Chechen rebels have made several attempts to hack into the computer networks of a number of European banks, claims the Russian daily Izvestiya. While it remains unclear whether the hackers have managed to access account information, what is apparent is that these breaches of information security are the work of highly proficient computer programmers. Russia's Federal Security Service is confident that the computer systems in operation at the country's key facilities are "impregnable", but, as the paper notes, such targets are under "constant attack". The following is the text of the report by Izvestiya on 18 September. Subheadings have been inserted editorially.
Hi-tech terrorism
Yesterday Russian Federal Security Service FSB employees told Izvestiya that, at the end of 2001, field commander Khattab's terrorist group tried to hack into the computer systems of major European banks. The list of affected credit and financial organizations is highly confidential and we do not know yet whether the gunmen were able to gain access to their accounts. But the very fact of the computer attack, which was evidently planned by top-class programmers, indicates that the terrorists are not confining themselves to military actions, but are switching in earnest to the use of high technology. "At the end of 2001, Khattab's gang launched a hack attack on the computer systems of 10 European banks," Vladimir Nepomnyashchiy, an expert at the FSB's computer and information security directorate, told Izvestiya. "E-mails containing commercial offers were sent out in the name of a major Irish bank. The messages were very skilfully written, using the proper banking vocabulary. But the letter contained a carefully concealed Back Orifice remote administration programme as an executable attachment. This enables the sender to gain unrestricted access to the recipient's computer systems."
The FSB computer security directorate employees who carried out the study established that an unknown hacker working for Khattab had managed to devise a very complex triple-layer pseudopolymorphic shell to conceal Back Orifice. This programme from the Trojan Horse stable is well known to specialists in the sphere of information security. But the method of concealment was deemed unique, which suggests that the writer of the code for the executable attachments was a programmer of the highest calibre.
The FSB received the report about the Khattab gang's hacking escapades from operational sources. They also provide examples of the e-mail. Having analysed its content, experts established that after one user has read the letter the organization's entire computer system is vulnerable to any virtual criminals. Hackers obtain the right to remote administration, that is, to destroy, block, modify, and copy official bank information. In other words, access to accounts, confidential data on clients, and the opportunity to deliberately disrupt the operation of the bank's systems.
"We call these actions by criminals attempted acts of cyberterrorism, since they involve the use of high technology and are directed against critically important elements of the infrastructure," Vladimir Nepomnyashchiy said. "We have sent warnings about 'letters from Khattab' to the law-enforcement agencies of those countries where the attacked banks are situated."
A serious threat
It is a serious blow to the image of any bank when outsiders break into its computer system, and it can result in catastrophic financial losses. Therefore victims may have decided to turn a blind eye to the possibility of stolen money, thus saving face as far as investors are concerned. The list of 10 European banks where the "mail bomb" may have gone off is highly confidential. But one foreign special service responded to the warnings sent out by the FSB. The gratitude received from it suggests that the letters from Khattab really were a serious threat.
Russia has encountered instances of cyberterrorism before. In January 1999 electronic messages threatening the use of nuclear weapons were sent from Russia to around 1,700, mainly government, sites in Western Europe and the USA. The content of the messages was approximately as follows: "We, officers of a Strategic Missile Troops military unit stationed in Kozelsk, Kaluga Region, are extremely unhappy both with our financial situation and with Russia's place in the world arena. We are threatening to launch strategic missiles with nuclear warheads without proper authorization." The "officers" were demanding 30,000 dollars to refrain from doing so.
An absurd threat that should be ignored, you might think. But, in the first place, there actually is a military unit of this kind in Kozelsk; second, the letter was very ably composed and details were provided indicating that the writer was in command of the situation. Despite the fact that the e-mails had been sent out with a mass of safeguards, the senders were arrested three days later in Kaluga. It turned out that two of the city's inhabitants, a certain Tikhomirov, born in 1948, with wisdom born of experience, and 17-year-old Mikhaylin, having acquired some information about the Kozelsk unit from friends, set about bombarding foreign countries. The upshot was a verdict of guilty. In April 2002 Tikhomirov was sentenced to one year in jail and Mikhaylin, who had frequented various courts, was also convicted, but he was amnestied as a minor.
Dispelling the myths
There are many legends about computer hackers breaking into military systems and virtually starting a nuclear war. These stories, intended to make ordinary people frightened of the mysterious hackers, are rather entertaining for information security specialists. But each report of this kind is closely studied by experts all over the world in order to establish whether there is a grain of truth in it.
Commenting on two such cases - an alleged attack on US airlines' computer systems before the 11 September terrorist attacks in the USA, and rumours of hackers getting control of a British military satellite - FSB experts claim that nothing like this could have happened. The satellite control system is a closed one, so it requires direct physical intervention to gain access to it. For example, by getting into the control centre. It is inaccessible via the Internet or other open systems. There is a similar situation with airports. According to Russian specialists, the traffic controllers had problems rapidly establishing the course of the hijacked aircraft only because the terrorists on board had switched off the secondary radar. It is not possible to hack into flight-control systems.
On the subject of the danger of computer systems belonging to vitally important Russian infrastructure facilities (nuclear power stations, airports, banks, transport and military organizations, and municipal services) being breached, FSB specialists say they are virtually impregnable. Primarily because they have no access to the outside - to the Internet. But accessible resources are under constant attack from hackers. In the first half of 2002 alone there were more than 400,000 (!) attempts to hack into the www.fsb.ru site. In a calendar year the Pentagon usually records more than 1.5m attempts to breach its systems.
Izvestiya, Moscow, in Russian
[Security News Portal]
1:22
#
G!