Web could be new front for U.S. enemies

Capability to disrupt major systems exists, computer experts say

Terrorism Strikes America

October 07, 2001|By Scott Shane | By Scott Shane,SUN STAFF

When a Web user clicks onto the site of the Muslim Hackers' Club, the sound of an explosion crackles from the computer speakers while a ball of flame appears on the screen.

Under the headings "Hacking" and "Viruses," the site contains hundreds of pages of detailed instructions - mostly borrowed from U.S. hackers - on how to break into computer systems and wreak havoc. Among the offerings are tips on hacking into a Pentagon system and a list of code words and radio frequencies used by the Secret Service.

"We think it's time for Muslims on the Web, knowledgeable of hacking, virus making, and all those fringe matters, to ... share their knowledge," says the 3-year-old site's welcome message.

Politically motivated computer hacking is on the rise, and in the tense aftermath of the Sept. 11 terrorist attacks in New York and Washington, security experts are warning of the possibility of a cyber terrorist attack designed to shut down critical U.S. computer systems.

"You could easily see coordinated attacks on critical infrastructure - banks and financial systems, telecommunications, the systems that control the flow of water or oil, government operations," said Michael A. Vatis, who ran the interagency National Infrastructure Protection Center at the FBI from its creation in 1998 until last spring.

He rates the chance of a crippling cyber-terrorist attack "a possibility" rather than "a high likelihood." But he believes - and recently warned Congress - that the threat will grow if the U.S. takes military action against terrorist targets.

"Our biggest concern is that we'd see a lot of attacks on U.S. targets after we begin military retaliation," Vatis said.

In recognition of the threat, President Bush is expected this week to name Richard A. Clarke, a veteran diplomat who oversaw counterterrorism in the Clinton White House, to head a new office of cyber security and critical infrastructure. Along with a counter- terrorism office to be headed by Gen. Wayne Downing, it will be one of the two key components of the new Office of Homeland Security to be headed by former Pennsylvania Gov. Tom Ridge.

Experts say that unlike physical forms of terrorism, cyber attacks are unlikely to kill people, though a major disruption of air traffic control or a power grid blackout could lead to loss of life. But the potential to sow chaos and ravage the economy could appeal to avowed enemies of the United States.

"You're not going to have 7,000 deaths, but you could have a disruption of the economy similar to what we've seen since Sept. 11," Vatis said.

While very few people have the expertise to mount chemical or biological attacks, there is a global army with hacking skills - 19 million worldwide, according to a presidential commission. And unlike terrorists who probably would have to smuggle poisons in across a border, computer attackers could wreak havoc from a keyboard thousands of miles away.

To undermine a major system would not be easy, computer security experts said. But an effort on the scale required for the Sept. 11 attacks could almost certainly cause enormous damage, they acknowledged.

"I think a truly devastating cyber attack would require the same kind of preparation and planning," said Lawrence R. Rogers of the CERT Coordination Center at Carnegie Mellon University in Pittsburgh, the nation's leading tracking center for computer viruses.

Such an attack might even involve the infiltration of conspirators into major software companies years in advance, he said.

"They could alter the software so that it was programmed to destroy itself and the hard drive at a certain time," said Rogers.

Most hackers today are not terrorists, but the cyber-age equivalent of graffiti writers, whose favorite trick is replacing Web sites' content with slogans and obscenities. Last week, a hacker defaced the Baltimore-Washington International Airport's Web site with a threatening message referring to Sept. 11. The case is now under investigation by the computer-crime squad of the Baltimore FBI office, said Special Agent Peter A. Gulotta Jr.

The BWI case is one among dozens of Web site defacements worldwide over the last three weeks sparked by the terrorist attacks. Someone calling himself or herself "Brazil Fury Hacker" replaced the Web site of an anti-virus software company with a message praising terrorist financier Osama bin Laden. Another hacker, signing himself "United Hackers Against Terrorism," replaced a U.S-based Islamic site calling for jihad, or holy war, with a portrait of bin Laden and the words: "Wanted for Murder."

Though most Web defacements are a nuisance rather than a serious threat, said Vatis, "the same tools that are used for Web defacement can be used for cyber terrorism."

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.