 |  |
Click for Contents
|
P.O. Box 1805,Jerusalem 91017 Tel. 972-2-531-5440, Fax: 972-2-537-9489 Advertising Fax: 972-2-531-5425, Email Editorial: [email protected] Subscriptions: [email protected] Web site: http://www.jrep.com |
Cyber War I?
Hanan Sher
"We are the Israeli soldiers of the Internet. Our goal is to search and destroy all of the Arabs� sites on the net, to delete the Arab computers." A message on an Israeli site, which marks out pro-Palestinian targets for Internet attacks and provides software to carry them out.
"The more money they lose in fixing and strengthening their systems means less money to buy bullets and rockets for use against our children .... Maybe you can�t hold a gun and fight, but you can contribute to the struggle." An e-mail urging Arab Internet users and hackers to launch electronic attacks on Israeli governmental and electronic commerce sites.
These calls to arms have been flashing across cyberspace ever since September, when the Al-Aqsa Intifada exploded on solid ground in the West Bank and Gaza. And the conflict, which Arab hackers trumpet as "the electronic jihad," has wreaked its own kind of destruction: More than 60 Israeli-linked websites, including those of the army, the Prime Minister�s Office and the Knesset, have been broken into and defaced, or engulfed by floods of electronic mail or requests for information that overload their host computers and force them to shut down.
Israeli hackers, who are said to have triggered the conflict in early October, when they began putting Israeli flags on websites of Hizballah after the Shi�ite terror group kidnapped three soldiers, responded to the attacks by opening duplicates of Arab sites carrying pro-Israel messages, and defacing others. Among the targets: the Iranian Ministry of Agriculture and the purely commercial Jordan-based albawaba.com Internet gateway, one of whose directors, Canadian-Jordanian Hani Jabsheh, says that "composite pictures of Yasser Arafat as a pig, and in very embarrassing sexual positions," were placed on his site. In all, Arabs have reported about 50 Israeli cyber-attacks.
In return, journalist Ranwa Yehia of the English-language Beirut Daily Star put out the news that at least two pro-Hizballah sites, Umma/Unity and Tripod, were urging "Arab supporters to target Israeli sites in an attempt to bring them down." In early November, Internet-based intruders managed to penetrate a computer system of AIPAC, the pro-Israel lobby in Washington, stealing a list of names and credit card numbers which they distributed on the Internet, and to deface the website of Lucent, the U.S. manufacturer of networking equipment with business ties in Israel.
Do these events signal the start of Cyber War I or are they merely childish war games? Will the exchanges remain restricted to defacement of Internet websites and disruption of e-mail and electronic commerce, or are they the harbingers of more serious attempts to shut down vital systems in banking, air control or even military defense, which could have as much impact as a Scud rocket attack on the normal functioning of Israeli daily life?
No one has the answers yet, or at least, they�re not describing what could happen, for fear of giving hostile hackers too many of the wrong ideas. But even after evaporation of the media-hyped doomsday predictions on how the computer-dependent world would be crippled by the Y2K bug, the current threat is not being dismissed out of hand. Computer security experts have been put on alert. The FBI�s National Infrastructure Protection Center has issued a warning against attacks from pro-Palestinian hackers. And in Israel, a panel headed by acting Interior Minister Haim Ramon is looking at ways to guard the national computer infrastructure.
The threats must be taken seriously, because the world now depends on computers not only for super-sophisticated tasks, but to control its traffic lights and hospital equipment, approve routine credit card purchases and place orders at the neighborhood pizzeria, not to speak of the world-wide addiction to electronic mail.
Those dependencies are on the rise. "In 96, we would have done very well without the Web," observes Martin Libicki of the Rand Corp., the Washington, D.C. think tank. "Look where we are now."
One of those who hints that we�re seeing the start of Cyber War I is Bulgarian expert, Gasber Yordanov, who says, "Israeli hackers opened the gates of Hell on their government by their irresponsible attacks."
Ben Venzke, the director of intelligence production at iDefense, a Fairfax, Virginia-based firm specializing in computer security, says he "isn�t confident about calling this a war, but it has opened up a new dimension in cyberspace." He compares it with the Afghan war, which set new models for Islamic terror, and says escalation on the ground will probably bring "a parallel rise in cyberspace."
"It�s as close to war as you can get," adds Fred Cohen, an information technology consultant based in Livermore, near California�s Silicon Valley, who has good contacts with the hacker community. "Both sides have used the term �war� in describing what�s going on in the Middle East."
The order of battle for CWI is a mixed bag. "It represents a very diverse set of skill-sets, from people who just know how to visit a website to script kiddies who can run automatic Internet tools to very sophisticated hackers," says Venzke, who opines that a very few people may be responsible for most of the activity up to now.
He fingers a pro-Palestinian Internet infiltrator whose handle, or code name, is Dodi. "We haven�t made an assessment of Dodi�s technical capabilities yet," says Venzke, "but he has made some very significant threats and said he wants to shut down U.S. targets and domain-name servers, which would freeze major Internet service providers (ISPs)."
Dodi offered a sample of how dangerous he could be when he sent out a bit of computer code on the Internet. "If that code could be slipped into a computer somewhere, through an e-mail or in another way, it would sit there quietly until a specified time. When activated, it would first delete every single file on the host computer, then launch an attack from that computer which would try to overload another computer and force it to shut down," Venzke says.
A simpler version of Dodi�s program, called a distributed denial of service (DDoS) tool, was used in February, when hackers flooded such popular sites as Yahoo!.com and eBay.com with requests for web pages. The host computers couldn�t handle the load, and shut down. Experts suspect that, since then, new and better tools have been developed.
Other pro-Palestinian hackers, with handles like ReALiST and eXgypt, probably have the skill-sets necessary to build DDoS tools. The AIPAC site�s attacker was a Pakistani. And Islamic sites, including those of the Chechnyan resistance movement, are also filled with proPalestinian sloganeering.
In its monitoring of hacker chat sites and web pages, iDefense�s Venzke says his firm has picked up "talk, no more, about trying to close down at least some part of AT&T;," because the Israeli army used AT&T; as a base for its website after hackers crashed its site and threatened the Israeli ISP that acted as the army site�s host computer. "And there have been threats about attacking the e-commerce sites of Israeli businesses and firms that do business with Israel, but very little evidence of that happening. Yet."
More ominous is the possibility, discussed as a theoretical matter, of concentrated and indiscriminate computer-virus attack, a kind of electro-biological warfare that could, if successful, leave computer systems everywhere, perhaps including the attacker�s, in tatters. And it�s logical to suspect that even more destructive attack tools are ready for use, or worse yet, already planted in innocent computer systems waiting for the "run" command.
"We�ll only know about them if and when something happens," says Venzke.
There�s no shortage of people who might join in if CWI heats up. Israeli hackers talk about a reservoir of computer-savvy Jews around the world, and Islamic groups may enlist reinforcements from the pool of hackers that rally behind political and social causes. "They have a name for it, hacktivism," reports Cohen. "Activist hackers have supported things as diverse as the Animal Liberation Front and the rebels in Mexico�s Chiapas state." Beyond that, he adds, "there�s plenty of expertise out there, available for hire. I know of people with the capability of doing very serious things who might be attracted by money."
So far, iDefense has found no sign of any direct involvement of governments, not Israel, and not the Palestinian Authority in current cyber-attacks. But Venzke admits that he does not know much about the Israeli army�s technical units.
Then again, the intervention of really sophisticated computer people who are covering their tracks might not be readily apparent to outsiders. And while Israeli defense sources decline to respond to suggestions that some of the army�s secret technology units might be involved, there�s no doubt the expertise is out there.
One of the army�s exhibits at Telecom, the mid-November telecommunications trade show at the Tel Aviv Fairgrounds, demonstrated some ways that home or business computers could be damaged by intruders. The soldier manning the display said he wasn�t able to talk about anything but what was being shown on screen, which he said all came from outside the military. Nor could he comment on whether the army has its own offensive cyber-weapons. "My unit," he said apologetically, "is purely defensive."
The question isn�t whether the hackers� battle can escalate, but how. "The consensus in the West, in the U.S. and the U.K., is that even if you are attacked, it is unacceptable to strike back. What you are supposed to do is gather evidence, and report it to law enforcement agencies," says Venzke. "But that can change. On both sides, there seems to be a growing feeling that this, like the conflict on the ground, is close to war. If that happens, the conventional codes of conduct don�t necessarily apply."
Up to now, the salvos and counter-barrages can be classified into three main categories: denial of service, which attempts to shut down a computer by flooding it with requests for data or e-mail; break-ins into websites and defacing them or destroying files; and planting rogue shell code, which gets an unsuspecting host computer to carry out a surrogate attack for it. But there�s the potential for much worse. The next step up the spiral is to attack vital infrastructures,international communications links, rather than individual ISPs, and the financial sector.
"OK, if you take out an ISP for a couple of days, people are inconvenienced because they have to do without e-mail and they can�t check the sports scores," says one source, who declines to be identified. "Or maybe shut down all of a city�s traffic lights. That�s bad, but not catastrophic. Compare that to destroying or worse yet altering data in the stock market or the banking system, so no one can say how much money they have, owe or are owed."
Other sensitive spots include electricity networks, which are remotely maintained and inspected electronically, or air-control systems. Still these systems are usually better protected and often connected through private, dedicated communications lines rather than the public, vulnerable Internet. There�s also the possibility, theoretically, of getting into military command-and-control and intelligence-evaluating systems.
This kind of frontal attack would be extremely difficult to carry out. "Damaging the phone system or shutting down traffic lights can be pretty bad, but even those systems are generally not accessible via the Internet," says Gene Spafford, of the Purdue University-based Center for Education and Research in Information Assurance and Security. "Access to other critical places, like air control, is carefully regulated. And banks keep important data on a separate system that�s not accessible from the outside and have backup and restoration capabilities as a matter of course," he says, adding that he knows of no terror acts to date on this level.
And even if a U.S. system might be in peril, that does not mean that the same thing is true in Israel. "The U.S. air control system is vulnerable, mainly because it is 35 years old," observes Libicki. "The Israelis are pretty good at protection in cyberspace. I�m sure this has been thought out by them."
The bottom line: The attackers who managed to deface the Israel Defense Force�s website in October were nowhere near the army�s main computers. And extremely embarrassing as it was to see the websites of the Prime Minister�s Office shut down for a day or two, national security was not endangered.
But there�s a less reassuring flipside. "Even if you build a perfectly secure system, if that�s possible, there are always potential holes," says Venzke. "And it�s sort of like conventional terror. You only have to get lucky once."
As convincing as the case for imminent cyber war may sound, it�s not difficult to dismiss much of the alarmist talk as media hype. For one thing, the number of reported cases, as compared to the millions who use the Internet every day, is relatively limited. And there�s been no small amount of exaggeration about the damage done by cyber-attacks so far, says Libicki, using the February 2000 denial of service at eBay, CNN, Yahoo! and other e-commerce-linked sites as an example. "They say the cost in lost business was $10 billion. That would mean about 12 million users, at about $800 per transaction. Give me a break!"
"It�s a nuisance, nothing more," says the security manager of one popular Israeli website. And his statement that "the kind of security on most government websites was pretty basic" implies that truly important computers have better protection.
That protection is improving all the time. Still, Naftali Keren, Middle East regional manager for CheckPoint, the Tel Aviv-based world leader in Internet security, says that installing something like his firm�s Cyber Attack Defense System, which monitors traffic and stops passing on illegitimate traffic once it is detected at an individual company site, or even an Internet service provider may not be sufficient: Similar protective systems, Keren thinks, should be installed in the large computers in the U.S. and Europe that direct traffic and are the backbone of the Internet.
Gilad Rabinovich, CEO of NetVision, one of Israel�s largest ISPs, says his firm, whose central computers hosted most of the government websites that came under attack, has beefed up its own security by adding load-balancing systems that check traffic and absorb excessive capacity. Observing that attempts against NetVision�s commercial and governmental customers have continued, Rabinovich says that "now our clients [290,000 Internet users and 60-70 percent of the country�s websites] don�t feel that anything�s happening."
Adds Rabinovich: "The attack was made on the government of Israel, not on NetVision itself. Now we are trying to deal with the problem. We�re a private firm, but we did all the defensive work ourselves."
The danger of cyber-attack, though, has not been ignored in Israel�s corridors of power. Knesset Member Michael Eitan, the former Likud science minister who now heads the parliament�s Internet committee, says he�s discussed the problem with defense officials, but declined to disclose details.
Eitan has proposed an "international convention that makes Internet terrorism a crime, just like any other terrorism. In Israel and many other countries, it�s a crime to interfere with or sabotage other people�s computers. It�s possible to identify anyone who carries out such acts, so the country they live in can prosecute them."
Unfortunately, it is not quite that simple. Middle Eastern hackers invariably cover their traces by working through surrogates in fourth and fifth countries.
"Not every state has the same computer security laws, or computer security laws at all. And collecting evidence is difficult, particularly if you have to go through a country that is ambivalent, politically, about what is going on," says Spafford.
It�s also feasible, Spafford says, "to hack back against those who have taken the offensive. But what if the offender involves innocent people? That can be done on the Internet by using someone else�s computer system. In your part of the world, you know all about people who locate firing positions next to schools, I think."
And until all the evidence is in, it may be wise to withhold judgment about whether this is play war or the real thing: Remember that during the early months of the Intifada in the late 1980s, many top Israelis dismissed the clashes as mere "disturbances."
l
Business
|
 |
|
© The Jerusalem Report 1999-2001 |  |