Internet 'cloaking' emerges as new Web security threat
- By Wilson P. Dizard III
- Mar 08, 2006
Terrorist organizations and other national enemies have launched bogus Web sites that mask their covert information or provide misleading information to users they identify as federal employees or agents, according to Lance Cottrell, founder and chief scientist at Anonymizer of San Diego.
The criminal and terrorist organizations also increasingly are blocking all traffic from North America or from Internet Protocol addresses that point back to users who rely on the English language, Cotrell told an educational seminar in Washington at the FOSE 2006 trade show's Homeland Security Center yesterday. FOSE is sponsored by PostNewsweek Tech Media, the parent company of Government Computer News.
Among the risks of the terrorist cloaking practice are that the organizations can provide bogus passwords to covert meetings. By doing so they can pinpoint federal intelligence agents who attend the meetings, making them vulnerable to being kidnapped or becoming the unwitting carriers of false information, Cottrell said.
Cloaking is just one means by which hostile intelligence organizations can exploit the ability of IP addresses to reveal the physical location'and frequently the organizational identity'of a user visiting a Web site.
Another method Cottrell described was a case in which hackers set a number of criteria that they all shared using the Linux operating system and the Netscape browser, among other factors. When federal investigators using PCs running Windows and using Internet Explorer visited the hackers' shared site, the hackers' system immediately mounted a distributed denial-of-service attack against the federal system.
Cottrell said his company had helped humanitarian activists in the former Yugoslav republic of Kosovo shield themselves from attacks by paramilitary goons employed by Serbian strongman Slobodan Milo'ević. The Milo'ević paramilitaries were using the activists' IP addresses to pinpoint their physical locations and follow up with attacks aimed at preventing the activists' campaigns against specific human rights abuses.
"Imagine the kind of damage a mole at Google could do," Cottrell said, noting that Google keeps logs of the Web searches it provides, which provide a comprehensive picture of users' Web traffic patterns.
In a similar fashion, Web-savvy intelligence specialists can use IP address data to analyze what types of information a particular federal user is seeking and, by inference, what types of intelligence or counterintelligence operations federal agencies are carrying out.
Cottrell described a situation in which Anonymizer employees had worked on a Navy aircraft carrier that allowed sailors to access the Web. He noted that by analyzing Web traffic that could be traced back to that ship via the IP addresses of its public browsers, hostile intelligence services could determine the name of the ship, the port it was visiting and other information.
Cottrell said his company, which sells technology to prevent the use of IP address information for such purposes, had shielded the identities of the providers of 25,000 tips to the FBI in one recent three-month period.
Even as the use of IP address security technology is critical to maintaining Web security, Cottrell noted that the use of firewalls, antivirus software, measures to defeat social engineering and reduce human error are also essential.
Anonymizer has received a contract from the Broadcasting Board of Governors, the foreign-policy agency that runs the Voice of America international radio service, to provide technology that the people of Iran can use to circumvent their government's Web censorship program. Anonymizer also soon will launch, at its own expense, a service that will allow the people of China to overcome Beijing's massive program to censor the Web, Cottrell said.