Internet Disruption Limited in Early Days of War

MATTHEW FORDAHL
AP Technology Writer

SAN JOSE, Calif. (AP) – The war in Iraq has sparked a predictable flurry of politically charged Web site defacements but so far not the threatened, concerted effort by cyberwarriors to clog the Internet or take down network infrastructure.

A number of sites have been defaced with messages opposing and backing the military action but only three known computer worms, all based on previously identified vulnerabilities, mention the military action in Iraq.

The Finnish computer security company F-Secure Corp. reported more than 200 site defacements in the 48 hours before the U.S. attacks began.

On Friday, the company said 1,000 additional sites had been vandalized, many with anti-war messages and some with anti-Iraq slogans.

Among the defacements were a minor Web-based e-mail site run by the U.S. Navy and a U.S. Department of Agriculture page, which sported the “Make Love, Not War” slogan from a previous war.

Other defaced sites included those from the British industrial firm Routeco and the city of Pacifica, Calif. The attacks do not emanate from any particular region, F-Secure said.

Sites running server software that has not been updated are relatively easy to vandalize using kits widely available on the Internet. Security experts often refer to such hackers as “script kiddies,” a derisive assessment of their talents.

“It seems a large number of hacking group gathered a list of machines they know they could hack beforehand,” said Mikko Hypponen, F-Secure’s manager of antivirus research. “They were waiting for the war to start.”

Three Internet worms also were making rounds. But rather than spreading political messages, they rely on curiosity about the war.

One arrives as an e-mail with the subject “Iraq Crisis” and includes an attachment called “UN_Interview.txt.vbs” that installs a program that sends messages to address book contacts and then tries to erase files on the first, second, third, fourth or fifth day of each month.

A second worm, called “Ganda”, also reproduces itself by sending out e-mail messages, including some offering spy pictures of Iraq as a screen saver. A third worm, “Lioten,” relies not on e-mail but a weak passwords or file-sharing vulnerability in some Windows operating systems.

All the flaws exploit previously known vulnerabilities that are easily solved by installing the latest security patches and using strong passwords, said Vincent Weafer, senior director of security response at Symantec Corp.