[ISN] Internet "cloaking" emerges as new Web security threat

[InfoSec News]

http://www.gcn.com/online/vol1_no1/40075-1.html

By Wilson P. Dizard III
GCN Staff
03/08/06 

Terrorist organizations and other national enemies have launched bogus
Web sites that mask their covert information or provide misleading
information to users they identify as federal employees or agents,
according to Lance Cottrell, founder and chief scientist at Anonymizer
of San Diego.

The criminal and terrorist organizations also increasingly are
blocking all traffic from North America or from Internet Protocol
addresses that point back to users who rely on the English language,
Cotrell told an educational seminar in Washington at the FOSE 2006
trade show's Homeland Security Center yesterday. FOSE is sponsored by
PostNewsweek Tech Media, the parent company of Government Computer
News.

Among the risks of the terrorist cloaking practice are that the
organizations can provide bogus passwords to covert meetings. By doing
so they can pinpoint federal intelligence agents who attend the
meetings, making them vulnerable to being kidnapped or becoming the
unwitting carriers of false information, Cottrell said.

Cloaking is just one means by which hostile intelligence organizations
can exploit the ability of IP addresses to reveal the physical
location - and frequently the organizational identity - of a user
visiting a Web site. Another method Cottrell described was a case in
which hackers set a number of criteria that they all shared using the
Linux operating system and the Netscape browser, among other factors.
When federal investigators using PCs running Windows and using
Internet Explorer visited the hackers' shared site, the hackers'
system immediately mounted a distributed denial-of-service attack
against the federal system. Cottrell said his company had helped
humanitarian activists in the former Yugoslav republic of Kosovo
shield themselves from attacks by paramilitary goons employed by
Serbian strongman Slobodan Milosevic. The Milosevic paramilitaries
were using the activists' IP addresses to pinpoint their physical
locations and follow up with attacks aimed at preventing the
activists' campaigns against specific human rights abuses. "Imagine
the kind of damage a mole at Google could do," Cottrell said, noting
that Google keeps logs of the Web searches it provides, which provide
a comprehensive picture of users' Web traffic patterns. In a similar
fashion, Web-savvy intelligence specialists can use IP address data to
analyze what types of information a particular federal user is seeking
and, by inference, what types of intelligence or counterintelligence
operations federal agencies are carrying out. Cottrell described a
situation in which Anonymizer employees had worked on a Navy aircraft
carrier that allowed sailors to access the Web. He noted that by
analyzing Web traffic that could be traced back to that ship via the
IP addresses of its public browsers, hostile intelligence services
could determine the name of the ship, the port it was visiting and
other information.

Cottrell said his company, which sells technology to prevent the use
of IP address information for such purposes, had shielded the
identities of the providers of 25,000 tips to the FBI in one recent
three-month period. Even as the use of IP address security technology
is critical to maintaining Web security, Cottrell noted that the use
of firewalls, antivirus software, measures to defeat social
engineering and reduce human error are also essential. Anonymizer has
received a contract from the Broadcasting Board of Governors, the
foreign-policy agency that runs the Voice of America international
radio service, to provide technology that the people of Iran can use
to circumvent their government's Web censorship program. Anonymizer
also soon will launch, at its own expense, a service that will allow
the people of China to overcome Beijing's massive program to censor
the Web, Cottrell said.