The cyberwar begins
- 08 April, 2003 09:49
Predictions of some sort of cyberwar have been floating around for months now, with security experts suggesting that if war actually broke out, a series of cyberattacks was sure to follow. However, there hasn't been much evidence of anything devious happening in cyberspace beyond attacks by isolated groups of criminals and vandals -- until now.
According to U.K.-based mi2g Ltd., a security consultancy (www.mi2g.com), its intelligence unit is receiving reports of significantly increased numbers of cyberattacks between interests sympathetic to Iraq and interests sympathetic to the United States, the United Kingdom, and other nations in the coalition currently involved in the war in Iraq. The company also reports that both site defacements and DoS (denial of service) attacks have increased markedly on both sides.
The company's executive chairman, M.K. Matai, says that the level of sophistication used in the attacks on both sides, but especially on the U.S./U.K. coalition side, is much higher than would be expected from an average teenaged hacker. In fact, he says the activity more closely resembles what you'd expect from government, military, or corporate operations.
Of course, you're probably not involved in DoS attacks on Iraqi interests, so this doesn't matter to you, right? Wrong. It could matter to you, a lot. There are three ways that DoS attacks can affect you: decreased access to your site from the outside, use of your network as an attack pathway, and effects of misdirected attacks on your site even though you're not actually involved.
As you probably know, DoS attacks can fill up the Internet bandwidth available in some areas, although they don't necessarily have a huge effect on the Internet as a whole. If your Web site shares a backbone provider with a site that's being attacked, you could find yourself with congestion problems that could make your site unreachable at times. The best way to avoid this, of course, is to make sure you have more than one provider.
If you've already set up your firewalls and servers so that they can repel break-in attempts and DoS attacks, you're probably not going to have much of a problem with misdirected attacks. Unfortunately, that's about all you can do besides hope that no one on the other side of the world gets your site confused with one that they don't like.
The most serious threat is that people trying to break into a system will use your network as a pathway to their ultimate target. If you have a supply-chain relationship with a site an attacker is interested in, you could find your network targeted as a means of entry into the other organization's network. As you might imagine, such access -- if successful -- can wreak havoc on your company. It could also seriously hurt your business relationships.
How do you keep this from happening? Perhaps the best option is to use the increased cyberattack activity as motivation to review your security practices and to make certain your network can't be used as a pathway to an intended target. Make sure you're monitoring your network, your intrusion detection systems are working properly, and your firewalls are updated and being monitored, and pay close attention to the traffic between your network and your business partners' networks.
Regardless of what you think about the war, it would be a shame to have your business brought to a halt as a cyberattack bystander. But it will take action on your part to help ensure that doesn't happen.