[ISN] Cyberterrorists: our invisible enemies

From: InfoSec News (isnat_private)
Date: Tue Sep 25 2001 - 01:05:37 PDT

  • Next message: InfoSec News: "[ISN] War, Recession Highlight Need for Net Security"

    By Rob Fixmer, Interactive Week
    September 24, 2001 5:19 AM PT
    COMMENTARY--As Attorney General John Ashcroft fielded reporters'
    questions last Tuesday about the attack on the World Trade Center and
    the Pentagon, one journalist asked if a new computer worm, discovered
    only hours earlier, was in any way related to the terrorist strikes.
    It was not, Ashcroft assured the nation--or at least, there was as yet
    no evidence linking it to Osama bin Laden and his ilk.
    Somehow that was not altogether reassuring. Yes, it suggested that the
    same evil minds who plotted the deaths of thousands and the
    destruction of our national icons in a relatively low-tech assault had
    not evinced the technological sophistication to attack our computer
    networks. Not yet, anyway.
    But it also reminded us that the numbers of our invisible enemies are
    growing each day, turning our commitment to freedom and openness into
    sundry weapons capable of destroying us.
    It is no exaggeration to describe the creation of computer viruses and
    worms as terrorism. While none has yet threatened loss of life, as our
    culture grows increasingly dependent on the network of networks to
    organize and maintain our social, commercial, military and political
    institutions, some highly sophisticated worm will eventually wield
    deadly powers. It will not kill through physical assault, but through
    deprivation - emergency supplies cut off, urgent calls for help
    unheard, defenses unplugged. It will kill by throwing crucial
    institutions into chaos by simply erasing or corrupting the data on
    which we increasingly depend for daily sustenance.
    As the world's political leaders counsel patience and perseverance in
    a type of war never before waged, we risk enormous peril if we take
    our eyes off the cyberfront. In some ways, digital terrorism will be
    even harder to combat than suicide bombers and elusive snipers--first,
    because the attackers are often armies of one whose motivation is
    unknown, and second, because so much of our aggregate defenses depends
    on private companies whose allegiances will always be divided between
    social responsibility and profits.
    As intoxicated as we've become with the notion that the market must
    decide all things commercial, software developers have proven
    themselves to be socially irresponsible by consistently releasing
    products that are vulnerable to attack. Surely, the leaders of the
    computer industry--men and women cited as visionaries at every
    opportunity--have realized that network terrorism is an escalating
    war. It's time to adopt and enforce industry standards with enough
    teeth to make them stick.
    That said, before we start pointing fingers at Microsoft, I suggest we
    take a long hard look in the mirror. How many of us have been vigilant
    in applying the patches developers have made readily available--often
    proactively? How many of us have circumvented password protections
    because we couldn't be bothered? How many can say we have been
    completely vigilant in monitoring firewalls and network diagnostics?
    How many of us, in fact, have been asleep at the wheel?
    It's not Microsoft's job to protect us from ourselves, from our
    inertia or our unwillingness to invest human and capital resources in
    our own barricades. It's not Microsoft's job to force ISPs to wage a
    cooperative war on denial-of-service attacks. Nor can Microsoft, as
    large as it is, act as the world's software police or central
    administrator of defensive information. That role lies with industry
    and government, which have so far compiled a very sorry record in
    collaborating against cyberterrorism.
    And finally, a great deal of responsibility lies with the hacker
    community, which consistently criticizes worm and virus attacks and
    denies any responsibility for their existence, but in truth condones a
    shadowy subculture that nurtures these terrorists. Three years ago,
    IBM sponsored a daylong seminar on cyberforensics at its headquarters
    in Armonk, N.Y. The event drew some of the brightest lights in the
    hacker world, but when one speaker attempted to distinguish between
    "black hat" and "white hat" hackers, he was booed. Hacking was "not
    about morality," one member of the audience shouted.
    In the immortal words of Harry Truman: bullshit! There are no moral
    shades of gray here. We cannot condone the argument put forth by
    social misfits at keyboards that Microsoft products must be attacked
    to expose their vulnerabilities. Everyone knows there are responsible
    ways to hack a product. Releasing a worm or otherwise attacking an
    undefended network is not among them. It's time the hacker community
    weeded out the evil in its midst.
    The bottom line is that we are already engaged in an escalating
    confrontation that holds frightening consequences for our economy,
    culture and well-being. Winning the war against cyberterrorism will
    require never-ending vigilance--and patience and perseverance--on the
    part of all of us.
    Rob Fixmer is Editor-in-Chief of Interactive Week. He can be reached
    at rob_fixmerat_private
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Sep 25 2001 - 04:06:13 PDT