All quiet on the cyberfront

Operation Iraqi Freedom may be one of the first network-centric wars, but the public Internet did not become a major battlefield during the conflict.Efforts to hack U.S. agency Web sites have been relatively light compared to normal day-to-day malicious activity on the Web, said Jim Melnick, director of threat intelligence for the security analysis firm iDefense Inc., Reston, Va."There was not a coming together of support and solidarity for Saddam Hussein in the hacking world," Melnick said. "There are people who are against the war. There are people who are upset with the United States or with the continued U.S. presence in Iraq, but nothing really to drive a campaign."Founded in 1998, iDefense specializes in delivering Internet security intelligence to network security managers. Government clients include the Health and Human Services Department.In March, the firm released a report to its government clients detailing some of the threats that could happen as a result of the war, including Web-site defacements, distributed denial-of-service attacks and the widespread release of malicious code, such as the Scezda "Mega-Worm."During the conflict, iDefense saw some increase in the number of anti-war or anti-U.S. defacements of Web sites, as well some denial-of-service attacks on both U.S. and Iraqi-based networks, but none of them constitute what could be considered a major attack, Melnick said.iDefense did notice a number of defacements in March by a Middle East-centered pro-Islamic group called the Unix Security Guards, which targeted hundreds of mostly smaller, lightly protected U.S. sites across government and the commercial sector. The defacements included a statement that the group was part of "the new era of cyberwar we promised."Kenneth Ammon, president and cofounder of NetSec Inc., Herndon, Va., said the government sites that NetSec secures experienced what appeared to be some war-related malicious traffic, though the attempts at sabotage seemed to be more the work of protestors looking to deface Web sites than of skilled intelligence agencies. Much of the activity appeared to come from Europe and the Middle East, Ammon said.NetSec provides managed security services for nine cabinet-level agencies, including the Treasury Department. Others saw more traffic, however. Frank Leighton, chief scientist at Akamai Technologies Inc., Cambridge, Mass., said Akamai saw a considerable spike of malicious traffic to the sites it hosts for the government during the conflict. The company hosts Web sites for the Centers for Disease Control, the Defense Department, the Homeland Security Department, the Internal Revenue Service and other agencies. During the conflict in Iraq, "the Akamai platform successfully thwarted several large-scale attacks that were mounted against key government Web sites," Leighton told the House Committee of Government Reform during an Oct. 16 hearing on Internet security.