War against cyber terrorism
By Prasanna Raman
1st October 2001 (Computimes)

THE Sept 11 terrorist attacks on the World Trade Center in New York and the Pentagon in Washington have resulted in massive losses. Brewing is another form of terrorism, which if left unchecked, can also cause serious damage.

Check Point Software Technologies Ltd's regional director Anthony Lim warns of cyber terrorism, an act of hacking done to inflict damage or inconvenience to people and organisations.

"Some 90 per cent of such hacking is done by amateur hackers who just do it for fun and expect no monetary gain. Most of the time such acts are also done not to steal information or cause damage to the system, but just to cause a lot of inconvenience through denial of service," Lim says.

Denial-of-service attacks are intended to bring the network to its knees by flooding it with useless traffic. Lim cites the hacking of CNN.com and Yahoo.com Web sites over a year ago as examples of cyber terrorism out to create inconvenience.

He says those at risk from cyber terrorism are the major e-commerce sites as they are well known around the world.

Other Web sites that get hacked often are those of the Federal Bureau of Investigation (FBI), Central Intelligence Agency (CIA), US Department of Justice site, and the Massachusetts Institute of Technology.

Lim says financial institutions like banks can suffer greater losses when word gets out that their sites had been hacked.

"A lot of times, it is the misconception that the bank's systems had been hacked into when all that could have happened was just a hacking of the Web site that just holds general information for the public. However, such misperceptions can cause the public to lose confidence in the bank and can affect the bank's business."

Terrorism, he adds, comes in when anxiety is created among the masses. "Imagine the havoc if a hacker hacks into a public transportation system or air traffic control. Things can go haywire."

In addition to hacking, sending out viruses and worms are acts of cyber terrorism out to create problems to those who receive them. Melissa and Chernobyl viruses are examples of Internet-borne viruses that do not cause damage to disk or data but just cause a slowdown and damage productivity.

By mounting such attacks, the perpetrators disrupt productivity as users' e-mail servers go down for a couple of hours the least.

Even rumour spreading, Lim contends, is a form of cyber terrorism.

"Rumours like finding parts of rat body in burgers or how fast food fried chicken originate from mutant chickens can affect profits of the businesses that sell the food. Even letters requesting postcards for a dying child that wants readers to forward the message to another 10 people or so can cause loss in productivity when people get absorbed into reading and reacting to such e-mails," he says.

Why it happens: People and organisations get exposed to cyber terrorism because others take advantage of the weaknesses of their systems as precautions are not taken.

"Organisations need to enforce a cyber security policy. Here, the top management has to play a crucial role in seeing to the IT security needs of the organisation," Lim says.

Many top executives, he adds, may not be familiar with technology to understand the critical need of having network security while some try to save cost by ignoring network security which they perceive as not that crucial.

Unlike security measures for buildings that have laws, network security has no such laws.

"Part of the problem in failed network security is due to human error and negligence. Organisations and people need to protect themselves with not only the tools of technology but be educated to remain up to date," Lim says.

He cites examples of a big organisation with over 1,000 employees, that albeit having a corporate policy on their IT initiatives, has numerous PC users with different types of anti-virus software.

"One user may update his software against new viruses whereas another user might not bother at all. There is no uniformity in seeing that the PCs and users are protected."

He advises caution when opening unfamiliar e-mails and when they know a certain e-mail has a virus in it, it should be completely deleted from the Inbox, as well as, from the Recycle Bin.

Many organisations, he says, are also unaware that perpetrators can hack into a printer or router.

"Someone can hack into your office printer and get it to print thousands of copies of something. This can jam up the printer and cause loss of productive hours as well," he adds.

Lim says the cost of having a network security is only five to 10 per cent of the cost of the entire network. "Be serious about network security and invest in a good anti-virus protection system."