Little war-related hactivism reported
The vast majority of war-related cyberattacks last week appear to have been little more than low-level Web site defacements that had little or no impact on U.S. businesses.
But the sustained denial-of-service attacks that crippled the English-language Web site of Arab satellite TV network Al-Jazeera served as a sobering reminder of just what can happen if a company does become a hactivist target.
One week into the war with Iraq, most of the predicted cyberfallout appears to have been limited to the Web equivalent of graffiti, said security experts. "At least 99% of the attacks are pure defacement of Web sites" with pro- and antiwar messages, said Michael Albrecht, a manager at F-Secure Corp. in Helsinki, Finland
The company estimated that as many as 10,000 Web sites worldwide may have been defaced since the war began. Although U.S. government and military sites appear to be targets of choice, vandals are attacking any vulnerable service they can find, Albrecht said. In most instances, the attacks appeared to be coming from individuals rather than from organized groups or government entities, he added.
The level of hacking activity has been no different from usual, said Marty Lidner, an incident-handling team leader at the CERT Coordination Center at Carnegie Mellon University in Pittsburgh. "In the big scheme of things, the level of activity reported to us hasn't really changed," Lidner said.
"There has been no significant increase in Web defacement activity between prewar chatter and actual war," said Russ Cooper, an analyst at TruSecure Corp. in Herndon, Va. "A defacement may say 'No war,' but it would have said 'No cheese' or something else if there had been no war."
The minimal impact on business systems so far isn't surprising, said Dave Krauthamer, director of information systems at Advanced Fibre Communications Inc. in Petaluma, Calif. "I think you need to be extremely skilled to hack into corporate systems," he said. "I don't think current events make the risk of cyberterrorism any greater."
Moreover, most companies have revamped their management of security threats since Sept. 11, 2001, said Bruce Blitch, CIO at Tessenderlo Kerley Inc., a multinational chemical company with U.S. headquarters in Phoenix. For instance, Tessenderlo has further isolated critical plant-control systems and tightened security policies relating to its IT infrastructure.
"If what happened nearly two years ago didn't make a company pay attention to security, then it's unlikely that war with Iraq would change that," Blitch said.
Even so, the attacks on Al-Jazeera show what can happen if attackers get it right. The attacks began March 25 after the network posted photos of U.S prisoners of war. The Web site was almost totally inaccessible most of last week.
The site appears to have been hit with twin denial-of-service attacks, said Eric Seigel, a consultant at Internet performance monitoring company Keynote Systems Inc. in San Mateo, Calif. One was directed at the company's Web servers, the other at a core Domain Name System server that provides browsers with the address of Al-Jazeera's Web site, Seigel said.
Cybercrime News Archive