[ISN] Cyber terrorism is 'fantasy'//ERRI Reply

From: InfoSec News (isnat_private)
Date: Sun Dec 02 2001 - 23:48:45 PST

  • Next message: InfoSec News: "RE: [ISN] Cyber terrorism is 'fantasy'"

    Forwarded from: C. L. Staten <sysopat_private>
    Cc: junkmailat_private
    
    Mr. Rosenberger:
    
    While I agree that sometimes computer journalists have overblown the
    threat of cyberterrorism, I must also offer a simple observation that
    attacks on/corruption of the world's main DNS servers, telco switches,
    or other means could prove to be particularly troubling.
    
    Secondarily, as far as viruses are concerned, I can tell you that I
    have received message traffic to indicate many .gov and .mil mail
    servers are currently suffering at the hands of BadTrans.b, which most
    will agree is not really a terribly damaging or prolific virus. One
    only need consider the creation of a new virus that is multi-platform,
    polymorphic, has several of the features of recent viruses, and add a
    couple of new wrinkles to make it a real "nightmare."
    
    The last thing our government and industry needs in the midst of a
    physical terror attack is overloaded servers and outages on the
    internet...where much information is shared to help resolve problems
    created by any catastrophe. Our concern revolves around DDoS, virus,
    and other exploits being concurrently used to amplify the effects of a
    terrorist attack in the real world. "Destroying America with a
    computer virus," as you say, may not be feasible in the traditional
    sense...but professionals from a hostile nation-state, with truly evil
    intent, could cause us more problems than the IT community is
    currently prepared/equipped to handle.
    
    While I certainly defend your right to publish your opinion that
    "Cyber terrorism is fantasy," It would be my fear that you are not
    being creative enough in your analysis of the future. IMHO, troubles
    lie ahead in cyberspace...
    
    Most Respectfully,
    
    C. L. Staten
    
    Emergency Response & Research Institute
    6348 N. Milwaukee Ave. #312
    Chicago, IL 60646, USA
    773-631-3774 - Voice/Messages
    773-631-4703 - Facsimile
    webmasterat_private - E-Mail
    http://www.emergency.com - Main Webpage 
    
    
    -----Original Message-----
    From: owner-isnat_private [mailto:owner-isnat_private] On Behalf
    Of InfoSec News
    Sent: Friday, November 30, 2001 6:15 AM
    To: isnat_private
    Subject: RE: [ISN] Cyber terrorism is 'fantasy' 
    
    
    Forwarded from: Junkmail Rosenberger <junkmailat_private>
    
    I reject Knowles' argument out-of-hand.  He misses the point when he
    asserts "[who] would have thought that someone would have hijacked
    commercial jetliners and used them as cruise missiles."
    
    The simple fact is that terrorists *always* had the ability to turn
    planes into cruise missiles; their effectiveness as flying bombs merely
    grew in proportion to their fuel payload.  On the other hand, Cluley & I
    & others insist no one [yet] has the ability to destroy America with a
    computer virus (read http://Vmyths.com/rant.cfm?id=410&page=4 for
    starters).  We can therefore sum up Knowles' misguided argument as
    follows:
    
       --> "commercial aircraft as bomb" is VERY feasible but NOT likely;
       --> "computer virus as bomb" is NOT feasible but VERY likely.
    
    Knowles & others (e.g. Michael Vatis, Richard Clarke) could validate
    their cyber-terrorism arguments with just one -- I repeat, ONE --
    technologically feasible idea for destroying America with a computer
    virus.
    
    Rob Rosenberger, Vmyths editor
    Truth about computer virus hysteria
    http://Vmyths.com
    
    
    
    [WK Note: One problem I have is occasionally I don't make myself clear
    in my commentary on ISN, this can be attributed to lack of sleep, lack
    of RedBull in the fridge, and the thought of business travel. There are
    others, but I'd have to sleep on that.
    
    > I guess Cluley thinks the same about landmines too, if one is not
    > careful where placing them and mapping their location, one could also 
    > very well be a victim, but viruses like landmines make for great force
    
    > multipliers for a cyberterrorist."
     
    What I was meaning to say is that I don't expect the Internet to melt
    down over one virus, but that the tactical use of viruses would be one
    weapon of several that a cyberterrorist would likely use to create
    mayhem. Just as you would use landmines, razor wire, & interlocking
    fields of machinegun fire to slow your enenmy down.
    
    > I am not looking forward to the day of when we see a simultaneous
    > cross-platform, multiple vulnerability virus that would have the AV 
    > companies pulling their hair out trying to find a solution, and then 
    > able to push that software update onto networks severely choked with a
    
    > combination of DDoS attacks, virus traffic, network outages, and major
    
    > DNS servers down from repeated hacking attacks.
    
    I agree with Rob that Usama is not interested in melting your MP3's,
    Russian pr0n pics, or mailing out everyone in your Outlook address book
    'I send this for your advice' with a virus, Usama wants you dead. I have
    yet to see anyone bring up cyberterrorism with regular terrorism, and
    that is another point that I should make clear here, I have always
    belived (along with a few others) that cyberterrorism would be used
    first before a large scale terrorist attack.
    
    Slowing down or stopping commerical, goverment, and military networks
    along with the interdependence of the Internet would cripple the basic
    command and control of government and first responders to a major
    terrorism event. 
    
    
    But enough of me ranting on, I have to get some sleep and run to
    Costco for another case of RedBull.     - William Knowles 9.30.01]
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Dec 03 2001 - 01:20:47 PST