Forwarded From: iteam@iwarfare.com
I N F O R M A T I O N W A R F A R E - N E W S B R I E F S
Friday 10 July, 1998
Articles for today:
1. Terrorism at the touch of a keyboard Possible
2. U.S. Navy Busier Than in Cold War
3. Britain, Ireland on diffent encryption paths
4. Hackers target SA millions
-------------------------------------------------------------------------------
Terrorism at the touch of a keyboard Possible targets: anything run by
computers
(U.S. News & World Report; 07/13/98)
Not long ago, if a terrorist wanted to cause a blackout in, say, New
York, it would have taken some work. He might have packed a truck with
explosives and sent it careening into a power plant. Or he might have
sought a job as a utility worker so he could sabotage the electrical
system. But now, intelligence experts say, it's possible for a trained
computer hacker to darken Gotham from the comfort of home. Worse, his home
might be as far away as Tehran, Iran. Worse yet, warned CIA director
George Tenet recently, he may enjoy the full backing and technical support
of a foreign government.
In a closed briefing to Congress, the CIA chief said at least a dozen
countries, some hostile to America, are developing programs to attack
other nations' information and computer systems. China, Libya, Russia,
Iraq, and Iran are among those deemed a threat, sources later said.
Reflecting official thinking, no doubt, the People's Liberation Daily in
China notes that a foe of the United States "only has to mess up the
computer systems of its banks by hi- tech means. This would disrupt and
destroy the U.S. economy." While the specifics are classified, a new
National Intelligence Estimate reports at least one instance to date of
active cybertargeting of the United States by a foreign nation. Officials
are worried because so much of America's infrastructure is either driven
or connected by computers. Computers run financial networks, regulate the
flow of oil and gas through pipelines, control water reservoirs and sewage
treatment plants, power air traffic control systems, and sustain
telecommunications networks, emergency services, and power grids. All are
vulnerable. "An adversary capable of implanting the right virus or
accessing the right terminal," Tenet said, "can cause massive damage."
Two years ago, a Swedish hacker wormed his way through cyberspace from
London to Atlanta to Florida, where he rerouted and tied up telephone
lines to 11 counties, put 911 emergency service systems out of commission,
and impeded the emergency responses of police, fire, and ambulance
services. There have been many domestic cyberattacks as well. The number
of pending FBI cases involving computer crimes--a category that includes
computer infrastructure attacks and financial crimes--increased from 128
in 1996 to about 550 today.
Too many 911s. Last year, intelligence officials got a glimpse of what's
possible during an information-warfare exercise named Eligible Receiver.
The secret war game began with a set of written scenarios in which energy
and telecommunications utilities were disrupted by computer attacks. In
one scenario, the attackers targeted the 911 emergency phone system by
telling Internet users there was a problem with the system. The scenario
posited that people, driven by curiosity, would phone 911 and overwhelm
the system. Eligible Receiver culminated when three two-person "red
teams" from the National Security Agency actually used hacker techniques
that can be learned on the Internet to penetrate Department of Defense
computers. After gaining access to the military's electronic message
systems, the teams were poised to intercept, delete, and modify all
messages on the networks. Ultimately, the hackers achieved access to the
DOD's classified network and, if they had wished, could have denied the
Pentagon the ability to deploy forces. In another exercise, the DOD found
that 63 percent of test attacks on its own systems went undetected. In
February, the FBI raided the homes of two California high school
sophomores. Their hacker assaults on the Pentagon, NASA, and a U.S.
nuclear weapons research lab were described by a deputy defense secretary
as "the most organized and systematic attack" on U.S. computers ever
discovered. To make the Pentagon attack hard to trace, the hackers routed
it through the United Arab Emirates. They were directed by a teenage
hacker in Israel.
To help industries fend off hacker attacks, both foreign and domestic,
the government has created the National Infrastructure Protection Center,
to be staffed by 125 people from the FBI, other agencies, and industry.
Recent events make clear that tighter defenses are needed. A year ago, a
boy only 14 with a home computer disabled control-tower communications at
a Worcester, Mass., airport for six hours. Jim Trainor, executive director
of security at Bell Atlantic, says the loopholes the teenager exploited
have been closed. But no computer environment is totally secure.
Preventing hacker attacks is "like a never-ending journey," Trainor says.
"You will never get there."
(Copyright 1998)
-------------------------------------------------------------------------------
U.S. Navy Busier Than in Cold War
(AP Online; 07/08/98)
LONDON (AP) The United States Navy is almost three times busier in the
post-Cold War era than it was before 1990, U.S. Navy Secretary John Dalton
said Wednesday.
American ships have taken part in peacekeeping operations, humanitarian
missions, and international crises like the recent confrontation with
Iraq, he said.
Dalton questioned Navy budget cuts this decade, saying sufficient funds
are needed to maintain the Navy's high standards.
"Talk of greater quality for our armed forces means, today, a heavy
investment in the promises of information warfare and modern technology,"
he said in a speech to the Royal United Services Institute for Defense
Studies.
Dalton said high-tech ballistic missile defense systems are necessary
to security, as more nations gain missile technology.
"This kind of threat means real capital investment that often goes
head-to- head with public perceptions that a post-Cold War world means
smaller navies and less spending," he said.
Dalton also argued that the need for highly effective naval forces will
increase in the 21st century.
He cited threats posed by the proliferation of weapons of mass
destruction, terrorism, religious fundamentalism and international
organized crime.
-------------------------------------------------------------------------------
Britain, Ireland on diffent encryption paths
(Reuters; 07/09/98)
By Wendy Grossman LONDON (Wired) - As computer security issues move to
the United States' political, legislative, and judicial front burners,
recent announcements across the Atlantic indicate that the UK and Ireland
are waking up to the importance of the encryption debate and taking
dramatically different approaches to the issue. Last week, the UK's
Department of Trade and Industry said it would extend regulations banning
the unlicensed export of military technologies, including transmission by
intangible means: e-mail, Web publishing and other computer networks.
Like the United States, the British government is effectively trying
to put a lock on the spread of robust data-scrambling techniques, or
encryption. Unlike the US, where the Clipper Chip of 1993 sparked debate
that has only grown more heated in the ensuing years, Britain has seen
little public discussion of encryption.
Instead, hoping not to disturb the UK's placid crypto waters, the
British trade department has characterized its export control proposals as
simply closing loopholes in existing laws. But the use and nature of
cryptography has changed radically since the original encryption laws were
passed in 1939, on the eve of World War II. By contrast, the Republic of
Ireland released a policy paper, "A Framework for Ireland's Policy on
Cryptography and Electronic Signatures," on June 24. The paper positions
Ireland as an unrestricted global ecommerce hub. "The production, import,
and use of encryption technologies in Ireland shall not be subject to any
regulatory controls other than obligations relating to lawful access," the
framework document states. The Irish document makes no mention of "key
recovery," a scheme championed by US intelligence agencies that would give
law enforcement back-door access to scrambled communication. The Irish
approach to law enforcement access to data is comparatively liberal. In
cases where access to encrypted information was deemed vital to criminal
investigations, authorities would obtain a court order asking the data's
owners to turn over the "plaintext" of the sealed information, or supply
"keys or algorithms" to unlock the data themselves.
Such a provision, if legislated, would preclude law enforcement from
having its own set of universal keys, a key sticking point in the US
encryption controversy. The difference between Irish and British policies
reflects in part Ireland's alignment with Europe, rather than Britain.
Ireland and Britain both joined the EC in 1973, but Ireland, unlike
Britain, is joining the European Monetary Union, which is set on creating
a single currency for Europe.
Some critics also deride the "special relationship" between the military
establishments in Britain and the United States. "The bottom line is that
the UK is effectively the 51st state of the US when it comes to defense
policy, and all of this issue is to do with ensuring that the special
relationship is used as a lever," says Simon Davies, director of Privacy
International and a fellow of the London School of Economics. Like their
counterparts in the US, British observers say the extension will do little
to halt the global spread of crypto, and could do serious damage to the
UK's place in the growing information-based economy.
"[The extensions] will gut the UK electronic commerce industry," says
Ross Anderson, a cryptographer at Cambridge University, "because no one is
going to trust any software that's approved for export by the spooks. They
have been caught again and again rethreading equipment and inserting back
doors in products." Anderson also believes that requiring a license in
order to cooperate with researchers elsewhere in the world will
effectively close down British academic research into cryptography.
(Reuters/Wired)
{Reuters:Wired-0709.00227} 07/09/98
-------------------------------------------------------------------------------
Hackers target SA millions
(Africa News Service; 07/03/98)
South African companies are under constant attack by computer hackers
and crackers around the globe and fears are growing that inadequate
computer security could let cyber thieves get their hands on millions of
rands and confidential information.
Ian Melamed, a Johannesburg computer crime expert working with Interpol
to control the problem in Africa, said break-ins on the continent's
computer systems had reached crisis levels and were getting worse.
Most developing countries, like South Africa, have inadequate
legislation in this field, making it difficult to prosecute computer
crime.
Mr Melamed is working with the SA Law Commission to draft new laws
which will outlaw hacking (illegally breaking into private computer
networks) and cracking (stealing money or tampering with and damaging
digital information).
In the first case of its kind in South Africa, a computer hacker is to
be tried in the Pretoria High Court for snooping in private files in an
off- limits area of one of the country's big Internet service provider
networks.
The hacker scaled the "firewall" used to protect private areas of the
company's network, but left "footprints". Computer fraud experts were able
to trace the location of the computer where the crime was committed.
Details of charges had not been disclosed yet because, Mr Melamed said,
the investigation was at a sensitive stage. A court date is yet to be set.
Representatives of the big Internet service providers, the police
commercial crime unit and Fraudnet, a computer crime company, meet today
to discuss how to handle the case .
Mr Melamed, who is consulted by police regularly to help in computer
investigations, said the absence of anti-hacking laws meant the case would
be tough to prosecute.
But he was confident there was enough evidence for the computer
companies and police to win it. Companies where security had been breached
were reluctant to go public because they immediately became targets of
hackers and crackers who, knowing someone else had found a way in, also
tried to break through their security.
Africa was especially vulnerable now because Internet technology was
available, but companies were ignorant about protecting themselves and
client information.
The worst local culprits were often juvenile "cyber boffins", some as
young as 11, who were fast mastering ways to dodge computer police
patrolling networks for rogue visitors.
"Ask a computer-literate child for a tour of the Internet and you will
be staggered by what he knows.
"I can only say I hope their knowledge is used for the benefit of the
economy one day, because it's formidable," said Mr Melamed.
Police spokesman John Sterrenberg said the school holidays could soon
become a nightmare time for computer police as bored youngsters logged on
to the Internet and hacked their way into no-go areas.
"There might be no law against hacking or cracking, but stealing is
still stealing," he warned. In the Western Cape police have investigated
40 cases of computer fraud involving R2-million over the past two years.
Hackers, often working from overseas, will usually go through second
computer networks to cover their tracks. This means police are often sent
on the wrong trail - and the wrong continent.
Within five minutes on the Internet, the Cape Argus found step-by- step
instructions on how to crack cellphone numbers, hack into private networks
and create mayhem. (Copyright 1998 Cape Argus.) Distributed via Africa
News Online by Africa News Service.
(Copyright 1998 Africa News Service)
-------------------------------------------------------------------------------
The Y2K News Briefs are provided as a free service of iWarfare.com, if you have
any articles you think would be of benefit to this news service, please email
them to y2kteam@iwarfare.com
-------------------------------------------------------------------------------
To unsubscribe send email to y2k-news@iwarfare.com, UNSUBSCRIBE in the subject.
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Mon Jul 13 16:52:26 1998