News Column

More Cyberattacks on the Way, Experts Say

August 30, 2013

Steve Johnson

computer anger
More cyberattacks could be headed this way, security experts warn.

The online attack that shut down The New York Times' website for much of a day and also hit Twitter may lead to a new and more dangerous phase of cyberwarfare, security experts warned Wednesday.

The culprits are believed to be linked to a notorious hacker group acting in support of Syrian President Bashar Assad, who faces a potential attack from the United States in retaliation for his alleged use of chemical weapons.

Experts say the group is likely to launch more attacks -- especially if the U.S. strikes. They add that this attack, in which hackers from a small country disabled the website of one of the world's most influential news organizations and affected a global social network, might spark even more damaging attacks from other nations, perhaps aimed at disrupting this country's electrical grid.

In fact, JD Sherry, global director of technology and solutions for the Japanese security firm Trend Micro, said that hackers already had been "looking for cracks in the armor and the potential to create a security incident of epic proportions against oil/gas, water ecosystems or other mission critical systems."

"I would expect to see more attempts," added Randy Abrams, research director with Texas security firm NSS Labs. "This is going to encourage like-minded groups."

The New York Times on Wednesday said its website "has been unavailable to some readers since Tuesday," due to what it termed "an external attack on our domain name registrar." Twitter posted a similar notice saying its domain name records had been "modified," resulting in images and photos being "sporadically impacted," although it added, "no Twitter user information was affected by this incident."

In addition, The Huffington Post said its United Kingdom site was affected.

All three reportedly were attacked through Melbourne IT, a domain registrar that directs Internet traffic to websites. A Melbourne official told Bloomberg News that his company was infiltrated after the hackers sent a malicious email to one of its U.S.-based sales partners.

That reportedly enabled the hackers to change the Times' Web address to a phony one containing malware. It was not immediately clear if the same thing was done with the sites operated by Twitter and The Huffington Post, which apparently weren't as severely disrupted.

According to The New York Times, the attack was carried out by the Syrian Electronic Army or "someone trying very hard to be them." A Twitter account allegedly belonging to that group also claimed responsibility.

The group, intensely loyal to Assad, has become infamous since it was founded in 2011.

"The SEA has been touted in underground circles as one of the top 10 most skilled hacking teams in the world," according to a study this year by Hewlett-Packard (HPQ) researchers, who said the group "carries out its attacks in a manner that is difficult to detect."

Over the past two years, it has targeted Facebook, YouTube, and media organizations, including CBS, the BBC and The Associated Press. In one of its most notorious hacks, the group sent a phony Associated Press tweet that claimed the White House had suffered two explosions, injuring President Obama, which briefly sent the Dow Jones tumbling more than 140 points.

Although it's unclear if the hackers are operating at the behest of Syrian authorities, industry experts are increasingly concerned about the possibility of foreign governments sponsoring cyberattacks. In February, a prominent security firm reported finding extensive evidence that a Chinese military unit in Shanghai had launched cyberattacks against scores of companies, most of them in the U.S. The Chinese government denied responsibility for the attacks.

"Without question the threat landscape has evolved," said David Ulevitch, chief executive of San Francisco security company OpenDNS. "The attackers today are not just the little pranksters who give up and go away" if they can't immediately access someone else's computer network.

The good news, Ulevitch said, is that the Syrian group's latest attacks did relatively little damage and will likely result in a flurry of security measures by companies and others to seal up the vulnerabilities that caused the Times, Twitter and Huffington Post to be victimized.

But the bad news is that because the Syrian hackers haven't suffered any retribution for their attacks, "we do expect their activity to increase in severity and frequency," said Ted Ross, director of field intelligence at HP.

Moreover, "I would not put it past them to target infrastructure in Western areas," he added. "That would have much more impact than some of the other attacks they have had recently."

Contact Steve Johnson at sjohnson@mercurynews.com or 408-920-5043. Follow him at Twitter.com/steveatmercnews.

___

(c)2013 San Jose Mercury News (San Jose, Calif.)

Visit the San Jose Mercury News (San Jose, Calif.) at www.mercurynews.com

Distributed by MCT Information Services




For more stories covering the world of technology, please see HispanicBusiness' Tech Channel



Source: Copyright San Jose Mercury News (CA) 2013


Story Tools