InformationWeek
Defining The Business Value Of Technology
|
November 13, 2000 |
 |
Beware Cyber Attacks
U.S. companies are becoming targets of political activists who know how to hack
By George V. Hulme and Bob Wallace
group of pro-Muslim hackers calling itself Gforce Pakistan last week defaced more than 20 Web sites and posted threats to launch an Internet attack against AT&T. The message on the sites, run by Israeli organizations and companies such as the World Peace Center, Borah Torah, and Centexchange.com, said there will be more attacks against Israel and its allies. It encouraged hackers to E-mail the group for the date and time of future hits.
The postings began just days after Lucent Technologies Inc. fought off a denial-of-service attack on its Web site that apparently was launched by a pro-Palestinian group. The company won't provide details on the attack or how it defended itself, but security experts suggest AT&T and Lucent were targets because of the amount of business they do with and within Israel.
Other U.S. companies need to be on the lookout. The number of politically motivated Web-site defacements, distributed denial-of-service attacks, and computer system break-ins is growing, in part because of simple, widely available "click-and-attack" tools and Web sites that make it easy for hackers--as well as anyone with a political grudge--to launch attacks.
The FBI's National Infrastructure Protection Center last month issued a public advisory that stated, "Due to the credible threat of terrorist acts in the Middle East region and the conduct of these Web attacks, recipients should exercise increased vigilance to the possibility that U.S. government and private-sector Web sites may become potential targets." It was the FBI's second such warning this year.
The Mideast isn't the only source of activity. Last week, both major U.S. political parties fell victim. A Republican National Committee Web site had to be taken down after it was altered with a pro-Al Gore message and a link to Gore's campaign Web site. Also, the Democratic National Committee's external E-mail system was shut down for several hours on Nov. 6 after repeated attacks. The DNC says it doesn't know where the attacks originated.
Security experts say system breaches by geopolitical and social activists are a serious and growing problem. While there's no way of knowing what percentage of them are politically motivated, last year there were about 3,700 Web-site defacements; so far this year, the number is nearly 4,200, according to Attrition.org, which tracks such infractions. InformationWeek reviewed 138 Web-site defacements that have taken place since Oct. 31, and 53 appear to have been political in nature, with messages ranging from the need to feed the hungry to anti-Israel, Palestine, and U.S. screeds.
Security analysts have coined a word to describe the politically motivated troublemaking: hacktivism. And they say no company or organization is safe. In June, hackers redirected Nike .com's traffic to the home page of a grassroots activist site, http://www.s11.org, which carried a message of protest against the Asia Pacific World Economic Forum held in September. S11 .org denied involvement in the 19-hour attack on Nike's site.
Convicted hacker Kevin Mitnick, recently paroled after spending more than five years in prison for break-ing into companies' computer systems, says most political hackers aren't just having fun--they're trying to send a message. "The bigger the target, the more the message gets reported, and the more effective it is," he says.
"I absolutely think there has been a rise in the political involvement of hackers," says "Tweety Fish," a member of the hacker group known as the Cult of the Dead Cow. "It's becoming more apparent that hackers have the potential to cause really meaningful debate and potential change."
Hackers aren't the only ones who've noticed a change. "These attacks represent a paradigm shift that scares me because they're fast becoming a fashionable and effective way to show political dissent and aggression," says Charles Neal, director of the elite CyberAttack Tiger Team at Exodus Communications Inc., the Web-hosting company. The team is charged with protecting Exodus' systems and those of its customers. "As more unhappy people around the world get comput-ers and Internet access, the number of these attacks will increase."
The threats come from all over. In May, 3Com Corp.'s computer systems were the subject of denial-of-service and other attacks from government buildings in Kosovo and Albania. "We thought it was kids at first, but government-sponsored terrorism is a new thing," says David Starr, senior VP and CIO for the networking equipment vendor, adding that 3Com was probably targeted simply for being a large American company.
Some IT managers are taking the threat seriously. "I'm concerned for a couple of reasons," says Steve Lopez, architect of enterprise infrastructure and networks at the National Board of Medical Examiners in Philadelphia. "If this keeps up on an international basis, you're definitely going to see the creation of heavy regulation on the Internet. And not a day goes by when my systems aren't probed for vulnerabilities so they could be used as zombie machines for these mass attacks."
J.P. Morgan & Co. in New York has dedicated security staff assigned to firewalls and intrusion-detection monitoring. "Because we use the Internet for trading, we're much more sensitive to hacktivism. We take security super-seriously," says Andrew Comas, the bank's head of technology research.
But not everyone seems concerned. AT&T says only one of its business customers has inquired about the latest threats. Jonathan Cohen, director of advanced IP services with AT&T's data and Internet services group, says companies should invest in managed firewall and intrusion-detection systems to reduce their susceptibility."Customers are at greater risk because more hackers are politically motivated to do harm," he says.
3Com's Starr agrees, noting that hackers are constantly probing his systems to see if they can be taken over and used surreptitiously. "I get thousands of attacks a week. From kids to criminals to foreign governments," he says. "Before we put firewalls in and started logging them, we didn't know it was happening, so it was getting through."
It has become easy to launch cyberattacks. "All someone needs to know to participate in a distributed denial-of-service attack is how to point and click," says Mike Assante, chief operating officer at security company LogiKeep Inc. The FBI has uncovered at least three Web sites that offer such automated launch pads. "This is the first time I've seen a client-server-enabled E-warfare application," says Chris Rouland, director of the X-Force vulnerability research team for Internet Security Systems Inc.
Earlier this year, a pro-Israeli site provided tools that visitors could use to attack Web sites affiliated with Hezbollah, an anti-Israel terrorist organization, Assante says. The setup involved more than 8,500 servers in both Israel and the United States to flood Hezbollah Web sites with hundreds of thousands of hits a day.
Not surprisingly, many companies are wary of revealing information about the measures they're taking to protect against hackers. But some IT managers are turning to experts to help them understand where the threats are coming from. "You'd be naive if you went into business in countries known for espionage and didn't have an understanding of the threat level," says Eddie Schwartz, assistant VP and CIO at Nationwide Insurance Cos., who subscribes to a LogiKeep service that informs him of hacking activities around the world.
Businesses are also installing sophisticated security measures. More than half of the 4,900 IT managers who responded to the Global Security Survey, conducted by InformationWeek Research and PricewaterhouseCoopers earlier this year, say they've implemented protocol filtering and deployed intrusion-detection tools. Exodus is testing an integrity-monitoring package that performs baseline analysis of files, then checks them for adds, deletions, or changes--as often as every 15 minutes.
Internet Security's Rouland suggests that companies deploy a moving-target approach to defend their Web systems, automatically rerouting traffic to another server. "The idea is that as soon as you see this sort of attack happening, you automatically start swinging around your system to move out of the fire," he says. "It's not something that eliminates the attack, but it mitigates it to a window of five to 10 minutes." Companies can also configure their upstream routers to temporarily block attacks.
Security professionals say such measures can only minimize threats, not eliminate them. "There's no prevention of these attacks," says AT&T's Cohen. "We're constantly on the defensive."
And all the experts agree that the nature and number of attacks is go-ing to get worse before it gets better. Says Exodus' Neal, "Once people realize how to use computers for information warfare, you've opened Pandora's box--with no way to close it."
--with additional reporting by Matthew G. Nelson and John Soat
Back to This Week's Issue
Send Us Your Feedback
Top of the Page
Lowe's seeking Systems Engineer III in Mooresville, NC
Univ of Michigan seeking University Ethical Hacker in Ann Arbor, MI
MAP Digital seeking Project Manager: Live Digital Events in New York, NY
cPanel Inc. seeking Internal Systems Developer in Houston, TX
Cirrus Design seeking Web Architect in Duluth, MN
For more great jobs, career-related news, features and services, please visit our Career Center.
Today's Top News
- Multivendor Xen Paints A New Model
- Rolling Review: Foundry's Network Design Builds In Capacity
- CIO Values: Paul Valle, CIO, Papa Gino's Pizzeria
- Startup Of The Week: IT Management Online
- A New Model: Open Source Software After It's Acquired
- SaaS Doubts Boost Remote Infrastructure Services
