Most Hacking Hides Real Threats

[William Knowles <wk () c4i org>]

http://www.wired.com/news/politics/0,1283,44955,00.html

By Steve Kettmann 
2:00 a.m. July 3, 2001 PDT 

MUNICH The high profile of such relatively inconsequential online
political warfare as denial-of-service attacks and playful site
defacement has the general public distracted from much graver risks.

That's especially true in Europe, according to experts, where many
Internet users are newer to the medium and less attuned to the dangers
of such threats as smart viruses.

"Do Europeans care about information warfare?" asks Christiane
Schultzki-Haddouti, a German journalist who specializes in information
warfare. "Not much. Compared to America, Europe is still sleeping."

"The media focus on the very vivid details of a hacked site," said
professor Hans-Bernd Brosius of the Department of Communication
Sciences at Ludwig-Maximilians University in Munich, which hosted a
cyberwar conference last weekend.

"We see the blatant details, but not the systems below."

Specifically, he referred to the sort of problem presented by
potential backdoors built into software systems like the one the U.S.
National Security Agency may or may not have in most Windows operating
systems, as reported in Wired News.

It made headlines when a kind of cyberwar erupted between China and
the United States earlier this year after a U.S. spy plane made an
emergency landing on Chinese soil, prompting a tense standoff. That
blew over quickly, although the fizzle over threatened major actions
may have been in part because U.S. corporations often do not go public
with word of successful cyberattacks, for fear of encouraging further
actions.

Do governments need to fear more of the same?

"Paradoxically, forcing terrorists off the Web is impossible, because
they set up sites in countries with free-speech laws," said Professor
Dov Shinar, head of the Hubert Burda Center for Innovative
Communications at Ben Gurion University of the Negev.

That, he said, leads to some grave questions.

"Recognizing that we are in the midst of an ongoing process, can the
activities of extremist groups on the Web create even wider
communities of the like-minded than was previously possible?" he
asked. "How universal are the findings on extremist groups, that the
use of slick and professional online images ... allows the new media
to break down boundaries and create a virtual world in which groups
can strategically blur and define boundaries between themselves and
other groups?"

Frank Lesiak, an analyst for Germany's Federal Information Agency,
said the focus on routine security and privacy issues diverts general
attention from much larger potential for trouble; for example, if
hostile governments or terrorists were to take a sophisticated,
long-term approach to wreaking havoc.

"We're not even hearing about the big dangers," he said. "Have you
read anything in the everyday press about crypto-viruses?" he asked.
"That's what we need to read about."

And yes, that is what Lesiak spends his nights worrying about: An
intelligent virus implanted by a military.

"Imagine a society that breaks down because the entire IT structure
breaks down," he said. "That kills people, not just bits and bytes."

Schultzki-Haddouti said the United States not only has the most to
lose from any such attacks, it also has the most to teach about them.

"Countries like Germany are importing the concept of information
warfare from the United States," she said.

Up until 1995, for example, she traced 10 U.S. developments, including
in 1992 the Pentagon's "first top secret directive TS-3600 on
'Information Warfare'" and the use of "computer network attacks" in
the U.S. operation in Haiti in 1994 to return Bertrand Aristide to
power. Over that same period, nothing much happened in Europe in this
area, she said.

The sophisticated approach to all aspects of information warfare
reflects years of sustained attention. Even so, that does not give the
U.S. military a monopoly on cyberwar techniques, as the NATO alliance
discovered when it encountered denial-of-service attacks during the
Kosovo campaign.

"In the end, Yugoslavia stands as an example that information warfare
will become an integral part of warfare," said Schultzki-Haddouti.

She cited media reports of cyberattacks on foreign bank accounts of
Serbian President Slobodan Milosevic and of suspected terrorist Osama
Bin Laden as examples of how far cyberwar can be taken.

In the last two years, Germany and the rest of Europe have tried to
make up for lost time. Otto Schily, Germany's interior minister, even
went so far as to float the idea of his government waging
denial-of-service attacks against U.S. ISPs that host neoNazi content.
But he later backed off the idea. While Schily and the German
government may refrain from such drastic tactics, it's clear
strategies that were once unthinkable are getting implemented in
online warfare.

"As cybercrime is on the rise due to the development of computer
networks on a global scale, information war will be even easier to
hide in the background noise of illegal, however unrelated activities
on the network," said Lesiak, the German intelligence expert. "It's
very difficult to assess what's really going on."



*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*


ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe () SecurityFocus com.