*CYBERSPACE BRACES FOR ESCALATION AND WAR
By Shawna McAlearney

Amid reports of hacktivism, the increasing likelihood of distributed
denial-of-service attacks and possible cyberterrorism, the U.S. is bracing
itself for the cyberspace component of the war on terrorism.

"We still have a system that is fragile, that is vulnerable to
sophisticated attacks," said national cybersecurity advisor Richard Clarke
in published reports. "Not to 14-year-olds, but to a sophisticated group,
or nation-state, with multiple simultaneous attacks. It could lead to
catastrophic damage to the economy, and, if done at a time of national
security crisis, it could lead to catastrophic damage to our national
defense."

According to a Reuters report, "Even as it fights in Afghanistan with
bombs and guns and allies on horseback, the U.S. military is gearing up to
use computers and code as potentially decisive weapons in the next phases
of its campaign. The goal would be to disable air defense systems,
scramble enemy logistics and perhaps infect software through tactics being
honed by a joint task force set up in 1999 under the Colorado Springs,
Colo.-based U.S. Space Command."

Diverse threats have caused varying levels of concern over the last few
years. Cyberthreats range from the defacement of Web sites by bored
teenagers to devastating malware that causes billions of dollars in damage
and lost productivity. Though we have yet to see terrorist groups--such as
Hizbollah, HAMAS, Abu Nidal and Al Qaeda--employ hacking or malware to
target critical infrastructures, their reliance on information technology
and acquisition of computer expertise are clear warning signs.

While damage caused by hacktivists--and even cyberterrorists--has been
minimal thus far, security experts predict that the nation's IT
infrastructure will certainly be a target in the future.

Calling cyberterrorism a very real threat, Leslie G. Wiser, Jr., chief of
the training, outreach and strategy section at the National Infrastructure
Protection Center (NIPC) testified before a Congressional subcommittee in
August.

"The prospect of information warfare by foreign militaries against our
critical infrastructures is perhaps the greatest potential cyberthreat to
our national security," said Wiser. "We know that many foreign nations are
developing information warfare doctrine, programs and capabilities for use
against the United States or other nations."

Awareness of the need for increased vigilance predates the Sept. 11
terrorist attacks.

"For attackers, viruses and worms are likely to become more controllable,
precise, and predictable--making them more suitable for weaponization,"
Dr. Lawrence Gershwin, national intelligence officer for science and
technology, told the Joint Economic Committee last June. "Advanced
modeling and simulation technologies are likely to assist in identifying
critical nodes for an attack and conducting battle damage assessments.
Most U.S. adversaries have access to the technology needed to pursue
computer network operations."

"For the next 5 to 10 years or so, only nation-states appear to have the
discipline, commitment and resources to fully develop the capabilities to
attack critical infrastructures," testified Gershwin.

In an October report, NIPC said "Cyberprotestors are becoming increasingly
more organized. . .and will certainly target infrastructure more often and
exploit opportunities to disrupt or damage it."

"Cyberattacks against the Afghan region are just a new target," says Jason
Wright, an industry analyst at Frost and Sullivan. "Before that it was
just rebels without a cause, hacking at will. But now there is political
motivation behind it."

The hacking group Young Intelligent Hackers Against Terrorism (YIHAT) was
formed in the wake of the Sept. 11 terrorist attacks--and has been
fighting with Pakistani hacker group Gforce ever since. The groups appear
to vie with one another for the most enemy sites defaced in the name of
their "cause."

However, some sites are falling victim to misguided hacktivists. A Web
site for the government of the Islamic State of Afghanistan was hacked and
forced offline with a flood of hate messages from hacktivists who didn't
note that it's an opponent of the Taliban regime.

And hacktivism isn't limited to the parties directly involved in the
conflict. Within days of the first U.S. air strikes on Afghanistan,
pro-Taliban Pakistanis defaced a number of Indian government computers,
posting messages in support of terrorist leader Osama bin Laden and his Al
Qaeda network.

Cheers!

News From Securty Wire Digest