IPkey.com

information security
 monitoring & management

Information Security Bulletin

March 2003 

Feature Story: Cyberterrorism

What you need to know about hactivists (politically motivated hackers) and cyberterrorist activity.
Like it or not, we are at war.  Advisories from The National Infrastructure Protection Center (NIPC) and CERT warning of heightened malicious  activity. To many, this might seem like being told to go buy duct tape and sheets of plastic, but I recommend that ISB Subscribers take this seriously.

Why should you?  Let's start with a puzzling question. Why is it that authors of viruses, worms and trojans don't program them to cause more damage?  Most worms and viruses have no problem exploiting vulnerabilities in PC operating systems such as Windows 98 that allow complete control of the computer. However, very, very few viruses are written that are malicious enough to wipe out the C: drive, for example.  Why is this?  Much has been written on hacker psychology, and it seems that their interest is not so much wanton destruction as it is electronic graffiti and 'reproductive success.' 

For example, take the recent Slammer worm.  It spread around the world in record time, about 10 minutes.  It caused such a major disruption of traffic that even bank ATMs went down.  We were amazingly lucky with Slammer because it's author didn't design it to do any damage other than replicate itself.  However, it reproduced itself so efficiently that it saturated Internet traffic for many hours. Fortunately, it hit early on a weekend rather than a business day, and we dodged a bullet.  This worm could have been far, far worse.  This is one more wake-up call that the Internet is extremely vulnerable.

When this exponential replication is combined with millions of computer systems that are unprotected from well-known vulnerabilities, you have the formula for significant, lasting damage costing billions to resolve.  To date, we have been very, very lucky.

The techniques to exploit vulnerabilities are very well known and published on hacker sites all over the Internet.  The opportunities to unleash a virus or worm are almost limitless.  So far the only part that has been missing is a deeply malicious motive.  The vast majority of hackers are neither criminals or mercenaries, but there are some exceptions that no-one talks of.

Let me share with you a little known fact.  Every security professional knows that successful hacks are almost never reported.  There are many, many  successful cyber-crimes that you never hear about because the victims want to keep it very quiet. ->

Welcome
to the  Information Security Bulletin.  This is your source for the latest practical information you can use to protect your organization's critical information and network services.
Marcus Clarke
ISB Editor
email me your opinions!

February ISB follow-up:
We have a name!
Adware, spyware & malware are called PARASITES! 

I found this catchy name at a very useful web site that has excellent info on parasites a.k.a. 'unsolicited commercial software'.

We also had some excellent submissions from our readers.  My favorite was 'Stealthware' submitted by Joe Giambalvo at The Santa Fe Opera. Very descriptive of the behavior common to all these critters.  But I've got to admit that 'Parasite' is the perfect complement to the term 'virus', and catchier for the media.  Everyone knows that when your dog has 'worms' they have a parasite. People seem to like using medical terminology for describing computer gremlins.  Why fight it?

-> We know that such disruptions typically only last a day or less, but there's no reason why cyber-terrorists and hactivists can't keep launching new attacks every day for weeks on end.  See the CERT warning on Armies of Bots.  It sounds like Science Fiction, but CERT doesn't exaggerate.

My greatest concern is that if the US attacks Iraq unilaterally, it will be seen by many Muslims as an attack upon Islam as a whole.  Anti-American sentiment will escalate even further.  That will likely inspire some of the billion or so Muslims around the world to fight back..  Muslims are not just Arabs; they are also Indians, Indonesians and Russians.  Some of the world's best programmers happen to come from these countries.  In fact, many corporations outsource their software development to programmers in India and Indonesia.

Simply put, all the ingredients are in place.  I can't imagine that our enemies will pass the opportunity up.  It's irresistible.  It would take only a handful of skilled hackers working for groups such as Al-Quaeda to make our lives in IT miserable. This connection could significantly impact the Internet, which is as much a symbol of US Globalism as the World Trade Center was.

For these reasons, I have to assume that the Internet will be subject to much more disruption than at present.  I expect there may be temporary disruptions of Internet service, major web sites being inaccessible and emailed propaganda.  I must further assume that there will be some truly nasty viruses and parasites infecting systems around the world. 

It is not my intent to scare you, but I urge all of you to take the following steps as soon as possible.  These are some basic requirements  that all organizations should already have undertaken and completed. Many of you have already started; now is the time to get it finished. 

ISB Takeaways:

  1. Test and verify that your backups are backing up everything you need. Restore some files to make sure.

  2. Make certain that all computer, PCs and servers, are protected by anti-virus software that is maintained with daily updates.

  3. If you don't have a dedicated Internet firewall, get one immediately.

  4. Periodically scan your computers with an Anti-Parasite scanner such as Ad-Aware.

  5. Review your Business Continuity Plan or Disaster Recovery Plan for contingencies of no email or Internet access.

  6. If any of your fax machines are acting up, replace them.

-> Any publicly held corporation that admitted it was hacked would face lawsuits from shareholders, because they clearly failed to secure their key data.  They would also lose customers concerned that their personal information wasn't safe.   These are powerful reasons for organizations  to keep hacker intrusions quiet.  So they do.  Read the CSI/FBI 2000 Computer Crime & Security Survey for some fascinating stories. (It's free, but you do have to register.)

Furthermore, there is nothing to stop foreign governments and terrorists from also hacking our institutions. In fact, they already do.  Nothing stops them from launching massive Denial of Service attacks on critical Internet sites or spreading a worm to bring the Internet to a crawl.->

The ISB is a monthly email newsletter published by IPkey.com, your source for affordable information security monitoring and management.  IPkey.com is part of Meridian Group, a New Mexico based corporation serving the IT need of it's clients for 14 years. We encourage you to forward ISB  to your co-workers, colleagues and friends.  To subscribe or unsubscribe to the ISB newsletter, email us at isb@ipkey.com.

Next Month:
 

What you need to know about Virtual Private Networks (VPNs).

All contents copyright (C) 2003 Meridian Group Inc.