The recent rash of Internet worms has produced an army of hundreds of thousands of compromised machines that could ultimately be used to launch a massive distributed-denial-of-service attack at any time, according to security officials.

Officials at the CERT Coordination Center said the organization is monitoring at least five large networks of compromised machines installed with so-called bots. The bots connect compromised PCs or servers to Internet Relay Chat servers, which attackers commonly use to execute commands on the remote systems. At least one of these networks has more than 140,000 machines, officials said.

• Revisit your password policies. Make sure your passwords are designed to withstand attacks;
  
• Review your permisssions/access rights and modify or terminate as necessary;
  
• Check your virus protection software. Make sure it's installed properly and updated regularly;
  
• Make sure your firewalls are configured correctly and that firewalls logs are being regularly reviewed by knowledgeable personnel;
  
• Install security patches issued by software;
  
• Take computers offline when not in use;
  
• Keep abreast of threats.
  

"Recent experience has shown that during a time of increased international tension, illegal cyber activity: spamming, web defacements, denial of service attacks, etc., often escalates. This activity can originate within another country, which is party to the tension. It can be state sponsored or encouraged, or come from domestic organizations or individuals independently.

Additionally, sympathetic individuals and organizations worldwide tend to conduct hacking activity, which they view as somehow contributing to the cause. As tensions rise, it is prudent to be aware of, and prepare for this type of illegal activity.

Attacks may have one of several motivations:

• Political activism targeting Iraq or those sympathetic to Iraq by self-described "patriot" hackers.
  
• Political activism or disruptive attacks targeting United States systems by those opposed to any potential conflict with Iraq.
  
• Criminal activity masquerading or using the current crisis to further personal goals."

• Planning may begin months or years before an actual terrorist attack. Consider previous unusual incidents--such as possible surveillance--when evaluating potential targets.
  
• Recipients should consult information that is readily available regarding a facility or potential target, particularly on the Internet, and consider how that information might assist terrorists interested in planning an attack. Operatives will likely research potential targets extensively prior to an attack.
  
• Recipients should vary security routines and should recommend that potential target facilities take similar steps. Terrorists, like criminals, look for routines they can exploit.
  
• Recipients should consider the potential for threats from "insider" personnel employed at target facilities, as terrorist groups may attempt to infiltrate a facility or potential target.
  

• Worms and viruses. Expect greater numbers, more complex and harder-to-detect code, and more damaging payloads.
  
  
• Distributed Denial of Service (DDoS) Attacks. Three factors have coalesced to make this an especially vulnerable area. l) growth in the number of users connected to the Internet via high speed connections, such as DSL or cable; 2) inadequate security precautions implemented by home users and small offices; 3) widespread availability of information about how to launch a DDoS attack.
  
  
• Web site defacements, particularly Hacktivism -- politically motivated attacks on publicly accessible Web pages or email servers to send a political message (according to the Government Accounting Office). Hacktivism can often be at the root of Web site defacements. Precautions (such as changing server access passwords) should be taken, and Web pages should be constantly monitored to detect any unauthorized changes.
  
  
• Unauthorized intrusions. We believe this is the area of greatest concern due to the potential damages that can result. Hackers could move money out of accounts, compromise the confidentiality of data, establish online bill payments from customer accounts to themselves, and wreak havoc in myriad other ways. The majority of unauthorized intrusions into computer systems by outsiders result from exploitation of known security vulnerabilities. Failure to immediately implement security patches can leave computers wide open to hackers.
  
  
• Domain Name Service (DNS) Attacks. A hacker could prevent access to a Web site by attacking the domain name servers that computers consult in order to obtain the mapping between the name of a system and the numerical address (I.P. address) of that system or Web site and redirecting traffic. In the banking arena, this could cause a customer to be unknowingly taken to a copycat Web site that appears to be the login page for online banking. By mirroring the look and feel of the true online banking page, the hackers could lull customers into a sense of false security and trick them into typing in their user names and passwords, which would then be captured for future use by the hackers. With a simple message saying something like "We're sorry, but this service is temporarily unavailable while we are updating our server. Please try again later.", the hacker masks what's really going on and buys more time to continue perpetrating the fraud.
  
  
• Routing vulnerabilities. Some experts, including the Institute for Security Technology Studies, are warning of routing vulnerabilities. Since the majority of routers on the Internet are using the Internetwork Operating System by Cisco, which is known to have vulnerabilities, hackers could exploit one of the vulnerabilities and attempt to halt Internet traffic. This would have a devastating effect on businesses which are highly dependent upon the 'Net to conduct routine business.