Top 3 Products & Services
Dated: Aug. 13, 2004
Related CategoriesNetwork Security
There has always been talk about warfare and nuclear warfare. And after September 11, there has been talk about chemical and biological warfare. But there is yet another type of warfare: Information warfare.
What is Information warfare?
Information warfare is about controlling what others see and listen; it is about denying access to information; it is about breaking into computer systems; but most of all it is about controlling information. It is the use, or misuse of data, information and technology with the intent of creating great confusion or disorder. Information warfare at very grass roots level is no different from regular warfare
The gulf war was the first real information war which started when five hackers from the Netherlands broke into computer systems of thirty four different American Military sites. Between April 1990 and May 1991 they managed to obtain the exact locations of the American troops, the types of weapons they had, the capabilities of Patriot missile and the movement of US warships in the Gulf region.
Sadam Hussain had access to inside spies. That is how he got information about movement of troops and weapons through Germany and also managed to get classified Information that the US military had about Iraq’s capabilities.
Among other things, the Gulf War demonstrated several types of Information warfare operations: computer intrusions, human spies, spy satellites, eaves dropping, electronic warfare, Psychological operations and even computer virus hoaxes. What they all have in common is that they target and exploit information from one party and use it for another’s advantage.
A New Kind of Terrorist
Today’s terrorist carry knives, box cutters and know how to fly planes. Tomorrow’s terrorist won’t have any kind of weapons. They will be able to wreak havoc from the comforts of his home using only a computer and an internet connection. I say tomorrow’s terrorist – because this is not yet a widespread form of terrorism but it has already taken hold. That’s why we should focus our efforts to learn more about online criminology.
In February 2000, computer hackers launched a stream of Denial of Service attacks against popular Internet websites. In a nut shell, a DoS attack involves sending so many packets of data to a server that it gets overwhelmed by the amount of network traffic and therefore cannot process the legitimate requests and data it is getting and in extreme cases Server might crash.
On the first day attacks were launched against Yahoo!, which at that time was the most visited site on the Internet. Yahoo! was down for several hours. Over the next few days eBay, Amazon and CNN were hit. Buy.com (One of the biggest eCommerce sites on the Internet) was attacked on the very day it has its IPO in the US stock market. On the same day two of the top online brokerage firms were attacked and people who used these firms were unable to trade.
While the websites were down they lost hundreds of thousands of dollar in revenue. The point is not that hackers managed to take out the most popular Internet websites but the point is that they have the power to manipulate the Us stock market and there its economy.
Over 95% of US military communications are routed over civilian links. The US government is seriously considering the creation of a new and secure communication network for government use only. This system called GovtNet would be separate and /or disconnected from the Internet which makes it lest vulnerable to attack from hackers?
The idea for GovtNet came from Richard Clarke, President Bush’s special advisor for cyberspace security. According to him Information terrorists could disrupt the nation’s information Infrastructure and the computer networks that control telecommunications , the electric grid, water supplies and air traffic.
Why Information is vulnerable
Most companies and organizations including those that run military or critical applications and consumers like you and I purchase commercially operating systems and applications with the assumption that these products are safe secure and will perform as expected. May I remind you that we don’t live in a perfect world? Windows 95 when shipped had 3500known bugs or errors. Windows 2000 has so many lines of code that a line by line check is impossible. This leads to bugs within the programs that when discovered and exploited by hackers can have catastrophic consequences.
In November 1988, Robert Morris unleashed the first Internet Worm. The program replicated itself on thousands of connected computers in a matter of hours. In response DAPRA (the US Defense Advanced Research and Projects Agency) established CERT which is responsible for issuing advisories and incident reports wherever something significant occurs or is discovered that may cause harm to computers or computer networks.
Electronic eavesdropping Guards
Echelon is the name given to an international electronic eavesdropping network run by the intelligence organizations of the US, UK, Canada, Australia and New Zealand. It is a global spying network that can eavesdrop on every single phone call, fax or email any where on the planet. In May 2000 the European Parliament decided to hold an inquiry into Echelon, after it was rumored that the US was using it foe its economic and industrial advantages by stealing commercial secrets from European governments and companies.
Carnivore is the electronic equivalent of Echelon and is the brain child of FBI. Once unleashed on a individual , it can track and log all electronic activity of that person like monitoring of emails, and keeping track of all websites and ftp sites visited by a person. To be able to do this, the FBI has to install its Carnivore "units” at physical ISP locations which enables them to monitor the activity of certain individual(s) using that ISP.
What can we do?
• Create and use strong passwords. It should be not someone’s name, or a word that can be found in a dictionary, and should contain special characters.
• Install Antivirus software and make sure that the virus definitions are regularly updated. MacAfee Antivirus and Norton Antivirus are the most widely used programs.
•Regularly visit the CERT website to check for advisories, notes and patches to security holes. The CERT website is probably one of the best resources as far as security is concerned.
• If you use Microsoft products (Windows or Office), regularly visit the Microsoft Security website. Like CERT it also carries Security Bulletins and has links to updates/patches for Microsoft products, along with a best practices checklists and FAQ for Online Safety.
•If not being used, turned off File and Printer sharing in Windows. This feature of windows 98 and above ahs turned out to be a big security hole.
• Organizations with large networks must definitely use firewalls to protect from break-ins. ideally an organization could create an Intranet to connect all for their computers internally and have this Intranet behind a fire wall for all access to the Internet.
• For business and organizations that are spread over geographically, VPN (Virtual Private Network) is the way to go. VPN creates a secure, private network over an existing network such as the Internet. This requires setting up of VPN clients and servers, the cost for which might be significant but negligible compared to benefits.
• Individuals can also install firewalls on their personal computers. Zone Alarm by Zonelabs and Norton Personal Firewalls by Symantec are reliable. On the other hand Norton Internet Security combines the firewall and antivirus intone package.
• Businesses working on critical projects, or those related to national security can use more sophisticated systems such as Network scanners or Network Intrusion Detection Systems (NIDS). Snort is one such product which runs on most Unix Variants.
• Stronger encryption and authentication may also be implemented. Companies like STi systems are selling a whole suit of security and authentication products.
And finally regularly visit Symantec Security Check website or try ShieldsUP!! At the Gibson Research website. Both these carry information about security for network administrators and end-users, and use tools and scanners to probe your computer and generate a report outlining any holes.
If it is There, Someone can get to it
There is no such thing as a perfect product, a perfect solution or perfect security. Recently researchers at the University of Cambridge discovered a hole in the IBM 4758 Crytoprocessor previously thought to be invulnerable which is used in bank ATM around the world.
A breach of computer security is every network administrator’s worst nightmare. Information Security experts live on the rule that if some information is on a computer somewhere, then someone can get to it. For this reason we must take computer security a serious issue as it affects critical national infrastructures and information resources not because a catastrophic attack is inevitable but to prepare for an uncertain future.
• 63% of American companies reported that the most damaging to their information resources comes from OUTSIDE the organization, not from insiders.
• In the summer of 1996, the CIA and US Department of Justice websites were hacked. Their contents were replaced by pornographic material.
• In March 1997 a 15 year old Croatian youth penetrated computers at a US Air Force base in Guam.
• In 1997 and 1998 an Israeli youth calling himself "The Analyzer” allegedly hacked into Pentagon computers with help from California teenagers. Ehud Tenebaum, 20 was charged in Jerusalem in Feb 1999 with conspiracy and harming computer systems.
• In Feb 1999, unidentified hackers seized control of a British military communication satellite and demanded money in return for control of satellite.
• In October 2000, unknown hackers broke into Microsoft and over a period of two weeks viewed/copied source code under development for a future product. Microsoft denied reports that intruders accessed source code for its major operating systems products like windows 2000, ME, XP or Office.
• In 2001 reports appeared that hackers broke into the Playboy Enterprise Website and stole credit card information for hundred of customers. The hackers threatened to use the information to cause damages totaling $10million in fraud claims to credit cards and insurance companies.
Now that you've gotten free know-how on this topic, try to grow your skills even faster with online video training. Then finally, put these skills to the test and make a name for yourself by offering these skills to others by becoming a freelancer. There are literally 2000+ new projects that are posted every single freakin' day, no lie!