[ISN] Cyber terrorism is 'fantasy'

From: InfoSec News (isnat_private)
Date: Thu Nov 29 2001 - 00:59:29 PST

  • Next message: InfoSec News: "[ISN] Philippine Hackers Deface Sites To 'Expose Flaws'"

    [I have to wonder about Graham Cluley's logic about "viruses not
    making good weapons because they have no guidance system so the
    sender could easily become his own victim unless protected." 
    
    I guess Cluley thinks the same about landmines too, if one is not
    careful where placing them and mapping their location, one could also
    very well be a victim, but viruses like landmines make for great force
    multipliers for a cyberterrorist.
    
    Sure most viruses in the past have had antidotes written in a matter
    of hours, I think we've been lucky not to have had a truly crippling
    virus attack since nearly all of them have been written for Windows.
    
    I am not looking forward to the day of when we see a simultaneous
    cross-platform, multiple vulnerability virus that would have the AV
    companies pulling their hair out trying to find a solution, and then
    able to push that software update onto networks severely choked with a
    combination of DDoS attacks, virus traffic, network outages, and major
    DNS servers down from repeated hacking attacks.
    
    Just because there hasn't been a real cyberterrorism attack does mean
    its not eventually going to happen, who before September 11th, 2001
    would have thought that someone would have hijacked commerical
    jetliners and used them as cruise missles against the Pentagon, The
    World Trade Centers, and list of other military and civilian locations
    that we'll never know about.
    
    Mind you, this isn't the kind of forward thinking I would have
    expected from Sophos either.  -=-  William Knowles - 11-29-2001]
    
    
    
    http://www.vnunet.com/News/1127169
    
    By Chris Lee 
    27-11-2001
    
    Security experts have labelled cyber terrorism as "fantasy" and called
    the FBI "ill-advised" for raising unnecessary concerns about viruses.  
    Following Osama bin Laden's attack on the US, Richard Clarke,
    cyberspace security adviser to the White House, described the
    perceived threat to America from viruses and hacking as a "digital
    Pearl Harbor".
    
    But no evidence has so far been produced to suggest that "rogue
    nations and terrorists" are waging an information war against the
    West.
    
    "If there was going to be cyber terrorism, why hasn't it happened?"
    asked Graham Cluley, senior technology consultant for antivirus (AV)
    specialist Sophos.
    
    "Viruses don't make good weapons for warfare; they have no guidance
    system so the sender could easily become his own victim unless
    protected and even then the most sophisticated viruses have antidotes
    written for them by AV companies within a matter of hours," he said.
    
    Cluley insisted that cyber terrorism was not the next battlefield for
    international conflict. Only a few politically motivated viruses have
    been launched, all of which were harmless and easily dealt with, he
    said.
    
    He also criticised the FBI over its Magic Lantern, a Trojan virus
    which the Bureau plans to release on suspected terrorist groups to
    extract information from systems without their knowledge.
    
    The hacking technology is believed to be more than three years old,
    according to some US experts.
    
    "It seems like the FBI is just trying to see if they can come up with
    different options and ways that electronic surveillance can be done,"
    said Vincent Gullotto, director of security specialist Networks
    Associates' AV emergency response team.
    
    AV specialist McAfee, part of Network Associates, denied reports in
    the Washington Post last week that it would make sure its software did
    not prevent Magic Lantern.
    
    Sophos believes the FBI is not best placed to preach about AV
    measures, having itself been a victim of the SirCam virus earlier this
    year when classified documents were sent to the FBI's mailing list
    because it had failed to update AV software.
    
    The FBI has also failed to prosecute David L Smith, the author of the
    Melissa virus which caused $80m worth of damage to US businesses.
    Smith pleaded guilty on 10 December 1999 and has still to be
    sentenced.
    
    "Funny that," said Cluley, given that the FBI itself is now developing
    its own viruses.
    
    Cluley also criticised the Bureau's handling of the Code Red affair in
    July, when FBI spokesmen warned of the "meltdown of the internet".
    
    "The FBI was ill-advised. It should have said it only affected
    business users and here's how to deal with it," he explained.
    
    Code Red does not even feature in Sophos' top 10 most reported viruses
    for the year.
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Nov 29 2001 - 13:20:37 PST