[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] Analysts question "cyberterrorism" hype
From:       mea culpa <jericho () dimensional ! com>
Date:       1998-12-23 7:35:22
[Download RAW message or body]


Forwarded From: Per Kangru <perk@fysik.uu.se>

Analysts question "cyberterrorism" hype 
By Tim Clark
Staff Writer, CNET News.com
December 21, 1998, 5:55 p.m. PT 

This morning Network Associates dramatically announced it had identified a
new family of computer viruses--the first example, it claimed, of
"cyberterrorism"--but victim MCI WorldCom downplayed the incident, saying
the virus infection did not affect its customers or operations.

By afternoon, Network Associates had dropped "cyberterrorism" as a term to
describe the "Remote Explorer" virus, though it continued saying it was
the most sophisticated virus the company has ever seen.

"Now that we've been able to repair the data, it's not as damaging," 
Network Associates spokesman Cabe Franklin said, noting that the company
had posted a patch to detect and repair damage from the virus on its Web
site.

Like most security firms, Network Associates did not reveal the name of
MCI WorldCom. MCI WorldCom confirmed the attack after its name surfaced in
media reports.

Security analysts are divided on how threatening the new virus is, noting
that the antivirus firm had reason to exaggerate the threat, just as MCI
WorldCom had reason to downplay it.

"Security firms across the board tell a very dark story concerning
vulnerabilities and exposure," said Jim Balderston, network security
analyst at Zona Research. "They are experts in the area and have thought
about it a great deal, plus they hope to sell products." 

Victims of security breaches generally downplay incidents, if they
acknowledge them at all.

"To let people know that your security has been breached questions your
competency in maintaining a proper security perimeter and indicates you
may be vulnerable," Balderston pointed out. 

Ted Julian, Forrester Research's security analyst, thinks security
companies make a big mistake in hyping security threats.

"From the perspective of large companies, my budget to prevent threats is
a lot smaller than my budget to enable e-commerce, so if I were a security
vendor, I'd focus on enabling e-commerce,"  Julian said. "Most security
companies have figured that out a long time ago." How unique or serious
Remote Explorer remains in question, in part because so far, only Network
Associates and MCI WorldCom have their hands on the malicious code--though
the company said it will make Remote Explorer available to other antivirus
researchers, including competitors. Symantec and Trend Micro, two other
top-tier antivirus vendors, said they haven't seen the problem among their
customers.

Rob Rosenberger, who runs Computer Virus Myths Web site, is a skeptic
about most virus threats. 

"To call it a world threat or other hyperbole, we have seen that for a
decade. Extraordinary claims require extraordinary proof. I'm just asking
for proof," Rosenberger said.

But Larry Dietz, security analyst at Current Analysis, takes the threat
seriously. 

"This means Windows NT is a very large target of opportunity now,"  Dietz
said. "We have to make the leap of faith that attackers are as good as a
certified NT administrator." 

With NT servers proliferating on the Net and on corporate networks, he
added, "This is telling me that there is at least one, and probably a team
of very capable technical people behind this."

Dietz suggested the current version of Remote Explorer might not be the
author's or authors' only effort. "[Attackers] don't have to do everything
in their initial attack--these things are done a little at a time," he
said, suggesting "the bomb hasn't gone off yet." 

Balderston agrees but says he's surprised that so few new antivirus
attacks have emerged lately.

"In a year or two, there will be stuff out there that makes this look
relatively tame. There will always be an ever-escalating fight between
virus makers and those who defend against them," the analyst said. "For
anybody to think there's going to be a stasis in malicious code, that is a
fool's vision." 



-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

[prev in list] [next in list] [prev in thread] [next in thread]