Waging A Cyber War
Q & A session - DK Matai & Financial
Increasing vulnerability of businesses & financial institutions
Q: What is Cyber War?
A: Cyber War is the capacity of an individual with relatively simple
computer capability to act via the internet in a manner which could impact
economic infrastructure, social utilities and national security.
The Internet was developed during the cold war climate of the 1960s to protect
communications in the event of a nuclear strike. The main strength of the
internet is that if parts of the network are destroyed information automatically
re-routes. This strength can also be used for malevolent activities as there
is no Central Control. It is this very anonymity and the anarchy of the Internet
that leaves organisations open to attack.
Today, in the Information Age, the launch pad for war is no longer a runway
but a computer. The attacker is no longer a pilot or soldier but a civilian
Hacker. This is the problem we face in moving from the industrial world to
the Information Age, which is the essence of Cyber War.
Q: What are the Potential Targets of a Cyber War?
It is possible to attack and interrupt any electronic network, which
would naturally include power stations, emergency services, stock market and
air traffic control systems, with devastating consequences. The consequences
are so serious that the American Government tried to suppress a report titled
'Cyberwar is Coming' by researchers at RAND, an American think tank, in 1992.
The dangers of Cyber attack lie in the Information Age allowing individuals,
who choose to conceal their identity, to access something valuable electronically
without being detected. A business could be shut down or severely damaged
through this covert access. In May 1998 the L0pht Collective, a group of computer
hackers in Boston USA, testified to a US Senate Committee studying network
'The seven of us could very trivially take down the entire Internet for the
United States......Great Britain......basically stopping communications between
all the major network access providers. That would cause overloads on to the
other transit routes for communication, regular phone lines. It would cause
problems for people trying to move large sums of money that are doing it over
networks......Take about thirty minutes......if that'.
Q: Have there been any Cyber War Incidents?
A: The Sunday newspaper, Sunday Business, reported in their issues
on 28th February and 7th March 1999 a specific incident about hackers taking
control of a British military communications satellite.
In the last ten days, The Department of Defence (DoD) in the US and the NATO
command in Europe have confirmed that Serbian hackers have attacked their
computer network, thereby causing a Denial of Service. This was achieved by
flooding their network with empty ping packets and despatching new variants
of the Melissa and Papa viruses. The DoD's Joint Task Force for Computer Network
Defence confirmed that the US Army and Airforce had to take their e-mail servers,
across the world, out of action over the weekend to disinfect them from the
Q: What is the most valuable asset that businesses
and financial institutions have today?
A: In the knowledge economy, the value of corporations is not buildings,
machinery or even products, but intangibles such as intellectual property,
electronic infrastructures, the ability to collaborate with strategic partners,
the know-how of employees and customer loyalty. These intangibles are 'intellectual
capital' and are collectively responsible for the generation of wealth.
Q: What role do the financial institutions play?
A: The financial institutions of the City of London are one of the
main groups of service companies comprising the knowledge economy and account
for a large percentage of the UK's invisible earnings.
Q: How secure are businesses and financial institutions
A: All businesses and financial institutions that have internet access
have a potential security risk. The reason being, that internet access allows
both inward and outward information flow.
Between July 1997 and January 1999 mi2g found that most of the European
organisations have domains which are at high risk. It is possible to bring
down most of the network with very little effort. All of the machines on the
external network are capable of being crashed with potential data loss and
attendant hazards. It is also possible to steal, copy, reroute or delete files
from any of the machines - especially Windows and Windows NT. With Cisco tunneling
and a socially engineered User ID and password in place, it is possible to
gain access to the main server computers. Even without a User ID and password
it is possible to deny access to the main server computers.
Incoming and outgoing email can be read, rerouted, copied, intercepted, altered
or deleted at will. This requires urgent attention. The ability to inject
forged emails into the outgoing mail queues is also potentially highly disruptive
to a bank or business's operation both in terms of commercial deception or
anti-spam attacks. Similarly, the ability to read, copy and sell-on the organisation's
valid software licences and registrations from the software configuration
files could precipitate costly investigation or damaging litigation.
Q: What do we mean by security?
A: As a generic term, it means the measures that are taken to ensure
that items of value are not accessible to unauthorised persons. Security is
similar but distinct from "Data Protection", which is addressed
by each respective jurisdiction under their statutes. The item of value in
a knowledge economy is 'intellectual capital'.
Q: Is security an absolute science?
A: Achieving security is not an absolute science or a black and white
issue; it is a matter of degree. Deciding whether a particular system is sufficiently
secure involves postulating threats, assessing risks and then conducting a
risk management exercise, the aim of which is to decide whether a particular
risk is acceptable.
Q: How has security changed and how will it change
further in the 21st century?
A: The usage of the internet by organisations has fundamentally altered
the security landscape. Via the internet, it is possible to effect changes
and make copies at a distance by remote control, even outside the jurisdiction
of the organisation.
In the 21st century, the reliance on computers both within the organisation
and at customer level is going to carry on increasing. This is going to result
in greater security threats as more and more sensitive information can be
accessed at any time from anywhere.
Q: What are security threats?
A: A threat refers to potential actions by malevolent persons aimed
at breaching system security for whatever reason. A threat exists to the security
of a system if there is a feasible mechanism by which a malevolent person
or organisation could copy or corrupt some of the secure data in a time-scale
that would be unacceptable to the owner(s) of that data.
Q: What are those threats?
A: The most common security threats take the form of penetration,
falsification, disruption and sabotage. These threats are commonly termed
piracy, surrogacy, denial of service and hazards within the industry.
Q: What is Piracy?
A: Piracy is the copying, by a third party, of sensitive information
through utilising unauthorised on-line connections and is the most commonly
Q: What is surrogacy?
A: Surrogacy is the unauthorised adoption and usage of an organisations
good name and internet facilities to carry out business. It is one of the
greatest emerging threats.
Q: What is Denial of Service?
A: Denial of Service is the malicious act of hindering or stopping
an organisation from offering goods and services or carrying out its daily
business. When exercised it is a fatal blow to a business and is likely to
become the biggest concern at board level as organisations increasingly rely
on computer networks.
Q: What are hazards?
A: Hazards are the creation, via remote internet access, of fire or
other unsafe happenings within a business premises through the central services
Q: Is security a local issue?
A: As the world wide web and the internet on which it sits is a global
information exchange systems, any entity connected to this system can be made
accessible to another entity within the system if left undetected. These entities
may be connected anywhere in the world.
Q: Why is the security issue so important now?
A: Social and economic interaction is relying more and more on the
deployment of communication technology. This impacts on security.
Q: Is there an inherent problem in the corporate
culture which keeps the security issue separate from the decision makers?
A: The role of an IT department has traditionally been that of managing
the administrative requirements of the organisation which are computer dependent.
It has not been to create or to protect the intrinsic value of the business.
The board of directors have traditionally not been technologically aware and
typically do not have the IT department represented at board level but does
expect it to deal with security issues relating to IT and to develop an information
Q: Do financial institutions have an "information
A: The majority of medium to large financial institutions do have
some form of an information security policy in place. The problem is that
in this dynamic market place it becomes obsolete in the space of months rather
than years. The industry has defined its own calendar for change, which is
one web year, is equal to 60 human days.
Q: How do security conscious businesses and financial
institutions currently protect their information?
A: Most medium to large businesses and financial institutions invest
in off-the-shelf branded firewalls.
Q: What are the issues surrounding firewalls?
A: Off the shelf - branded product - firewalls are not a fail-safe
solution. The techniques to enter standard package firewalls, exploiting loopholes
and default settings are available on the internet to anybody. Just type "Hacking
Firewalls" into Yahoo, Altavista or Lycos and see how many hundreds of
thousands of solutions get listed.
Given that the hacking community regards all insurmountables as a challenge,
any new version of a branded firewall comes under scrutiny and ends up having
some loophole posted on the internet.
Q: What is the most common view of firewalls?
A: The premise of a branded firewall or layers of branded firewalls
as the "be all and end all" of security is a common one. There are
organisations that regard the implementation of their information security
policy as the acquisition of a branded firewall product with or without proper
installation. It is not common policy for organisations to have an external
penetration test on a regular basis.
Q: Does mi2g have a solution?
A: Prevention of piracy, surrogacy, denial of service and hazards
can be achieved by a combination of bespoke or customised security architectures
- such as the type that mi2g specialises in.
The solution deployed in financial institutions today is similar to a standard
Yale lock, which is easy to buy and install. What mi2g offers is a
bespoke construction of moats, ramparts, port culluses and watch towers that
surround the client's information system.
Our customised security architecture combines mi2g's LINUX based firewall
system, data mining detection of intrusion software and proper monitoring
with human resource verification procedures at an integrated administration