials are warning that cyberattacks are likely as retribution for the United States campaign in Afghanistan, and at the same time, computer security experts are seeing increasingly numerous and more powerful attacks from traditional hackers.
So far, most technologically proficient attackers are hackers or insiders with no terrorist intent, while the terrorists are not yet very proficient, Frank J. Cilluffo, an expert on terrorism at the Center for Strategic and International Studies in Washington, said during Congressional testimony in October. But, calling cybersecurity the "gaping hole" in the nation's infrastructure defense plans, he said, "It is only a matter of time before the convergence of bad guys and good stuff occurs."
"While bin Laden may have his finger on the trigger," he added, "his grandson might have his finger on the mouse."
Such warnings are not new. The President's Commission on Critical Infrastructure Protection, formed during the Clinton administration, said in a 1997 report that "our dependence on the information and communications infrastructure has created new cyber-vulnerabilities, which we are only starting to understand." Electronic transfers of money, distribution of electrical power, the responses of emergency services and military command and control are at risk, that report said.
President Clinton responded by starting such initiatives as the National Infrastructure Protection Center, an organization within the F.B.I. that works with law enforcement agencies and private companies to make systems like the nation's computer networks more secure.
The early alerts were often dismissed as scaremongering. Dorothy E. Denning, a Georgetown University professor of computer science, said she was a skeptic until Sept. 11. "Now I feel a little bit more humbled," she said. "You don't know what will surprise us next."
Soon after the terrorist attacks, President Bush named Richard Clarke, the Clinton administration's counterterrorism czar, as special adviser for cyberspace security. In an interview earlier this month, Mr. Clarke said the Bush administration was organizing its counterterrorism efforts "in a single strategy with people rowing in the same direction." He has his work cut out for him: Congressional investigators announced recently that two-thirds of federal agencies failed a governmentwide test of computer security.
Cyberterrorism is unlikely to be the sole thrust of a terrorist attack, said Jeffrey A. Hunker, dean of the Heinz School of Public Policy and Management at Carnegie Mellon University and a former National Security Council official. Instead, hacking would be used to further complicate matters, perhaps by taking down key computers in financial or communications industries, after a bombing. He places cybertools in a different category from nuclear, biological or chemical "weapons of mass destruction," which would directly cause injury or death. Cyberthreats, instead, are considered weapons of mass disruption.
Up to now, most computer attacks could more accurately be defined as "weapons of mass annoyance," as when intruders commit acts of vandalism against Web sites. Last month, the National Infrastructure Protection Center issued a warning that such "cyberprotests," including attacks on Web sites, were likely.
Computer security experts, however, warn that they have begun seeing evidence of increasingly potent attacks by hackers. One of the forms of computer attack that is hardest to defend against, denial of service attacks, is becoming more common and more disruptive. In a denial of service attack, one computer is programmed to flood another with junk messages that slow down the machine's performance and block legitimate users.
On Oct. 22, the federally financed CERT Coordination Center at Carnegie Mellon University published a memorandum outlining the nature of the new, brawnier attacks, including attacks that focus on computers running Microsoft's Windows operating systems, which have proved more vulnerable to attack than machines running the Unix operating system.
Attackers have also employed new "worms," like the recent Nimda, which transmits destructive activity from computer to computer with greater efficiency and power than ever before by combining several kinds of attacks. Increasingly, these programs are being aimed at routers, which direct traffic throughout the Internet. The effects of these denial of service attacks "are causing greater collateral damage," warned Kevin J. Houle, a researcher at the center.
No computer on the Internet is immune from denial of service attacks, said Paul A. Vixie, a security expert who spoke at a meeting of the International Corporation for Assigned Names and Numbers earlier this month in Marina Del Rey, Calif., not even crucial machines that direct Web surfers to sites, including the 13 "root" servers and the 10 top-level domain servers. "The only thing that keeps a given server on the air on any particular day is that no teenager with a $300 computer is angry enough at that server's operators to feel like punishing them," he said in an e-mail interview.
Security experts who monitor attempts at computer intrusion say that other new tools and tricks are coming into use in that arena as well. In recent weeks, computer security experts have come to believe that malicious hackers have developed tools to take over computers using the Unix operating system through a vulnerability in a nearly ubiquitous computer communications protocol known as SSH.
Those experts say that they find the SSH flaw especially worrisome because it could provide a hacker who successfully attacks it unrestricted access to a computer. An intruder could gain access to machines linked to the compromised computer, could destroy all of the data on the machine or could use it to carry out denial of service attacks. "It's pretty nasty," said Dan Ingevaldson, a security researcher at ISS, a major vendor of security software and service.
The weakness in SSH has been identified since early this year, and many system administrators have fixed the problem with patches, but until recently the theoretical vulnerability had not been subjected to actual attack. Recently, however, security experts have noticed a sharp increase in probes by outsiders of a specific spot in their network known as Port 22 ? the part of the system that SSH uses ? presumably to see which machines are still open to attack. "They wouldn't be doing the scanning if it wasn't paying off for them," said Kevin L. Poulsen, editorial director of a SecurityFocus, a company that provides computer security information.
New threats are always emerging, but they can be managed with proper vigilance, said Steve Elgersma, a system administrator for the computer science department at Princeton University. "We get bombarded by port scans and probes from all over the world," he said. "We're aware of them, and they're not getting through."
Most of the cyberworld is in private hands, making a unified defense difficult, said Senator Robert F. Bennett, Republican of Utah and an early proponent of greater preparedness against computer attacks. "Prudence dictates that we are going to have this kind of problem," he said. "The only question is when, and how seriously."
Mr. Clarke, the cyberterrorism adviser, said that he had already seen a change in industry attitudes since Sept. 11. Interviewed by telephone during a trip to Silicon Valley, he said, "I'm getting a remarkably different perception than I did a year ago" when he was greeted with skepticism. Now high-technology executives are more willing to talk about building and buying more secure technologies, he said. "I think people resonate with that now," he said.
Mail an infowar -
- infopeace -
de mit "unsubscribe" im Text.