Russia: all to fight cyber terrorism!

ZAPOROZHYE (CCRC) - Nowadays, cyberterrorism may cause significantly more damage than any usual explosive device, Dmitri Frolov, representative of the Information Security Center of FSB (Federal Security Service) said on the parliamentary session "Actual Problems of Legislative Provision of Fight Against Terrorism" in the State Duma of the Russian Federation.

Now cyberterrorism can cause significantly more damage than any usual explosive device. But it is hard to distinguish cyber terrorism from information warfare", he said. For example, a breakdown of computer control systems of armed forces and arms may lead to unpredictable cosequences, he noted.

The most unprotected systems in view of cyber attacks are information systems of state and military management. The first cyberterrorists' attacks on computer systems were fixed late in 90-s, Frolov said.

He also marked out that now almost all radical organizations have websites on the Internet. In particular, these sites give recipes of explosive materials in details.

"At present, international terrorists, including Chechen separatists, actively use existing information sources to put into practice terrorist sabotage. Especially they solve informational and financial problems, provide communication, plan acts of terrorism and also exercise control of their units", he emphasized.

Taking into account all these threats and also after large-scale terrorist acts in the USA, in most countries projects are created or are being realized at present. These programs are destined to confer emergency powers to national special services in order to control information systems.

There is a complex of legal problems in this field in Russia now. All these issues demand new federal laws and legal acts directed to fight against cyber terrorism, the FSB representative said.

He also noted that FSB has already developed and passed to the State Duma propositions to improve law in field of fighting cyber terrorism.[1]



Reference:
[1]http://www.crime-research.org/news/14.04.2004/208/

Cyber terrorism 'overhyped'

The threat posed by cyber-terrorism has been overhyped and the net is unlikely to become a launch pad for terror attacks.

That was the conclusion of a panel of security and technology experts brought together at the CeBIT technology fair to consider the threat posed by net attacks on businesses and consumers.
Panel members said companies faced far more serious threats from ordinary criminals, fraudsters and pranksters than they did from technology-literate terrorists.
Combating these real threats would take work by almost everyone involved in the running and use of the net.
 
Selling newspapers
 
Respected security expert Bruce Schneier said the threat posed by so-called cyber-terrorism had been over-estimated.
"The hype is coming from the US Government and I don't know why," he said.
Fellow panel member Art Coviello, head of security firm RSA, said some of the warnings about cyber-terrorism had come about in reaction to the attacks on 11 September.
But, he added, sections of the media were also responsible for hyping the threat.
"Some of these stories are very entertaining and sell a lot of newspapers," he said. "Some media organisations are fanning the flames of this."
Mr Schneier said any terror group that wanted to sow panic and attack its ideological enemies was unlikely to turn to net technology to make their point.
 
Real threat more mundane
 
"If they want to attack they will do it with bombs like they always have," he said.
By contrast, he said, disrupting the running of the net and other communications networks would cause more annoyance than fear.
"Breaking pager networks and stopping e-mail is not an act of terror," he said,

Mr Schneier said companies and consumers should concentrate on real threats from common criminals, viruses and other malicious programs.
"Criminals tend to lag behind in technology by a few years," he said. "But once they find a technology they tend to use it and there is a lot of value on the internet."
Defending against criminals was difficult, said Mr Schneier, because they were often mixed in with the barrage of attacks companies suffered everyday.
Tackling these threats would take a lot of work by many of the organisations using and developing net technologies, said Mr Schneier.
One of the key tasks was to start creating a lawful society on the Internet, which educated people about the rights and wrongs of online life and that caught and prosecuted criminals. [1]




Reference:
http://news.bbc.co.uk/2/hi/technology/2850541.stm

Terrorism on the Internet: another Border to Protect one Country’s Sovereignty

"The Internet is a weapon in the hands of our extremist enemies," Senator Joe Lieberman, (I-Conn.) chairman of the Senate Homeland Security Committee, said after the Senate's review of a recent report on how terrorists are using the Internet to spread their radicalism. 

 At the beginning of May this year, the Senate Homeland Security Committee engaged in a deep analysis of how the Internet is being used by terrorist organizations to express their prejudice against the United States. This analysis included reviewing a recent report prepared on this subject, listening to the testimony of several Internet experts and the drafting the United States' response to this practice.

The recent report on terrorism on the Internet reviewed by the Homeland Security Committee of the US Senate revealed that Al-Qaeda and other terrorist organizations like "Jihadi" are using the Internet to recruit militants and raise funds for their organizations.  Additionally, these organizations use flashy websites, video games, videos, and music to express their radical ideology, the report showed.  Terrorists are hacking websites and posting training manuals in inner directories where people may not notice them (this practice is called ‘parasiting'); developing violent video games spreading the message that Islam is under attack and inviting to fight in its defense; and making hip-hop and rap music with melodies that call for violence, this report informed. 

One of the Internet experts called to testify on the Senate session was Frank Cilluffo, Director of George Washington University's Homeland Security Policy Institute ("the Institute").  Mr. Ciffuffo testified on the Institute's Internet-Facilitated Radicalization study and said, "we have created this global village -the Internet- without a police department."  In presenting the Institute's study, Mr. Cilluffo revealed that terrorists use, among others, hard-to-intercept communications like ‘dead drop.'  ‘Dead Drop' communications are drafted e-mails stored in accounts where adepts access them and read their rebel message.  No e-mail is sent, thus, no interception may be accomplished.         

The Institute's study also proposed some counter-measures to the problem of terrorism on the Internet and presented examples of other countries' current measures on this issue.  For instance, UK implemented a program called the ‘Radical Middle Way" which aims to undermine the extremist's message of violence as expression of their Islam religion.  The program also encourages dialogue with these extremists groups to encourage communication and lessen violence.   Egypt also implemented a program to counter-attack Jihadists activities in that country.  Likewise, Indonesia first democratic president has implemented programs favoring religion freedom and tolerance.  Jordan Muslim clerics issued fatwa in 2005, a program denouncing all kind of terrorism on the name of the Islam. 

Among the counter measures against Internet terrorism in US proposed by the Institute's study are, (i) developing a compelling counter-narrative with world-wide distribution.  The narrative, the study suggests, should not be confused by the goal of improving the US image.  Instead, it should focus on hope and ‘realistically attainable alternative future' to those that may be seduced by the extremist ideology; (ii) fostering intra -and - cross- cultural dialogue to tie local, national and international communities; (iii) recognizing the need for additional research on behavioral conduct on online radicalization; (iv) denying or disrupting extremists access to the Internet through legal and technical means; and (v ) remedying resource capabilities in the US government.  This means, the government should be capable of speaking, understanding and translating Arabic to foster prevention and response efforts.[1]

Reference:

[1]http://www.ibls.com/internet_law_news_portal_view.aspx?id=1765&s=latestnews

Malaysia: Fighting cyber terrorism

Malaysia’s Prime Minister Abdullah Badawi has approved a US$13 million grant to lay the foundation of IMPACT, a not-for-profit global organisation, to rally efforts from governments, the private sector, and academia worldwide, against the growing threat of cyber terrorism. IMPACT, or International Multilateral Partnership Against Cyber Terrorism, is the first global public-private initiative against cyber terrorism. It drives collaboration among governments, industry leaders and cyber security experts to enhance the global community’s capacity to prevent and respond to cyber threats.

The start-up grant will be used to construct the IMPACT building in Cyberjaya, Malaysia, and operations are expected to start in December.

The fund will also finance the infrastructure for the four centres of IMPACT: the Centre for Training & Skills Development; the Centre for Security Certification, Research & Development; the Centre for Global Response; and, the Centre for Policy, Regulatory Framework & International Co-operation.

Currently chaired by the Malaysian PM, the leadership of the International Advisory Board of IMPACT will be handed over to other member countries after the initial three-year term. “From the standpoint of the Malaysian government, their contribution is a gift to the global community. Someone has to start. They feel they’re just giving the seed,” said Mohd Noor Amin, Chairman, Management Board, IMPACT.

Warning System
IMPACT is currently building two systems for its member countries. One is an early warning system. which will aggregate ‘feeds’ from IMPACT’s security partners and member countries, which will be redistributed across the world to member countries.

Another is a collaboration system that, according to Amin, is a secure electronic platform enabling experts from member countries to collaborate with one another based on their specialty and niche areas.

Al-Ihsal Ishak, Acting COO and Head of the IMPACT Centre for Training and Skills Development, shared his expectations of IMPACT’s new systems and its network of partnerships across the globe.. “We actually are looking at first-hand interaction with the Cyber Crime Convention where we believe 14 countries have signed, or will sign,” said Ishak, adding that INTERPOL was represented at the first IMPACT World Cyber Security Summit, held in Malaysia, May 20-22. At press time, 30 countries had confirmed participation and representation at ministry-level of the summit, including the secretary-general of the International Telecommunication Union, a member of IMPACT’s International Advisory Board.

Worldwide Attention
Amin said that IMPACT is more concerned more about the consequences of cyber terrorism than whether the threats are initiated by individuals or organised groups. “We are talking about threats that are far more serious, for instance, the ability to bring down the airport traffic control systems, the stock market systems, or to tamper with medical records,” he said. [1]



Reference:
[1]http://www.mis-asia.com/technology_centre/security/cio-article-2799

Iran denies cyberattack hurt nuclear program -- but expert isn't sure

Iran denied Wednesday that its nuclear systems had been infected with a virus, after days of reports that a new kind of malware had struck the Bushehr nuclear plant.
But the head of its nuclear program admitted that a virus had been found on the personal laptops of some staff at the reactor, the Iranian Students News Agency reported.

"We succeeded in preventing the enemy from achieving its objectives," IRNA quoted Ali Akbar Salehi as saying on Wednesday. But a top computer security expert who analyzed a new kind of virus called Stuxnet says Iran is the most probable target of the malware, which he says could only have been designed by "the best of the best.
"We have never seen anything like this before," said Ralph Langner. "It's the most complex piece of malware in the history of computing. "What the thing does, is actually it's designed to blow something up, it's as simple as that," he said. "The virus is a cyberwar weapon."

Langner, who was among the first to study the virus, presented his findings at a cyber security conference in Maryland last week.The virus is designed to attack only a specific machine at a specific time, Langner told CNN Wednesday.
Langner has detected "the highest number of infections" in Iran, suggesting that Tehran's controversial nuclear program is the target. "If you look at all the sophistication that went into Stuxnet, if you look at the fact that it's about sabotage, about destroying a specific piece of machinery, then the only target that makes sense given the target region... would be the Iranian nuclear power program," he said.
A government is almost certainly behind it, he said."You can take for granted that a hacker group is not able to create anything like Stuxnet, because the development requires much more resources than any such hacker group could afford," he said. To use it as a weapon would require insider information, he said. "You need to have very detailed and specific knowledge about the targeted application and process," he said.
"You will need to build up a lab model to test all that and if you take all that together into account, the only background that makes any sense is to assume that a nation-state is behind it."

It was probably delivered via infected USB sticks, he said, speculating that a Russian engineering firm that worked on the Iranian nuclear program had been infiltrated.
That would explain the pattern of infections around the world, he said -- anywhere the company worked would end up with the virus. But only one specific target would be affected by it.

It's as if a virus were designed not only to target a computer running Microsoft Word, he said, but to search for a specific document created with Word.
And it's designed to hit industrial control systems, he said, activating itself only once its target reaches a certain state, like a designated temperature or pressure.
"When it finds a specific match, let's say in specific temperatures or pressures to reach certain thresholds, then the attack routine is executed," he said.
Stuxnet itself is no longer a cause for concern, he said.
"Don't worry about Stuxnet any longer," he said. "Obviously it hit its target. It is so specific it won't attack anything else."

But now that it's out there, other people will try to replicate it, he warned.
"Everybody will be able to study exactly what Stuxnet does and how it is done," he said. "So we must assume that Stuxnet will now act as a template for any kind of hackers, organized crime, terrorists in order to study how it can be done.

"Stuxnet is history," he said. "We need to work on what will come next."[1]

Reference:

[1]http://edition.cnn.com/2010/WORLD/meast/09/29/iran.cyberattack/index.html?iref=allsearch

The cyber raiders hitting Estonia

As Estonia appeals to its Nato and EU partners for help against cyber-attacks it links to Russia, the BBC News website's Patrick Jackson investigates who may be responsible.

Estonia, one of the most internet-savvy states in the European Union, has been under sustained attack from hackers since the ethnic Russian riots sparked in late April by its removal of a Soviet war memorial from Tallinn city centre.
Websites of the tiny Baltic state's government, political parties, media and business community have had to shut down temporarily after being hit by denial-of-service attacks, which swamp them with external requests.
Some sites were defaced to redirect users to images of Soviet soldiers and quotations from Martin Luther King about resisting "evil".
And hackers who hit the ruling Reform Party's website at the height of the tension on 29 April left a spurious message that the Estonian prime minister and his government were asking forgiveness of Russians and promising to return the statue to its original site.
 
Getting hit hard
 
The government's response has been to close down sites under attack to external internet servers while trying to keep them open to users inside Estonia, but the attacks are taking a toll and have been likened by the defence ministry to "terrorist activities".

"Of course [sites] can be put up again, but they can be attacked also again," Mihkel Tammet, head of IT security at the Estonian defence ministry, told BBC World Service's Newshour programme.
Estonia, he said, depended largely on the internet because of the country's "paperless government" and web-based banking. "If these services are made slower, we of course lose economically," he added.
While the government in Tallinn has not blamed the Russian authorities directly for the attacks, its foreign ministry has published a list of IP addresses "where the attacks were made from".
 
The alleged offenders include addresses in the Russian government and presidential administration.
Dmitry Peskov, the Kremlin's chief spokesman, told the BBC's Russian Service there was "no way the [Russian] state [could] be involved in cyber terrorism".
 
"When you look at the IP addresses showing where the attacks are coming from, then there's a wide selection of states from around the world," he added. "But it does not mean that foreign governments are behind these attacks. Moreover, as you probably know, IP addresses can be fake." Russia's own presidential website, he said, came under attack itself "hundreds" of times daily.
 
'Private attacks'
 
David Emm, senior technical consultant at Moscow-based antivirus software company Kaspersky Lab, believes the hackers are likely to be "younger types who, in other days, would have been writing and spreading viruses".
"I would not be surprised if switched-on people were using technical means of expressing themselves," he told the BBC News website's technology correspondent, Mark Ward.
 
Anton Nossik, one of the pioneers of the Russian internet, sees no reason to believe in Russian state involvement in the hacking, beyond the fanning of anti-Estonian sentiment.
"Unlike a nuclear or conventional military attack, you do not need a government for such attacks," he told the BBC News website. "There were anti-Estonian sentiments, fuelled by Russian state propaganda, and the sentiments were voiced in articles, blogs, forums and the press, so it's natural that hackers were part of the sentiment and acted accordingly."
 
Hackers, he points out, need very little money and can hire servers with high bandwidth in countries as diverse as the US and South Korea.

The expertise is "basic", he says, with virus scripts and source codes available online and there are "hundreds of thousands of groups who have the resources to launch a massive virus attack".
"The principle is very simple - you just send a shed load of requests simultaneously," he says.
Estonia's blocking of external servers is in his opinion a smart response but can only work for a country of "1.4 million with a non-international language". In Russia, for instance, foreign servers account for 60% of the net, he says. For Mr Nossik, of more concern is how the global net can protect itself against the big virus attacks like the Backbone Denial-of-Service attack in February which hit three key servers making up part of the internet's backbone. "Compared to the scale of the problem in general, Estonia is small," he says.[1]



Reference:
[1]http://news.bbc.co.uk/2/hi/europe/6665195.stm

Hackers warn high street chains

High street chains will be the next victims of cyber terrorism, some of the world's elite hackers have warned.

 

They claim it is only a "matter of time" before the likes of Tesco and Marks & Spencer are targeted.
Criminals could use the kind of tactics which crippled Estonia's government and some firms last year, they warned.
The experts were members of the infamous "Hackers Panel" which convened in London this week at the InfoSecurity Europe conference.
The panel includes penetration testers and so-called "white hat" hackers, who help companies tighten up their digital security by searching for flaws in their defences.
Previous panellists include Gary McKinnon, known as Solo, alleged by the US government to have hacked into dozens of US Army, Navy, Air Force, and Department of Defense computers.
The "hackers" usually remain anonymous, "for security reasons", but this year's panellists agreed to break cover.
 
Common cause
 
First up was Roberto Preatoni, the founder of the cyber crime monitoring site, Zone-H, and WabSabiLabi, a trading site for security researchers.
His appearance came just a few months after he was arrested by Italian authorities on charges of hacking and wiretapping, as part of the ongoing investigation into the Telecom Italia scandal.
Mr Preatoni told the audience that the attacks in Estonia were a harbinger for a new era of cyber warfare.

"I'm afraid we will have to get used to this," said Mr Preatoni, also known as SyS64738. "We had all been waiting for this kind of attack to happen.
"Estonia was just unfortunate to be the first country to experience it. But very soon, our own [western] companies and countries will be getting attacked for political and religious reasons.
"This kind of attack can happen at any time. And it will happen."
During the two week "cyber war" against Estonia, hackers shut down the websites of banks, governments and political parties using "denial-of-service" (DoS) attacks, which knock websites offline by swamping servers with page requests.
As many of the attacks originated from Russia, the Estonian government pointed the finger at the Kremlin. But Mr Preatoni said that, having spoken to contacts in the hacking community, he was clear that "Putin was not involved".
"In my opinion, this was a collection of private individuals who spontaneously gathered under the same flag.
"Even though Estonia is one of the world's most advanced countries in IT technology, the whole economy was brought to its knees.
"That's the beauty of asymmetric warfare. You don't need a lot of money, or an army of people. You can do it from the comfort of your living room, with a beer in your hand.
 
Gate control
 
His warning was echoed by Steve Armstrong, who teaches seminars in hacking techniques, at the SANS Institute for information security training.
"If someone wants to have a pop at the UK, they are unlikely to go for the government web servers. They will go for the lower hanging fruit - companies which are seen as good representatives of the country.

"The likes of Tesco, Marks & Spencer and B&Q can be seen as legitimate targets.
"We have to get the message across to companies [to invest in information security].
"At the moment Chief Executives are only interested in the bottom line. But remember - if tesco.com goes down, that's a lot of shopping."
Mr Preatoni said that the Estonian government's repeated failure to thwart the attacks was proof that we still have "no good solutions" for denial of service attacks.
The panellists then argued over whether Internet Service Providers should do more to tighten security, by helping customers' protect their computers from being "zombified" by hackers for use in distributed DoS attacks.
"Actually, I don't think the ISPs should have any role in security," said Preatoni.
"In my opinion, that's like asking the Royal Mail to be responsible for the quality of your post."
But his view was immediately challenged by the third panellist, Jason Creasey, head of research at the independent Information Security Forum.
"I believe ISPs can play a phenomenal role in security, with a little bit of legal pressure," he claimed.
 
Net weakness
 
He was backed by an audience member, Angus Pinkerton, of Lynks Security Consulting. "The only way to defend against a distributed attack is with a distributed defence," he argued.
"I think it's unacceptable that ISPs are content to let their customers be part of bot-nets."
He challenged Steve Armstrong's view that asking ISPs to perform security duties was "fundamentally, censorship."
"This is not about free speech," said Mr Pinkerton. "Free speech does not entitle you to shout fire in a crowded theatre."
In the meantime, Mr Preatoni warned the audience it is "only going to get easier" to carry out a DoS attack, because he claimed the latest net address system, known as Internet Protocol Version 6 (IPv6), is actually more amenable to DoS.
Later, he told the BBC that the rise in cyber attacks originating in China was a convenient cloak for western countries to disguise their own cyber espionage activities.
"It's too easy to blame China," he said. "In fact, legitimate countries are bouncing their attacks through China. It's very easy to do, so why not?
"My evil opinion is that some western governments are already doing this." [1]


Reference:
[1]http://news.bbc.co.uk/2/hi/technology/7366995.stm