Airport hack raises flags

The Justice Department's case this week against a teenage hacker who temporarily disabled a local airport vividly demonstrated that a lot more than files and funds are at stake in the war against hacking.

Now the nation's computer security hawks have a concrete example to prove their argument that in a thoroughly networked age, malicious hacking can be a matter of life and death.

Yesterday, the DOJ unsealed its case against a Massachusetts teenager who succeeded in severely disabling telecommunications at a regional airport, in the process cutting off vital services to the airport's control tower and disabling incoming planes from turning on runway lights.

The case marked the nation's first charges against a juvenile hacker and resulted quickly in a confession and plea bargain.

It also may serve in raising awareness about the dangers of computer break-ins.

"This is really going to wake up a lot of people who might be asleep," said Georgetown University computer science professor and noted security authority Dorothy Denning.

The government recently has been warning about such threats and last month, Attorney General Janet Reno announced that the government was forming a special agency to investigate network security threats to the nation's infrastructure.

Since then, the National Infrastructure Protection Center (NIPC) has begun sounding an alarm that will undoubtedly ring with more frequency as hacking incidents continue and the vulnerability of the nation's infrastructure becomes clearer.

"The spectrum of threats in this new cyberworld is staggeringly broad," said NIPC director Michael Vatis last week in a statement. "The Internet and other advances in telecommunications do not merely give criminals new means to commit old crimes. They also allow criminals and other malicious actors to cause new types of harm that go well beyond the potential loss to the individual victim and can affect our national economy and, indeed, our national security."

The NIPC defines "critical infrastructures" as electrical energy and telecommunications, transportation, gas and oil supply, the banking and finance sector, water supply, emergency services, and government operations.

Security experts point out that these sectors have long been at risk, with potentially life-threatening consequences.

"A lot of the nation's infrastructure is vulnerable to this kind of attack," Denning said. "There are serious vulnerabilities and serious risks...A lot of life is at risk when you're screwing around with any life-critical services. Screwing around with airport services is very, very bad."

Denning is currently writing a book on computer security risks. Entitled Information Warfare: Playgrounds to Battlegrounds, the book examines the threats posed from quarters as disparate as teenage hackers to adversaries disabling enemy command and control in military conflicts.

"One could have attacks of a fairly serious nature in a wartime situation," said Denning, who noted that the United States had employed such means against Iraq during the Persian Gulf War.

Denning said the Massachusetts attack on the airport's communications and emergency systems was likely to draw attention to the issue of computer security.

Among those already paying attention is Bell Atlantic, the telephone company that the Massachusetts teen infiltrated in the incident last year to disable the airport's telecommunications.

"We have significantly stepped up our security efforts [in response to the breach], and they were significant to begin with," said John Johnson, a spokesman for Bell Atlantic. "We have made changes on many levels of the network, from hardware and software to a variety of operating procedures."

Bell Atlantic, along with the law enforcement agencies that investigated the case, declined to give details on the vulnerability the hacker exploited for fear of inspiring a new attack.

Meanwhile, as Bell Atlantic plugs holes and telcos and others involved with critical infrastructures reexamine their security, the government is stepping up its enforcement of computer crime law. In addition to the charges brought against the Massachusetts teen, several government agencies were involved with the arrest this week of three Israeli teens by the Israeli police regarding the hacking of numerous government, corporate, and educational computer networks both in the United States and abroad.

The FBI also is reporting that prosecution of computer crimes skyrocketed from fiscal 1996 to fiscal 1997, with arrests up 950 percent from 4 to 42, and convictions up 88 percent from 16 to 30.

But whether law enforcement will succeed in deterring computer criminals remains to be seen. Analysts point out that a large number of hackers are teenage boys, not considered to be the most socially responsible demographic group. And another group of potential hackers lie outside the reach of U.S. law enforcement altogether.

"The computer [is] a valuable tool, not just for modern-day criminals, but also for terrorists and hostile nations that would do our country harm for political ends," NIPC director Vatis warned last week in his statement.