These days hostile forces can invade your country without leaving their homes. MATHEW DEARNALEY looks at
the threat posed by computer hackers.
Auckland home-appliance wholesaler Parex Industries would seem an unlikely victim of cyberwar between China and the United States.
After all, the East Tamaki firm of about 50 staff has no known ideological affiliation or agenda, and imports products for a domestic market, rather than flogging its wares to the world.
Parex information technology manager Matthew Hawke admits that the firm gets its kitchen-sink disposal units from the United States, but hastens to mention stocks of Chinese goods as well.
Yet would-be customers looking for any of these products on the firm's website on either of the past two Mondays were sadly disappointed, because a piece of mischievous computer code, called a worm, reared its head on both occasions.
Instead of seeing elegant images of what Parex touts as "appliances by design," the recent random attack left customers being invited to do something unspeakable to the United States Government, and to an anonymous hacker called PoizonBOx.
PoizonBOx has been on the American end of hostilities between American and Chinese hackers, in which scores of websites have been defaced on opposite sides of the Pacific, and even President George W. Bush's official White House homepage was crippled for several hours.
Why has New Zealand been affected?
Many New Zealand businesses became casualties when internet service provider Asia Online, based in Hong Kong but with 12,000 customers here, ground to a virtual halt after being blitzed by huge volumes of spurious data in what was called a denial-of-service attack.
This is an increasingly common attack in which large numbers of computers are commandeered remotely by Trojan horse-like programs, usually without their owners' knowledge, to flood victims with data and soak up all their bandwidth.
US hackers began attacking Chinese websites last month in protest at the detention of an American spy plane, inviting retaliation from Beijing-based cybernauts angry at the death of a local pilot after a collision with the snooper craft.
Asia Online's name possibly attracted the attention of indiscriminate hackers not generally known for political awareness.
But this does not explain why some New Zealand websites, including ones belonging to the Public Service Association, Waikato University and computer educator Creative Training, were also defaced.
A remote possibility is that some hackers did not know the difference between New Zealand and Australia, which angered China by steaming warships through the Taiwan Strait and supporting United States plans for a missile defence shield at the expense of the 1972 ABM (anti-ballistic missile) treaty.
Not even the Royal Commission on Genetic Modification was immune from a dose of digital manipulation, seemingly by the same computer worm that violated the Parex site, although it says a defaced page on its e-mail server was not easily accessible to the public.
Hackers from the Honkers' Union of China called a truce last week and the notorious American raider PrOphet dropped out before that in professed discomfort at racist taunts and porn images implanted into Chinese sites.
"I was embarrassed for us," he confessed to the San Francisco Chronicle in an online forum, after saying he had received plenty of e-mails praising him for his patriotic hacking duties against China - including one urging him to "kick their bloody cyberasses."
Isn't this all a bit puerile and inconsequential?
Bystanders may dismiss such antics as little more than electronic graffiti-bombing.
But it takes dedication and cheek to break into another's website, and such an organised show of cross-border hacking prowess could be a sinister foretaste of what lies in store.
An increasing concern is that attacking national or international information systems may be seen as a cheaper option than trying to keep up with the huge military spending of a renewed arms race triggered by the American missile shield.
More than two million New Zealanders claim access to the internet, says market researcher ACNielsen, and the reinfection of Parex's site this week raises concern that further outbreaks of hostilities may put more of us in the cyber firing line.
But surely bandying about such terms as cyberwar is going over the top? After all, nobody gets killed, do they?
There have been no known human casualties so far, but security experts invite us to envisage a cyber-terrorism hack of an aircraft's automatic pilot, bringing down a fully-laden jumbo jet.
During the 1991 Gulf War, Dutch hackers allegedly stole information about American troop movements from US Defence Department computers and tried to sell it to Iraq, but were turned down as suspected hoaxers.
Hackers hired by the US National Security Agency in 1997 to test electronic infrastructure defences staged mock attacks which would have shut down parts of the national power grid and Washington DC's emergency phone system had they been for real.
And more than 1300 real attacks were made on US military computers in 1999 and last year.
The US Air Force was mortified in March last year when a 13-year-old boy hacked a system tracking its war planes throughout the world, causing more than $150,000 of damage by destroying the electronic files that recorded his illegal passage.
British foreign secretary Robin Cooke warned in March that hackers could cripple his country faster than a military strike now that computers managed most of the infrastructure.
New Zealand computer consultant and former Internet Society president Jim Higgins believes the United States would hold the upper hand for now in a real cyberwar, as it owns most of the internet traffic routes and could therefore cut China out of the loop at any time.
Security of computer systems also underwrites financial wellbeing, and sabotage of the information super-highway could spell disaster for industries built to service a burgeoning population of internet users expected to rise from 400 million now to one billion by 2005.
Where does this leave New Zealand?
In a digitally connected world, we cannot expect to remain isolated from the security threats facing others.
Victoria University teaching fellow and former diplomat Terence O'Brien says the internet is a great vehicle for overcoming disadvantages imposed by our distance from the rest of the world.
But conversely, this makes us even more reliant on the net, and therefore more vulnerable.
Mr O'Brien says the Sino-American hacking match reinforced a general strategic observation, only recently acknowledged in Government defence policy, that security in the modern world takes many different forms.
"The old notion that preservation of sovereignty just requires you to have massive military force to overcome any potential enemy is no longer correct."
Otago University computer security expert Dr Hank Wolfe agrees, noting the coincidence of the hacking battle with debate over New Zealand's military defence review and the axing of our fleet of air combat Skyhawks.
"If we do without airplanes, I am not sure anyone wants to invade us, but the internet is not that easily fobbed off - all our business is becoming dependent on it."
Who are the hackers?
The stereotype of a pimply-faced adolescent hacking a cellphone for takeaways or using fake passwords to fraudulently obtain mail-order goods would outrage many hackers.
Some are simply inquiring kids who might break into a computer just to see if or how it can be done. Noble-sounding but ultimately self-serving attempts to justify their activities abound. Professed "white-hat" or good-guy hackers claim they are doing slack network administrators a service by highlighting the need to tighten security.
They differentiate their efforts from those of malicious "crackers" who deliberately set out to cause mayhem, or outright criminals who use the internet as a highly effective vehicle for credit-card fraud on a global scale.
Hacks were originally cost-reducing programming shortcuts, one of the most celebrated of which was the development of the fabled Unix open operating system in 1969 by Bell Labs wizards Dennis Ritchie and Ken Thompson.
They could not in any way be held responsible for the exploits of young Russian mathematician Vladimir Levin, arrested by Interpol in 1995 for masterminding a hacking gang which tricked Citibank computers into parting with $US10 million ($24 million).
Or for organised hacker groups in Russia and the Ukraine which the US Federal Bureau of Investigation suspects of for stealing more than a million credit card numbers from e-commerce websites in the past year.
Does New Zealand have hackers?
Local hackers are believed to number no more than two or three dozen, but some have achieved notoriety.
In 1998 a 15-year-old called "Sharkdogg" claimed responsibility for wrecking 4500 Ihug websites.
And in 1999, local hacker Borislav Misic was sentenced to six months' periodic detention and a 12-month suspended jail term for fraudulently using a computer programme to make more than 1400 hours of phone calls worth at least $85,000.
Another case before the court involves allegedly involving the copying of passwords from customers of internet service provider Telecom Xtra.
Although Parliament has yet to enact anti-hacking legislation, the Court of Appeal last month rejected an appeal by Misic, ruling that existing laws were sufficient to prosecute hackers using software to commit fraud.
So should we do anything else to combat hacking?
Dr Wolfe says hacking is attacking whenever someone gains unauthorised access to anyone else's computer.
Even if a hacker breaks into a computer system, then retreats without doing any apparent damage, businesses are disrupted by having to shut down their internet connections to make absolutely sure their files are intact.
A parliamentary select committee is considering making hacking punishable by up to two years in jail.
Dr Wolfe and others such as Privacy Commissioner Bruce Slane are outraged at proposed exemptions for the police and intelligence agencies.
They say they have nothing against electronic interceptions, as long as these are for tightly-defined crime-fighting purposes, subject to court warrants.
But they fear proposed legislation put to public hearings before a report-back to Parliament by May 31 could allow blanket surveillance of all of internet service provider's customers.
Police say they have no intention of trawling through e-mail traffic on a network looking for suspicious correspondence, despite a planned staffing increase at their electronic crime laboratory from six to 16 from July.
State Services Commission officials are also investigating setting up a unit to help to protect New Zealand's banking, power and telecommunications systems.
Dr Wolfe says various agencies asked him to draw up a proposal two years ago for an independent early-warning system along the lines of the United States-based Computer Emergency Response Team, which offered help to set it up.
But some modest Government financial contribution was needed, and the idea failed to gain enough traction in Wellington.
How can people protect their Internet connections from hackers?
Mr Higgins suggests home users download a free "firewall" program from Zone Alarm, which he says detects and blocks about six attempts a day to probe his own machine.
Mr Moore is offering a free monitoring program for website administrators to check for security holes left by the so-called "sadmind/IIS" worm on Microsoft Windows-based servers. It can be downloaded from his company's site at Software Creations
Hackers - the invisible invaders
AdvertisementAdvertise with NZME.
