U.S. networks run big risk of cyber-strikes, experts assert

greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

COMPUTER SECURITY

U.S. networks run big risk of cyber-strikes, experts assert

BY JIM PUZZANGHERA AND ELISE ACKERMAN Mercury News

WASHINGTON -- America's next Pearl Harbor, many experts predicted, would be a cyber-attack, a high-tech strike on the nation's critical computer systems, such as those controlling power grids or financial networks.

When it happened Sept. 11, however, the next Pearl Harbor was much like the first: a violent surprise attack from the skies that killed thousands. Despite the theory that a cyber-attack could amplify the chaos of a major terrorist strike -- such as disabling New York City's 911 system as the airliners hit the World Trade Center -- none appears to have taken place.

But the complexity of the terrorists' scheme, as well as their ability to identify and exploit vulnerability in airline security, makes cyber-terrorism a potent and perhaps even more likely threat now, leading cyber-security experts maintain.

``I think we've now seen for the first time a terrorist event . . . where the perpetrators were very sophisticated and very innovative and clearly had the resources and the intellectual ability to use complex systems,'' said Jeffrey Hunker, who handled cyber-security issues for the National Security Council from 1996 to 2000.

The nation's critical computer infrastructure remains highly vulnerable to attacks, intelligence and cyber-security experts told Congress last week.

In the wake of the terrorist strikes, the Bush administration recently named Richard Clarke, who currently heads the government's counterterrorism team, to focus on cyber-security efforts.

Clarke will work at the National Security Council under Tom Ridge, the Pennsylvania governor who will be head of the newly created, Cabinet-level Office of Homeland Security. The White House also plans to install retired Army Gen. Wayne Downing, former chief of the U.S. Special Operations Command, as coordinator of intelligence and military resources in the anti-terror campaign.

The cyber-strikes that U.S. officials fear might not come from Osama bin Laden's Al-Qaida network, which despite having used computer technology in the past, seems focused on dramatic attacks on physical symbols, experts said.

But cyber-attacks could be launched by computer-savvy people sympathetic to his cause, other terrorist networks or nations such as Iraq that support terrorism and are believed to be developing cyber-warfare capabilities.

``It's my understanding that they're not teaching this in the terrorist-training camps,'' said Dorothy Denning, a computer-science professor at Georgetown University who has studied cyber-terrorism. ``It's these thousands of affiliates or sympathizers . . . and some of them may decide to take it upon themselves to see what they can do that is more disruptive, if not destructive.''

Attacks by such sympathizers have taken place following other crises, such as the downing of a U.S. spy plane by China earlier this year, according to a study released by the Institute for Security Technology Studies at Dartmouth College.

``Terrorists themselves are not highly likely to engage in cyber-attacks right now because we haven't seen a lot of cyber-attacks by terrorist groups,'' said Michael Vatis, the institute's director. ``But if, in response to the Sept. 11 attacks, the U.S. engages in military strikes and retaliation against the terrorist infrastructure . . . it is our view that terrorist attacks are likely to occur.''

Within days of the attacks, the FBI's National Infrastructure Protection Center issued warnings about increased hacking of Web sites, spreading of computer viruses and so-called ``distributed denial of service'' attacks, which try to bring down a computer network by flooding it with e-mail.

The ``Nimda'' computer worm, which flooded many e-mail servers and personal computer hard drives with data, started spreading after the attacks. But there is no evidence linking the worm to the attackers.

More `hacktivism'

Much of the increased cyber activity has been what's known as ``hacktivism'' -- defacement of Web sites to make a political statement, either in opposition or support of the terrorists.

Malicious hactivists in the past have downloaded potentially sensitive information from India's Bhabha Atomic Research Center and stolen credit-card numbers from a database belonging to the American Israel Public Affairs Committee, a powerful pro-Israel lobby.

But cyber-attacks have been growing in scope and sophistication in recent years. During the NATO air strikes in Serbia and Kosovo in 1999, some NATO Web servers were disabled after sustained attacks by hackers who NATO believes were working for Serbia, according to the Dartmouth report.

The Internet itself could be jeopardized if simultaneous assaults were to succeed in harming the 13 root servers that are the Web's ultimate address book.

``Worms'' like the infamous Code Red and Nimda, which continue to proliferate throughout corporate computer systems, could be slightly altered to carry more damaging payloads.

``If maximum destruction is a hostile adversary's goal, worms are a cost-effective way to significantly disrupt the United States' national infrastructure,'' the Dartmouth report concludes.

The larger concern is an attack on computer systems used to control important functions, such as electric power grids, nuclear power plants or telecommunications.

Terrorist takeover

``One of the most frightening images of cyber-terrorism is a scenario in which terrorists take over the air-traffic control system to cause an aircraft to crash or two planes to collide in flight,'' was the start of a chapter in a book on international cyber-attacks published this year by the Hoover Institution at Stanford.

Terrorists proved last month that they could accomplish a similar goal without having to infiltrate computer systems. But their plan required 19 people in a well-coordinated effort to hijack four airplanes. For a cyber-attack, ``you need one guy and a laptop,'' said Vatis, who also is the former director of the National Infrastructure Protection Center.

Tim Belcher, the chief technology officer for Riptech, a Virginia-based information security firm, said many computer systems, such as those controlling power grids and water supplies, are surprisingly accessible through the Internet.

The U.S. military has an information-warfare strategy to disrupt such systems in foreign countries, so it's logical that terrorist groups would look to do the same, said Belcher, who worked on cyber-security for the Defense Department. ``It's not like the typical battlefield where the Army with more tanks wins,'' he said. ``This is technology. This is something that anybody can embrace and become expert in.''

Stephen Northcutt, who runs an information warfare simulation for the SANS Institute, a network security and research organization in Bethesda, Md., said, ``You can potentially paralyze commerce, and you might be able to accomplish a cascading failure of the electronic grid.''

In one Northcutt simulation, hostile hackers penetrate the computer network of California's power grid operator. Northcutt notes that an intruder is known to have roamed the network of the California Independent System Operator for more than two weeks last spring.

Hunker, the former National Security Council staffer who now is dean of the School of Public Policy and Management at Carnegie Mellon University, noted there are many ways to acquire such knowledge. In fact, rudimentary hacking tools are available on thousands of Web sites and network security is taught at institutes and conferences around the world.

Instead of going to flight school to learn how to fly an airliner, as several of the Sept. 11 terrorists did, would-be cyber-terrorists could enroll in intensive computer courses, Hunker said.

``They've demonstrated an ability to pull off sophisticated things that take years of training,'' he said.

Mercury News wire services contributed to this report.

http://www0.mercurycenter.com/premium/front/docs/cyberwar01.htm

-- Martin Thompson (mthom1927@aol.com), October 01, 2001


Moderation questions? read the FAQ