Web sites seen as terrorist aids

Discussion in 'World Events' started by wet1, Feb 12, 2002.

  1. wet1 Wanderer Registered Senior Member

    Messages:
    8,616
    From CNN

    Web sites seen as terrorist aids
    From...

    February 12, 2002 Posted: 8:39 a.m. EST (1339 GMT)

    By Dan Verton

    (IDG) -- A major financial institution this week will receive a report outlining the extent to which its Web site exposes it to potential attacks by Osama bin Laden's al-Qaeda organization and other terrorists.

    The audit, produced by security consulting firm Stroz Associates LLC, is one of the first of its kind in the private sector. It marks a growing trend by companies in the aftermath of the September 11 terrorist attacks to assess whether content on their Web sites increases their risk of being targeted by terrorist organizations.

    The amount of sensitive data uncovered by Stroz Associates at various corporate Web sites is startling, said Eric Friedberg, managing director at the New York-based firm and a former computer crime coordinator at the U.S. Department of Justice.

    "Many Web sites constitute a gold mine for potential attackers," said Friedberg. Audits have found descriptions of physical locations of backup facilities, the number of people working at specific facilities, detailed information about wired and wireless networks, and specifications on ventilation, air conditioning and elevator systems. Other sites give graphical representations of floor plans, cabling connections and ventilation ductwork, Friedberg said.

    Philadelphia-based American Executive Centers Inc. leases office space in a 20-story building to major companies such as Oracle Corp., Bank of America Corp. and Ford Motor Co.

    American Executive Centers, whose name fits the targeting profile that security experts say could put companies on a terrorist's radar screen, offers photographs, floor plans and virtual tour information on its Web site.

    Mike Howard, leasing manager for the complex, said that the company hasn't been concerned with the level of detail provided on the Web site and that it has taken steps since September 11 to improve security.

    "Our floor plan is not a whole schematic of the building," he said, adding that no schematics for underground garages are available on the site.

    That lack of concern contrasts sharply with the position of the FBI's National Infrastructure Protection Center (NIPC). The NIPC on Jan. 17 issued a warning to all companies and government agencies to scour their public Web sites for sensitive information pertaining to critical infrastructure systems. It was the second such warning the NIPC has issued since Sept. 11.

    Sensitive Information
    And the NIPC's concerns may be warranted. A recent Computerworld survey of a dozen Web sites uncovered interactive maps depicting information such as the location of nuclear waste storage facilities and detailed diagrams of every major telecommunications network in the U.S.

    But information that could be helpful in the planning of terrorist attacks isn't the only problem, said Eric Shaw, a former CIA psychologist and profiler and the principal author of the Stroz Associates study. Companies could also be targeted if they post information that terrorist organizations don't like, he said.

    "We know that corporate Web sites that contain messages supporting globalization are going to stimulate portions of the al-Qaeda organization and make those companies a potential target," said Shaw.

    Shaw declined to name the financial institution for which the report was prepared, citing contractual and security reasons. However, he did say that the audit uncovered files listing frozen bank accounts belonging to known supporters of the Qaeda terrorist organization, which could have provided motivation for members of al-Qaeda in the U.S. to attack the company.

    "Companies are communicating very effectively with their internal audience and clients, but they don't realize how information from a public Web site can be interpreted differently, particularly by adversary groups," said Shaw. "In the international realm, that can put you in the cross hairs."

    "There's way too much information out there, especially in the area of critical infrastructure," said Dan Morrison, director of risk consulting at Arthur Andersen LLP in Chicago. "Bad guys can be really clever. But even when they're not clever, data aggregation can make targeting possible."


    Is this over kill or is it something to truly be concerned with?
     

Share This Page