Computer crime, cyber crime, cyber terrorism problemsLogo - Computer Crime Research Center (CCRC)

Unleashing the dogs of cyber-war on Iraq!
(By Brian McWilliams)

March 6, 2003 | Like an artist concealing his signature in the background of a painting, Loay Edmon Al-Botany tucks his name in the source code of Web pages at BabilOnline, the site he manages for Saddam Hussein's son Uday.

Al-Botany, a lifelong resident of Baghdad, says his work for the government-controlled Iraqi newspaper site doesn't pay very well -- the equivalent of 100 U.S. dollars per month. But he considers himself lucky to have one of the few Internet jobs in the country, and a high-profile position at that.

Any day now, however, it could all come crashing down from a U.S.-led invasion of Iraq, says Al-Botany.

"If USA attack Iraq, the first thing [they will do] is a cyber-war," he says.

Al-Botany, 30, remembers well the U.S. bombing of Baghdad in 1991, which targeted telecommunications and power systems. This time around, many observers predict that the U.S. will also deploy viruses, government-trained hackers, and special electromagnetic pulse bombs to knock out Iraq's computers and other sensitive electronic equipment.

But if the U.S. wants to cut off Iraq's access to the Internet, it need only give a nod to operators of a satellite farm in the woods west of Atlanta, or to a similar facility in the English countryside.

An analysis of network records and routing patterns shows that Iraq's only Internet service provider, the State Company for Internet Services (SCIS), appears to send and receive nearly all of its traffic over satellite hookups provided by Atlanta International Teleport of Douglasville, Ga., and by SMS Internet of Rugby, Warwickshire.

Whenever Al-Botany or other Iraqis send an e-mail or browse the Web, their bits leave Iraq via SCIS's satellite modems, bounce off orbiting satellites, and touch down again in satellite dishes run by AIT and SMS, which connect them to the Internet backbone in Georgia and England, respectively.

This provision of Internet access may not be legal. A 1990 executive order prohibits U.S. firms from exporting "goods, technology or services" to Iraq. And a U.N. trade embargo has similarly sanctioned member nations from dealing with Iraq.

But it's obvious that if predictions about the U.S. launching "offensive computer operations" against Baghdad are correct, George W. Bush and Tony Blair clearly have Saddam right where they want him.

On instructions from the U.S. or U.K. governments, AIT and SMS could effectively disable e-mail and Web access for Iraq's government and citizens.

Surprisingly, Iraqi computer specialists appear oblivious to their network's vulnerability to attack. And even though they vow they will get their networks back up and running if they are attacked, they are also in no position to fight back.

Al-Botany, a graduate of Al-Mansour University College, one of Iraq's top private technical schools, was surprised to learn that the headers of his e-mails to a reporter showed that the messages actually originated from AIT's network. According to a reverse DNS look-up, the Internet protocol (IP) address from which the e-mails originated, 65.217.28.52, corresponds to the domain name "host52.atlantateleport.com."

Similarly, Al-Botany was unaware that BabilOnline.net and another site he manages, Iraq2000.com, as well as the Iraq government's main Web site, Uruklink.net, are all connected to the Internet through England-based SMS Networks.

AIT representatives did not respond to repeated requests by Salon for information about their services to Iraq.

Maggie Corke, a representative of SMS, says the company does not have any Iraqi customers nor does it market its services in Iraq. Corke did acknowledge that SMS provides satellite services to Transtrum, a unit of the Lebanon-based ISP TerraNet.

TerraNet's Alaa Sami Kadhem is listed as the registrant and administrative contact in the domain record for BabilOnline.net. Sami is also listed as the registrant of Iraq's Warkaa.net and Baghdadlink.net sites.

Sami and TerraNet representatives did not respond to interview requests.

Iraq's use of AIT and SMS was likely brokered by a consortium called the Arab Organisation of Satellite Communications (ARABSAT), according to Lucy Norton, an analyst with London-based World Markets Research Center.

ARABSAT, which is headquartered in Saudi Arabia, arranges deals with European and U.S. communications providers on behalf of Arab League nations. Following an eight-year suspension, ARABSAT reestablished links with Iraq's Ministry of Transport and Communications in 1999, Norton said.

However, U.S. companies providing data communications services to Iraq, even indirectly, are in violation of U.S. law and could be subject to fines and penalties, according to Rob Nichols, a spokesman for the U.S. Treasury Department's Office of Foreign Assets Control.

Iraq's vulnerability to cyber-attack doesn't end with its fragile network connections. A myriad of bugs and misconfigurations in its software make the embattled country's Internet-connected systems ripe for hack attacks.

Iraq's DNS servers, key machines that route traffic to various computers in a network, are misconfigured to allow "zone transfers," a reconnaissance technique used by hackers to target vulnerable machines.

A closer examination of one of the DNS servers, nic1.baghdadlink.net, reveals that it may be running a collection of outdated software with numerous high-risk security vulnerabilities. The apparent bugs in the system, located at IP address 62.145.94.1, include some that potentially give a remote attacker the ability to take control of the server.

At least one of Iraq's Web servers has already been infected with a computer virus. The system, located at the address 62.145.94.17, last week was attempting to spread the Nimda computer worm to the computers of unprotected Windows users. The server currently is unreachable.

Considering the variety of security flaws in Iraq's computer networks, it's a miracle they haven't been turned inside out by vigilante hackers, according to computer security experts.

"I'd expect to see some defacement activity, at the very least. It's almost as though they're extending an invitation to be hacked," says Robert G. Ferrell, a government security researcher. Ferrell said would-be attackers may suspect, as he does, that the Iraqi systems are being closely monitored by U.S. authorities.

Al-Botany and other Iraqi "geeks" blame much of their country's Internet backwardness on trade sanctions, which make it difficult to obtain current versions of software or up-to-date training.

Indeed, visiting Iraq's Web sites is like stepping back into the Internet of the late 1990s. A marquee scrolls across the garishly colored home page at Iraq2000.com, which hosts information about Iraq's Olympic teams as well as access to numerous Iraqi newspapers. Patriotic music blares on demand.

"Internet languages like Java and HTML, we didn't learn those because Iraq did not have the Internet until recently," says "Sameer," an Iraqi computer scientist who asked that his real name not be published.

After emigrating to the U.S. in 2000, Sameer discovered that his technical skills were anachronistic in the U.S job market. Though successful in the competitive Iraqi college, he has been unable to find work as a programmer. Recently laid off from his job in computer support, Sameer now lives with and depends for support on his brother.

The dearth of broadband Internet connections, or even affordable home dial-up access, creates further difficulties for Iraq's computer elite.

Ahmed Al-Shalchi, a computer engineer and 1992 graduate of the government-run University of Technology in Baghdad, says his only way onto the Internet is from a dial-up modem connection at his workplace, where he repairs PCs. Sometimes Al-Shalchi logs on from public Internet centers. But a home connection is out of his financial reach, he says.

Given the relatively poor skills and resources of some of Iraq's best and brightest computer geeks, how capable is the country of conducting cyber-warfare?

"There is nothing to suggest that the Iraqi government has the capability for using cyber-warfare," says Ahmed Shames, an Iraqi who emigrated in 1996 and now resides in London. Shames, chairman of the Iraqi Prospect Organization, a group of young Iraqi expatriates calling for the overthrow of Saddam, says it is unlikely that Iraq's ruler has marshaled a cyber-war contingent.

Similarly, Sameer says he has not heard of any Iraqi computer experts being drafted into such service. Instead, he said it was more probable that Saddam would attempt to recruit offensive computer mercenaries from abroad.

Even the author of a recent novel about U.S.-Iraq cyber-war concedes it is doubtful that Saddam has sufficient home-grown talent to harm the U.S. with computer attacks. Bill Neugent, chief engineer for cyber-security at Mitre Corporation and author of "No Outward Sign" (Writers Club Press, 2002), says Iraq could, however, enlist help from sympathetic Muslims in the West. In his book, Iraqi-Americans living in Washington attack U.S. government systems to frame Iraq and goad the U.S. to retaliate.

Instead of cultivating its cyber-war readiness, Iraq's government appears to be focusing its technical prowess on spying on and restricting its citizens' use of the Internet. Shames says Iraqis must assume that every message they send or receive is being monitored by Big Brother.

Sometimes, as in the case of Sameer's sibling back in Baghdad -- a teacher and one of the lucky Iraqis to have Internet access at home -- e-mail service mysteriously stops for weeks.

"I don't know why. Maybe it is just a technical problem. Or maybe someone is blocking the account," says Sameer.

To evade the state's widely publicized snooping, some savvy Iraqis have set up webmail accounts at providers such as Yahoo, as if calculating that the probable surveillance by U.S. intelligence authorities is less dire.

But there are few means around the government's blockades of "objectionable" Web content, which, besides porn, includes domain registration sites, according to Heider Sati, an Al-Mansour graduate now running his own London-based IT consulting firm. The restriction, perhaps designed to muzzle protest speech, means Iraqis are unable to register and create their own Web sites. (Sati says he registered and hosts alMansourCollege.net, on behalf of his alma mater, for free.)

Despite these limitations, some of Iraq's geeks say they would suffer if the country lost its Internet connection, whether due to conventional bombs or cyber-attacks.

"[It's] just like having drugs," said Al-Shalchi of his dependence on e-mail and Web access.

But for average Iraqis, the Internet is likely still an unreliable luxury, not a necessity. Richard M. Smith, a U.S. computer expert, notes that a counter on the home page of Uruklink.net shows that the vast majority of the site's visitors are from the U.S.

Like many Iraqi citizens and expatriates with relatives still in the country, Sati is guarded about his views on the outcome of the potential war and refuses to comment on his views of Saddam. But he did say that if a U.S. strike takes out Iraq's network, he and others will quickly work to restore alternative service to citizens.

"There are many people like me who would do anything to help the Iraqis, as we all feel that this is our responsibility toward Iraq," says Sati.

Sati's circumspection lapses a bit, however, as he describes dreams of a day when he can return to Iraq and help lay new fiber networks, beef up the country's hardware, and otherwise retool its Internet networks.

Even Al-Botany seems to be anticipating big changes ahead. His Web job with SCIS, he says, doesn't pay enough for him to own a car or a house for himself, his wife, and his toddler son. With his contract with the Iraqi government due to run out in six months, Al-Botany asks whether a reporter could help him find a job in the United States.

Source:theMezz.com

Home | What's New | Articles | Links
Library | Staff | Contact Us

Copyright Computer Crime Research Center 2001, 2002 All Rights Reserved.
Contact the CCRC Office at +38 061 220 12 83