Hackers Start Cyber Skirmish

Nearly two weeks later, experts say there still has been no link between the Sept. 11 terrorist attacks and any concerted cyber attacks against American agencies or companies--for now.

Earlier this week, a group of rogue online vigilantes, who dub themselves the Dispatchers, decided to destroy data and Internet connections within Afghanistan and Palestine. The group claims to have already disabled several Palestinian Internet service providers, and warns that ISPs and Web servers based in Afghanistan will be next "with the intent to destroy them and disable any use," said one warning on a Web site defaced by the Dispatchers.

"We, as a group of individuals, have taken a stand, armed with technology, able to disable our target in every method possible," wrote one Dispatcher hacker, RaFa. Not all hacking groups are in agreement. The German hacking group, The Computer Chaos Club, issued a statement condemning any form of hacking in retaliation of the terrorist attacks.

Nonetheless, experts fear a cyber skirmish may break out between hackers within the Middle East and United States, and system administrators who have not patched their systems run significant risk of their networks either being hijacked with "zombie" agents to be used in distributed-denial-of-service attacks, or having their Web sites defaced by sympathetic hacking groups located in Palestine or Afghanistan. "I wouldn't be surprised if this escalates, just as it did last year between Israel and Palestine last year and between the United States and China this spring. Once the United States chooses a country to attack, I'd expect these activities to increase significantly," says Chris Rouland, director of X-Force, the research team for security software and services vendor Internet Security Systems Inc.

The National Infrastructure Protection Center is taking the beginnings of the online scuffle seriously. "There is the opportunity for significant collateral damage to any computer network and telecommunications infrastructure that does not have current countermeasures in place," the NIPC wrote in a recent advisory.

Security experts say system administrators need to do more than be more vigilant, and make sure their systems are properly patched. "Security is always grinding through the basics," says Forrester security analyst Frank Prince.

The NIPC is warning network administrators that hacking groups will most likely mask their attacks by using the IP addresses and pirated systems of uninvolved third parties. As a result, security experts say, network and system administrators who don't patch their systems may find their networks turned into a launch pad for attacks against Web sites and networks in the Middle East. This, in turn, will make those companies likely targets for retribution.

The NIPC is urging companies to check that their systems have not become infected with common distributed-DOS attack agents. The NIPC's Find DDoS tool can be downloaded at http://www.nipc.gov/warnings/advisories/2000/00-055.htm . A list of security best practices can also be downloaded from CERT/CC at http://www.cert.org/security-improvement .