Cyberspace Seen as Potential Battleground

[R. A. Hettinga]

http://www.nytimes.com/2001/11/23/technology/23CYBE.html?todaysheadlines=&pagewanted=print




November 23, 2001

Cyberspace Seen as Potential Battleground

By JOHN SCHWARTZ

overnment officials are warning that cyberattacks are likely as retribution
for the United States campaign in Afghanistan, and at the same time,
computer security experts are seeing increasingly numerous and more
powerful attacks from traditional hackers.

So far, most technologically proficient attackers are hackers or insiders
with no terrorist intent, while the terrorists are not yet very proficient,
Frank J. Cilluffo, an expert on terrorism at the Center for Strategic and
International Studies in Washington, said during Congressional testimony in
October. But, calling cybersecurity the "gaping hole" in the nation's
infrastructure defense plans, he said, "It is only a matter of time before
the convergence of bad guys and good stuff occurs."

"While bin Laden may have his finger on the trigger," he added, "his
grandson might have his finger on the mouse."

Such warnings are not new. The President's Commission on Critical
Infrastructure Protection, formed during the Clinton administration, said
in a 1997 report that "our dependence on the information and communications
infrastructure has created new cyber-vulnerabilities, which we are only
starting to understand." Electronic transfers of money, distribution of
electrical power, the responses of emergency services and military command
and control are at risk, that report said.

President Clinton responded by starting such initiatives as the National
Infrastructure Protection Center, an organization within the F.B.I. that
works with law enforcement agencies and private companies to make systems
like the nation's computer networks more secure.

The early alerts were often dismissed as scaremongering. Dorothy E.
Denning, a Georgetown University professor of computer science, said she
was a skeptic until Sept. 11. "Now I feel a little bit more humbled," she
said. "You don't know what will surprise us next."

Soon after the terrorist attacks, President Bush named Richard Clarke, the
Clinton administration's counterterrorism czar, as special adviser for
cyberspace security. In an interview earlier this month, Mr. Clarke said
the Bush administration was organizing its counterterrorism efforts "in a
single strategy with people rowing in the same direction." He has his work
cut out for him: Congressional investigators announced recently that
two-thirds of federal agencies failed a governmentwide test of computer
security.

Cyberterrorism is unlikely to be the sole thrust of a terrorist attack,
said Jeffrey A. Hunker, dean of the Heinz School of Public Policy and
Management at Carnegie Mellon University and a former National Security
Council official. Instead, hacking would be used to further complicate
matters, perhaps by taking down key computers in financial or
communications industries, after a bombing. He places cybertools in a
different category from nuclear, biological or chemical "weapons of mass
destruction," which would directly cause injury or death. Cyberthreats,
instead, are considered weapons of mass disruption.

Up to now, most computer attacks could more accurately be defined as
"weapons of mass annoyance," as when intruders commit acts of vandalism
against Web sites. Last month, the National Infrastructure Protection
Center issued a warning that such "cyberprotests," including attacks on Web
sites, were likely.

Computer security experts, however, warn that they have begun seeing
evidence of increasingly potent attacks by hackers. One of the forms of
computer attack that is hardest to defend against, denial of service
attacks, is becoming more common and more disruptive. In a denial of
service attack, one computer is programmed to flood another with junk
messages that slow down the machine's performance and block legitimate
users.

On Oct. 22, the federally financed CERT Coordination Center at Carnegie
Mellon University published a memorandum outlining the nature of the new,
brawnier attacks, including attacks that focus on computers running
Microsoft (news/quote)'s Windows operating systems, which have proved more
vulnerable to attack than machines running the Unix operating system.

Attackers have also employed new "worms," like the recent Nimda, which
transmits destructive activity from computer to computer with greater
efficiency and power than ever before by combining several kinds of
attacks. Increasingly, these programs are being aimed at routers, which
direct traffic throughout the Internet. The effects of these denial of
service attacks "are causing greater collateral damage," warned Kevin J.
Houle, a researcher at the center.

No computer on the Internet is immune from denial of service attacks, said
Paul A. Vixie, a security expert who spoke at a meeting of the
International Corporation for Assigned Names and Numbers earlier this month
in Marina Del Rey, Calif., not even crucial machines that direct Web
surfers to sites, including the 13 "root" servers and the 10 top-level
domain servers. "The only thing that keeps a given server on the air on any
particular day is that no teenager with a $300 computer is angry enough at
that server's operators to feel like punishing them," he said in an e-mail
interview.

Security experts who monitor attempts at computer intrusion say that other
new tools and tricks are coming into use in that arena as well. In recent
weeks, computer security experts have come to believe that malicious
hackers have developed tools to take over computers using the Unix
operating system through a vulnerability in a nearly ubiquitous computer
communications protocol known as SSH.

Those experts say that they find the SSH flaw especially worrisome because
it could provide a hacker who successfully attacks it unrestricted access
to a computer. An intruder could gain access to machines linked to the
compromised computer, could destroy all of the data on the machine or could
use it to carry out denial of service attacks. "It's pretty nasty," said
Dan Ingevaldson, a security researcher at ISS, a major vendor of security
software and service.

The weakness in SSH has been identified since early this year, and many
system administrators have fixed the problem with patches, but until
recently the theoretical vulnerability had not been subjected to actual
attack. Recently, however, security experts have noticed a sharp increase
in probes by outsiders of a specific spot in their network known as Port 22
- the part of the system that SSH uses - presumably to see which machines
are still open to attack. "They wouldn't be doing the scanning if it wasn't
paying off for them," said Kevin L. Poulsen, editorial director of a
SecurityFocus, a company that provides computer security information.

New threats are always emerging, but they can be managed with proper
vigilance, said Steve Elgersma, a system administrator for the computer
science department at Princeton University. "We get bombarded by port scans
and probes from all over the world," he said. "We're aware of them, and
they're not getting through."

Most of the cyberworld is in private hands, making a unified defense
difficult, said Senator Robert F. Bennett, Republican of Utah and an early
proponent of greater preparedness against computer attacks. "Prudence
dictates that we are going to have this kind of problem," he said. "The
only question is when, and how seriously."

Mr. Clarke, the cyberterrorism adviser, said that he had already seen a
change in industry attitudes since Sept. 11. Interviewed by telephone
during a trip to Silicon Valley, he said, "I'm getting a remarkably
different perception than I did a year ago" when he was greeted with
skepticism. Now high-technology executives are more willing to talk about
building and buying more secure technologies, he said. "I think people
resonate with that now," he said.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com