Web could be new front for U.S. enemies

When a Web user clicks onto the site of the Muslim Hackers’ Club, the sound of an explosion crackles from the computer speakers while a ball of flame appears on the screen.

Under the headings “Hacking” and “Viruses,” the site contains hundreds of pages of detailed instructions -- mostly borrowed from U.S. hackers -- on how to break into computer systems and wreak havoc. Among the offerings are tips on hacking into a Pentagon system and a list of code words and radio frequencies used by the Secret Service.

“We think it’s time for Muslims on the Web, knowledgeable of hacking, virus making, and all those fringe matters, to ... share their knowledge,” says the 3-year-old site’s welcome message.

Politically motivated computer hacking is on the rise, and in the tense aftermath of the Sept. 11 terrorist attacks in New York and Washington, security experts are warning of the possibility of a cyberterrorist attack designed to shut down critical U.S. computer systems.

“You could easily see coordinated attacks on critical infrastructure -- banks and financial systems, telecommunications, the systems that control the flow of water or oil, government operations,” said Michael A. Vatis, who ran the interagency National Infrastructure Protection Center at the FBI from its creation in 1998 until last spring.

He rates the chance of a crippling cyberterrorist attack “a possibility” rather than “a high likelihood.” But he believes -- and recently warned Congress -- that the threat will grow if the U.S. takes military action against terrorist targets.

“Our biggest concern is that we’d see a lot of attacks on U.S. targets after we begin military retaliation,” Vatis said.

In recognition of the threat, President Bush is expected this week to name Richard A. Clarke, a veteran diplomat who oversaw counterterrorism in the Clinton White House, to head a new office of cybersecurity and critical infrastructure. Along with a counterterrorism office to be headed by Gen. Wayne Downing, it will be one of the two key components of the new Office of Homeland Security to be headed by former Pennsylvania Gov. Tom Ridge.

Experts say that unlike physical forms of terrorism, cyberattacks are unlikely to kill people, though a major disruption of air traffic control or a power grid blackout could lead to loss of life. But the potential to sow chaos and ravage the economy could appeal to avowed enemies of the United States.

“You’re not going to have 7,000 deaths, but you could have a disruption of the economy similar to what we’ve seen since Sept. 11,” Vatis said.

While very few people have the expertise to mount chemical or biological attacks, there is a global army with hacking skills -- 19 million worldwide, according to a presidential commission. And unlike terrorists who probably would have to smuggle poisons in across a border, computer attackers could wreak havoc from a keyboard thousands of miles away.

To undermine a major system would not be easy, computer security experts said. But an effort on the scale required for the Sept. 11 attacks could almost certainly cause enormous damage, they acknowledged.

“I think a truly devastating cyberattack would require the same kind of preparation and planning,” said Lawrence R. Rogers of the CERT Coordination Center at Carnegie Mellon University in Pittsburgh, the nation’s leading tracking center for computer viruses.

Such an attack might even involve the infiltration of conspirators into major software companies years in advance, he said.

“They could alter the software so that it was programmed to destroy itself and the hard drive at a certain time,” said Rogers.

Most hackers today are not terrorists, but the cyber age equivalent of graffiti writers, whose favorite trick is replacing Web sites’ content with slogans and obscenities. Last week, a hacker defaced the Baltimore-Washington International Airport’s Web site with a threatening message referring to Sept. 11. The case is now under investigation by the computer-crime squad of the Baltimore FBI office, said Special Agent Peter A. Gulotta Jr.

The BWI case is one among dozens of Web site defacements worldwide over the last three weeks sparked by the terrorist attacks. Someone calling himself or herself “Brazil Fury Hacker” replaced the Web site of an anti-virus software company with a message praising terrorist financier Osama bin Laden. Another hacker, signing himself “United Hackers Against Terrorism,” replaced a U.S-based Islamic site calling for jihad, or holy war, with a portrait of bin Laden and the words: “Wanted for Murder.”

Though most Web defacements are a nuisance rather than a serious threat, said Vatis, “the same tools that are used for Web defacement can be used for cyberterrorism.”

A prolific Pakistani hacker calling himself “Doctor Nuker” defaced the site of the American-Israel Public Affairs Committee last year with anti-Israel messages and photos -- but then went deeper into the group’s computer, stealing 700 credit card numbers and 3,500 e-mail addresses.

Using skills only marginally greater than those shown by Doctor Nuker, hackers have made alarming intrusions into sensitive computer systems.

In 1997, a Swedish hacker jammed the 911 emergency telephone system in central Florida, an attack then-FBI Director Louis Freeh called “a dress rehearsal for a national disaster.” The same year a teen-age hacker shut down the primary radio system at the Worcester, Mass., airport for six hours.

In April and May, hackers broke into a network in the California electric power system for 17 days. Though no harm was done, investigators said there was evidence that the hackers were preparing for a major attack when the breach was discovered.

The devastating Code Red worm that appeared in July was designed to cause thousands of infected computers to shut down the White House Web site by flooding it with messages at the same moment, an assault officials foiled by shifting the White House temporarily to a new address.

Code Red, which left the signature “Hacked by Chinese,” cost hundreds of millions of dollars in damage and lost productivity, according to one estimate.

But the perpetrators have not been identified. Neither were the hackers who released the very sophisticated Nimda worm, which spread to hundreds of thousands of computer networks a week after the terrorist attacks.

To date, neither bin Laden’s al-Qaida network nor other major terrorist groups have been known to use computer attacks. But the FBI has gathered evidence showing some of the hijackers were sufficiently computer-savvy to buy airline tickets online and exchange numerous e-mails in the days leading to the attack. And some Internet users have encouraged hackers to join a “cyber jihad” against Israel and America.

Nothing on the Muslim Hackers’ Club Web site, based in England, advocates such a jihad. A disclaimer advises against “infiltrating or infecting an innocent party’s computer systems with a malicious intent designed to destroy valuable data or bring their system to a halt.” But the site’s creators never explain why programs they call “a lethal weapon” are being made available to millions online.

Hacking with political motives, called “hactivism” by some, may be growing because teen hackers who initially only wanted to make mischief are now reaching their 20s and 30s. In any case, political tensions have produced waves and counterwaves of computer attacks in the last few years: between hackers in India and Pakistan, between supporters of Israel and the Palestinians, and between Chinese and Americans after Chinese fighters forced down a U.S. spy plane last April.

Still, some computer specialists remain skeptical that catastrophic computer terrorism is coming. Some reject the term “cyberterrorism,” saying it may exaggerate the threat, particularly by comparison with the carnage of last month’s attacks.

“I think cyberterrorism is more of a flashy term,” said Brian Martin, a computer security consultant at Digital Systems International in Lanham. “The theory’s there. The possibility’s there. But in seven years [since the first warnings] we haven’t seen it.”

Nonetheless, Martin, who helps run a site called Attrition.org that tracks Web site defacements, said he believes malicious hackers are capable of disruptive attacks. What would have happened, he asked on his own site, if the BWI site hacker had made subtle changes to flight schedules?

“Alter flight times, gates, destinations, or worse, change the status of a flight from ‘LANDED’ to ‘CRASHED.’ The sheer panic and resulting mayhem would be a disaster unto itself,” Martin wrote.

Ironically, among the myriad activities disrupted by the Sept. 11 attacks was the government’s primary training program to protect the country against cyberterror.

The National Infrastructure Protection Center announced on its Web site that it was forced to cancel its courses on how to stop hackers from attacking critical systems. “In view of the tragic events of Sept. 11, 2001, the NIPC training program for FY 2002 has been temporarily suspended,” the message said. “We are unable to provide an anticipated startup date at this time.”