EXPERTS SEE SIGNS OF CYBER-TERROR AL-QAIDA COULD COMBINE VIRTUAL TOOLS WITH EXPLOSIVES IN ATTACKS ON U.S., LIMITED DATA SHOW
Copyright 2002 P.G. Publishing Co.
BARTON GELLMAN, THE WASHINGTON POST
Late last fall, Detective Chris Hsiung of the Mountain View, Calif., police department began investigating a suspicious pattern of surveillance against Silicon Valley computers. From the Middle East and South Asia, unknown browsers were exploring the digital systems used to manage Bay Area utilities and government offices. Hsiung, a specialist in high-technology crime, alerted the FBI's San Francisco computer intrusion squad.
Working with experts at the Lawrence Livermore National Laboratory, the FBI traced trails of a broader reconnaissance. A forensic summary of the investigation, prepared in the Defense Department, said the bureau found "multiple casings of sites" nationwide. Routed through telecommunications switches in Saudi Arabia, Indonesia and Pakistan, the visitors studied emergency telephone systems, electrical generation and transmission, water storage and distribution, nuclear power plants and gas facilities.
Some of the probes suggested planning for a conventional attack, U.S. officials said. But others homed in on a class of digital devices that allow remote control of services such as fire dispatch and of machinery such as pipelines. More information about those devices -- and how to program them -- turned up on al-Qaida computers seized this year, according to law enforcement and national security officials.
Unsettling signs of al-Qaida's aims and skills in cyberspace have led some government experts to conclude that terrorists are at the threshold of using the Internet as a direct instrument of bloodshed. The new threat bears little resemblance to familiar financial disruptions by hackers responsible for viruses and worms. It comes instead at the meeting points of computers and the physical structures they control.
U.S. analysts believe that by disabling or taking command of the floodgates in a dam, for example, or of substations handling 300,000 volts of electric power, an intruder could use virtual tools to destroy real-world lives and property. They surmise, with limited evidence, that al-Qaida aims to employ those techniques in synchrony with "kinetic weapons" such as explosives.
"The event I fear most is a physical attack in conjunction with a successful cyber attack on the responders' 911 system or on the power grid," Ronald Dick, director of the FBI's National Infrastructure Protection Center, told a closed gathering of corporate security executives hosted by Infraguard in Niagara Falls on June 12.
In an interview, Dick said those additions to a conventional al-Qaida attack might mean that "the first responders couldn't get there ... and water didn't flow, hospitals didn't have power. Is that an unreasonable scenario? Not in this world. And that keeps me awake at night."
Al-Qaida expertise growing
Regarded until recently as remote, the risks of cyber-terrorism now command urgent White House attention. Discovery of one acute vulnerability -- in a data transmission standard known as ASN.1, short for Abstract Syntax Notification -- rushed government experts to the Oval Office on Feb. 7 to brief President Bush. The security flaw, according to a subsequent written assessment by the FBI, could have been exploited to bring down telephone networks and halt "all control information exchanged between ground and aircraft flight control systems."
Officials said Osama bin Laden's operatives have nothing like the proficiency in information war of the most sophisticated nation-states. But al-Qaida is now judged to be considerably more capable than analysts believed a year ago. And its intentions are unrelentingly aimed at inflicting catastrophic harm.
Most significantly, perhaps, U.S. investigators have found evidence in the logs that mark a browser's path through the Internet that al-Qaida operators spent time on sites that offer software and programming instructions for the digital switches that run power, water, transport and communications grids. In some interrogations, the most recent of which was reported to policymakers last week, al-Qaida prisoners have described intentions, in general terms, to use those tools.
Specialized digital devices are used by the millions as the brains of American "critical infrastructure" -- a term defined by federal directive to mean industrial sectors that are "essential to the minimum operations of the economy and government."
The devices are called distributed control systems, or DCS, and supervisory control and data acquisition, or SCADA, systems. The simplest ones collect measurements, throw railway switches, close circuit-breakers or adjust valves in the pipes that carry water, oil and gas. More complicated versions sift incoming data, govern multiple devices and cover a broader area.
What is new and dangerous is that most of these devices are now being connected to the Internet -- some of them, according to classified "Red Team" intrusion exercises, in ways that their owners do not suspect.
Because the digital controls were not designed with public access in mind, they typically lack even rudimentary security, having fewer safeguards than the purchase of flowers online. Much of the technical information required to penetrate these systems is widely discussed in the public forums of the affected industries, and specialists said the security flaws are well known to potential attackers.
No consensus on threat
The 13 agencies and offices of the U.S. intelligence community have not reached consensus on the scale or imminence of this threat, according to participants in and close observers of the discussion. The Defense Department, which concentrates on information war with nation-states, is most skeptical of al-Qaida's interest and prowess in cyberspace.
"DCS and SCADA systems might be accessible to bits and bytes," Assistant Secretary of Defense John Stenbit said in an interview. But al-Qaida prefers simple, reliable plans and would not allow the success of a large-scale attack "to be dependent on some sophisticated, tricky cyber thing to work."
"We're thinking more in physical terms -- biological agents, isotopes in explosions, other analogies to the fully loaded airplane," he said. "That's more what I'm worried about. When I think of cyber, I think of it as ancillary to one of those."
White House and FBI analysts, as well as officials in the Energy and Commerce departments with more direct responsibility for the civilian infrastructure, describe the threat in more robust terms.
"We were underestimating the amount of attention (al-Qaida was) paying to the Internet," said Roger Cressey, a longtime counter-terrorism official who became chief of staff of the President's Critical Infrastructure Protection Board in October.
"Now we know they see it as a potential attack vehicle. Al-Qaida spent more time mapping our vulnerabilities in cyberspace than we previously thought. An attack is a question of when, not if."
al-Qaida prefers simple, reliable plans
How on earth could anyone in their right mind think that the planning that went into the WTC/Pentagon Attacks were simple???
The 13 agencies and offices of the U.S. intelligence community have not reached consensus on the scale or imminence of this threat
Will it take another massive terrorist attack before they do reach a concensus?? Were no lessons learned from the WTC Attacks in regard to sharing information and the need for the different agencies to work together??
Well I could go on, but you get the picture. People need to get their heads out of the sand (ok I'm being nice) and be PROACTIVE instead of REACTIVE or it will be too late. And I'm not just talking about the "Intelligence and Defence" communities. If you are the head honcho of any company that could be used as a weapon or used to help facilitate an attack please please please get some security in place!!! Boggles the mind that an online flower selling site would have more safeguards than say a computer-operated railway switch or dam floodgate control. Sure, we've all heard on the news since Sept. 11 that there is a possibility of an attack on a nuclear plant or water treatment facilities, but its time for ALL citizens to get smart and realize that the unthinkable COULD happen (because the unthinkable DID happen). We need to start looking outside the box and identifying all the UNOBVIOUS ways a terrorist attack could cause harm, and stop concentrating solely on what we "think" the terrorists will attack, like the Statue of Liberty for example.
Well sorry for rambling on, hope what I've been trying to say is a bit clearer than mud.
+ Reply to Thread
Results 1 to 5 of 5
06-30-2002, 11:09 AM #1
- Join Date
- May 2002
- Now in Victoria, BC. I'm from beautiful Jasper Alberta in the heart of the Can. Rockies - will always be an Albertan at heart!
ScarySeptember 11th - Never Forget
I respect firefighters and emergency workers worldwide. Thank you for what you do.
IACOJ CRUSTY CONVENTION CHAIR
RAY WAS HERE FIRST
06-30-2002, 12:25 PM #2
- Join Date
- Nov 2000
- Sitting on my Laa Laa waiting for my Yaa Yaa
Well now, we see the down side of everything being so interconnected. Seems like the wonders of new technology that are going to create a brave new world always come with some sort of string attached, don't they. Guess we'll all have to think about being self sufficient.Chris Minick, P.E., Firefighter II
Structures Specialist, MD-TF 1
These statements are mine and mine alone
I.A.C.O.J. Building crust and proud of it
06-30-2002, 03:20 PM #3
- Join Date
- Mar 2002
- Loco madidus effercio in rutilus effercio.
The perfect instance of "just because I live in a tent in the middle of the desert doen't mean that I am not at techonlogically advanced as you are."
Just after I got home from my mid-east deployment, there was a report on the radio of a University prof who purchased and placed several computers with internet capability in various rural regions of India. The purpose was to document who could (without any previous knowledge/experience) gain access to the net and how fast and effectively they could use it.
As it turned out in the study, the kids faired best. They quickly became able to access the net, do comprehensive searches and even created their own descriptions/definitions of the various icons. Oddly enough, with some minor differences, most of the terms the kids used were similar to the "worldly accepted" names most of us "TechnoGeeks" use.
All of this just by trial and error, and sharing their individual success/failure stories between themselves. If I remember the report properly(?) the time line was something on the order of approx 3-6 months.
So basically, "they are out there". If you have electricity, a phone dial up or sat link, you are in.If you don't do it RIGHT today, when will you have time to do it over? (Hall of Fame basketball player/coach John Wooden)
"I may be slow, but my work is poor." Chief Dave Balding, MVFD
"Its not Rocket Science. Just use a LITTLE imagination." (Me)
Get it up. Get it on. Get it done!
impossible solved cotidie. miracles postulo viginti - quattuor hora animadverto
IACOJ member: Cheers, Play safe y'all.
07-01-2002, 12:24 AM #4
- Join Date
- Jun 2002
- 1,000 miles from Private Pile
Local FBI Warning In Pennsylvania!
The FBI issued a warning, in a Lancaster County, Pennsylvania newspaper, that they suspect a terrorist may be hiding in the Amish community here. The photo below is photo provided the first clue that triggered the investigation.
07-01-2002, 09:49 AM #5
- Join Date
- Mar 2001
- Llano, Texas Llano
Turn loose the hackers that have planted viruses in our computors and let them play with the terrorist. They could really mess up bin laden.
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)