Email Viruses Crippling a Nation
Email Viruses Crippling a Nation..
With a publicly available search engine, a few well-chosen e-mail addresses, and off-the-shelf viral code, anyone can commit an act of cyberterrorism today.At the recent Black Hat Briefings and Defcon 11 conferences it was explained that the current methods of assailing computer networks - denial-of-service attacks (DoS) or remote break-ins - inconvenience too few people to really impact a nation's information infrastructure, however, this sort of exploit that could really hurt a country if it was more likely be based on e-mail viruses.
Llearning about how the unthinkable could happen will hopefully help us prepare for and minimize the damage of such an event, should it ever occur.
The theory was investigated while working with a South African bank. They decided to see how easy it would be to infect a bank's computer systems (which presumably are pretty secure) with an e-mail-borne virus.
Since e-mail attachments are relatively easy for IT departments to detect, they started by imbedding in an e-mail message a link to a Web site that could have contained malicious code (but didn't, because the team didn't want to actually infect the bank's computers). Of the thirteen IT people working at the bank, eight downloaded the executable file linked to in the e-mail, and five actually executed the code on their desktop systems. This means, had the virus been real, the bank's entire network could have been infected.
This experiment extrapolated that a cyberterrorist could effectively deliver malicious code to any organization, anywhere in the world.
If that individual sent the infected e-mail simultaneously to individuals in government agencies and the military, it could have devastating effects on a country's ability to communicate, carry out business, and defend itself.
The key to this attack is finding real e-mail addresses to target. For this, they wrote a few scripts that use Google to search for public references to e-mail addresses on the Web.
The scripts allow to search for e-mails from a given country, and hunt in particular for individuals working for telecommunication and financial companies, energy providers, governmental departments, the military, the media, prominent local businesses, and hospitals.
There are plenty of addresses available, especially on bulletin boards and in discussion forums. If a malicious user could infect just one government system (even if it's the desktop machine of a low-ranking official), he could, in theory, infect larger government computer systems as well.
Within minutes of running the scripts at the Black Hat conference, hundreds of e-mails belonging to U.S. military and government employees showed up on the presentation screen. Judging from the collective gasp from the audience (comprised mainly of U.S. government, military, and private computer security experts), it was deduced that the point had been made.
Some may not agree, but they don't think talking and writing about this sort of attack is a blueprint for disaster. Rather, becoming informed about how cyberterrorists could hurt us helps our security community learn how to protect against these threats.
The U.S. government has long worried that a cyberattack could cripple our nation's infrastructure. Before Sept. 11, it was one of the White House's key security concerns. But we were betting cyberterrorists would have to be very clever to pull something like this off. It turns out that's not true. Now that we're aware of how easy it could be to carry out such an attack, we must turn our attention to making sure we're prepared for it.
You will find much more on this topic at WorldsLargestNetwork.com
| |||||||
 | |||||||
| |||||||
| |||||||
| |||||||
|
WorldsLargestNetwork.com
