Cyberterrorists visit sites before attack, so look for footprints
Call it techno-terrorism, cyberwarfare or Internet intelligence gathering, but
what the Defense Department is experiencing goes far beyond amateur hacking into military
Hack attacks are escalating, and not only on DOD networks. To fight back, you need to
know your vulnerabilitieswhat hackers using the latest tools can find out.
GCN last year covered the onslaught of low-level network probes that seem coordinated
from multiple locations. Early this month, the Pentagon said the systematic probes are
being routed through at least 15 locations, including Russia, though its not clear
the attacks originate there.
Because the attackers concentrate on strategic spots, the situation has the marks of a
scouting mission in advance of a full-blown blitz. Networks at Kelly Air Force Base,
Texas, which house data important to American missions in the Middle East and Bosnia, have
been a primary target.
Furthermore, National Security Council terrorism expert Richard Clarke has said that it
might be possible for network terrorists to shut down some cities electrical, phone
or transportation utilities via the Net. Probing techniques also could work against state
and local governments, which should keep an eye out for any attempt to map their networks.
The first step in fighting back is to study the intruders footprints. According
to the SANS Institute of Bethesda, Md., which monitors federal security concerns,
intruders commonly map server locations on networks, ports on which the machines answer,
operating systems and other software.
Here are two steps network administrators can take:
The nMap reconnaissance tool builds flat-file databases about your network. Hackers
then query the databases about specific machines so they can target known vulnerabilities.
There are two types of nMap scans: random scans and those that exploit specific parts of a
Visit the Web site at www.sans.org for information about intrusion detection tools. You
will help every government site by finding and closing your own sites holes.
For example, did you know about a Microsoft Word 97 virus that keeps track of breached
systems and reveals a trail of vulnerable sites? Also, experts at the SANS Institute think
the popular PKZip shareware file-decompression utility could be a security risk because it
supports the TimeSink AdGateway for display of ad banners and allows uncontrolled outbound
Knowing that your network is being mapped is the first step in stopping intruders. The
military has a big job ahead, although the Pentagon insists no secret materials have been
Shawn P. McCarthy designs search and navigation products for a Web search engine
provider. E-mail him at firstname.lastname@example.org.