[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] Unleashing the dogs of cyber-war on Iraq!
Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------
http://www.salon.com/tech/feature/2003/03/06/iraq_geeks/index.html
Unleashing the dogs of cyber-war on Iraq!
By Brian McWilliams
March 6, 2003
Like an artist concealing his signature in the background of a
painting, Loay Edmon Al-Botany tucks his name in the source code of
Web pages at BabilOnline, the site he manages for Saddam Hussein's son
Uday.
Al-Botany, a lifelong resident of Baghdad, says his work for the
government-controlled Iraqi newspaper site doesn't pay very well --
the equivalent of 100 U.S. dollars per month. But he considers himself
lucky to have one of the few Internet jobs in the country, and a
high-profile position at that.
Any day now, however, it could all come crashing down from a U.S.-led
invasion of Iraq, says Al-Botany.
"If USA attack Iraq, the first thing [they will do] is a cyber-war,"
he says.
Al-Botany, 30, remembers well the U.S. bombing of Baghdad in 1991,
which targeted telecommunications and power systems. This time around,
many observers predict that the U.S. will also deploy viruses,
government-trained hackers, and special electromagnetic pulse bombs to
knock out Iraq's computers and other sensitive electronic equipment.
But if the U.S. wants to cut off Iraq's access to the Internet, it
need only give a nod to operators of a satellite farm in the woods
west of Atlanta, or to a similar facility in the English countryside.
An analysis of network records and routing patterns shows that Iraq's
only Internet service provider, the State Company for Internet
Services (SCIS), appears to send and receive nearly all of its traffic
over satellite hookups provided by Atlanta International Teleport of
Douglasville, Ga., and by SMS Internet of Rugby, Warwickshire.
Whenever Al-Botany or other Iraqis send an e-mail or browse the Web,
their bits leave Iraq via SCIS's satellite modems, bounce off orbiting
satellites, and touch down again in satellite dishes run by AIT and
SMS, which connect them to the Internet backbone in Georgia and
England, respectively.
This provision of Internet access may not be legal. A 1990 executive
order prohibits U.S. firms from exporting "goods, technology or
services" to Iraq. And a U.N. trade embargo has similarly sanctioned
member nations from dealing with Iraq.
But it's obvious that if predictions about the U.S. launching
"offensive computer operations" against Baghdad are correct, George W.
Bush and Tony Blair clearly have Saddam right where they want him.
On instructions from the U.S. or U.K. governments, AIT and SMS could
effectively disable e-mail and Web access for Iraq's government and
citizens.
Surprisingly, Iraqi computer specialists appear oblivious to their
network's vulnerability to attack. And even though they vow they will
get their networks back up and running if they are attacked, they are
also in no position to fight back.
Al-Botany, a graduate of Al-Mansour University College, one of Iraq's
top private technical schools, was surprised to learn that the headers
of his e-mails to a reporter showed that the messages actually
originated from AIT's network. According to a reverse DNS look-up, the
Internet protocol (IP) address from which the e-mails originated,
65.217.28.52, corresponds to the domain name
"host52.atlantateleport.com."
Similarly, Al-Botany was unaware that BabilOnline.net and another site
he manages, Iraq2000.com, as well as the Iraq government's main Web
site, Uruklink.net, are all connected to the Internet through
England-based SMS Networks.
AIT representatives did not respond to repeated requests by Salon for
information about their services to Iraq.
Maggie Corke, a representative of SMS, says the company does not have
any Iraqi customers nor does it market its services in Iraq. Corke did
acknowledge that SMS provides satellite services to Transtrum, a unit
of the Lebanon-based ISP TerraNet.
TerraNet's Alaa Sami Kadhem is listed as the registrant and
administrative contact in the domain record for BabilOnline.net. Sami
is also listed as the registrant of Iraq's Warkaa.net and
Baghdadlink.net sites.
Sami and TerraNet representatives did not respond to interview
requests.
Iraq's use of AIT and SMS was likely brokered by a consortium called
the Arab Organisation of Satellite Communications (ARABSAT), according
to Lucy Norton, an analyst with London-based World Markets Research
Center.
ARABSAT, which is headquartered in Saudi Arabia, arranges deals with
European and U.S. communications providers on behalf of Arab League
nations. Following an eight-year suspension, ARABSAT reestablished
links with Iraq's Ministry of Transport and Communications in 1999,
Norton said.
However, U.S. companies providing data communications services to
Iraq, even indirectly, are in violation of U.S. law and could be
subject to fines and penalties, according to Rob Nichols, a spokesman
for the U.S. Treasury Department's Office of Foreign Assets Control.
Iraq's vulnerability to cyber-attack doesn't end with its fragile
network connections. A myriad of bugs and misconfigurations in its
software make the embattled country's Internet-connected systems ripe
for hack attacks.
Iraq's DNS servers, key machines that route traffic to various
computers in a network, are misconfigured to allow "zone transfers," a
reconnaissance technique used by hackers to target vulnerable
machines.
A closer examination of one of the DNS servers, nic1.baghdadlink.net,
reveals that it may be running a collection of outdated software with
numerous high-risk security vulnerabilities. The apparent bugs in the
system, located at IP address 62.145.94.1, include some that
potentially give a remote attacker the ability to take control of the
server.
At least one of Iraq's Web servers has already been infected with a
computer virus. The system, located at the address 62.145.94.17, last
week was attempting to spread the Nimda computer worm to the computers
of unprotected Windows users. The server currently is unreachable.
Considering the variety of security flaws in Iraq's computer networks,
it's a miracle they haven't been turned inside out by vigilante
hackers, according to computer security experts.
"I'd expect to see some defacement activity, at the very least. It's
almost as though they're extending an invitation to be hacked," says
Robert G. Ferrell, a government security researcher. Ferrell said
would-be attackers may suspect, as he does, that the Iraqi systems are
being closely monitored by U.S. authorities.
Al-Botany and other Iraqi "geeks" blame much of their country's
Internet backwardness on trade sanctions, which make it difficult to
obtain current versions of software or up-to-date training.
Indeed, visiting Iraq's Web sites is like stepping back into the
Internet of the late 1990s. A marquee scrolls across the garishly
colored home page at Iraq2000.com, which hosts information about
Iraq's Olympic teams as well as access to numerous Iraqi newspapers.
Patriotic music blares on demand.
"Internet languages like Java and HTML, we didn't learn those because
Iraq did not have the Internet until recently," says "Sameer," an
Iraqi computer scientist who asked that his real name not be
published.
After emigrating to the U.S. in 2000, Sameer discovered that his
technical skills were anachronistic in the U.S job market. Though
successful in the competitive Iraqi college, he has been unable to
find work as a programmer. Recently laid off from his job in computer
support, Sameer now lives with and depends for support on his brother.
The dearth of broadband Internet connections, or even affordable home
dial-up access, creates further difficulties for Iraq's computer
elite.
Ahmed Al-Shalchi, a computer engineer and 1992 graduate of the
government-run University of Technology in Baghdad, says his only way
onto the Internet is from a dial-up modem connection at his workplace,
where he repairs PCs. Sometimes Al-Shalchi logs on from public
Internet centers. But a home connection is out of his financial reach,
he says.
Given the relatively poor skills and resources of some of Iraq's best
and brightest computer geeks, how capable is the country of conducting
cyber-warfare?
"There is nothing to suggest that the Iraqi government has the
capability for using cyber-warfare," says Ahmed Shames, an Iraqi who
emigrated in 1996 and now resides in London. Shames, chairman of the
Iraqi Prospect Organization, a group of young Iraqi expatriates
calling for the overthrow of Saddam, says it is unlikely that Iraq's
ruler has marshaled a cyber-war contingent.
Similarly, Sameer says he has not heard of any Iraqi computer experts
being drafted into such service. Instead, he said it was more probable
that Saddam would attempt to recruit offensive computer mercenaries
from abroad.
Even the author of a recent novel about U.S.-Iraq cyber-war concedes
it is doubtful that Saddam has sufficient home-grown talent to harm
the U.S. with computer attacks. Bill Neugent, chief engineer for
cyber-security at Mitre Corporation and author of "No Outward Sign"
(Writers Club Press, 2002), says Iraq could, however, enlist help from
sympathetic Muslims in the West. In his book, Iraqi-Americans living
in Washington attack U.S. government systems to frame Iraq and goad
the U.S. to retaliate.
Instead of cultivating its cyber-war readiness, Iraq's government
appears to be focusing its technical prowess on spying on and
restricting its citizens' use of the Internet. Shames says Iraqis must
assume that every message they send or receive is being monitored by
Big Brother.
Sometimes, as in the case of Sameer's sister back in Baghdad -- a
teacher and one of the lucky Iraqis to have Internet access at home --
e-mail service mysteriously stops for weeks.
"I don't know why. Maybe it is just a technical problem. Or maybe
someone is blocking the account," says Sameer.
To evade the state's widely publicized snooping, some savvy Iraqis
have set up webmail accounts at providers such as Yahoo, as if
calculating that the probable surveillance by U.S. intelligence
authorities is less dire.
But there are few means around the government's blockades of
"objectionable" Web content, which, besides porn, includes domain
registration sites, according to Heider Sati, an Al-Mansour graduate
now running his own London-based IT consulting firm. The restriction,
perhaps designed to muzzle protest speech, means Iraqis are unable to
register and create their own Web sites. (Sati says he registered and
hosts alMansourCollege.net, on behalf of his alma mater, for free.)
Despite these limitations, some of Iraq's geeks say they would suffer
if the country lost its Internet connection, whether due to
conventional bombs or cyber-attacks.
"[It's] just like having drugs," said Al-Shalchi of his dependence on
e-mail and Web access.
But for average Iraqis, the Internet is likely still an unreliable
luxury, not a necessity. Richard M. Smith, a U.S. computer expert,
notes that a counter on the home page of Uruklink.net shows that the
vast majority of the site's visitors are from the U.S.
Like many Iraqi citizens and expatriates with relatives still in the
country, Sati is guarded about his views on the outcome of the
potential war and refuses to comment on his views of Saddam. But he
did say that if a U.S. strike takes out Iraq's network, he and others
will quickly work to restore alternative service to citizens.
"There are many people like me who would do anything to help the
Iraqis, as we all feel that this is our responsibility toward Iraq,"
says Sati.
Sati's circumspection lapses a bit, however, as he describes dreams of
a day when he can return to Iraq and help lay new fiber networks, beef
up the country's hardware, and otherwise retool its Internet networks.
Even Al-Botany seems to be anticipating big changes ahead. His Web job
with SCIS, he says, doesn't pay enough for him to own a car or a house
for himself, his wife, and his toddler son. With his contract with the
Iraqi government due to run out in six months, Al-Botany asks whether
a reporter could help him find a job in the United States.
---------------------------------------------------------------
Liste verlassen:
Mail an infowar -
de-request -!
- infopeace -
de mit "unsubscribe" im Text.