Sabotage in Cyberspace: The Coming Electronic Pearl Harbor
by Mark Ward
New Scientist 14 September
A WAR council met in Washington DC last week, and it had nothing to
do with Saddam Hussein. Generals, politicians and intelligence agents
spent two days discussing how they should confront another foe--- one
that is both ubiquitous and invisible. They are convinced that this
enemy already has the expertise to invade and paralyse any country it
cares to target, and that it is only a matter of time before it strikes.
The threat is information warfare, and the enemies in question those
wily information warriors more commonly known as computer hackers.
Speakers and delegates were united in their belief that hostile foreign
governments or groups were actively recruiting hackers to attack and
disable data networks in Western countries, rendering them defenseless
and allowing terrorists to mount attacks with impunity.
The theory that legions of hackers are poised to send networks
crashing down around our ears is gaining in popularity. An emergency
meeting of the G7 group of leading industrial nations in late July, called
in the wake of the bombing at the Olympic Games in Atlanta and the
crash of TWA flight 800 from New York, debated ways to deal with
terrorists. All the attending nations agreed that more had to be done to
control what information was available on the Internet.
Convinced that an electronic Pearl Harbor is imminent, the US is
already taking steps to protect itself. Jamie Gorelick, deputy attorney
general, has called for an effort similar to the Manhattan Project, which
developed the first atomic bomb, to harden federal computer systems
against electronic attack. In a speech in June about information warfare,
Gorelick warned: "As we become more interconnected, we are also
more vulnerable to attack." Later the same month his fears were
echoed by John Deutch, intelligence director at the CIA. "The electron
is the ultimate precision guided weapon," he told a Senate government
affairs committee meeting, adding that the US should prepare itself for
"very, very large and uncomfortable incidents of cyberwarfare".
But despite these prophesies of doom, the threat from electronic
warfare appears to have been vastly overblown. A report entitled
Security in Cyberspace, prepared by Congressional staff investigators
Dan Gelber and Jim Christy and released as Deutch was testifying to
the Senate, revealed that the only evidence the CIA could muster to
support the claims of its intelligence director "consisted of limited
anecdotal information". And a three-year survey of 10 000
organizations by Britain's National Computing Centre in Manchester,
which provides advice on information technology, concluded that
companies were more troubled by viruses, errors by staff and untested
software than information terrorists. Only 3 per cent of those surveyed
said they had been victims of hackers.
Hacking is becoming increasingly widespread, but most hackers insist
they are not out to terrorise companies or governments by deleting
files or crashing servers. Instead they are dedicated to what they call
"ethical hacking". This involves finding ways into computer systems for
the pure intellectual excitement of it. At the same time, a hacker can
show the owners of the system that their security can be breached.
One group of hackers, Agents of a Hostile Power, put out a press
release claiming it was interested only in ethical hacking. Any member
finding a "hole" in a network would alert the administrator of that
system so it could be patched and the security of the site improved.
The group's name is a parody of a quote from John Austen, the
retiring head of Scotland Yard's Computer Crime Unit who said in an
interview that he feared gullible computer hackers would be taken
advantage of by "agents of a hostile power".
...(snip)
But despite the lax security of many networks, claims that hostile
governments or terrorists are seeking to exploit the gaps have not
withstood closer inspection. The CIA bases its calls for greater control
over the Internet largely on anecdotal evidence, such as the story that
hackers sympa thetic to Saddam Hussein offered to disable American
military communications during the Gulf War. No evidence has ever
emerged to substantiate this.
The CIA also makes much of the story of Richard Pryce, also known
as the Datastream Cowboy, and Mathew Bevan, or Kuji, as proof that
foreign powers are trying to steal secrets. The pair used false computer
accounts in Latvia to enter the systems at NASA's Goddard Space
Flight Center in Greenbelt, Maryland. The computer police who were
tracking the hackers cut the connection, presuming that spies from
Eastern Europe were hunting for information.
But shortly afterwards they caught up with Pryce, and the truth
turned out to be rather different. Far from being a hardened spy, Pryce
was 16. When he realised he was going to be arrested he curled up on
the floor and cried. Kuji remained at large for over a year. The
authorities assumed he was a spy who would never be seen again. But
on 23 June this year he was tracked down in Australia and arrested. He
is a 21-year-old computer technician.
|