Forwarded from: C. L. Staten <sysopat_private> Cc: junkmailat_private Mr. Rosenberger: While I agree that sometimes computer journalists have overblown the threat of cyberterrorism, I must also offer a simple observation that attacks on/corruption of the world's main DNS servers, telco switches, or other means could prove to be particularly troubling. Secondarily, as far as viruses are concerned, I can tell you that I have received message traffic to indicate many .gov and .mil mail servers are currently suffering at the hands of BadTrans.b, which most will agree is not really a terribly damaging or prolific virus. One only need consider the creation of a new virus that is multi-platform, polymorphic, has several of the features of recent viruses, and add a couple of new wrinkles to make it a real "nightmare." The last thing our government and industry needs in the midst of a physical terror attack is overloaded servers and outages on the internet...where much information is shared to help resolve problems created by any catastrophe. Our concern revolves around DDoS, virus, and other exploits being concurrently used to amplify the effects of a terrorist attack in the real world. "Destroying America with a computer virus," as you say, may not be feasible in the traditional sense...but professionals from a hostile nation-state, with truly evil intent, could cause us more problems than the IT community is currently prepared/equipped to handle. While I certainly defend your right to publish your opinion that "Cyber terrorism is fantasy," It would be my fear that you are not being creative enough in your analysis of the future. IMHO, troubles lie ahead in cyberspace... Most Respectfully, C. L. Staten Emergency Response & Research Institute 6348 N. Milwaukee Ave. #312 Chicago, IL 60646, USA 773-631-3774 - Voice/Messages 773-631-4703 - Facsimile webmasterat_private - E-Mail http://www.emergency.com - Main Webpage -----Original Message----- From: owner-isnat_private [mailto:owner-isnat_private] On Behalf Of InfoSec News Sent: Friday, November 30, 2001 6:15 AM To: isnat_private Subject: RE: [ISN] Cyber terrorism is 'fantasy' Forwarded from: Junkmail Rosenberger <junkmailat_private> I reject Knowles' argument out-of-hand. He misses the point when he asserts "[who] would have thought that someone would have hijacked commercial jetliners and used them as cruise missiles." The simple fact is that terrorists *always* had the ability to turn planes into cruise missiles; their effectiveness as flying bombs merely grew in proportion to their fuel payload. On the other hand, Cluley & I & others insist no one [yet] has the ability to destroy America with a computer virus (read http://Vmyths.com/rant.cfm?id=410&page=4 for starters). We can therefore sum up Knowles' misguided argument as follows: --> "commercial aircraft as bomb" is VERY feasible but NOT likely; --> "computer virus as bomb" is NOT feasible but VERY likely. Knowles & others (e.g. Michael Vatis, Richard Clarke) could validate their cyber-terrorism arguments with just one -- I repeat, ONE -- technologically feasible idea for destroying America with a computer virus. Rob Rosenberger, Vmyths editor Truth about computer virus hysteria http://Vmyths.com [WK Note: One problem I have is occasionally I don't make myself clear in my commentary on ISN, this can be attributed to lack of sleep, lack of RedBull in the fridge, and the thought of business travel. There are others, but I'd have to sleep on that. > I guess Cluley thinks the same about landmines too, if one is not > careful where placing them and mapping their location, one could also > very well be a victim, but viruses like landmines make for great force > multipliers for a cyberterrorist." What I was meaning to say is that I don't expect the Internet to melt down over one virus, but that the tactical use of viruses would be one weapon of several that a cyberterrorist would likely use to create mayhem. Just as you would use landmines, razor wire, & interlocking fields of machinegun fire to slow your enenmy down. > I am not looking forward to the day of when we see a simultaneous > cross-platform, multiple vulnerability virus that would have the AV > companies pulling their hair out trying to find a solution, and then > able to push that software update onto networks severely choked with a > combination of DDoS attacks, virus traffic, network outages, and major > DNS servers down from repeated hacking attacks. I agree with Rob that Usama is not interested in melting your MP3's, Russian pr0n pics, or mailing out everyone in your Outlook address book 'I send this for your advice' with a virus, Usama wants you dead. I have yet to see anyone bring up cyberterrorism with regular terrorism, and that is another point that I should make clear here, I have always belived (along with a few others) that cyberterrorism would be used first before a large scale terrorist attack. Slowing down or stopping commerical, goverment, and military networks along with the interdependence of the Internet would cripple the basic command and control of government and first responders to a major terrorism event. But enough of me ranting on, I have to get some sleep and run to Costco for another case of RedBull. - William Knowles 9.30.01] - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Dec 03 2001 - 01:20:47 PST