No Cyberattacks Yet, But Theyre Coming

Security experts expect a tidal wave of hacker activity once the U.S. military retaliates for last week's terrorism, although cyberattacks weren't launched right after the disaster.

Security experts expect a tidal wave of hacker activity once the U.S. military retaliates for last weeks terrorism, although cyberattacks werent launched right after the disaster.

No unusual activity or security events were reported by private security monitoring firms and the Computer Emergency Response Team Coordination Center at Carnegie Mellon University, a nationwide clearinghouse for data security information, in the 24 hours after the terrorist attacks on the World Trade Center and the Pentagon last week. In fact, the number of security incidents on Sept. 11 was about 60 percent lower than average, according to Riptech, a security intelligence service provider in Alexandria, Va.

"I think most of the people who normally do these kinds of malicious attacks are just as horrified as everyone else," said Norm Laudermilch, Riptechs vice president of managed services.

But security experts said hackers of all ideological bents will soon storm the Net, defacing Web sites or launching denial-of-service attacks to cut them down, as they have in the past after politically charged events.

"There is no doubt that well see big attacks coming. Its time to plan for that now," said John Pescatore, Gartners director of Internet security research. But, he added, "I dont think youll see that happening in a big way before the U.S. makes a retaliation."

In discussion groups frequented by hackers, the consensus was that some sort of electronic retaliation should occur against those responsible for the terrorism, said Rick Fleming, who heads the security operations of Digital Defense Inc. in San Antonio, Texas. Experts expect attacks against U.S. sites as well.

Last week, - registered to the Afghan Taliban Mission to the United Nations - was commandeered by a hacker named "Ry_Den" who inserted obscene messages around a grainy photograph of Osama bin Laden, the suspected mastermind of the terrorist attacks. The site was quickly taken down by Interland, the Atlanta company that hosted it.

"For the most part, things that occur in the physical world do end up spilling over into the cyberworld," said Michael Cheek, director of intelligence of iDefense, a security monitoring service in Fairfax, Va. In April, after a U.S. military spy plane landed on Chinese soil, hackers in China and the U.S. were locked in a cross-nation cyberskirmish. Several sites were defaced with anti-U.S. slogans.

Security consultants are advising clients to be even more vigilant than usual, and to negotiate extra protection from their ISPs or hosting companies against distributed denial-of-service attacks. Another lesson to be drawn from the terrorists success in boarding commercial flights with weapons: Companies should evaluate their physical security measures.

"Obviously, there was some line of security penetrated [at airports], and if it was penetrated by someone on the inside, that analogy is going to resonate pretty clearly with the businesses," said Chris Hopen, chief technology officer of Aventail, a Seattle managed security services provider. "In the information security world, almost everything is an inside job."

Max Smetannikov contributed to this report.