Forwarded from: Rob Rosenberger <junkmailat_private> Let's take a statistic of roughly 200 hard disk reformats per month per air force base for numerous arbitrary reasons. The colonel wants a new OS, or the secretary can't get her machine to act right, or the captain deleted CMD.EXE because he didn't need a program that just displays a copyright notice, or the airman gets a hand-me-down upgrade, or a contractor takes over a cubicle. "Thanks, sarge. What happened to all the data?" It's gone; I blew it away. "Ouch. Oh well. Thank goodness we haven't moved to the paperless office." Let's take another statistic of 100 air force bases worldwide, times 12 months... We can speculate our mighty zoomie electron defenders reformat roughly a quarter-million hard disks each year. And that's just USAF. Add the Army and the Navy and various purple-suit agencies: I suggest multiplying this number by three. We can speculate DoD reformats roughly a million hard disks each year. A million per year, and I didn't even talk about all the hard disks reformatted each year by the civilian government. Reformatted each year by the Fortune 1000. Reformatted each year by countless small businesses. Reformatted each year by countless individuals. Okay, now let's insert the word "virus" in this argument. Let's suppose a virus comes along and wipes out a million hard disks in two days. "What happened to all the data?" It's gone; the virus blew it away. Go on: predict the mayhem. How many quintillions of $$$ will we lose? Rob -----Original Message----- From: owner-isnat_private [mailto:owner-isnat_private]On Behalf Of InfoSec News Sent: Friday, 30 November 2001 5:28 AM To: isnat_private Subject: Re: [ISN] Cyber terrorism is 'fantasy' Forwarded from: Gary Warner <garat_private> The thing about viruses, is that so far we have not encountered a talented rapid-spread-virus author who wished to "destroy the world". I mean, Code Red was not nice, and Nimda was not nice, but imagine how much less nice they would have been if they launched their attack, and then formatted your C:\ drive! Could they have done that? Certainly! Why did they not do that? Because their purpose was not to "destroy the world". How many "end-users" in your own organizations have triggered one of the recent mail-all-my-contacts type Outlook viruses? How many would be up the Proverbial Creek sans Paddle if the virus had decided to delete their "My Documents" directory? or all their directories? or look for all mapped network drives and delete all files? The fact that this has not happened is one of the greatest blessings we have received, and yet, it has also lulled us into a false sense of security. Upper Management reads about the Love Bug virus, looks around, and notices the world has not ended. They then conclude that the world will not end in the future. Code Red? No problem. Our servers survived. Good, we don't have to worry about tightening our security I guess. My greatest fear is that someone with malicious intent *IS* behind these viruses, and that they have thus far been demonstrating their ability to create a high spread virus to prove their skills to someone who may wish to pay them to "destroy the world". What I was thinking when I watched the Code Red spread was "what a great way to make a list of drones/zombies!" Launch my attack, and then start monitoring on a Class B network for boxes that begin attacking me back. Sense I know the method I used to spread my virus, I now have a list of boxes that can be instantly "owned" with a far more devastating payroll any time in the near future. How many machines was that? 200,000? 300,000? 500,000? What company, domain, or network could you NOT DOS with 100,000 zombies in your control? I know, I know, I am painting dark fantasies. But I consider the line in my job description that says "and other responsibilities determined to benefit the corporation" to mean "assume a position of total paranoia and prepare us for the worst". Just my 2 cents worth, _-_ gar - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Dec 03 2001 - 01:41:02 PST