Feds On Guard for Cyber-Attacks

Officials at the Department of Homeland Security are monitoring the Internet for any signs of state- or terrorist-sponsored attacks on U.S. networks.

As the U.S. military makes its final preparations for a possible war on Iraq, officials at the Department of Homeland Security said they are monitoring the Internet for any signs of state- or terrorist-sponsored attacks on U.S. networks.

Meanwhile, security experts say they have seen a significant increase in recent days in the number of attackers attempting to compromise machines for use in later distributed denial-of-service attacks. Members of the Honeynet Project, which maintains several unprotected machines on the Internet as a way to gain intelligence on current attack methodologies, said their machines have been compromised repeatedly over the last couple of weeks by attackers who have installed IRC "bots."

These bots are used by attackers to send instructions to remote machines.

Bill McCarty, an associate professor of Web and information technology at Azusa Pacific University, said that his Windows 2000 honeypot "was compromised so many times in several days that I despair of being able to analyze the attacks." During a recent seven-day period, the number of attacks against the Windows File and Printer Sharing port more than doubled.

"On at least two occasions, the compromised host was incorporated into botnets," McCarty said. "One of these botnets racked up 18,000 hosts in a roughly 24-hour period."

The warning from Secretary Tom Ridge of the Department of Homelend Security comes as part of the governments increased terror alert level, which was raised Monday to "High" in anticipation of an imminent invasion of Iraq. It also is close on the heels of revelations that a Web server belonging to the U.S. Army was compromised at least two separate times last week using a new Windows 2000 vulnerability that had been previously unknown to security experts and officials at Microsoft Corp.

Neither the Army incident nor any of the DDoS-related compromises have been linked to any foreign government or terrorist organization. But security experts say that regardless of the source, there is likely to be continued high levels of hacking activity in the coming weeks if the U.S. does in fact invade Iraq.

Latest Security News:

Search for more stories by Dennis Fisher.
Find white papers on security.