FBI Warns Of Cyberthreats As Tensions Climb

The bureau's cybersecurity arm says the crisis with Iraq and increased problems with North Korea may trigger cyberattacks on U.S. networks.

InformationWeek Staff, Contributor

February 14, 2003

4 Min Read

The National Infrastructure Protection Center, the FBI's cybersecurity arm, is warning that increased global stress over possible war with Iraq and the growing concern over North Korea may lead to cyberattacks on U.S. networks.

"Recent experience has shown that during a time of increased international tension, illegal cyberactivity--spamming, Web defacements, denial-of-service attacks, etc.--often escalates," the center's warning says. Attacks could come from outside the United States, including state-sponsored attacks from countries such as Iraq or North Korea, or from so-called "patriotic hacking" efforts of rouge code-makers aiming to disrupt other countries' computer infrastructures.

"As tensions rise," the FBI says, "it is prudent to be aware of and prepare for this type of illegal activity."

Two years ago, during a dustup between China and the United States over the forced landing of an American spy plane, hackers on both sides waged a monthlong tit-for-tat battle, although the damage, primarily site defacement, was relatively minor and sites were generally restored within hours. "We saw a big increase in what's called 'patriotic hacking' then," says an NIPC spokesman.

"The key word here is 'vigilance,'" he says. Keeping your eyes open to any unusual activity, he says, is always a good idea, but especially so when tensions mount. What may not have been suspicious before, he notes, may be important now.

The advisory makes several recommendations to computer network administrators, such as updating antivirus software, watching for malicious file attachments that may come in messages sporting patriotic subject heads, and informing employees of the increased threat of danger.

Other things that companies can do amount to "best-practices" suggestions, which a company should have already implemented for general security purposes. These include using Web-content and E-mail filters to stop threats at the network edge and having recovery-and-response plans in place in case an attack succeeds.

"The most important thing is to review your best practices," says Vincent Weafer, Symantec Corp.'s chief virus hunter and the senior director of the company's Security Response Center. That includes everything from having recovery and restart procedures ready to making sure that there are no back doors to the company's network.

"Decide which company assets are the most important," he says, and layer security around them accordingly. Think of layering "as putting something inside a safe, inside a locked room, inside a building."

Companies that have these kinds of practices in place and active, Weafer says, have little to worry about. "If you're protecting against generic hackers, you're protecting against the other" such as hacktivist and code terrorists.

The NIPC spokesman agrees: "An attack is an attack is an attack. Regardless of the motive, instituting best security practices is the best defense."

Small businesses and at-home users, whether consumers or telecommuters, traditionally are most at risk to attack, including any potential threat stemming from international tensions, Weafer notes. "When you get down to the home-office level," he says, "it's really a matter of getting the word out that threats exist."

The FBI's alert goes to special lengths to warn administrators that not every possible attack would originate outside the United States. In fact, while the possibility exists of attacks by hacktivists on both sides of the crisis--those motivated to do Iraq harm as well as those sympathetic to the "no-war" movement--it also says that nonpolitical hackers may try to take advantage of the crisis to throw their code into the mix.

Along those lines, the FBI says security administrators should be on the alert for E-mail with patriotic titles intended to entice users to open files carrying damaging payloads. "Malicious code (e.g., worms and viruses) can be introduced to spread rapidly by using patriotic or otherwise catchy titles, encouraging users to click on a document, picture, word, etc., which automatically spreads the damaging code," the alert says.

"Regardless of the motivation, the U.S. government does not condone so-called 'patriotic hacking' on its behalf," the warning says. Such activities, no matter what the reason, are felonies, the FBI says.

You can view the advisory on the NIPC Web site, which also contains a form for submitting a threat report to the FBI. The NIPC spokesman encourages both companies and individuals to regularly check the center's Web site for further developments.

Among the links posted in the FBI's advisory that enterprise administrators can use to pull up security checklists are those to the CERT Coordination Center, Microsoft, and the SANS (SysAdmin, Audit, Network, Security) Institute.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights