[Documents menu] Documents menu


From papadop@peak.org Wed Apr 4 10:26:48 2001
Date: Tue, 3 Apr 2001 23:45:51 -0500 (CDT)
From: MichaelP <papadop@peak.org>
Subject: Cyber threat more dangerous than military attack
Article: 117866
To: undisclosed-recipients:;


Cyber threat more dangerous than military attack

IT-Director.com Brit info, Tuesday 3 April 2001

Our (brit.) national infrastructure is now more at danger from cyber attacks than it is from any military threat, Foreign Secretary Robin Cook declared to the House of Commons last Thursday night. It's a good example of open government: pointing out to any would-be antagonists where our national defences are weakest.

Not that the warning is anything but timely. The following day, a year-long FBI investigation culminated in the agency issuing an unprecedented alert over the activities of hackers mainly from eastern Europe. The FBI doesn't normally try to grab headlines but has been provoked by what it claims is coordinated activity from the east. It used a mild warning about software vulnerabilities last December but since then has identified another 24 corporate victims and estimates that over a million US citizens have now had their credit card details filched by wily oriental gentlemen. It's certainly an interesting alternative to nuclear or germ warfare and, as our own Foreign Secretary points out, arguably a more dangerous one.

The warning comes at an interesting time, when a famous previous security scare, the Profumo scandal, is being spoofed on TV advertisements. It's somehow appropriate that the warning should come from someone whose own private life has made tabloid headlines in the way that Profumo's sleeping with the enemy did.

So what is the Government going to do about the threat? Call an emergency conference of security experts? Hopefully not; a CNET report of a Canadian security conference shows just how dangerous that course of action can be.

By registration time on the first day of the conference, one attendee had cracked the password to the hotel's phone system and it took only one more day for the hotel's high-speed Internet system to be penetrated too. The culprit selfishly took over the hotel's hardware for his own use and crashed the system, although it was subsequently resurrected. That allowed another delegate to connect an Apple Airport wireless hub to his room's Internet port so he could wander round the room and still use the Internet. He reported to the conference that, within five minutes of his having made the hook-up, several hackers in nearby rooms had hitched a ride on his connection.

One delegate reported receiving 2300 alerts from the personal firewall on his computer within a 5-minute period, as against the half-dozen he might normally expect in an hour on a busy day. The result of all this scanning by every delegate of what every other delegate was doing

There's no mention in the report of what happened to the hair colour of the hotel management staff but hopefully the staff understood that this was all just fun and games. A conference spokesperson is quoted as saying: "They're just playing; we're all having a good time learning". It's what could happen if a crowd like this ever got serious that was bothering Robin Cook; and rightly so.