[Back][Home][Search]                    [Image] [Image]
                                                [Image]

 [Bomb2]

 [Image]           CIWARS Intelligence Report - 4 January 1998

               CIWARS Intelligence Report - 4 January 1998
                  ====================================

                   Volume 2, Issue 1:  Copyright @1998
                           http://www.iwar.org

 Dedicated to the discussion of infrastructure vulnerability to improve
                                 defense

 Table of Contents

      Editor’s Comments

      The CIWARS 1998 Forecast of 1998 Vulnerabilities

      Focus—Internet/Computer Systems

      Focus—Telecommunications

      Focus—Air Traffic Control

      Focus—Electric Systems

      Focus—Regional Vulnerabilities

      Focus—Terrorist Organization Forecast

      Focus—Organized Crime Forecast

 Editor’s Comments

 This issue focuses on worldwide infrastructure vulnerabilities for
 1998. It is CIWARS’ opinion that the infrastructure is showing signs
 of what we call Systemic Collision.

 Systemic Collision describes a series of unrelated circumstances that
 are uncoordinated and related. When placed within a context, it
 produces results that are extra-intentional and many times
 catastrophic. However, it is important not to apply this term to over
 simplistic circumstances. To be systemic the definition should account
 for a number—at least three—of unrelated changes that do not have a
 direct or obvious cause and effect pattern.

 Currently, there are three factors that are producing a Systemic
 Collision which need to be considered by a nation/or corporate
 structure in defending or protecting infrastructure.

 First, the global redefinition of the role of government requires a
 new understanding about the role of corporate enterprises in terms of
 protecting infrastructure. This is best demonstrated by the growing
 privatization trend of vital infrastructural services that only thirty
 years were defined as of strategic national value. Water, electric,
 transportation, and gas systems have been sold to private enterprise;
 therefore, these services are no longer under the direct protection of
 government.

 Second, the globalization trend has produced three significant
 sub-category changes: a) globalization has encouraged non-national
 corporations to purchase privatized assets. In other words, a
 country’s electric system could be owned by another nation or a
 corporation controlled by investors from another nation, b)
 globalization has encouraged the adoption of open software systems or
 at least shared operating systems. For example, a Swedish software
 company sells the operating software for a number of foreign stock
 exchanges. Similar vulnerabilities are shared by each of those stock
 exchanges. The same applies to common ownership of energy management
 software, c) globalization has increased the number of inter-dependent
 communications points.

 The third change is the accelerating growth of the Internet and its
 use as an internal system and as a public interface. This trend has
 expanded the access vulnerability and globalized the potential threat.

 Focus--Internet /Computer Systems
 ----------------------------------------------------------------------

 Performance

 Vulnerability Assessment

 During the last weeks of 1997, the performance vulnerability of the
 Internet was no longer a matter of speculation. Some 11 of the last 12
 weeks saw the Internet backed up on email or a service outage. The
 usual scapegoat of AOL was joined by MCI, Worldnet, and Netcom.

 But there is a reason for all of these problems.

 Email traffic is doubling each six months The size of the messages are
 getting larger with more people using the attach file feature AOL
 handles 21 million messages a day and is the fastest growing Internet
 provider AT&T handles 1 million message a day

 Keystone Systems reported a 4.5 percent deterioration in Internet
 performance between its April 1997 report and its September 1997
 report. The average time to download their test file rose from 9.928
 seconds to 10.370, and the best performance went from a blazing 1.543
 seconds to 4.905 seconds.

 Considering Intenet domain growth has now been documented at a linear
 path of 18,000 domains a day and 83 percent of surveyed Internet users
 cited email as their most used application, CIWARS believes that by
 July 1998 the Internet should reach 30 million domains (up from 19.9
 million domains in July 1997) and show at least another 4.5 percent
 degradation in service.

 Editor’s Note: AOL has grown their number of email servers from 14 to
 20 but based on past performance and their track record of problems
 during upgrades, 1998 should be a difficult year for AOL. Also for
 comparison CIWARS looked at AT&T which has 6 email servers for one
 million messages compared to AOL’s 20 for 21 million messages. It is
 difficult to do a comparison without technical specifications;
 however, CIWARS will stick by its opinion for another difficult
 Internet year.

 Vulnerability Recommendation

 CIWARS urges its readers to seek ISPs that have private connections to
 the backbone rather than using ISP that rely on the public NAP. In
 addition, we recommend constant monitoring of network performance if
 your applications are critical.

 Security

 Vulnerability Summary

 Denial of Service Attacks

      1997- 4 Attacks

      1998- Predicted 7 Attacks all specifically targeted sites

 CIWARS expects Syn Floods and Smurf attacks to increased in 1998 and
 they will move from "kiddie script" attacks based on media release of
 these scripts to professional attacks for economic means. CIWARS
 recorded two such cases in 1997—one in Brazil and one in
 Australia—where competing ISP attacked one another to hurt the quality
 of their service. The prime regions for this activity will remain Asia
 and Latin America where ISP competition will be the strongest based on
 the limited market.

 CIWARS expects to see DOS attacks targeted at other commercial
 enterprises during times of intense competition. This will especially
 hold true as more firms move to on-line commerce for a higher percent
 of their sales mix.

 This prediction is based on the history of 1997 compared to the fall
 of 1996 when the first large scale DOS attacks were mounted after the
 release of a DOS script by Phrack. As 1997 progressed, the DOS attacks
 took on a targeted or focused quality. The two attacks in the Spring
 did not appear to be politically motivated attacks; however, by
 September the Australian attack occurred and then during late
 September an ISP was targeted because it housed the infamous spammer
 Sanford Wallace.

 Data Theft/System Intrusions

 Vulnerability Summary

 Based on 18 months of data and analysis, it is the opinion of CIWARS
 that overall threats on the Internet remain undeveloped and
 unprofessional. According to recent studies, most attacks use standard
 or well known script exploits. Our research reveals less than 1,000
 hackers in the world who have the professional programming skills to
 create their own attack scripts. Social engineering and the use of
 inside personnel will remain the primary method of obtaining or
 effecting data on systems.

 The trend of targeting financial/Electronic Commerce sites will
 continue as more and more companies enter this distribution channel.
 Like the current Electronic Commerce sites, the group establishing
 sites in 1998 will be subject to a range of 2 to 5 serious attacks per
 month (NetSolve Study) with CGI-bin attacks leading the thrust.

 Vulnerability Recommendation

 An Infrastructure Assurance Posture (IAP) should be established that
 provides a comprehensive view of security risks.

 Vulnerability Analysis

 This next year will be a telling year in terms of watching threats
 move or migrate from region to region. The United States has gone
 through its first round of Electronic Commerce implementation and now
 the United Kingdom and Asia, according to surveys, are on schedule to
 start Electronic Commerce sites. In terms of threat development,
 CIWARS believes threats will migrate to the most vulnerable areas;
 therefore, we expect these sites to be hit full force with experienced
 threats.

 On-Line Software Piracy

 Vulnerability Assessment

 Up until now, there have a number of factors suppressing the number of
 titles being distributed on the Web.

 The two primary reasons (beyond consumer preference) are download
 speed and size of new applications. CIWARS believes 1998 will bring
 the addition of software or methods that will speed the process of
 downloading large files from the Web.

 CIWARS predicts by 3rdQ 98 there will be a surge of pirated software
 from on-line site.

 Web Page Hacks

 Vulnerability Summary

 There has been a suggestion that Web Page Hacks are increasing;
 however, CIWARS urges caution in establishing a trend from the limited
 sampling that has been obtained.

 The statistics promoting an increase in Web Page Hacks count each page
 that has been hacked and not the primary server. For example, if one
 hacked domain allows access to 10 Web Pages under the current scheme
 that is counted as 10 hacks. Under CIWARS’ methods, this would be
 counted as one hack with 10 pages affected. In addition, there is a
 problem with motivation and development of this threat.

 Self-satisfaction appears to be the primary motive for these attacks.
 Based on the signatures left after an attack, the current attacks are
 limited to a small group of individuals (200) who accomplish the core
 number of attacks. CIWARS also believes that our preliminary
 statistics show these attacks are university-based or at least
 encompass that age group. It is for this reason we believe the number
 of Web Page Hacks is a coordinated factor with threat production by a
 society and, therefore, the number will vary from country to country.

 Year2000

 Vulnerability Summary

 In previous reports, CIWARS has referred to the Y2k problem as Attack
 Day. Y2k refers to the problem associated with the change of date at
 the end of 1999 and the historic programming of many computer systems
 using only a two digit date. Although the actual technical
 vulnerability will not start until 9 Sept 1999, CIWARS lists 1998 as a
 highly vulnerable year for the following reasons:

 Recent surveys of corporations in the United States reveal that only
 one in five are prepared to meet the Y2k deadline. European
 corporations have combined this task with the conversion to the
 European Monetary Union (EMU) on 1 January 1999; therefore, they are
 better prepared. In Asia, the situation may be much worse. This past
 summer’s economic disruption has cost Asian corporations time, focus,
 and money, and many experts are predicting the Y2k fix—which uses
 outside or foreign consultants payable in US dollar—deadline will not
 be met. Finally, Latin America is extremely vulnerable because of
 their late start on the Y2k fix.

 Vulnerability Analysis

 The threat for 1998 will take the form of rushed efforts to complete
 the Y2k fix. This will create three very distinct threat
 vulnerabilities.

 First, companies who haven’t secured Y2k fix resources yet may resort
 to consulting companies that have not done an adequate job of
 screening contract programmers which will increase the possibility of
 a threat knowing the interworkings of a corporate system.

 Second, a rushed implementation may require the use of outsourced
 contractors in another region of the world. These programmers will
 have inside knowledge of the systems.

 Third, because many Y2k fix applications require new hardware,
 production capacity for traditional vendors will be strained.
 Companies caught in a last minute rush may be forced to use unproven
 vendors for computer hardware. This may prove to be an ideal time for
 a threat to insert a "chipped" system. (Editor’s Note: The shipping of
 corrupted computer systems or "chipping" has been confirmed by the
 United States Central Intelligence Agency.)

 Focus--Telecommunications
 ----------------------------------------------------------------------

 Vulnerability Assessment

 The primary vulnerability facing the telecommunications sector will be
 the global trend of the merging telecommunications marketplace. The
 merger of WorldCom and MCI heads the list for examination. CIWARS’
 preliminary investigation in this merger reveals numerous duplicate
 network points that may become the target of consolidation efforts.
 Prior to the merger, both MCI and WorldCom ranked very high in
 download speed tests because of their excellent backbone structure;
 CIWARS will monitor this indicator for degradation.

 The second area of vulnerability will be the growing use of satellite
 transponders to deliver a wide range of services from mobile
 telecommunications to video content. Last year’s outage at one of
 India’s stock exchanges characterizes the need for adequate
 infrastructure redundancy; however, CIWARS believes a shortage of
 transponders will restrict proper telecommunications planning for
 selected users.

 The third area deals with growing use of Global Positioning Systems
 (GPS) services and the entry into the marketplace of a hand-held
 device that can scrabble GPS signals up to 200km according to a Janes
 report. This device was shown at the recent Moscow Air Show and
 retails between $2,000 to $4,000. If this device works, it brings
 military technology down to the palm top for organized crime and
 terrorist. GPS is at the heart of most commercial and government
 tracking systems and is a key ingredient to a new FAA air traffic
 system.

 Focus--Air Traffic Control
 ----------------------------------------------------------------------

 Vulnerability Summary

 There are a number of factors working against the world’s air traffic
 infrastructure. First, air traffic has been growing at a steady rate
 for the last five to six years. The United Kingdom and much of Europe
 is seeing increases of five percent a year, and now that it is in its
 fully deregulated mode, it should accelerate beyond that base figure.
 Second, countries like United Kingdom and the United States are
 involved in system upgrades which are off schedule or have not met
 expectations. Third, the two areas of the world—Latin America and
 Asia—with the lowest percent of countries with Category I ratings
 (Asia with 69 percent Category I ratings and Latin America with 39
 percent compared to Europe’s 93 percent) has also been the hardest hit
 economically which could slow their air traffic control improvements.

 Vulnerability Analysis

 The United States

      The United States is caught in a cycle of aging equipment,
      bureaucratic management, and botched improvements. This has left
      the United States vulnerable to infrastructure attacks that could
      be devastating to the system. The largest vulnerability has been
      power outages to the system. An April General Accounting Office
      (GAO) report examining the Federal Aviation Administration’s
      (FAA)power management procedures after a string of 1995 and 1996
      power outages concluded that effectively the FAA had lost control
      of its back-up generator inventory. Some 88 percent of its
      generators were at least 20 years old (the useful life is 15
      years) and nearly half of those are over 30 years old. This was
      caused by a lack of a national inventory of generators, according
      to the GAO report. The problem of electrical outages continued in
      1997 despite the GAO recommendations with an almost holiday
      traffic threatening outage just days before Christmas in Kansas
      City.

      Aging Radar Screens

      The United States is in a protracted replacement process of its
      aging radar screens. It is a phased program ending in 2001. After
      the Washington National Airport screens logged over 100 outages
      in 1997, the FAA decided to immediately replace the screens.

      United States Threat Analysis

      The United States is vulnerable to a cascade affect. A direct hit
      on the air traffic control system is not required as long as the
      same results can be achieved by disrupting the power system since
      adequate power back-up does not exist. Considering the other
      problems with air traffic control, CIWARS believes it would be
      fair to assume that computer security has not been maintained and
      is in need of review. The problems associated with air traffic
      are endemic to improper project management and system
      supervision.

 The United Kingdom

      The United Kingdom, one of he busiest air spaces in the world
      with Heathrow being a hub for Europe, is also one of the safest.
      However, it has slipped a deadline on building its New En Route
      Centre at Swanwick. The centre was originally planned for 1996
      and then slipped to March 1998 and now it looks like it will be
      operational sometime during 1999. This will cause considerable
      problems in managing UK’s already busy skies during 1998.

      United Kingdom Threat Analysis

      The current system is vulnerable to higher load factors which
      decreases the margin of error. This narrowed margin forms the
      basis of an exploitable target.

 Focus—Electric/Water Supply
 ----------------------------------------------------------------------

 Vulnerability Assessment

 Water Shortage

 The effects of El Nino will reach full force in 1998. Water shortages
 in Indonesia, PNG, Malaysia, Australia, and Ecuador will intensify.
 This could produce significant disruptions of electricity production,
 agriculture activity, and normal water consumption.

 Electric Power Distribution

 There will be continued pattern of targeting electric systems by
 dissident or rebel groups in the world which demonstrates the growing
 use of infrastructural warfare against the populace. Targeted
 countries: Honduras, United States, Albania, Colombia, Sri Lanka.

 The United States with its high energy use is the most vulnerable.
 During 1997, PG&E suffered two acts of sabotage to power stations. The
 last attack disrupted traffic for hours and plunged most of San
 Francisco Pennisula into chaos. Earlier in the year, a lone gunman
 shot out a PG&E transformer in protest over the Oklahoma City bombing
 verdict.

 In addition, the Western part of the United States may still be
 vulnerable to disruption of coal delivery to power plants because of
 the previously reported problems associated with the Union
 Pacific-Southern Pacific merger.

 Focus--Regional Assessments
 ----------------------------------------------------------------------

 United States

 The United States has the highest possibility for significant
 infrastructure disruption in 1998. During 1997, it had sabotage to
 major electric and land transportation systems, a near emergency state
 in the railroad system in the Western United States, consistent
 Internet disruptions (email and general transmission), telephone
 system software disruptions, and outages in air traffic control
 systems. In addition, the United States is home to the largest supply
 of professional and "kiddie script" hackers. It also accounts for most
 of the hacked Web Pages of the world. In short, it the opinion of
 CIWARS that the United States represents an example of a country that
 is all the way at the end of curve in terms of information age,
 privatization, deregulation, technical reliance, and social problems
 that produce threats.

 Although the Scandinavian countries are just as reliant on technology,
 they have not—generally speaking—relinquished as much control of their
 infrastructure as the United States government. In addition, there are
 social factors that limit threat production. Therefore, the United
 States will be a good test-bed for future developments.

 Vulnerability Targets

      Internet Transmission

      Financial Systems

      Energy distribution systems

 Asia

 This past summer’s currency and stock crisis will produce a Systemic
 Collision that could further devastate the Asian countries. Southeast
 Asian (Singapore excluded) countries who were just gaining momentum on
 the infrastructure development scale have been forced to cancel vital
 infrastructure projects. (Malaysia’s canceling of Bakun dam is an
 example.) Unfortunately, these countries have put programs in place to
 build the level of energy consumption and this clashes with their lack
 of financial resources to fulfill these efforts. In addition, there is
 the danger of these countries not having the resources to maintain
 their current structures.

 In terms of physical problems, Indonesia bears watching because of the
 1998 elections. Suharto’s power base is eroding and there is no
 indication that he or his family will take Air Marcos into exile.
 Physical violence has already erupted on college campuses and as the
 crisis worsens it may spread to the general population if the once
 pampered middle class starts to feel threatened. Civil strife in
 Indonesia will threaten the security of the region and could be
 another economic blow.

 Vulnerability Targets

      Communications links that terminate or pass through Indonesia.

      Shipping links

      Trade agreements.

      Shared development agreements on energy production or
      distribution and satellite communication

 Latin America

 This region is starting to recover from the lost decade of the 1980’s
 with a transition to a democratic power base. Latin America’s primary
 threat comes from organized groups who have a history of targeting
 infrastructure. Hostile attacks on the infrastructure have occurred
 in: Colombia (pipeline and electric systems), Peru (telephone
 systems), Honduras (electric system), and Dominican Republic (electric
 systems). In addition, Argentina is experiencing a new threat from
 fundamentalist Islamic groups.

 Latin America is still a potential target for a currency speculators
 which would further damage its economy and hinder infrastructure
 development and support .

 Vulnerability Targets

      Currency

      Energy and Power Distribution

      Air Traffic Control

 Europe

 Europe’s primary vulnerability is managing the transition to the
 European Union and its associated effects. The privatization of their
 infrastructure may have a long range effect on their ability to
 control and protect the traditionally state controlled structures.
 This will not be evident in 1998 but it can be watched for further
 development. Europe also leads the world in smart card use which will
 tie in with the EMU implementation and possibly attract hackers to
 higher value smart cards.

 In terms of financial systems, Europe automated many of the trading
 functions of its stock exchanges and linked them. During the stock
 fluctuations of 1997, many of these systems showed considerable
 stress; therefore, CIWARS believes a significant stock correction in
 1998 could force these systems into linked failures.

 Vulnerability Targets

      Financial Systems

      Air Traffic Control (Heathrow)

 Russia

 As for vulnerabilities in Russia, this space is too limited. However,
 Russia’s biggest threat is from internal corruption and organized
 crime which takes critical dollars away from building a viable
 infrastructure.

 Vulnerability Target

      All physical infrastructure

      Financial Systems

 Focus--Terrorist Organizations Forecast
 ----------------------------------------------------------------------

 CIWARS believes that by late 1998 the first terrorist use of
 information weapons will be recorded. The most likely weapon will be a
 virus or worm attack against an infrastructural target. This assault
 will come from a group that has not been traditionally associated with
 terrorism. Conversely, CIWARS does not expect any of the groups in the
 Middle East, Latin America or Asia to make the transition to
 information weapon in 1998.

 Focus--Organized Crime Forecast
 ----------------------------------------------------------------------

 Our forecast of 7 December still stands. CIWARS believes organized
 crime will gain strength in 1998 but only in its traditional areas. We
 expect further Internet fraud or money laundering activity but CIWARS
 believes 1998 will be a transition year. Organized Crime will continue
 to disrupt the infrastructure and economy of Cambodia, Colombia,
 Mexico, Russia, and India. In addition, the economies of the following
 countries are vulnerable in the coming year: Thailand, Indonesia,
 Brazil, Peru, and Philippines.
 ----------------------------------------------------------------------

 Subscriptions are available at http://www.iwar.org

 Click on Subscription and it will take you to infowar.com’s bookstore.

 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 William Church, Managing Director, Centre for Infrastructural Warfare
 Studies
 iwar@iwar.org
 Via Delle Tagliate 641
 55100 Lucca Italy
 Voice: (39) 0583 343729 GSM: (44) 0410442074
 http://www.iwar.org

 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 [Bomb2]

         Infowar.Com & Interpact, Inc. WebWarrior@Infowar.Com
               Submit articles to: infowar@infowar.com
                 Voice: 813.393.6600 Fax: 813.393.6361