Re: [ISN] Terrorists could launch cyber-war / RFF Reply to First-Rate FUD

From: InfoSec News (isnat_private)
Date: Sun May 12 2002 - 23:37:39 PDT

  • Next message: InfoSec News: "Re: [ISN] Midwest Express hackers cause a stir"

    Forwarded from: Richard Forno <rfornoat_private>
    
    Regarding:
    
    > http://news.com.au/common/story_page/0,4057,4286006%255E15318,00.html
    
    > A "CYBER jihad" could be launched against the West as terrorists
    > moved from the real world to an internet-based virtual world, a US
    > expert warns.
    
    Sensational, fear-mongering term here. "CyberJihad" ??? Crikey, we
    better run for the hills.....
    
    > Michele Zanini, a consultant with the think-tank McKinsey and
    > Company, said terrorist groups such as al-Qaeda were already making
    > huge use of the web for communications, propaganda, recruitment and
    > target data.
    
    Never heard of them, but it must be a think-tank full of stagnant
    thoughts and conventional thinking. The web and internet is a
    communication medium.....a tool.....criminals use it to plan
    traditional crimes, it's only natural that a terrorist would use it
    for such purposes too. Doesn't mean it's the end of the world. Prior
    to 0911, a civilian airliner was used to fly between airports, not
    serve as human-guided missiles against skyscrapers. But we don't see
    talk about "aerojihads" being the next harbringer of evil against the
    West, do we?  How quickly we forget that anything that can be used by
    a human can be turned into a weapon. This is NOT new.  What we also
    forget is that just because something CAN be used as a weapon doesn't
    mean it WILL, either.
    
    > Another expert, Rand Europe senior policy analyst Kevin O'Brien said
    > there was potential for terrorists to cause huge losses to the West
    > by damaging information technology systems.
    
    We have that now, but nobody seems to give a hoot. It's called
    Microsoft and the incessant amount of security problems costing how
    many billions to address, and most of the problems NEVER FULLY GO
    AWAY.  If you're worried about cyber-security, why not point the
    finger and take action against a known cause of repeated and quite
    significant problems and vulnerabilities we ALREADY KNOW where they
    come from?
    
    I guess it's still easier to point the fingers for our INFOSEC
    problems at shadowy cyber-terrorists and such, thereby ducking blame
    and avoiding responsibility for the current state of world information
    insecurity.
    
    > Dr Zanini and Dr O'Brien were speaking at an international
    > conference on global terror in Hobart.
    > 
    > Dr O'Brien said Western-developed IT had become the "great
    > equaliser" as it was exploited by terrorists and rogue states.
    
    Yeah, and the electron is the ultimate guided weapon, like former DCI
    Deutch said. What a crock.
    
    > He said the cyber world was chaotic and without boundaries and
    > Western security agencies were traditionally ill-equipped to deal
    > with its threats.
    
    Agreed. They have a hard enough time keeping their own systems
    secured.
     
    > In the wake of September 11, it was clear terrorists were using the
    > internet as a weapon of war, the experts said.
    
    "Weapon of war"??? Sensational fear-mongering. They also used
    airplanes as a real and quite deadly 'weapon of war' but nobody here
    seems to remember that. Under these guys' definitions, a USG visa,
    fraudulent drivers' licenses, and a copy of the Koran would be
    'weapons of war' too.....
     
    > Terrorists used the net to gather intelligence, including target
    > information, and counter-intelligence.
    
    Net notwithstanding, it didn't take a genius to know where the WTC
    was. They didn't need the Net, GPS, or Mapquest to find it.  After
    0911 we saw the USG rush to strip the GPS and map coords of nuke
    plants off the Web -- so what? What real good did that do to thwart
    terrorism? You can go to the library and look it up. Or, if the
    library's database was destroyed (per USG orders post-0911) they can
    go to 7-11 and buy a Rand Mcnally driving map. Or, golly gee, they
    could get in a car and drive around, following road signs and look for
    the cooling towers found at a nuke facility.  They don't need GPS
    coordinates to attack something as large as a nuke plant or
    skyscraper. The web may have made it easier to communicate between
    terrorists, but it wasn't a major force multiplier these guys say it
    was.
    
    > They made and moved money on it and were suspected of even
    > manipulating stocks for profit.
    
    Gee. Maybe al-Qaeda sat on the Enron Board...
    
    > They could also use it for worldwide planning and coordination,
    > propaganda, psychological terrorism and rumour-mongering.
    
    Old news. Regarding propaganda, psyops, and rumor-mongering, the net's
    been used for this for years. Anyone remember ELF, Electrohippies, or
    the Zapatistas? The transparancy of the net, plus the number of ways
    to confirm/deny such rumors/propaganda is a countermeasure that's
    already built-in to the net and the information age. No real danger.
    
    > Dr O'Brien said the danger to business was of great concern, with
    > some websites particularly vulnerable.
    > 
    > An interruption of a few seconds on the New York foreign exchange
    > market could cost billions of dollars.
    
    Dollars lost in a momentary hiccup on the Exchange will still not
    concern the population, or stick in their minds, like knowing that
    thousands were killed when 2 110-story skyscrapers went tumbling down
    in NYC, or when the Pentagon was attacked.  I'll prolly not remember
    where I will be if/when NYSE get's hacked, but you can bet I'll be
    telling my grandkids EXACTLY what I was doing and where I was
    minute-by-minute the morning of 0911. While billions lost in a hiccup
    is problematic - face it, it's tragic, and it's angering, but hacking
    NYSE or NASDAQ is essentially an inconvienience. Nobody probably will
    be killed during such an event, unlike a physical attack like we saw
    on 0911.
    
    > Companies could also be damaged through extortion, brand destruction
    > and fraud.
    
    That already happens, but terrorists aren't to blame.
     
    > Australia, Britain and Canada had moved in this direction, but the
    > US response was still hampered by agency turf wars and personal
    > rivalries, he said.
    
    Yep - that is not likely to change anytime soon.
    
    > However, on the wild world of the web, there's an unlikely ally in
    > the war against terror.
    > 
    > Dr Zanini said traditional hackers had a quite different culture to
    > terrorists and the two did not mix well.
    > 
    > There was even an organisation called Hackers Against Terrorism, a
    > sort of virtual vigilante group, he said.
    
    Zanini is WAY OFF the mark here. Hackers Against Terrorism was a scam
    by German dotcom playboy Kim Schmitz - who after a brief time on the
    lam, was returned to Germany and is currently awaiting trial.  He's
    not a hacker, he's a charletan who enjoys the images of a fast global
    lifestyle.
    
    This Register article tells part of the story.
    http://www.theregister.co.uk/content/55/22457.html
    
    An April 11, 2002 this Business Week story tells the rest, including
    describing in more detail his alleged wrongdoings and activities over
    the past few years. Be your own judge....but I think it's pretty clear
    he's not the 'unlikely ally in the war against terror' that Zanini
    says he is.
    http://www.businessweek.com/bwdaily/dnflash/apr2002/nf20020411_3688.htm
    
    Its this kind of short-range, sensational, half-witted analysis and
    proclaimations that muddies the waters in developing and implementing
    an effective information assurance strategy for the country.
    Unfortunately, this kind of tripe is heard all the time in the halls
    of Congress, DoD, and by various firms that claim to provide
    commerical 'cyber-intelligence' services. It terrifies me that such
    advice and analysis is actually believed by those in-charge of our
    countries -- talk about the blind leading the blind.
    
    I need more coffee now.
    
    
    Rick
    infowarrior.org
    (c) 2002. Permission granted to reproduce in entirety.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon May 13 2002 - 03:15:16 PDT