Who's Winning the Cyberwars? Hackers and Terrorists Are Constantly Developing New Exploits, Which Government and Industry Must Defend against. (Computer Security)

Article excerpt

The scenarios were frightening. Cyberterrorists breaking into the systems that control hydroelectric dams and flooding towns. Hackers shutting down telephone systems or air traffic control systems. Unstoppable computer viruses shutting down the Internet and causing billions of dollars in damage to the global economy. Over the past year, images of the mayhem that would be caused by the disruption of computer networks across the country and across the world became a staple of magazine articles and television news shows. So far, none of these terrifying scenarios have come true.

But an avalanche of attacks did occur. According to the CERT Coordination Center, which keeps track of reports of security vulnerabilities and incidents, more than 43,000 incidents had already been reported in the first two quarters of this year (the latest data available at press time), compared with a total of 52,658 in all of 2001. These incidents included attacks by worms and viruses that installed backdoors that allowed hackers with remotely control infected computers.

Experts say that the tragedies of 9-11 and the release a week later of a worm called Nimda have helped to focus attention on the need for better cybersecurity This heightened awareness has changed government and corporate attitudes and has led to some improvements in network security in both the public and private sectors. But hackers, too, have made progress over the year. The following report examines the changing threatscape as well as steps taken to defend against these evolving threats. Proactive measures examined include public-private liaisons, the issuance of a national strategy to secure cyberspace, and ongoing cybercrimefighting efforts. This report also assesses efforts by the private sector in terms both of what corporations are doing internally and what technology providers are doing to improve their products.

Evolving threats. Hackers' methods are morphing into something more menacing than they were before, many experts say. Indeed, many are becoming more skillful, and more clever, says Ed Skoudis, vice president of security strategy for Predictive Systems. "What's happening is that the bad guys are getting much better at doing very detailed analysis of source code as well as already compiled code, so they can walk through assembly-language code and find flaws at a level of detail they never could before," he says. One reason for this, he says, is the release of new programs and new techniques that make this type of analysis easier.

But they've also widened their choice of targets. For example, on July 30, someone hacked into the Web site of OpenSSH, a free and widely used security program that encrypts traffic as it moves across the Internet. The hacker installed a Trojan horse (a tool that allows remote access of a computer) into the OpenSSH download, so that anybody who downloaded the program before the Trojan horse was discovered unknowingly installed a back door in that system.

Other incidents in which legitimate tools available for download by users were broken into and corrupted with a Trojan have occurred around the world. For example, in September, the source code for Sendmail, a popular mail-server program, was modified to contain a Trojan. It was more than a week before the compromise was noted and removed from the Sendmail FTP site.

Infrastructure targets. Over the past year hackers have increasingly targeted critical elements of the Internet's infrastructure. "Code that's starting to attack routers, not individual systems, is the problem," says Steven Branigan, vice president of engineering for Lumeta, which provides software to help companies look for vulnerabilities. Branigan explains that routers are becoming more attractive to hackers because they are offering more services than just moving data packets.

Jeff Schmidt, founder and CTO of managed security services provider Secure Interiors, adds that this new focus is part of a transitional phase that many hackers are going through in which they are moving away from what he calls "guns blazing" attacks. …