Experts Play Down Virus Threat to Computers
Over the Holiday
nytimes.com
SAN FRANCISCO, Dec. 28 -- Though still maintaining a nervous vigilance,
computer security experts in the government and private sectors said today
that almost no evidence had yet materialized that hackers or terrorists were
plotting widespread disruption of computer networks over the New Year's
weekend.
Since midsummer, concern has been raised, sometimes
with a tone of alarm, that cybercriminals and political
terrorists would mark the rollover to the new
millennium by planting various kinds of malicious
software in networks and computer systems.
However, very little evidence of such activity has
emerged in recent weeks, and today the Government's
National Infrastructure Protection Center said that it
expected no "large-scale U.S. infrastructure
disruptions" from Year 2000, or Y2K, computer failures
during the next few weeks. Moreover, because of
greatly heightened surveillance that is planned for
computer networks around the globe on New Year's
Eve and the following days, many experts say that
now would actually be the worst time to try an attack.
Nevertheless, the federal agency also said it was
preparing for a possible increase in criminal activity, in
part because of heightened media attention to Year
2000 threats.
The agency identified four viruses that it said were of
particular concern. The first three, known as Microsoft Word macro viruses, use a
programming language inside the word processing program to spread through
networks. The fourth, identified as PC CIH, is an older program that can seriously
damage infected machines.
And yesterday an administration official said that despite the fact that no
widespread attacks were expected there is still concern about the potential for
damage from malicious programs.
"The criminal element has latched on to cyberintrusion as a good avenue," said
the official, who spoke on the condition that he not be identified. "Obviously, this
is an issue of concern."
Kathy Fithen, manager of the Computer Emergency Response Team Coordination
Center at Carnegie-Mellon University, said: "Right now we're not seeing anything
out of the ordinary. For Jan. 1, the biggest thing we anticipate is computer viruses
that have targeted that date to execute."
Last week, the Government official in charge of protecting the nation's electronic
infrastructure said he knew of no documented cases in which malicious software
had been implanted during efforts to fix Year 2000 errors. Earlier this year, various
experts had voiced concerns that in the frenzy to make repairs to software, a few
rogue programmers hired as temporary workers might secretly build in "back
doors" that could later be exploited by criminals to invade networks without
setting off computer security systems.
In July, the Gartner Group, a computer consulting and market research firm,
predicted at least one theft of $1 billion next year directly resulting from this year's
repairs.
The threat alone can be costly. Even if would-be intruders fail to exploit such a
back door, an organization that suspects that its software has been compromised
must assign its best engineers to systematically examine enormous amounts of
code for tiny, hard-to-find alterations.
Bruce Schneier, president of Counterpane Internet Security Inc. in San Jose, Calif.,
said such back-door attacks had been extremely rare, and last week, Richard A.
Clarke, the president's national coordinator for computer infrastructure security
and counterterrorism, said the government had not documented a single such
security breach.
This week, Gartner Group's computer security experts acknowledged a lack of
evidence for secret back doors. "I've heard lots of stories," said William Spernow,
the research director for Gartner's information security strategies group. "But when
I have asked for the code, I've gotten nothing."
One computer security firm that has assessed the added risk from Year
2000-related viruses and security attacks estimated that the odds of a major "virus
event" for the period were about 1 in 14, or 7 percent.
The firm, ICSA.net, also placed odds of a single attacker breaching 100 or more
computer sites over the weekend at 9 percent.
Several antivirus software companies today said that while they would not rule out
the possibility of a widespread destructive event over the weekend, they had not
seen evidence of such viruses yet.
"Nothing happened over Christmas, which may be a pretty good indication that
nothing major will happen on Jan. 1," said Vincent Gullotto, director of the
anti-virus emergency response team at Network Associates, a Silicon Valley
software publisher. |
