[ISN] Most Hacking Hides Real Threats

From: William Knowles (wkat_private)
Date: Tue Jul 03 2001 - 09:31:49 PDT

  • Next message: Robert G. Ferrell: "Re: [ISN] WWW.huh?: You Are the First Line of Defense"

    http://www.wired.com/news/politics/0,1283,44955,00.html
    
    By Steve Kettmann 
    2:00 a.m. July 3, 2001 PDT 
    
    MUNICH The high profile of such relatively inconsequential online
    political warfare as denial-of-service attacks and playful site
    defacement has the general public distracted from much graver risks.
    
    That's especially true in Europe, according to experts, where many
    Internet users are newer to the medium and less attuned to the dangers
    of such threats as smart viruses.
    
    "Do Europeans care about information warfare?" asks Christiane
    Schultzki-Haddouti, a German journalist who specializes in information
    warfare. "Not much. Compared to America, Europe is still sleeping."
    
    "The media focus on the very vivid details of a hacked site," said
    professor Hans-Bernd Brosius of the Department of Communication
    Sciences at Ludwig-Maximilians University in Munich, which hosted a
    cyberwar conference last weekend.
    
    "We see the blatant details, but not the systems below."
    
    Specifically, he referred to the sort of problem presented by
    potential backdoors built into software systems like the one the U.S.
    National Security Agency may or may not have in most Windows operating
    systems, as reported in Wired News.
    
    It made headlines when a kind of cyberwar erupted between China and
    the United States earlier this year after a U.S. spy plane made an
    emergency landing on Chinese soil, prompting a tense standoff. That
    blew over quickly, although the fizzle over threatened major actions
    may have been in part because U.S. corporations often do not go public
    with word of successful cyberattacks, for fear of encouraging further
    actions.
    
    Do governments need to fear more of the same?
    
    "Paradoxically, forcing terrorists off the Web is impossible, because
    they set up sites in countries with free-speech laws," said Professor
    Dov Shinar, head of the Hubert Burda Center for Innovative
    Communications at Ben Gurion University of the Negev.
    
    That, he said, leads to some grave questions.
    
    "Recognizing that we are in the midst of an ongoing process, can the
    activities of extremist groups on the Web create even wider
    communities of the like-minded than was previously possible?" he
    asked. "How universal are the findings on extremist groups, that the
    use of slick and professional online images ... allows the new media
    to break down boundaries and create a virtual world in which groups
    can strategically blur and define boundaries between themselves and
    other groups?"
    
    Frank Lesiak, an analyst for Germany's Federal Information Agency,
    said the focus on routine security and privacy issues diverts general
    attention from much larger potential for trouble; for example, if
    hostile governments or terrorists were to take a sophisticated,
    long-term approach to wreaking havoc.
    
    "We're not even hearing about the big dangers," he said. "Have you
    read anything in the everyday press about crypto-viruses?" he asked.
    "That's what we need to read about."
    
    And yes, that is what Lesiak spends his nights worrying about: An
    intelligent virus implanted by a military.
    
    "Imagine a society that breaks down because the entire IT structure
    breaks down," he said. "That kills people, not just bits and bytes."
    
    Schultzki-Haddouti said the United States not only has the most to
    lose from any such attacks, it also has the most to teach about them.
    
    "Countries like Germany are importing the concept of information
    warfare from the United States," she said.
    
    Up until 1995, for example, she traced 10 U.S. developments, including
    in 1992 the Pentagon's "first top secret directive TS-3600 on
    'Information Warfare'" and the use of "computer network attacks" in
    the U.S. operation in Haiti in 1994 to return Bertrand Aristide to
    power. Over that same period, nothing much happened in Europe in this
    area, she said.
    
    The sophisticated approach to all aspects of information warfare
    reflects years of sustained attention. Even so, that does not give the
    U.S. military a monopoly on cyberwar techniques, as the NATO alliance
    discovered when it encountered denial-of-service attacks during the
    Kosovo campaign.
    
    "In the end, Yugoslavia stands as an example that information warfare
    will become an integral part of warfare," said Schultzki-Haddouti.
    
    She cited media reports of cyberattacks on foreign bank accounts of
    Serbian President Slobodan Milosevic and of suspected terrorist Osama
    Bin Laden as examples of how far cyberwar can be taken.
    
    In the last two years, Germany and the rest of Europe have tried to
    make up for lost time. Otto Schily, Germany's interior minister, even
    went so far as to float the idea of his government waging
    denial-of-service attacks against U.S. ISPs that host neoNazi content.
    But he later backed off the idea. While Schily and the German
    government may refrain from such drastic tactics, it's clear
    strategies that were once unthinkable are getting implemented in
    online warfare.
    
    "As cybercrime is on the rise due to the development of computer
    networks on a global scale, information war will be even easier to
    hide in the background noise of illegal, however unrelated activities
    on the network," said Lesiak, the German intelligence expert. "It's
    very difficult to assess what's really going on."
    
    
    
    *==============================================================*
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    ================================================================
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    *==============================================================*
    
    
    ISN is hosted by SecurityFocus.com
    ---
    To unsubscribe email isn-unsubscribeat_private
    



    This archive was generated by hypermail 2b30 : Thu Jul 05 2001 - 00:08:35 PDT