Feds Alert to Web Security Threat

[InfoSec News <isn () c4i org>]

http://www.wired.com/news/business/0,1367,58139,00.html

By Joanna Glasner
March 21, 2003 PT

As the Department of Homeland Security urges Americans to be on high
alert for potential acts of cyberterrorism, many computer security
experts say military conflict doesn't change the fact that the Net is
already a pretty dangerous place.

"When it really gets down to it, we're getting security attacks on a
daily basis," said Vincent Weafer, director of Symantec Security
Response.

On an average day, the security software maker hears of five to 15 new
viruses. In a typical year, it finds several thousand widespread
vulnerabilities in computer systems. Web users and publishers fend off
denial-of-service attacks and intruders seeking to steal crucial data
on a daily basis.

Still, Homeland Security Secretary Tom Ridge's decision this week to
raise the nation's threat level to orange, indicating a high risk of
terrorist attacks, is causing computer security specialists to step up
their vigilance.

Ridge said his agency "will continue to monitor the Internet for signs
of a potential terrorist attack, cyberterrorism, hacking and
state-sponsored warfare." The department also encouraged companies and
individual Internet users to report unusual activity or intrusion
attempts to agencies like the National Infrastructure Protection
Center.

"We want to hear about probes, hacking attempts at sites and actual
intrusions. We would rather hear about everything, and sift through to
find ones that form part of a broader pattern and are more troubling,"  
said David Wray, Homeland Security spokesman.

Although the department did not disclose information about specific
acts of cyberterror to watch out for, Internet security and monitoring
firms view the warning as a good reason to keep closer tabs on all
suspicious activity.

"During a higher alert, the threshold of what we think is worth
looking at is set to a lower point," said Lloyd Taylor, vice president
of technology for Keynote Systems, a Web performance and testing
service. Activity that would not usually be tagged as suspicious will
be given a closer look, just in case.

According to Keynote's Internet Health Report, which is an hourly
snapshot of online traffic, several network hotspots experienced
congestion on Thursday. Keynote said traffic patterns were mostly
normal in the two days leading up to war, although some military
websites were difficult to access.

In particular, the U.S. Army's public homepage experienced severe
problems that started Monday and appear to be associated with Web
server capacity issues, according to Keynote's data. The U.S. Marine
Corps' public site also had problems on Wednesday that appeared to be
associated with bandwidth capacity.

As these examples illustrate, Taylor doesn't expect that a cyberterror
attack would focus on slowing the Internet as a whole. That would be
difficult, he said, considering Internet traffic can travel over so
many alternate routes if a portion of a particular network is down.  
It's more likely that attackers would attempt to cripple individual
sites.

While he doesn't track the motives behind security breaches, Brian
King, an Internet security analyst at the CERT Coordination Center,
said the volume of reported intrusions and attacks collected by his
organization have been fairly steady in recent weeks.

However, King said he has seen a high volume of distributed
denial-of-service attacks. These are often orchestrated by intruders
who break into broadband-connected home computers and use them as a
launch pad for other attacks.

In most cases, Symantec's Weafer said, the best way to protect against
cyberterror attacks is to maintain sound security: Install a firewall
and keep it updated, update virus definitions and install security
patches, and turn off unnecessary services or settings that could
allow intruders to get in. In other words, Weafer advises doing most
of the things home users know they're supposed to do but often
neglect.

But while cyberterror is a threat, Weafer said few security breaches
are politically motivated. The prospect of financial gain, or the
desire to show off technical skill, more often drive network
intruders.

Still, Homeland Security's Wray says it's common to see more
politically motivated hacks in times of conflict.

"In times of heightened political tension, we have traditionally seen
a spike in hacking and computer intrusions or attempted intrusions,"  
he said.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.