The vast majority of war-related cyberattacks last week appear to have been little more than low-level Web site defacements that had little or no impact on US businesses.
But the sustained denial-of-service attacks that crippled the English-language Web site of Arab satellite TV network Al-Jazeera served as a sobering reminder of just what can happen if a company does become a hactivist target.
One week into the war with Iraq, most of the predicted cyberfallout appears to have been limited to the Web equivalent of graffiti, said security experts. “At least 99 per cent of the attacks are pure defacement of Web sites” with pro- and antiwar messages, said Michael Albrecht, a manager at F-Secure in Helsinki, Finland
The company estimated that as many as 10,000 Web sites worldwide may have been defaced since the war began. Although US government and military sites appear to be targets of choice, vandals are attacking any vulnerable service they can find, Albrecht said. In most instances, the attacks appeared to be coming from individuals rather than from organised groups or government entities, he added.
The level of hacking activity has been no different from usual, said Marty Lidner, an incident-handling team leader at the CERT Coordination Center at Carnegie Mellon University in Pittsburgh. “In the big scheme of things, the level of activity reported to us hasn’t really changed,” Lidner said.
“There has been no significant increase in Web defacement activity between prewar chatter and actual war,” said Russ Cooper, an analyst at TruSecure. “A defacement may say ‘No war,’ but it would have said ‘No cheese’ or something else if there had been no war.”
The minimal impact on business systems so far isn’t surprising, said Dave Krauthamer, director of information systems at Advanced Fibre Communications in California. “I think you need to be extremely skilled to hack into corporate systems,” he said. “I don’t think current events make the risk of cyberterrorism any greater.”
Moreover, most companies have revamped their management of security threats since September 11, 2001, said Bruce Blitch, CIO at Tessenderlo Kerley, a multinational chemical company with US headquarters in Arizona. For instance, Tessenderlo has further isolated critical plant-control systems and tightened security policies relating to its IT infrastructure.
“If what happened nearly two years ago didn’t make a company pay attention to security, then it’s unlikely that war with Iraq would change that,” Blitch said.
Even so, the attacks on Al-Jazeera show what can happen if attackers get it right. The attacks began March 25 after the network posted photos of US prisoners of war. The Web site was almost totally inaccessible most of last week.
The site appears to have been hit with twin denial-of-service attacks, said Eric Seigel, a consultant at Internet performance monitoring company Keynote Systems in California. One was directed at the company’s Web servers, the other at a core Domain Name System server that provides browsers with the address of Al-Jazeera’s Web site, Seigel said.