- We are not amused: Queen’s protection officers warned to keep ‘sticky fingers’ off the royal cashews
- Unleash the crossbows: Gov. Scott Walker creates new hunting season
- Bubonic plague kills 20 in Madagascar
- G-20 diplomats fell for hacker attack promising nude photos of former French first lady Carla Bruni
- Minnesota guardsman charged with stealing private soldier data for fake IDs
- Florida appeals court rules universities can’t regulate guns
- Vladimir Putin defends Russian conservative values
- Tea Party Patriots call key GOP firing a declaration of war
- 68,000 more file for unemployment — in one week
- Michigan bans in-state insurers from covering abortion
Obama hits pause on U.S. action in face of crippling cyber strikes from Syria, Iran
Question of the Day
Syria and its ally Iran have been building cyberattack capabilities for years and soon might have a chance to use their skills in a hot war for the first time.
Former U.S. officials and cybersecurity scholars say Syria has a demonstrated cyberattack capability and could retaliate against anticipated Western military strikes against Syria for its suspected chemical weapons attack against civilians in the country's 2-year-old civil war.
"It's foreseeable that [Syrian] state-sponsored or state-sympathetic hackers could seek to retaliate" against U.S., Israeli or Western interests, Michael Chertoff, a former secretary of Homeland Security, told The Washington Times on Wednesday.
"We have already seen regional cyberactors, such as the Syrian Electronic Army, conduct attacks on U.S. targets," added Rep. James R. Langevin, Rhode Island Democrat and a member of the House Armed Services Committee and the Permanent Select Committee on Intelligence.
The Syrian Electronic Army has successfully attacked computer networks used by U.S. media outlets — hacking the Twitter account of The Associated Press this year and mostly knocking The New York Times website offline for 20 hours Tuesday and Wednesday.
Attackers penetrated the company that manages the paper's Internet domain, NYTimes.com, according to reports in the computer security trade press.
Hackers can relatively easily hide their tracks from all but the most extensive and time-consuming forensic efforts, but the Syrian Electronic Army has publicly claimed these attacks. In online postings, the group of hacker activists, or "hacktivists," claim to be motivated by Syrian patriotism and to act independently of the regime in Damascus.
"It can be difficult to distinguish between hackers who are sympathetic to a regime and those directly [state] sponsored or controlled," said Mr. Chertoff, co-founder and chairman of the Chertoff Group, a global security advisory firm.
Islamic hackers whom U.S. officials have linked to Iran have launched a series of increasingly powerful cyberattacks against the websites of major U.S. banks for almost a year.
Large U.S. financial institutions probably have the best cybersecurity of any nongovernmental entity, yet their websites have been driven offline by repeated attacks.
A self-described hacktivist group called Izad din al Qassam has claimed responsibility for the attacks, which they announce in advance.
The group says the attacks are designed to punish the United States for an Internet video, "Innocence of Muslims," made by an Egyptian-American Coptic Christian, which portrays Islam's Prophet Muhammad as a killer and pedophile. The Obama administration tried to blame the video for the terrorist attack last year at a U.S. diplomatic compound in Libya that killed Ambassador J. Christopher Stevens and three other Americans.
But the kind of cyberattack that most alarms national security specialists took place a year ago and was aimed at the Saudi Arabian state oil company, Aramco.
A virus called Shamoon infected the company's computer network and wiped data from more than 30,000 computers, effectively destroying all the information on the system.
A similar attack on a bank could destroy digital records of customer accounts.
Hackers also have demonstrated that they could take over computer control systems that operate chemical, electrical and water and sewage treatment plants. They also can hack into transportation networks.
"An aggressor nation or extremist group could gain control of critical switches and derail passenger trains, or trains loaded with lethal chemicals," Leon E. Panetta, then CIA director, warned in a speech in New York last year.
"They could contaminate the water supply in major cities or shut down the power grid across large parts of the country."
Specialists doubt that the Syrian Electronic Army has that kind of advanced capability, but it is always hard to tell, said Timothy Sample, who is a vice president at technology contractor Battelle Inc., which does cybersecurity work for U.S. intelligence and defense agencies and civilian clients.
"The barriers to entry for these kinds of capabilities are very low," he said, adding that it is easy to buy cyberattack tools and hire hackers on the black market.
"It would be dangerous to rely on the proposition that any given attacker lacks a particular skill," Mr. Sample added.
Cyberforensic specialists have documented the Syrian Electronic Army's historic links to a computer society founded years ago by Syrian President Bashar Assad. The British Guardian newspaper has reported that the group is funded by Rami Makhlouf, a cousin of Mr. Assad's and the owner of SyriaTel, a telecommunications and Internet service provider.
Front groups such as the Syrian Electronic Army still provide states with so-called plausible deniability, Mr. Chertoff said.
"Even if it is evident that Syria is behind an attack, they can deny it. We saw that in Estonia," he said.
In 2007, in the midst of a bitter diplomatic dispute between Estonia and Russia, the small Baltic nation suffered a series of huge cyberattacks that knocked banks, government websites and other vital infrastructure offline. The attacks came from Internet addresses in Russia and were coordinated on public bulletin boards run by hackers and nationalist groups, but the Russian government denied any involvement.
Mr. Chertoff said U.S. policymakers were used to such dilemmas.
"There are often times we know [who has attacked us], but we can't publicly prove it without revealing intelligence sources and methods. You have to decide whether to act on the basis of evidence you cannot reveal," he said.
Any U.S. response to a Syrian attack might well not be visible, said Adam M. Segal, a cybersecurity scholar with the Council on Foreign Relations.
U.S. Cyber Command has said it has the ability reach back into attackers' networks and "prevent these [kinds of] attacks from their source," said Mr. Segal, "essentially doing defense through offense."
Cyberattacks are now "an integral part of modern warfare," said Mr. Langevin, who has led efforts in Congress to pass legislation designed to shore up the nation's cyberdefenses.
"This is going to be a lingering problem," Mr. Chertoff said.
© Copyright 2013 The Washington Times, LLC. Click here for reprint permission.
About the Author
Shaun Waterman is an award-winning reporter for The Washington Times, covering foreign affairs, defense and cybersecurity. He was a senior editor and correspondent for United Press International for nearly a decade, and has covered the Department of Homeland Security since 2003. His reporting on the Sept. 11 Commission and the tortuous process by which some of its recommendations finally became ...
- Negotiators skirt customs, make flights easier from UAE to U.S.
- Dems back bill to fix problems in investor visa program
- Democrats proceed with Mayorkas vote despite pending investigation
- Game players don't think peace has a chance in Syria
- NSA monitored 'World of Warcraft' players
Latest Blog Entries
By Matt Kibbe
The short-term deal will assure long-term overspending
- Obama's Afghanistan experts stumped on U.S. death toll, war costs during hearing
- NAPOLITANO: A conspiracy so vast
- All-out war breaks out in GOP over budget pact
- Biden guarantees victory on immigration reform
- MALCOLM/REIMER: Over-criminalization undermines respect for legal system
- Obama takes 'selfie' at Mandela's funeral service
- Selfie at heart of Obama fiasco to stay secret
- U.S. pilot scares off Iranians with 'Top Gun'-worthy stunt: 'You really ought to go home'
- KIBBE: Another Republican budget surrender
- Teen thugs in D.C. run wild -- even while wearing GPS ankle bracelets
Independent voices from the The Washington Times Communities
Film Reviews and Articles by Kevin Williams
Extraordinary day at Redskins Park
White House pets gone wild!
Let it snow