Posted on 01/29/2003 10:10:22 AM PST by TaRaRaBoomDeAyGoreLostToday!
A computer worm attack that shut down bank ATM terminals and disrupted Internet servers throughout the world may have been part of an al Qaeda terrorist threat to test the vulnerability of computer systems that serve U.S. financial interests, computer security experts say.
"Like the 9-11 attacks, the 'Slammer' worm was aimed at the heart of the U.S. financial community," says Leo Roth, a computer security analyst who advises the federal government. "For at least part of the weekend, a number of U.S. financial institutions were virtually shut down."
Those affected include the giant Bank of America, whose nationwide ATM network went offline on Saturday, and American Express, who serves not only millions of consumers, but the nation's largest corporations and the federal government.
"We may have witnessed a test here," Roth said, "a test by terrorist to see just how vulnerable we are. If it was, they proved we're pretty vulnerable."
Capitol Hill Blue has learned the FBI's computer security task force is investigating possible terrorist links to the weekend attack that not only disrupted servers but shut down Internet Service Providers, delayed or blocked delivery of email and interrupted the flow of vital information between businesses.
"It's a real possibility," an FBI source said Monday. "This was a well planned, well executived attack against specific interests, most of them business and financial."
Disruptions from the weekend attack are shaking popular perceptions that vital national services, including banking operations and 911 centers, are largely immune to such attacks.
Damage in some of these areas was worse than many experts had believed possible.
The nation's largest residential mortgage firm, Countrywide Financial Corp., told customers who called Monday that its systems were still suffering. Its Web site, where customers can make payments and check their loans, was closed most of the day.
Countrywide predicted it would be early Tuesday before all its computers were fully repaired and its systems validated for security, spokesman Rick Simon said.
Police and fire dispatchers outside Seattle resorted to paper and pencil for hours after the virus-like attack on the weekend disrupted operations for the 911 center that serves two suburban police departments and at least 14 fire departments.
American Express Co. confirmed that customers couldn't reach its Web site to check credit statements and account balances during parts of the weekend. The attack prevented many customers of Bank of America Corp., one of the largest U.S. banks, and some large Canadian banks from withdrawing money from automatic teller machines Saturday.
President Bush's No. 2 cyber-security adviser, Howard Schmidt, acknowledged that what he called "collateral damage" stunned even the experts who have warned about uncertain effects on the nation's most important electronic systems from mass-scale Internet disruptions.
"This is one of the things we've been talking about for a long time, getting a handle on interdependencies and cascading effects," he said.
Miles McNamee, a top official with the technology industry's Internet early warning center, said the attack was "comparable to the worst of previous denial of service attacks."
The White House and Canadian defense officials confirmed they were investigating how the attack, which started about 12:30 a.m. EST Saturday, could have affected ATM banking and other important networks that should remain immune from traditional Internet outages.
The attack, alternately dubbed "Slammer" or "Sapphire," sought vulnerable computers to infect using a known flaw in popular database software from Microsoft Corp. called "SQL Server 2000."
Microsoft said it has sold 1 million copies of the software, but the flawed code was also included in some popular consumer products from Microsoft, including the latest version of its Office XP collection of business programs.
The attacking software scanned for victim computers so randomly and aggressively that it saturated many of the Internet largest data pipelines, slowing e-mail and Web surfing globally.
Congestion from the Internet attack is almost completely cleared. That has left investigators poring over the blueprints for the Internet worm for clues about its origin and the identity of its author.
Complicating the investigation was how quickly the attack spread across the globe, making it nearly impossible for researchers to find the electronic equivalent of "patient zero," the earliest-infected computers.
"Basically within one minute, the game was over," said Johannes Ullrich of Boston, who runs the D-Shield network of computer monitors.
Experts said blueprints of the attack software were similar to a program published on the Web months ago by David Litchfield of NGS Software Inc., a respected British security expert who last year discovered the flaw in Microsoft's database software that made the attack possible. NGS Software sells a program to improve security for such databases.
The attack software also was similar to computer code published weeks ago on a Chinese hacking Web site by a virus author known as "Lion," who publicly credited Litchfield for the idea.
Litchfield said he deliberately published his blueprints for computer administrators to understand how hackers might use the program to attack their systems.
"Anybody capable of writing such a worm would have found out this information without my sample code," Litchfield said.
Still, Litchfield's disclosure was likely to re-ignite a dispute about how much information to disclose serious vulnerabilities are found in popular software.
"...MAY BE...????"
May be.
Sorry but I'll start paying attention to what the FBI has to say about terrorism when they crack the Anthrax mail attack.
There's a difference between a "dry run" (such as the 9/11 hijackers did repeatedly) and a "small attack" or an incident to "test defenses."
All you do with such an attack is alert your target to danger. It's ENORMOUSLY counterproductive.
Hypothetically, if this worm was the work of terrorists and a test for a larger attack, the computing world learned FAR more about defense and their own weaknesses than the terrorists learned about its vulnerability.
This would have been the equivalent of a couple Al-Queda terrorists hijacking a turboprop with box-cutters and crashing it into the tallest building in Newark, NJ in 2000 to "see what happens as a test" for their WTC attack planning.
It's not just Microsoft - most banks were unaffected, so adequate firewall security and virus protection is also a key factor.
The SQLServer Slammer attacked a specific weakness on a specific type of software. A more malicious version of that software would accomplish nothing since that specific weakness no longer exists.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.