Security News > 2003 > March > ANALYSIS: Warnings about cyber-terrorism are overblown

ANALYSIS: Warnings about cyber-terrorism are overblown
2003-03-06 11:06

http://www.nandotimes.com/technology/story/793752p-5670026c.html By LISA HOFFMAN, Scripps Howard News Service (March 5, 2003 8:22 p.m. EST) - In Malaysia, an anti-war hacker has vowed to unleash a voracious computer virus if America launches an attack on Iraq. A hacking group calling itself the Iron Guards is threatening "suicide cyber-attacks" if war occurs. And the pro-Islamic, underground cyber-outfit USG, which in September hacked three computer systems hosted by AOL Time Warner, has already defaced Web sites with messages criticizing an Iraq invasion. These and other cyber-threats have spurred some computer security experts to fret that war with Iraq could spawn waves of retaliatory hacking against the U.S. government and businesses. "As the imminent U.S. ... action on Iraq gains momentum, we are expecting more attacks of a similar nature," D.K. Matai, chief executive of the London computer security firm mi2g, said recently. Also apparently worried is the FBI. Last week, the bureau's National Infrastructure Protection Center issued a warning about an outbreak of "illegal cyber-activity" due to "increasing tensions between the United States and Iraq." The advisory said computer users and operators should be on guard against Iraq sympathizers, anti-war activists and even criminals using the cover of the Iraq crisis to "further personal goals." But while some e-sabotage may spark across the Internet, a look at similar predictions of cyber-terrorism shows that whatever hacking has occurred in past times of international crisis has essentially amounted to minor disruptions of fleeting consequence. For instance, after both the Sept. 11 terror attacks and the start of the U.S. assault on al-Qaida in Afghanistan, the FBI predicted a surge in cyber-hacking and -protests by anti-American partisans. Not only did that not happen, but the level of everyday attacks actually declined in some areas since the U.S. war on terrorism began. The attacks that did materialize were insignificant. A Pakistani hacking group defaced a Web site operated by the Pentagon's Defense Test & Evaluation Service with a message about Islam and the threat to attack 1,500 more sites. But the obscure and unclassified Pentagon training site was immediately fixed and the suspected hackers were quickly caught and turned in to the FBI. In another case, an e-mail "worm" bearing messages about al-Qaida leader Osama bin Laden was launched but did scant and easily repairable damage. Similarly, during the war over Kosovo in 1999, U.S. government Internet sites came under a barrage of cyber-attacks as partisans angry about America's accidental bombing of the Chinese Embassy in Yugoslavia vented their rage electronically. But neither classified nor even sensitive sites were breached, although the White House's public Web site was attacked and the National Park Service's home page was temporarily knocked asunder. In fact, a growing number of computer security experts are downplaying the threat of cyber-war and -terrorism and speaking out against what they consider the undue hype surrounding both issues. "While there is much fear, uncertainty and doubt associated with the term, I posit that cyber-terrorism is really nothing more than a paper tiger," said Richard Forno, author of a book on information warfare and former chief security officer at Network Solutions, a computer services company. While acknowledging that a paralyzing or even seriously injurious cyber-attack against U.S. computers could occur, these experts count the odds as remote, and growing more so all the time. That is partly because of substantial strides being made in security defenses to protect the most important U.S. government and private industry computer operations. It also stems from the fact that many U.S. adversaries aren't particularly computer-savvy. Iraq, for instance, has shown interest in developing an "information warfare" capacity, but is believed to have invested little time or manpower in the complex task. Georgetown University professor Dorothy Denning, considered in the top tier of cyber-security analysts, and other experts point to a recent U.S. Naval War College war game called "Digital Pearl Harbor," in which a sweeping attack on America's computer networks was simulated. But the gamers determined that, to cause serious damage, assailants would need $200 million, an array of sensitive intelligence and five years of preparation time. In effect, these experts contend, the cyber-attacks so far have been the computer equivalent of spray-painted graffiti on a front door. Author Forno says terrorists are not dumb - they are looking for the biggest bang for their buck. A darkened computer screen or briefly disabled electrical grid pales in contrast to the horrifying destruction wrought in the Sept. 11 attacks. "Bin Laden, (Saddam Hussein) or any other terrorist is not going to snicker and proclaim a victory over the Great Satan simply because his geek corps manages to crash the NASDAQ trading system," Forno recently wrote. "Would you remember exactly where your were and what you were doing if a cyber-terrorist temporarily disrupted the NASDAQ Web site? Probably not. "Will you remember where you were when the second hijacked 767 rammed into the World Trade Center? Most certainly." - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.


News URL

http://www.nandotimes.com/technology/story/793752p-5670026c.html