Don't Underestimate Cyberterrorists, Experts Warn
Greater network dependence boosts risk of damage by cybervandals who code with vengence.Malaika Costello-Dougherty, Medill News Service
WASHINGTON-- The Internet is becoming a new battleground for warfare, according to experts concerned about the potential of a cyberattack to cripple the public infrastructure.
The recent Slammer worm, which blocked Internet traffic and crippled some corporate networks for most of a weekend, is just a watered-down version of a cybercrisis that could disrupt everything from banks to water supplies, critics say.
Among the critics is White House cybersecurity adviser Richard Clarke, who has urged greater attention to potential security breaches online. In an e-mail announcing his resignation from the National Security Council, he cautioned, "As long as we have vulnerabilities in cyberspace and as long as America has enemies, we are at the risk of the two coming together to severely damage our great country."
The Slammer was a dumb worm that only began its possible damage, and slightly modified could have been significant, Clarke says. The Internet is a largely underrated as an attack medium, he added.
Wielding Cyberweapons
The power of the Internet and computers as tools for political causes is not unknown to some cyber-savvy activists, notes Ken Dunham, a senior intelligence analyst at the security firm iDEFENSE.
These so-called hactivists increasingly break computers for political reasons and during conflicts, Dunham says.
In the Mideast conflict, pro-Palestinian hackers have successfully taken down Web sites of the Israeli Parliament, the Israeli Defense Force, the Foreign Ministry, the Bank of Israel, the Tel Aviv Stock Exchange, and others, according to a report by Dartmouth College's Institute for Security Technology Studies. Dartmouth's study charts how political cyberattacks often precede physical attacks.
Cyberattacks after U.S.-led military action are "extremely likely" and could possibly be catastrophic, according to the report. Information systems--like electrical infrastructures, water resources, and oil and gas--should be considered likely targets, it warns.
A known hacker who claims to have created many viruses is threatening to attack the United States with a worm if the country attacks Iraq. He has the capacity to make good on the threat, Dunham says.
While this hacker claims association with al Qaida, it appears he is really a sympathizer, Dunham says. The average hacker is a male in his teens or early twenties with time on his hands who seeks notoriety. While cyberattacks can take a variety of forms and may originate from terrorist groups or targeted nation states, they are more likely to be launched by sympathizers or thrill-seekers, according to the institute's report.
Spotting Spoofs
Hackers may find Internet vulnerabilities in minutes with scamming tools found on the Web, Dunham says. They can change legitimate sites to spread misinformation and create look-alike sites. CNN and other high-profile sites are often the target of spoofs.
But savvy surfers can spot imitations, Dunham notes. Spoofed sites can often be recognized because an @ symbol appears in the link. However, Web defacements with misinformation and political messages are executed daily in the Middle East, Dunham says.
Last December, a 19-year-old hacker known as Koko collapsed the Iraqi Information Ministry Web site by loading it with viruses, Dunham said. The cybervandal was previously part of the al-Qaida "electronic jihad," which continues to threaten cyberterrorism.
Growing Concern
While the al-Qaida and Iraqi official capacities for cyberattacks are uncertain, it is clear that PCs and networks remain vulnerable.
In 2002, the severity of threats increased along with computer vulnerabilities, according to a recent Internet threats report by security company Symantec. The report warns that blended threats--which combine worms, viruses, and Trojan horses--represent the greatest threat to Internet security.
Government agencies are joining security firms in urging users to install security software and adopt practices to protect systems and data. For example, the Federal Trade Commission recently endorsed a free guide to safe computing for end-users.
"The reality of computing today is that every single computer makes a difference, Dunham says. "Even a home user's computer could be used to attack the White House."