|
Worms, DDoS and Cyber-Terrorism
Revised and Updated by Amy Benish, University of St. Francis, Joliet, IL
Original Written by Kim Fitzer, Hinsdale Central High School, Hinsdale, Illinois
Introduction
In addition to viruses, Trojan horses and logic bombs, additional hazards have materialized that may have a much greater impact on our ability to continually and safely access the Internet. These new cyber-threats run the gamut from nothing more than a mere nuisance to affronts on our national security. Cyberterrorism has been described as the convergence of cyberspace and terrorism. This includes unlawful attacks and threats of attacks against computers and networks (1). The new attacks include:
- Worms
Often incorrectly called a virus, a worm is an independent program that has the ability to replicate itself across networks and from machine to machine. It has the ability to cause significant network congestion and can render a communication system useless if allowed to run unchecked. A worm does not need to be part of another program to
propagate itself and it is designed to exploit the file transmission capabilities found on many computers. In 2004, the Sasser Worm exploited a flaw in Windows XP and Windows 2000 and spread without any user interaction. The worm, which crashed hundreds of thousands of computers worldwide, was created by a german teenager named Sven Jaschan who confessed in 2005.
- Blended Threats
The newest wave of viruses has the characteristics of a virus, worm and Trojan horse combined. Embedded in its sophisticated code are instructions for the worm to sometimes behave like a virus, or a software program which then spreads its code to others computers, or a Trojan horse which may mutate within a victim's computer and cause irreparable harm to the operating system.
- Distributed Denial of Service Attacks
DDoS attacks employ armies of "zombie" machines that are controlled by a single master server. These machines will then inundate a target server with thousands of packets of data, in an attempt to overwhelm the server and cause it to crash. Beginning in February of 2000, e-commerce sites were the subject of DDoS attacks (2), and in May of 2001, the whitehouse.gov site fell under a barrage of denial of service assaults (3). DDoS attacks are on the rise and are particularly common after a military attack, such as in Israel, Palestine, India and Pakistan. Any computer that is unprotected by firewalls can be used as a "zombie," and personal computers with high-speed Internet access are especially vulnerable.
A DoS attack can be perpetrated in a number of ways. There are three basic types of attack (taken from Denial of Service Attack Wikipedia):
- consumption of computational resources, such as bandwidth, disk space, or CPU time
- disruption of configuration information, such as routing information
- disruption of physical network components
Unauthorized Intrusions
Sensitive information such as credit card numbers and classified government information are the targets of these assaults on computer systems. Attackers usually seek to pilfer or alter the information they find, and the results can be especially damaging. International organized crime networks and foreign adversaries are the primary culprits (4).
Issues
Schools are generally not seen as targets of cyber-terrorists. However, the presence of technologically savvy teen programmers, or "script kiddies" in schools is a concern, particularly for schools with inadequate security. Young hackers are not usually skilled enough to write their own hacking programs and rely on the 30,000 or so downloadable hacking applications available on the Internet to wreak havoc on their school's servers (5). The damage that they are capable of is usually confined to disabling filters and gateway software, or accessing student information systems.
Because the authors of viruses, worms and other cyber-threats are difficult to trace, authorities involved with school security have no way of knowing whether a virus entered the system via someone's email, or was generated by a student within the school.
Minimizing the Potential
- Follow "best practices" in establishing and maintaining a school security system
It is advised that a regular system of security maintenance be established and followed: regularly update operating systems and software, strictly enforce password policies and AUPs, disable unnecessary services, install and update anti-virus software on a very frequent basis, and employ intrusion detection systems and firewalls. Prevention is the best cure, and it is reported that schools may be the most vulnerable to attacks because they use older systems with unwieldy security programming, or outdated protocols.
- Be On High Alert
School system administrators should be on high alert for the warning signs of hostile cyber activity. Frequent scanning of internet logs and incoming and outgoing email should be performed regularly, and any suspicious activity should be looked into and reported to the administration, and the local authorities, if necessary. An emergency incident plan should be established as well, in case the system is temporarily or permanently disabled by a virus.
- Employing Ingress and Egress Filtering
To guard against possible DDoS attacks, schools can program network hardware to discard any outbound packets whose source IP address does not belong to the router's client networks (egress filtering). Likewise, any inbound IP packets with un-trusted source addresses should be filtered out before they have a chance to enter the network (ingress filtering)(6).
Legal Implications
Schools may find themselves subject to lawsuits if unauthorized intrusions result in the access of sensitive student information such as medical information, grade reports, and scheduling.
Because of the perceived anonymity of the Internet, students that engage in acts of cyber terrorism may not feel the same sense of guilt and wrongness which would be experienced if the transgression were outwardly observable. Creating a virus and releasing it into the school's security system is wrong, but knowing that there is little chance of getting caught may result in being more attractive than defacing school walls, or damaging physical property (7).
Fequently Asked Questions (FAQs)
Are AUPs effective weapons against cyber threats such as viruses, worms and other attacks?
While AUPs can guard against some types of Internet improprieties, the primary function of an AUP is to limit the legal liability of a school or district in the event that student or employee misuse of the Internet leads to foul play. Students that engage in hacking, virus programming and the like may be operating under the theory that they will not be caught and so have no regard for an AUP. Furthermore, an AUP is absolutely no defense against an attack from outside of the school.
What is the best defense against these acts of cyber terrorism?
As stated before, the best defense is a good offense. School security administrators should be on high alert for possible breaches in the firewalls, and frequently update their virus protection software. Severe penalties and a strict enforcing of security policies and AUPs may also have some impact on discouraging student improprieties. Scanning incoming and outgoing email for viruses and worms may also stop a potential intrusion, and programming routers to automatically discard any packet of information that does not originate from a network IP address can also protect school computers.
How real is the threat of cyber-terrorism?
While schools at this point do not seem to be targets of terrorism, there is an increased awareness that the potential for a widespread attack on multiple public institutions exists. Vulnerabilities in our military, air traffic control, financial and power infrastructures have been reported by the Department of Defense, the Center for Strategic and International Studies, the FAA and the National Security Council. Already, DDoS attacks have been reported on government websites throughout the world, and worse, they seem to coincide with military, paramilitary and terrorist events and operations. Experts agree that worldwide terrorist organizations such as Al Qaeda are increasing their technological sophistication by developing communication cryptography through the Internet; it seems likely that they are also capable of global cyber terrorist acts as well. Beyond the terrorist threat, many governments are working on developing cyber weapons of their own, including the U.S. Department of Defense, in the event of a military attack(8). Because the world has become increasingly dependent on information technology, it also has created an increasingly attractive target.
Annotated Web Site Directory
Eschool News is an extremely valuable website that focuses on k-12 schools and all aspects of educational technology. Has links regarding AUPs, filtering, E-Rate, RFPs, information on complying with CIPA, problem-based learning using technology, and of course, cyber-terrorism.
Lower Hudson Regional Information Center (LHRIC)
Much of the information that exists about schools and their relationship to cyber crime can be found on this site. Topics include hacking, AUPs, security precautions, latest viruses, articles of types of viruses, case law, filtering and other pertinent subjects.
Center for the Safe and Responsible Internet Use
Developed by child Internet safety guru Nancy Willard, this very useful and informative website can be used as a guide for parents, teachers and students for developing an Internet safety plan. Ms. Willard advocates the teaching of responsible use of the Internet,and relies on the teaching of ethics to illustrate her point.
PC World
Collection of articles related to Worms, DDoS and Cyber-Terrorism.
Computer Worm Wikipedia
An excellent collection of information on computer worms.
The Wildlist
List of viruses and worms 'in the wild' (i.e. regularly encountered by anti-virus companies)
Worm parasites
Listed worm descriptions and removal tools.
Distributed Denial of Service (DDoS) Attacks/tools
An extenisive collection of books, articles, and links related to DDoS.
References
(1) 2004. Weimann, Gabriel. Cyberterrorism How Real Is the Threat? Retreived from United States Institute of Peace on 7/24/05
(2) 2000. McWilliams, Brian."Is Scanning the Answer to Web Attacks?" Published on Internet.com website. http://www.internetnews.com/bus-news/article.php/3_302461
(3) 2001. Lemos, Robert. "Hackers Cripple White House Site." Published on Tech News/CNET.com. http://news.com.com/2100-1001-257068.html?tag=rn
(4) 2001. Vatis, Michael A. "Cyber Terrorism: The State of U.S. Preparedness" Statement prepared for the House Committee on Government Reform Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations.
Statement given on September 26, 2001.
(5) 2002. Reilly, Peter. "Cyberterroriem and Schools: Scriptkiddies, Hacktivists and Cyberterrorists." Published on LHRIC School Security Site. http://www.lhric.org/security/desk/letter7.html
(6) 2001. Vatis, Michael A. "Cyber Terrorism: The State of U.S. Preparedness" Statement prepared for the House Committee on Government Reform Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations.
Statement given on September 26, 2001.
(7) 2000. Willard, Nancy. "What is Right and What is Wrong." Published in Responsible Netizen Center for Advanced Technology at University of Oregon at Eugene. p.2
(8) 2002. Reilly, Peter. "Cyberterrorism and Schools Part II: How Real is the Threat of Cyberterrorism?" Published on LHRIC School Security Site. http://www.lhric.org/security/desk/letter8.html
Last Updated:
08/02/2005
|