, Washington Post 2003-03-18
The Department of Homeland Security is boosting efforts to monitor the Internet
for cyberterrorist and hacking incidents as the nation readies for war againstIraq.
The announcement was tied to the department's decision last night to raise the
national terrorist threat level to "code orange," indicating a high risk of
terrorist attack. The level was raised after President Bush set a 48-hour
deadline for Iraqi leader Saddam Hussein to leave his country or face a
U.S.-led invasion.
"We will continue to monitor the Internet for signs of a potential
terrorist attack and state-sponsored information warfare," Homeland
Security Secretary Tom Ridge said in a press conference Tuesday morning
to announce Operation Liberty Shield, a broad effort to heighten security
throughout the country.
The department said it would work with other government agencies to
guard against cyberattacks, and asked the private sector and Internet
users at large to report "unusual activity or intrusion attempts to
DHS or local law enforcement."
Cybersecurity experts have said during the past several months
that an online attack is more likely as the nation moves toward to
war.
"The thing that's interesting is that hacking attacks may not do a lot
of damage, but we'll probably see a lot of interest [from] skilled
programmers in the Middle East, China and Pakistan," said Jim Lewis,
director of the Technology Program at the Center for Strategic and
International Studies in Washington. "We probably will see an effort to do
something
back [to us]."
Despite the higher possibility of online aggression, the DHS
announcement adds nothing new to the government's cyber-defense
measures, said Alan Paller, research director for the SANS Institute,
a security research and education group based in Bethesda, Md.
"It sounds like what they've been saying each time they raise the
alert level: We're alert, but we're going to be even more alert now,"
he said.
Homeland Security Department spokesman David Wray acknowledged that
the cybersecurity alert is "nothing different than our previous orange
alerts" issued by the agency.
"The whole purpose of a more active, defensive posture is to make it
more difficult to create the kind of mischief or direct harm that
could occur [from an attack]," he said.
There have been no "specific indications" of an attack, Wray added.
Lewis called the DHS announcement a "feel-good" measure. "[I]t's something you
have to do. It's like on the airplanes when they take off and they say, 'Does
everyone have their seatbelt fastened?'"
Most hackers are often more interested in attention than destruction, Lewis
noted, citing "script kiddies" who might deface a government homepage with the
digital equivalent of graffiti.
More pernicious would be an assault on the Internet's underlying
infrastructure. Last October's denial-of-service attack on the Internet's key
root servers was labeled by some experts as the largest ever.
There have been several recent indications that hacking activity
continues unabated.
Last week, hackers exploited a previously unknown security flaw in
Microsoft's Windows 2000 Server to break into an undisclosed number of
U.S. Army computers, according to TruSecure, a Herndon, Va.-based
security company.
The vulnerability resides in one of the Internet's most widely used
Web server platforms. Hackers can exploit the weakness to take control of an
unprotected computer, which then can be used to launch attacks against other
systems.
The attack came days after security researchers warned users to be on
the lookout for a new version of the "Code Red" virus, a worm that first
appeared in the summer of 2001 that exploits other holes in the same Microsoft
software.
Much like its predecessor, the new Code Red virus is programmed to spread for
nearly three weeks before "waking up" and directing the collective power of all
infected machines to attack the White House Web site. The worm is unlikely to
do much damage, however, because it exploits a well-known security hole that
most system
administrators have already patched, security experts said.
The government recently consolidated many of its cybersecurity
operations into newly created Homeland Security Department in an
attempt to centralize its Internet monitoring and protection
activities.
Among the additions to the department is the Global Early Warning
Information System, which will use data from the telecom sector to monitor the
flow of Internet traffic. Another project, the Cyber Warning Information
Network, is expected to function as a separate data network that government
officials and the communications
industry can use as a hotline in case an attack takes out the World
Wide Web and traditional telephone communications.
washingtonpost.com staff writer Brian Krebs contributed to this report.
