All quiet on the cyber-war front

Since the war in Iraq began, the Internet has not seen a dramatic rise of malicious activity, said Jim Melnick, director of threat intelligence for the security analysis firm iDefense Inc., Reston, Va.

However, trouble spots remain, including an unconfirmed intrusion into the Defense Department's global positioning system.

"It's been fairly low-key," Melnick said of the malicious hacking activity that has taken place since the start of the conflict. The company's investigators have seen some increase in the number of anti-war or anti-U.S. defacements of Web sites, as well some denial-of-service attacks on both U.S. and Iraqi-based networks, but none of them constitute what could be considered a major attack.

"There has not been a coming together of support and solidarity for Saddam Hussein in the hacking world," Melnick said. "There are people who are against the war. There are people who are upset with the U.S., but nothing really to drive a campaign."

In March, the firm released a report to its government clients detailing some of the threats that could happen as a result of the war, including Web site defacements, distributed denial-of-service attacks and the widespread release of malicious code such as the Scezda "Mega-Worm."

There were early indicators that the Internet might see a fair amount of disruption. Earlier this year, a Brazilian malicious hacking group called the haxOrs defaced 5,000 sites located on four servers, according to the report. The Web site of a Qatar-based news service, al Jazeera, allegedly received a denial-of-service attack.

However war-related activity has been light, at least when set against the background of normal day-to-day malicious activity on the Web, Melnick said. For example, widespread propagation of the Scezda worm has yet to take place, despite the fact that it was written to protest the invasion to Iraq.

The company did notice a number of defacements in March by a Middle East-centered pro-Islamic group called the Unix Security Guards, or USG, which targeted hundreds of mostly smaller, lightly-protected U.S. sites across government and the commercial sector.

The defacements included a statement that they were part of "the New Era of Cyber War We Promised."

iDefense was concerned that USG would band together with other like-minded groups to cause considerably more damage. That, however, hasn't happened yet, Melnick said.

Melnick also said that late last week he found what he called a disturbing, but as of yet unconfirmed, report on a Russian hacker news site that Arabic hackers gained access to a GPS control station in Colorado.

Melnick said that iDefense spoke with officers at the GPS Support Center at the Coast Guard Navigation Center, who responded that they were not aware of any compromises of this nature.

The GPS is heavily used by the U.S. military for a wide range of duties, from precision guidance of munitions and aircraft navigation to coordination of troop movements.

If GPS were compromised, it would take the concept of cyber-war "to a whole different level," Melnick said.

Founded in 1998, iDefense specializes in delivering Internet security intelligence to network security managers. Government clients include the Department of Health and Human Services.