Wartime Internet Security Is 'Business as Usual'
Federal officials last week warned that the Iraq war may prompt hackers to attack data systems and critical networks. But for the most part, Internet security firms aren't changing their standard procedures to accommodate the higher threat level -- because for them, vigilance is par for the course.
"It's business as usual," said Vincent Weafer, the chief virus researcher for Symantec Security Response, who said the average U.S. corporation already gets hit with about "30 major attacks" weekly. The Internet is under constant attack from a variety of online threats, with as many as 10 to 15 new viruses or other malicious code attacking online systems every day, Weafer said.
There has been an increase in online attacks and other hacker activity since the beginning of the war, but not at the level anticipated by the Homeland Security Department in an alert it issued last Tuesday.
"We have already seen a clear increase in the number of Web site defacements, but on the other hand we haven't seen very much on the virus front," said Mikel Albrecht, a virus researcher at F-Secure Corp. in Finland.
U.K.-based antivirus firm Sophos Inc. said hacker activity since the onset of the Iraq war is similar to spikes in activity tied to particularly contentious football matches, said spokeswoman Carole Thierault.
"We don't tend to change our method of working," she said. "We always want everybody to be suspicious."
F-Secure reported approximately 10,000 Web site defacements, with U.S. government sites getting hit with slogans like "Make love, not war," while a private site was pasted with the message, "Kill Saddam!"
The relative calm doesn't mean hackers aren't trying to find weaknesses in western systems. Mark Rasch, former head of the Justice Department's computer crimes unit, said that there has been more probing activity, where unknown assailants scan networks to determine whether they are secure or have open ports that can be attacked. This activity, he said, has come from Egypt, Amsterdam and other areas throughout the Middle East and Europe.
"It's the electronic equivalent of walking down the streets and checking that the doors are locked," he said. "It's usually the prelude to an attack."
U.S. government systems have not seen a significant increase in hacking or intrusion attempts, said Homeland Security Department spokesman David Wray. "We obviously see the reports of defacements that appear to be coming from pro-Islamic groups, but those are on essentially public systems," he said.
What worries the Homeland Security Department is not hackers taking down Web sites, it's organized terrorist groups like al Qaeda that have shown more than a passing interest and skill in harnessing computers to try to disable or damage communications networks and critical infrastructures like the public water supply.
Last June, The Washington Post reported that hackers, possibly from the Middle East or East Asia, had probed utility systems to study emergency telephone networks, electricity and water storage systems and nuclear power plants and gas facilities.
Bruce Schneier, co-founder of Cupertino, Calif.-based Counterpane Internet Security Inc., said cyberterrorism or an online "war" is nearly impossible.
"Politically sponsored hacking is a gross overstatement," Schneier said, noting that carrying off an attack that could disable the Internet is an unlikely scenario at best.
Rasch said that it could happen, "but it would require a tremendous amount of success, knowledge and planning. You'd have to really know what you're going after."
Symantec's Weafer said that most attacks, including one last October that brought down nine of the 13 root servers that support the Internet, cannot get around the fact that when online traffic is disrupted or blocked in one place, it tends to flow through thousands of alternate channels instead.
"If you look at the Code Reds, the Nimdas, the DDOS's against DNS servers, the Internet itself is extremely resilient," he said. "[Sometimes] you see localized attacks, and communications get slower ... but you have to allow for that."
The most widely reported hack of the past week appears to have been carried out by patriot hackers from the United States. The Qatar-based Al Jazeera television network said that hackers knocked its Arabic and English Web sites offline several times, according to Tuesday wire reports. The sites still were inaccessible at deadline today, and Reuters was reporting that an American flag had been placed on the Al Jazeera site at one point today.
Cybercrime News Archive