OTTAWA — There is little doubt that North America’s own IT infrastructure was used to plan and carry out the attacks in New York and Washington, according to an expert at the fourth annual conference Cyber-Sabotage 2001 held Tuesday.
“Let’s not let our organizations be used as launching pads,” said John Lucich, international president of the High Tech Crime Network, which has more than 1,000 members in 15 countries. Lucich, also the managing director of the Network Security Group, is based in West Caldwell, N.J.
After the World Trade Center bombing in 1993, the U.S. held its first conference on cyber-terrorism, but it never gained much momentum. Since then, experts have noticed more Internet-related terrorist activity.
On a message board one day before last Tuesday’s attack, for example, someone had written: “In the (deepest) part called the center of the earth by this weekend north east region will be destroyed new providence soon to fall apart.” (Lucich pointed out this could have been a spoof — the FBI is investigating.) And the FBI’s Counter Terrorism Division had previously published a warning for a heightened state of alert against physical and computer assets at the World Trade Center, through Oct. 10.
One day after the terrorist attacks against New York and Washington, a congressional report warned of the vulnerability of the country’s computer networks, and the General Accounting Office said the U.S. government has only made limited progress in protecting critical computer networks from cyber-terrorists. The “war against international terrorism,” therefore, will include work on cyber-security.
“If these individuals drove airplanes into the World Trade Center, anything is going to be possible,” said Lucich. “It’s not always a technical crime, it can be a traditional crime using technology.”
For example, he said, terrorists could take over an air control centre and crash airplanes into one another.
He said a well-organized effort is needed to combat technology crimes, which involves partnerships. With hackers, “they share information, there’s nothing top secret about it,” he said. “Not so in the corporate community and law enforcement. That’s a problem. We need each other to fight this.”
He said we also need legislation with “real” repercussions. “I don’t want to see the United Nations call the shots because they’ve flip-flopped so many times already.” Instead, he said he believes countries should develop stronger laws and learn to work together, so they can prosecute a cyber-criminal anywhere in the world.
Harold Hendershot, acting section chief, Computer Investigation and Operations Section of the National Infrastructure Protection Center with the Federal Bureau of Investigation, talked to attendees about protecting critical infrastructure in a war without borders. He’s currently working on a forensic investigation at the Pentagon and World Trade Center, and made his presentation over the phone.
The National Infrastructure Protection Center is made up of multiple U.S. federal agencies, federal, state and local law enforcement, international partners (including Canada and Australia), as well as private-sector representatives. Its mission is to detect, deter, assess, warn of, investigate and respond to attacks on critical infrastructure.
Critical infrastructures are those physical and cyber-based systems essential to minimum operations of the economy and government, Hendershot said. They include government operations, emergency services, telecommunications, electrical energy, gas and oil storage and delivery, water supply systems, transportation, and banking and finance. In cyberspace, he said, all of these critical infrastructures are tied together.
In most cases, governments don’t own the infrastructure, and tools to attack that infrastructure are readily available on the Internet, he said. Globalization of infrastructure also increases exposure to potential harm, and interdependence of systems makes attack consequences harder to predict and perhaps more severe.
“Terrorists like to use physical things — they get a bigger splash,” he said. Terrorists are currently using the Internet to communicate with each other, he pointed out, but we haven’t seen them attack our infrastructure — yet. But the potential is certainly there. For example, taking out a country’s command and control centre with military force (as done in Iraq and Bosnia) can now be done over the Internet.
In fact, cyber intrusions into military computer systems took place in 1998, during the Iraq weapons inspection crisis. The attacks appeared to be coming out of the Middle East, raising concerns of an information war. The reality, however, to be a different story.
Two 16-year-olds in Cloverdale, Calif. (known as Makaveli and Too Short), aided by an Israeli teenager in Tel Aviv, Ehud Tenebaum, used tools to attack the U.S. government’s Solaris network, affecting 500 computer systems. Makaveli later told the FBI: “It’s power, dude.” This breach of security cost the government millions of dollars to repair and rebuild compromised systems.
Back in 1998, George Tenet, director of the CIA, said: “We know with specificity of several nations that are working on developing an information warfare capability. Just as foreign governments and their military services have long emphasized the need to disrupt the flow of information in combat situations, they now stress the power of information warfare when targeted against civilian information infrastructures.”
So while information warfare is not a new concept, the events of the past week have certainly raised public awareness of its potential threat.
Hendershot said the public needs better education at the grassroots level, teaching users about the ethical issues surrounding computer use.
And, like Lucich, he stressed the need to work together. “We can’t do it alone, the FBI can’t, the U.S. government can’t,” he said.
Here in Canada, the RCMP is doing something it calls “integrated policing,” meaning that police forces team up with government agencies and the private sector (although in an informal way). “All organizations we can work with in partnership is a benefit to us,” said Paul Teeple, officer in charge of the Technical Liaison Branch, Technical Operations, with the RCMP. But the RCMP might want to consider what the Brits are doing.
Roland Perry, vice-chair of the Internet Crime Forum in the U.K., also spoke to attendees over the phone, due to travel complications. He said there must be cooperation between industry and law, and that enforcement must be based on a regime of mutual trust and understanding. This can’t be built up overnight, he added, and requires both parties to make efforts to educate each other about the nature of their requirements and the scope of their capability.
“Unfortunately, in many countries there is still suspicion in these two communities,” he said.
The overall aim of the Internet Crime Forum is to develop a relationship between Internet Service Providers, industry and law enforcement agencies in the U.K., so criminal investigations are carried out lawfully, quickly and efficiently while protecting the confidentiality of legitimate communications. The ACPO Computer Crime Working Group is working with ISPs through the Internet Crime Forum; ISPs are considered crucial to the investigation of computer crimes in order to benefit from in-house expertise and lawful access to tracing information.
Cooperation between law enforcement and industry extends beyond national borders, Perry said, adding that he hopes the Internet Crime Forum can serve as a model for wider implementation throughout the European Union and other parts of the world.