Spy agencies join forces to hunt cyber saboteurs

[William Knowles <wk () C4I ORG>]

http://www.sunday-times.co.uk/news/pages/sti/2000/05/07/stinwenws01028.html

A SHADOWY government organisation set up to protect Britain's
infrastructure from "cyber attack" is investigating the love bug
virus, as well as at least two attacks on government computers that
have been linked to foreign powers.

The havoc spread across the globe by the world's fastest-moving
computer virus has brought to light the role of the National
Infrastructure Security Co-ordination Centre (NISCC), a front for MI5
and GCHQ, the government listening centre.

The two have joined forces to protect critical computers, including
those operated by Whitehall departments, the national grid, air
traffic control, rail networks and the stock exchange.

NISCC experts are studying unpublicised attacks from outside Britain
on Home Office and Treasury computers. Hackers bypassed Whitehall
protection systems to steal confidential data in recent months, two
Ministry of Defence websites were corrupted in other incidents and MoD
and Home Office computers suffered four internal attacks.

Dr Richard Walton, GCHQ's chief cyber expert, said that Britain's
computer infrastructure was at risk from "a Libya or Iran", or from a
cyber-terrorist with sufficient expertise.

He said that NISCC experts were working to find out how the love bug
virus penetrated firewalls. He warned that the same method could be
used by rogue states to deliver more destructive forms of the virus.

"I regard it as the most serious technology for threatening systems
worldwide. This particular manifestation is on the benign side; the
same technology could be used far more malevolently. It should serve
as a wake-up call and persuade the sceptical to take better security
precautions."

GCHQ was even more concerned about "invisible" viruses planted by
thieves and saboteurs, he said. "What worries me is that the same
technology could be used to deliver things that are not intended to be
discovered . . . sitting there in the background milking private data
and sending it off to an unknown recipient, or ready to bring systems
down at a crucial time."

NISCC has run mock attacks on vulnerable targets including the London
Underground and the National Air Traffic Control Service. A
confidential NISCC briefing said the organisation had not been
publicised to avoid spreading alarm. "It has deliberately been kept
low-key," the document said.

The danger was foreshadowed at a closed meeting of NISCC "clients"
earlier this year, including BT, the national grid and rail companies.
Margaret Beckett, leader of the House of Commons, told the meeting
there was a need for greater vigilance. "I don't want to exaggerate
the danger of a malicious attack on the infrastructure, but it is
real," she said.

NISCC is working with the FBI in the hunt for the programmer, or
group, which planted the love bug virus. Victims included Microsoft,
Ford, the CIA and the Pentagon in America, and Vodafone AirTouch and
Parliament in Britain.

About six copycat bugs have already spawned, and experts fear new
variants as hackers tinker with the code. One copycat arrives as
confirmation that the recipient's credit card has been billed for a
mother's day gift.

Speculation was rife on internet chat sites about the identity of the
author of the love bug virus. The Washington Post reported that the
FBI was moving to seize computers used by a suspect in the
Philippines. The report was based on the discovery of the word "Barok"
embedded in lines of computer code in the virus. The same codeword was
used in a virus written by a suspect in the Philippines last year.

The Swedish media reported that the creator was a German student
called Michael, studying in Australia. "I can say on good grounds that
I have probably found the creator of the virus," said Fredrik Bjoerck,
a computer expert at Stockholm university credited with helping the
FBI track down the author of Melissa - an e-mail virus launched last
year. "The virus was activated in the Philippines, but it is not
certain that Michael was there in person."

Computer Economics, a research company based in California, said at
least 45m people worldwide had received the infected e-mail and
estimated the cost of damage at 6.3bn.


*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*-------------------------------------------------*

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".