'Love Bug' Shows US Susceptibility to Cyber Attack

By Lawrence Morahan | July 7, 2008 | 8:08 PM EDT

(CNSNews.com) - The "ILOVEYOU" virus that has disabled millions of computers around the globe has underscored the increasing risk of cyber terrorism facing the US, a leading congressional authority on modern technology warned Friday.

"The rapid spread of the 'ILOVEYOU' virus vividly demonstrates the dangers facing Americans in the information age," said Sen. John Kyl (R-AZ), chairman of the Senate Judiciary Subcommittee on Technology, Terrorism, and Government Information.

"Coming so closely on the heels of the recent denial of service attacks, this most widespread virus to date should serve as a second wake-up call about the dangers we face," he said.

To meet the threat, Kyl has introduced a bill that would authorize nationwide "trap and trace" authority to enable law enforcement officials to trace computer attacks anywhere in the United States. Kyl's legislation also would make it easier for law enforcement to prosecute juvenile offenders and those who commit lesser computer crimes.

While security experts attribute the latest hi-tech chaos to vandalism, variants of the so-called "Love Bug" virus labeled "Joke" and "Mother's Day" infected computers around the world Friday, bringing to tens of millions the number of computers that have been disabled so far.

The virus is far more devastating than last year's Melissa bug, experts warn, and damage could grow by up to $1.5 billion a day until the virus is eradicated sometime this week.

The virus, which is believed to have originated in the Philippines, forced network administrators to shut down e-mail systems at major companies and penetrated the Pentagon, the CIA and the British Parliament.

Computer analysts were shocked at the speed at which the latest virus spread around the world.

"Usually what happens is a virus gets reported and the technical people analyze the virus, figure out how to fix it or counteract it and disable it. But this one spread so fast, it took people by surprise. That's sort of a first," a computer systems analyst with a federal government contractor told CNSNews.com.

Cyber Attacks Could Be 'Wave of the Future'

As virus-filtering software becomes more sophisticated in identifying and blocking cyber bugs, civilian and national security systems will never be immune to attack, experts report.

Ivan Eland, director of Defense Policy Studies with the Cato Institute, told CNSNews.com that cyber attacks against the US could be "the wave of the future."

"You just have to accept there are going to be asymmetric possibilities there [for terrorists] and take measures to counter that threat," he said.

What is more likely than a crippling blow to the US military by determined enemies would be a coordinated attack on the civilian infrastructure with a strong cyber component, Eland cautioned.

"They could use a cyber attack to impede a response to a chemical or biological attack," he said.

Experts also say the threat to US national security and its nuclear weapons program is somewhat exaggerated. "The Defense Department has its classified system shielded. Some of the unclassified systems could be affected, but the US has such a dominant military, I don't hype the threat. The civilian infrastructure, on the other hand, is more vulnerable," Eland said.

For its part, the United States could enter "shaky ground" if it directed cyber attacks against enemy civilian facilities that might have military functions. President Clinton threatened such action against the Serbs during the Kosovo conflict.

"If you're fighting Hitler, you're more apt to do what you have to do to win, but when the stakes are lower you come to a moral problem. It's one thing if you hit them accidentally, but when you start going toward the computers and the infrastructure of another country, you know in advance you're going to be hurting civilians, and that becomes dicey from a moral perspective," Eland said.

At a Pentagon news conference Thursday, spokesman Kenneth Bacon said the steps the Defense Department takes to protect itself from cyber attack are not greatly different than those taken by any large corporation.

"First, we issue instructions about what the problem is and how to deal with the problem. Then we issue instructions on how to fix the problem if people haven't prevented it in the first place. And then the next is to work with the software manufacturers to find vaccines that protect against such viruses, and then through law enforcement agencies to track down the source and try to stop it from happening again."

Bacon said he was "sure there will be other viruses. But our obligation is to protect our computer users by using each one of these experiences as a way to create better defenses for the future."

The Pentagon would be working closely with virus-blocking software manufacturers such as McAfee and Symantec to protect its systems, Bacon said.