FAS | Government Secrecy | November 2000 News ||| Index | Search | Join FAS

November 13, 2000

U.S. may face net-based holy war;
Experts say sites are woefully unprepared

By Dan Verton

As hacker groups in the Middle East threaten to launch a "cyber-Jihad," or electronic holy war, against companies with ties to Israel, security experts said Internet security at most U.S. companies remains woefully inadequate to defend against such attacks.

Pro-Palestinian hacker groups, some of which have links to international terrorist Osama bin Laden and anti-U.S. terrorist organizations, have vowed to launch a new round of cyberattacks as part of an ongoing wave of violence that began this fall between Israelis and Palestinians. As of last week, pro-Palestinian hackers had attacked as many as 40 Web sites around the world, and pro-Israeli groups had hit more than 15.

To date, both sides have managed to penetrate Web servers and deface Web pages as part of a sustained disinformation campaign, and they have also been successful in keeping major service providers off-line through various denial-of-service techniques.

Just last week, hackers attacked Lucent Technologies Inc. However, a spokesperson for the Murray Hill, N.J.-based company said that no damage was done and that it was "business as usual" for the site.

A spokesman for the FBI confirmed that the attacks "have moved beyond what we've seen in the past in terms of sophistication." In fact, some hackers have been sharing information on specific port vulnerabilities on individual systems, the spokesman said.

Security and intelligence experts warn that pro-Palestinian groups have entered a new phase in the conflict that aims to attack "Zionist" e-commerce sites in the U.S. and Israel, as well as other high-profile sites that could help publicize their cause.

An intelligence report issued by Internet security firm iDefense Inc. in Fairfax, Va., uncovered evidence on hacker message boards that popular U.S. Web sites such as those of Yahoo Inc., CNN and AT&T Corp. might be on the list. Those companies declined to comment.

There are also clear signs that plans may be in the works for a major denial-of-service attack against U.S. sites. A pro-Palestinian group known as Unity has said publicly that if its Web sites are hacked by opponents, it will begin "attacking Zionist e-commerce sites with millions of dollars of losses in transactions."

In another case, a member of the Xegypt hacker group who goes by the name ReALiST posted a message on an Arab hacker bulletin board asking for help to do just that.

"I'm thinking of installing [Tribal Flood Network 3000] servers and doing the CNN.com and Yahoo.com thing again any one in, mail me quick [sic]," the message stated.

Pro-Palestinian hackers have also deployed a FloodNet-type tool known as "defend," and are currently using it to attack at least seven targets, according to iDefense.

Defend requests nonexistent pages on targeted sites by calling for Web site addresses based on the current date to defeat Web-cache-related security mechanisms, which in the past have prevented hacker penetrations.

Unheeded Warning

The FBI and security vendors have been issuing warnings about such attacks, but most U.S. companies nonetheless remain unprepared for them, experts said.

One recent audit showed that 97% of U.S. firms are vulnerable to the tactics being used by pro-Palestinian hackers, according to Peggy Wiegle, CEO of Sanctum Inc., a Santa Clara, Calif.-based company that has helped defend Israeli government Web sites.

For example, Wiegle said, most sites don't have security software installed that is capable of blocking hackers who break into back-end systems through vulnerable Web browser applications such as shopping carts. "A badly protected Web site is like a portal into your back-end systems," said Wiegle.

And timing could be an important factor as U.S. retailers enter what they expect could be a $19 billion online holiday-sales season. Any disruption to the holiday season would certainly "make a lot of noise," said Richard Hunter, managing vice president and research director for e-metrics at Stamford, Conn.-based Gartner Group Inc.

"Timing is key, because timing is linked to publicity," Hunter said.

However, while attacks could put a temporary damper on online sales, any large-scale economic impact resulting from such attacks is unlikely, said Steven Aftergood, an intelligence specialist at the Federation of American Scientists in Washington.

Martin Libicki, a defense analyst at the Washington-based policy think tank The RAND Corp., said he agreed and added that the tactics of the pro-Palestinian hackers may actually hurt their cause. "Palestinian strategy should attempt to separate the United States from Israel," Libicki said. "This clueless tactic cannot help but do the opposite."

Copyrightę 2000 Computerworld

FAS | Government Secrecy | November 2000 News ||| Index | Search | Join FAS