A new kind of war

EDITOR'S NOTE

"You are conquered. Yeah, USA is suck country." Not what you'd expect to see on the U.S. Chamber of Commerce Web site. Such messages are the result of a new

breed of political activism, called "hacktivism."

Between April 30 and May 7, the National Infrastructure Protection Center warned U.S. network administrators to expect increased Chinese hacker activity against U.S. Web sites. As a result of the April 1 collision between a U.S. military surveillance aircraft and a Chinese fighter plane, the Chinese group known as "hong ke red guests" said they would spearhead a cyber-war campaign to avenge the death of fighter pilot Wang Wei. At press time, about 40 U.S. sites were attacked (although it's impossible to track their origin), while more than 100 Chinese sites were defaced with anti-Chinese messages.

While this is a prominent example of hacktivism, the concept is not a new one. In the past, cyber wars have been waged in political hot spots such as Israel and Palestine, India and Pakistan, and China and Taiwan. Last year, almost 6,000 sites in the world were defaced.

The scary part is, you don't need to be smart to be a hacker. There are a number of "vulnerability" tools on the Net that will do the job for you. In fact, there are 30,000 hacker-oriented sites out there, with tools that can automatically break into a site and install a trojan horse, for example.

Despite this, governments don't usually put much effort into tracking down hackers because these types of attacks don't usually cause any monetary damage - they are simply meant to embarrass a particular organization. But we need to make it more of a concern. Worm viruses can infect computers and lead to denial of service errors, or servers can be overloaded with useless data and other e-mail-transmitted viruses - which in the long run can cost a lot of money.

While Canada is taking an active role in cyber-terrorism, there is a lot more we could be doing.

We've participated in international forums, established the Critical Infrastructure Protection and Emergency Preparedness organization and distanced ourselves from U.S. encryption legislation. On the other hand, we've watered down our privacy legislation (Bill C-6) because of pressures from corporations and certain government departments, such as Foreign Affairs and CSIS. The legislation just doesn't have the teeth it needs to effectively deal with cyber-terrorism.

So what can organizations do to protect themselves? According to Rob Clyde, vice-president and chief technologist with Symantec's Enterprise Solutions Division, they should use vulnerability scanners to make sure their systems don't contain common holes. They should also use up-to-date virus software, protect their Web servers and networks with strong firewalls, and use intrusion detection software.

The technology is there - now we just need the legislation to back it up.

Copyright Plesman Publications Ltd. Jun 2001
Provided by ProQuest Information and Learning Company. All rights Reserved