* via http://theMezz.com/lists

* subscribe at http://techPolice.com

Copyright 2001 The Chronicle Publishing Co.
The San Francisco Chronicle

Next major attack could be over Net;
Power grids, 911 shown to be vulnerable
Chronicle Staff Writer
Bill Wallace

Within days of the first U.S. air strikes on Afghanistan, a group of pro-Taliban 
computer hackers in Pakistan penetrated several Indian government computers -- 
including one in the atomic energy agency -- and posted messages of support for Osama 
bin Laden and his al Qaeda terrorism network. The group, which calls itself the Al 
Qaeda Alliance and opposes the U.S. effort in Afghanistan, downloaded internal files 
and vandalized three major Web sites.

Computer experts say these computer break-ins illustrate what may be the next major 
battleground for terrorist organizations: the realm of cyberspace.

Yonah Alexander, a senior research fellow at the Potomac Institute for Policy Studies 
here, calls cyber terrorism "the most insidious type of terrorism."

Extremists with sufficient expertise in computer operations could use a remote 
terminal to seize control of electric power distribution systems, disrupt emergency 
telecommunications systems or shut down the operations of banks and financial 
institutions, Alexander said. All they need is technology that is already available on 
the open market.

"There is no end to the imagination of the terrorist," he said, "so we shouldn't be 
surprised when what they do surprises us."


There is growing concern among some officials that the next potentially deadly attack 
on the United States may be an act of cyber terrorism.

On November 2, the National Infrastructure Protection Center, a branch of the FBI 
responsible for guarding against disruptions in critical facilities, sent out the 
second of two advisories warning of increased potential for computer penetrations 
since the attacks on the World Trade Center and the Pentagon Sept. 11.

"NIPC has reason to believe that the potential for future (computer) attacks is high," 
it said.

The Gilmore Commission, a presidential panel created to advise the government on 
domestic defense, called for improving the security of U.S. computer networks and 
servers in a report issued October 31.

"Cyber attacks can be a mechanism for substantial injury, perpetrated either as the 
single method for destruction or disruption, or in conjunction with an attack with 
some other weapon," it said.


Some members of Congress are alarmed at the possible damage such attacks could do.

"It's not really the private sector denial of service stuff that we are concerned 
about," said Bill Caruso, a spokesman for Rep. Rob Andrews, D-N.J. "That is a nuisance 
but not a danger to the public. What (we) are concerned about is attacks on the power 
grid, 911 systems, other critical infrastructure."

Noting that a hacker recently diverted 911 calls in South Florida from public safety 
agencies to the phone number of a local pizza parlor, Caruso said, "This is not giving 
a couple of million dollars to Yahoo so I can read my e-mail tomorrow morning. We are 
talking about preserving emergency services systems in order to protect the public's 

The Indian computer break-ins this fall were not the first examples of this type of 
cyber warfare:

-- A year ago during civil disturbances in the West Bank and occupied territories, 
Palestinian hackers sabotaged the Web pages of the Israeli parliament, military and 
Foreign Ministry. They also penetrated such important commercial sites as the Bank of 
Israel and the Israeli stock exchange.

-- During the bombing campaign in Kosovo and Serbia in Spring 2000, 100 NATO computer 
network servers were subjected to continuous e-mail bombings and "ping" assaults -- 
which tie up network servers by forcing them to respond to repeated requests for 
information -- that effectively shut the NATO machines down for several days.

The hackers, opponents of NATO's role in the Balkans, caused serious disruptions in 
communications and service, according to U.S. experts.

-- In 1998, secessionists in Sri Lanka flooded that country's embassies with nearly 
1,000 e-mails a day for two weeks as part of a cyber war in support of the insurgency. 
The e-mail attack, which damaged an important mode of embassy communications, is 
considered the first documented incident of cyber terrorism.

Though no one was injured or killed by these attacks, they disrupted communications 
and resulted in economic damage. But experts say the potential for even more serious 
problems -- including property damage, injuries or death -- is clear.

911 WORM

In Houston, for example, a hacker named Franklin Wayne Adams was arrested by FBI 
agents last year for plotting to plant a "worm" in computer systems over the Internet 
that would have effectively shut down 911 telephone service to a wide area by forcing 
the computers to dial the emergency number.

Court documents say that the "worm" program could have infected a quarter-million 
computers in just three days.

"If only a fraction of these computers were infected with the version of Adams' 
program which later calls the local 911 service, the number of calls could easily 
either over-tax a city's ability to send response personnel to each location or cause 
the local 911 service to overload and shut down," one document said.

Adams, a programmer for a Houston bank, was not politically motivated. But the "worm" 
program he propagated could be replicated by others, including terrorist groups or 
their supporters.

"Fortunately, we were able to stop him before he could do serious damage," said 
Assistant U.S. Attorney Richard Berry, who negotiated Adams' guilty plea to charges of 
attempting to damage a protected computer system.

Disruptive computer attacks that could result in injuries or deaths are no longer a 
matter of conjecture.


In 1997, a juvenile hacker in Massachusetts used his personal computer to break into a 
control system for the New York and New England telephone network. He shut down all 
communications to and from a Federal Aviation Administration control tower at an 
airport in Worcester, Mass., for six hours, forcing air traffic controllers to 
scramble for cellular phones and portable radios to perform their duties.

"Recent attacks have targeted vital communications and critical infrastructure 
systems," said Michael Vatis, former head of the National Infrastructure Protection 
Center and director of the computer security research program at Dartmouth College, in 
an analysis prepared by the program Sept. 27. "In the weeks and months to come, cyber 
attacks will evolve further. . . . In fact, we have already witnessed the first signs 
of cyber activity related to the terrorist attacks on Sept. 11, 2001"

An example: Pro-U.S. hackers reportedly have penetrated Middle Eastern and South Asian 
Web sites, including such agencies as the Iranian Ministry of the Interior, the 
presidential palace of Afghanistan and the Taliban.

The attackers have put up virtual wanted posters for Osama bin Laden and have shut 
down a number of Palestinian Internet service providers.

E-mail Bill Wallace at [EMAIL PROTECTED]

Proflowers -  Get a FREE glass vase ($9.99 value!)
when you send one dozen Autumn Roses for just $29.99!
We ship direct from the grower. Save 30-55% off retail

--via http://techPolice.com
archive: http://theMezz.com/cybercrime/archive
subscribe: [EMAIL PROTECTED]
--via http://theMezz.com

This email was sent to: archive@jab.org

EASY UNSUBSCRIBE click here: http://topica.com/u/?b1dhr0.b2EDp2
Or send an email to: [EMAIL PROTECTED]

T O P I C A -- Register now to manage your mail!

Reply via email to