- Email: [email protected]
Information warfare — The next front
Computers & Security Vol. 18, No. 2
Consultants Aggressor
cited the hacking group New network-attack software, which
Order’s invites
amateurs to register for a full copy on the promise that they will receive hidden tools to mount stronger attacks on their victims. “We could be looking at half a dozen teenagers doing cracking on behalf of New
Nokia runs IP440 firewall and NAT with log analysis, so Brace could see the hackers first tried to ping every IP address, then
probed
Order”, warned Internet Security Systems security expert Kevin Black. “It’s: ‘Here’s a toy to play with’,
“I believe
then: ‘Thank
you, soldier.“’
of the more
The
of Java
much
of the probing
serious
not easy to identify growth
another
programming
new trick, where
crackers
build Java cracking
secret. hacking
group
is automated
in a trace”, Brace
HackCanada
is encouraging
Information Warfare Front
HackCanada adopted the tactic after a cracker received a warning from a corporate network administrator who detected him using the Phf script in its
Combating defence in
native Python
puter experts who could respond ic terrorist attacks”, said Clinton.
form. for network
The Next
requested
forms of terrorism”, attacks.
these menaces will the next century”,
expenditures
would
“dominate national Clinton said. The
include quickly
hiring
“com-
to electron-
administrators,
Axent security consultant David Butler warned teenagers and students who collected cracking tools to impress their peers would quickly try them out. “Cracking attempts rise by a factor or three or four during school holidays”, Butler told a joint ToshibaInflo security presentation earlier this month.
Picture this scenario: North Korea hires 35 hackers to crack US defence systems with commercially available equipment and software downloaded from the Internet. Their mission: to prevent the US Air Force from flying over Korea. Without
The
said.
The next world war could be waged on the Net. At least that’s what security pundits are saying, following President Clinton’s request for $2.8 billion of the budget to go toward fighting “exotic from chemical warfare to online
warning
and some
attacks are spread out so they are
crackers to rewrite the Python network-scanning script Phf in Java so it can be loaded into Web surfers’ browsers during a visit to an innocuous-looking site.
And in a gloomy
ports such as the
skills lies behind
software into Web-sites. When surfers browse the site, the program returns the surfer’s IP address to network security tools’ logs, leaving the cracker’s real location a
Canadian
for specific
default ports for Back Orifice (31337 and 1234) and port 80. (Back Orifice lets crackers gain control of a remote PC and is often hidden as aTrojan in games.)
news came
shortly after security experts learned available authenticator the freely password Tcpwrapper had been rewritten and redistributed in a form that sends passwords it finds to an anonymous Hotmail address. “It’s a shift in the mentality of cracking”, said Black. “It’s the difference between the men and the boys.” “We have been under constant attack by hackers since said Nokia Telecommunications’ Europe, Christmas”, Middle East, and Africa marketing director Bob Brace. The company had detected 24 000 cracking attempts since October last year, he said.
actually
breaking
any countries’
laws, the 35
tricksters work their way into the power grids and 911 emergency phone lines in 12 US cities, and shut them down. With a similar degree of ease, the nefarious hackers then gain control of 36 computers at the Pentagon. All of this happens within four days. And army and navy generals are unable to tell that the ludicrous commands they are receiving from the warped systems are bogus. The Pentagon recently ran a simulation of this hypothetical event, an exercise it called the Cyber Receiver, to illustrate the threat to national security. Now security activists are pointing to such examples in the wake
101
Security Views/Dr. B/l/ Hancock
of Clinton’s commitment to fighting cyber warfare. “We as consumers are all vulnerable to such attacks”, insists James
Adams,
CEO
of iDefense
and author
of
The Next World War: Computers Are the Weapons and the Front Line Is Everywhere - A Study Of Information Warfare, along with 11 other treatises on such topics. Adams recently iDefense, whose infrastructure
founded mission
Infrastructure is to “defend
from cyberspace
Adams’ organization
Defense, or the critical
Students in Virginia Hacks NASA A freshman Virginia, Clemson
at James Madison
High School
invienna,
has been jailed after allegedly hacking into University’s computer system and causing
thousands of dollars in damage, and then trying to enter NASA’s system from a computer in his school library.
threats”.
is effectively
a consultancy
look-
An IS-year-old Clemson charged in the case, accused
student also has been of giving the 15-year-old
ing to cash in on a heightened level of security hysteria. Not content to use the word ‘hacking’ to describe security breaches, Adams sounds the alarm bell with
Vienna enabled network
cries of ‘cyber terrorism’. nation attacking another espionage, criminal theft
Clemson incident, Fairfax County police seized the Vienna student’s home computer, but a week later the youth allegedly tried and failed to hack into com-
These acts can include one in a time of war, economic or blackmail, or your more
traditional hacking by disenchanted employees and geeks with nothing better to do on a Saturday night, according to Adams.
youth the user IDS and passwords that entry to the computer science laboratory’s at the South Carolina school. After the
puters at the Administration. The Vienna
Alas, there is no security system strong enough to battle all of these fiends, but iDefense says it will help businesses find the right security solutions. The firm plans to build up ‘red teams’ squads of superhackers who will test the strength of systems that purport to be secure. This will be part of a certification methodology that iDefense will use to evaluate guarantee the safety of company infrastructures Web sites. Microsoft
has joined
as a ‘charter
member’
and and
of the
National
student
Aeronautics
was arrested
charged
17.The hacker removed on numerous computers
parts of the operating system in the department’s comput-
The break-in required rebuild the department’s
102
here. Let’s prevent
it.”
of
The FBI and police in South Carolina unraveled the chain of events after someone entered the computer science department’s computers the weekend of Oct.
Companies to protect
happen
Feb. 1 on charges
with crimes.
er lab, causing the cancellation classes and impeding several Fairfax County court records.
protect our national security. Most of the security protecting the public is owned by the private sector”, says Adam Stone, aVP at Microsoft. “We have a lot of products in installations that are required to be secure: in law enforcement, the legal profession and national security. All of the big wars in this country never happened here, but with pervasive computing, it could
Space
felony computer trespass and misdemeanor computer fraud and taken to the county’s juvenile detention centre. His father declined comment last night. The Washington Post generally does not identity juveniles
organization, helping iDefense hatch its plans. [Defense is also trying to solicit Fortune 500 companies to join, at $1 million a pop, says Adams. may be willing to fork over the cash themselves. “We believe it’s important to
and
of several computer others, according to
Clemson operating
programmers to system and reissue
more than 1500 user identifications.The episode cost Clemson’s computer science department about $6300, university Police Chief Lonnie Saxon said. FBI agents tracked down the student whose user identification had been used to enter the computer system, and he reportedly told agents he had given his password to a 15-year-old living in Virginia. The agents tracked the 15-year-old to his Internet
Consultants Aggressor
cited the hacking group New network-attack software, which
Order’s invites
amateurs to register for a full copy on the promise that they will receive hidden tools to mount stronger attacks on their victims. “We could be looking at half a dozen teenagers doing cracking on behalf of New
Nokia runs IP440 firewall and NAT with log analysis, so Brace could see the hackers first tried to ping every IP address, then
probed
Order”, warned Internet Security Systems security expert Kevin Black. “It’s: ‘Here’s a toy to play with’,
“I believe
then: ‘Thank
you, soldier.“’
of the more
The
of Java
much
of the probing
serious
not easy to identify growth
another
programming
new trick, where
crackers
build Java cracking
secret. hacking
group
is automated
in a trace”, Brace
HackCanada
is encouraging
Information Warfare Front
HackCanada adopted the tactic after a cracker received a warning from a corporate network administrator who detected him using the Phf script in its
Combating defence in
native Python
puter experts who could respond ic terrorist attacks”, said Clinton.
form. for network
The Next
requested
forms of terrorism”, attacks.
these menaces will the next century”,
expenditures
would
“dominate national Clinton said. The
include quickly
hiring
“com-
to electron-
administrators,
Axent security consultant David Butler warned teenagers and students who collected cracking tools to impress their peers would quickly try them out. “Cracking attempts rise by a factor or three or four during school holidays”, Butler told a joint ToshibaInflo security presentation earlier this month.
Picture this scenario: North Korea hires 35 hackers to crack US defence systems with commercially available equipment and software downloaded from the Internet. Their mission: to prevent the US Air Force from flying over Korea. Without
The
said.
The next world war could be waged on the Net. At least that’s what security pundits are saying, following President Clinton’s request for $2.8 billion of the budget to go toward fighting “exotic from chemical warfare to online
warning
and some
attacks are spread out so they are
crackers to rewrite the Python network-scanning script Phf in Java so it can be loaded into Web surfers’ browsers during a visit to an innocuous-looking site.
And in a gloomy
ports such as the
skills lies behind
software into Web-sites. When surfers browse the site, the program returns the surfer’s IP address to network security tools’ logs, leaving the cracker’s real location a
Canadian
for specific
default ports for Back Orifice (31337 and 1234) and port 80. (Back Orifice lets crackers gain control of a remote PC and is often hidden as aTrojan in games.)
news came
shortly after security experts learned available authenticator the freely password Tcpwrapper had been rewritten and redistributed in a form that sends passwords it finds to an anonymous Hotmail address. “It’s a shift in the mentality of cracking”, said Black. “It’s the difference between the men and the boys.” “We have been under constant attack by hackers since said Nokia Telecommunications’ Europe, Christmas”, Middle East, and Africa marketing director Bob Brace. The company had detected 24 000 cracking attempts since October last year, he said.
actually
breaking
any countries’
laws, the 35
tricksters work their way into the power grids and 911 emergency phone lines in 12 US cities, and shut them down. With a similar degree of ease, the nefarious hackers then gain control of 36 computers at the Pentagon. All of this happens within four days. And army and navy generals are unable to tell that the ludicrous commands they are receiving from the warped systems are bogus. The Pentagon recently ran a simulation of this hypothetical event, an exercise it called the Cyber Receiver, to illustrate the threat to national security. Now security activists are pointing to such examples in the wake
101
Security Views/Dr. B/l/ Hancock
of Clinton’s commitment to fighting cyber warfare. “We as consumers are all vulnerable to such attacks”, insists James
Adams,
CEO
of iDefense
and author
of
The Next World War: Computers Are the Weapons and the Front Line Is Everywhere - A Study Of Information Warfare, along with 11 other treatises on such topics. Adams recently iDefense, whose infrastructure
founded mission
Infrastructure is to “defend
from cyberspace
Adams’ organization
Defense, or the critical
Students in Virginia Hacks NASA A freshman Virginia, Clemson
at James Madison
High School
invienna,
has been jailed after allegedly hacking into University’s computer system and causing
thousands of dollars in damage, and then trying to enter NASA’s system from a computer in his school library.
threats”.
is effectively
a consultancy
look-
An IS-year-old Clemson charged in the case, accused
student also has been of giving the 15-year-old
ing to cash in on a heightened level of security hysteria. Not content to use the word ‘hacking’ to describe security breaches, Adams sounds the alarm bell with
Vienna enabled network
cries of ‘cyber terrorism’. nation attacking another espionage, criminal theft
Clemson incident, Fairfax County police seized the Vienna student’s home computer, but a week later the youth allegedly tried and failed to hack into com-
These acts can include one in a time of war, economic or blackmail, or your more
traditional hacking by disenchanted employees and geeks with nothing better to do on a Saturday night, according to Adams.
youth the user IDS and passwords that entry to the computer science laboratory’s at the South Carolina school. After the
puters at the Administration. The Vienna
Alas, there is no security system strong enough to battle all of these fiends, but iDefense says it will help businesses find the right security solutions. The firm plans to build up ‘red teams’ squads of superhackers who will test the strength of systems that purport to be secure. This will be part of a certification methodology that iDefense will use to evaluate guarantee the safety of company infrastructures Web sites. Microsoft
has joined
as a ‘charter
member’
and and
of the
National
student
Aeronautics
was arrested
charged
17.The hacker removed on numerous computers
parts of the operating system in the department’s comput-
The break-in required rebuild the department’s
102
here. Let’s prevent
it.”
of
The FBI and police in South Carolina unraveled the chain of events after someone entered the computer science department’s computers the weekend of Oct.
Companies to protect
happen
Feb. 1 on charges
with crimes.
er lab, causing the cancellation classes and impeding several Fairfax County court records.
protect our national security. Most of the security protecting the public is owned by the private sector”, says Adam Stone, aVP at Microsoft. “We have a lot of products in installations that are required to be secure: in law enforcement, the legal profession and national security. All of the big wars in this country never happened here, but with pervasive computing, it could
Space
felony computer trespass and misdemeanor computer fraud and taken to the county’s juvenile detention centre. His father declined comment last night. The Washington Post generally does not identity juveniles
organization, helping iDefense hatch its plans. [Defense is also trying to solicit Fortune 500 companies to join, at $1 million a pop, says Adams. may be willing to fork over the cash themselves. “We believe it’s important to
and
of several computer others, according to
Clemson operating
programmers to system and reissue
more than 1500 user identifications.The episode cost Clemson’s computer science department about $6300, university Police Chief Lonnie Saxon said. FBI agents tracked down the student whose user identification had been used to enter the computer system, and he reportedly told agents he had given his password to a 15-year-old living in Virginia. The agents tracked the 15-year-old to his Internet