Airport hack raises flags
By Paul Festa
Staff Writer, CNET NEWS.COM
March 19, 1998, 6:30 p.m. PT
news analysis The Justice Department's case this week against a teenage hacker
who temporarily disabled a local airport vividly demonstrated that a lot more
than files and funds are at stake in the war against hacking.
Now the nation's computer security hawks have a concrete example to prove
their argument that in a thoroughly networked age, malicious hacking can be a
matter of life and death.
Yesterday, the DOJ unsealed its case against a Massachusetts teenager who
succeeded in severely disabling telecommunications at a regional airport, in
the process cutting off vital services to the airport's control tower and
disabling incoming planes from turning on runway lights.
The case marked the nation's first charges against a juvenile hacker and
resulted quickly in a confession and plea bargain.
It also may serve in raising awareness about the dangers of computer
break-ins.
"This is really going to wake up a lot of people who might be asleep," said
Georgetown University computer science professor and noted security authority
Dorothy Denning.
The government recently has been warning about such threats and last month,
Attorney General Janet Reno announced that the government was forming a
special agency to investigate network security threats to the nation's
infrastructure.
Since then, the National Infrastructure Protection Center (NIPC) has begun
sounding an alarm that will undoubtedly ring with more frequency as hacking
incidents continue and the vulnerability of the nation's infrastructure
becomes clearer.
"The spectrum of threats in this new cyberworld is staggeringly broad," said
NIPC director Michael Vatis last week in a statement. "The Internet and other
advances in telecommunications do not merely give criminals new means to
commit old crimes. They also allow criminals and other malicious actors to
cause new types of harm that go well beyond the potential loss to the
individual victim and can affect our national economy and, indeed, our
national security."
The NIPC defines "critical infrastructures" as electrical energy and
telecommunications, transportation, gas and oil supply, the banking and
finance sector, water supply, emergency services, and government operations.
Security experts point out that these sectors have long been at risk, with
potentially life-threatening consequences.
"A lot of the nation's infrastructure is vulnerable to this kind of attack,"
Denning said. "There are serious vulnerabilities and serious risks...A lot of
life is at risk when you're screwing around with any life-critical services.
Screwing around with airport services is very, very bad."
Denning is currently writing a book on computer security risks. Entitled
Information Warfare: Playgrounds to Battlegrounds, the book examines the
threats posed from quarters as disparate as teenage hackers to adversaries
disabling enemy command and control in military conflicts.
"One could have attacks of a fairly serious nature in a wartime situation,"
said Denning, who noted that the United States had employed such means against
Iraq during the Persian Gulf War.
Denning said the Massachusetts attack on the airport's communications and
emergency systems was likely to draw attention to the issue of computer
security.
Among those already paying attention is Bell Atlantic, the telephone company
that the Massachusetts teen infiltrated in the incident last year to disable
the airport's telecommunications.
"We have significantly stepped up our security efforts [in response to the
breach], and they were significant to begin with," said John Johnson, a
spokesman for Bell Atlantic. "We have made changes on many levels of the
network, from hardware and software to a variety of operating procedures."
Bell Atlantic, along with the law enforcement agencies that investigated the
case, declined to give details on the vulnerability the hacker exploited for
fear of inspiring a new attack.
Meanwhile, as Bell Atlantic plugs holes and telcos and others involved with
critical infrastructures reexamine their security, the government is stepping
up its enforcement of computer crime law. In addition to the charges brought
against the Massachusetts teen, several government agencies were involved with
the arrest this week of three Israeli teens by the Israeli police regarding
the hacking of numerous government, corporate, and educational computer
networks both in the United States and abroad.
The FBI also is reporting that prosecution of computer crimes skyrocketed from
fiscal 1996 to fiscal 1997, with arrests up 950 percent from 4 to 42, and
convictions up 88 percent from 16 to 30.
But whether law enforcement will succeed in deterring computer criminals
remains to be seen. Analysts point out that a large number of hackers are
teenage boys, not considered to be the most socially responsible demographic
group. And another group of potential hackers lie outside the reach of U.S.
law enforcement altogether.
"The computer [is] a valuable tool, not just for modern-day criminals, but
also for terrorists and hostile nations that would do our country harm for
political ends," NIPC director Vatis warned last week in his statement.
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated
Received on Sun Mar 22 20:24:24 1998