Re: [ISN] Terrorists could launch cyber-war / RFF Reply to First-Rate FUD

From: InfoSec News (isnat_private)
Date: Tue May 14 2002 - 00:31:03 PDT

  • Next message: InfoSec News: "[ISN] Bug centre monitors real-time threats"

    Forwarded from: H C <keydet89at_private>
    Cc: rfornoat_private
    
    > > A "CYBER jihad" could be launched against the West
    > > as terrorists moved from the real world to an internet-based
    > > virtual world, a US expert warns.
    > 
    > Sensational, fear-mongering term here. "CyberJihad" ??? Crikey, we
    > better run for the hills.....
    
    Crikey?  Really, Rick?!  Have you taken to wearing khaki shorts and
    speaking w/ an Aussie accent?
    
    I think it's also important to point out the operative term in the
    above quote, which is "could".  Yeah, a lot of things "could"...but
    how likely is this "cyberjihad"?  Does the intel community still hold
    on to the belief that terrorists are staying away from computer
    networks as weapons simply b/c they aren't as reliable or poignant as,
    say, a suicide bomber?
    
    > > Michele Zanini, a consultant with the think-tank
    > > McKinsey and Company, said terrorist groups such as al-Qaeda
    > > were already making huge use of the web for communications,
    > > propaganda, recruitment and target data.
    > 
    > Never heard of them, but it must be a think-tank full of stagnant
    > thoughts and conventional thinking. The web and internet is a
    > communication medium.....a tool.....criminals use it to plan
    > traditional crimes, it's only natural that a terrorist would use it
    > for such purposes too.
    
    Not only is this "think-tank" largely unheard of (what happened...the
    magazine couldn't get a sound bite from Gartner or RAND?), but it's
    old news.  Wasn't it about a year ago that a "news" story about
    terrorists using steganography and porno Usenet groups to communicate?
    
    > This is NOT new.  What we also forget is that just because something
    > CAN be used as a weapon doesn't mean it WILL, either.
    
    Correct.  Maybe it's better to chalk this one up to the author of the
    article (a media-hound looking for something sensational) rather than
    to whomever he quoted.  I'm sure most folks who do authorize a quote
    or two have found that many times the quotes are used out of context.
    
    > > Another expert, Rand Europe senior policy analyst
    > > Kevin O'Brien said there was potential for terrorists to 
    > > cause huge losses to the West by damaging information technology 
    > > systems.
    > 
    > We have that now, but nobody seems to give a hoot.
    
    At least it's a quote from an organization we've heard of.  But again,
    we're back to "potential"..."could"...that sort of thing.
    
    > It's called Microsoft and the incessant amount of security problems
    > costing how many billions to address, and most of the problems NEVER
    > FULLY GO AWAY.  If you're worried about cyber-security, why not
    > point the finger and take action against a known cause of repeated
    > and quite significant problems and vulnerabilities we ALREADY KNOW
    > where they come from?
    
    While Microsoft does produce products that are full of holes, one
    thing needs to be understood.  Take a look at the recent articles
    about the "Deceptive Duo" and the nmap scans of some of their
    "victims" on AllDas.org.  Microsoft systems with NetBIOS ports exposed
    to the Internet.  At least one article quoted the DD as saying they
    broke in by way of weak passwords on user accounts.  In one case,
    MS-SQL server was exposed to the Internet w/ an admittedly (by a
    spokesman for the victim) "weak password".
    
    At that point, whose fault does it become?  MS for producing products,
    or the admins for not allowing two neurons to interact and pass
    chemical messages back and forth, thereby allowing them to form a
    "thought" to protect their networks?
    
    After all, even MS put out information on how to protect IIS
    servers...one of the instructions was to disable unnecessary script
    mappings.  Code Red demonstrated that most IIS admins seem to be
    illiterate.
     
    > I guess it's still easier to point the fingers for our INFOSEC
    > problems at shadowy cyber-terrorists and such, thereby ducking blame
    > and avoiding responsibility for the current state of world
    > information insecurity.
    
    Not easier.  Remember, Rick, it's the media that's doing this sort of
    finger pointing.  Why?  B/c it's "cool" and sensational.  Take this
    Kevin O'Brien from RAND...he's an "expert", reportedly, but of what?  
    Who recognizes Mr. O'Brien's credibility as an "expert" at anything?  
    I'm not trying to disparage Mr. O'Brien, b/c I don't know him...but
    the author of the original article simply expected his readers to
    accept this fact, that's all.
     
    > > Dr Zanini and Dr O'Brien were speaking at an international
    > > conference on global terror in Hobart.
    > > 
    > > Dr O'Brien said Western-developed IT had become
    > > the "great equaliser" as it was exploited by terrorists 
    > > and rogue states.
    > 
    > Yeah, and the electron is the ultimate guided weapon, like former
    > DCI Deutch said. What a crock.
    
    Yeah, Deutch.  The DCI who took classified info home to his
    unprotected PC...the one his kid played games on.  Great source.  
    Perhaps Dr. O'Brien's quote has significance...after all, anyone can
    call up Dell and order a bunch of systems.  In fact, someone
    purchasing a gross of computer systems from Dell today will be an a
    far better footing than some corporations who haven't upgraded their
    systems in...6 months.  A year.
     
    > > He said the cyber world was chaotic and without boundaries 
    > > and Western security agencies were traditionally ill-equipped 
    > > to deal with its threats.
    > 
    > Agreed. They have a hard enough time keeping their own systems
    > secured.
    
    Sure.  But I don't think this is an issue just for Western security
    agencies.  Wasn't it the Brits who had a laptop stolen during Desert
    Shield?  Sure, I know the State Dept. has done a much better job of
    loosing laptops, but it's not an issue unique to the West.
      
    > > In the wake of September 11, it was clear terrorists were using 
    > > the internet as a weapon of war, the experts said.
    > 
    > "Weapon of war"??? Sensational fear-mongering.
    
    No doubt!  Who is this clear to?  Not to me!  Obviously not to you,
    Rick.  So...who?
    
    > They also used airplanes as a real and quite deadly 'weapon of war'
    > but nobody here seems to remember that. Under these guys'
    > definitions, a USG visa, fraudulent drivers' licenses, and a copy of
    > the Koran would be 'weapons of war' too....
    
    So would an ATM debit card.  But how do the trips to WalMart and T&A
    bars fit in?
      
    > > Terrorists used the net to gather intelligence, including target
    > > information, and counter-intelligence.
    > 
    > Net notwithstanding, it didn't take a genius to know where the WTC
    > was.
    
    Yeah, big deal.  Anyone can use the 'Net to gather intelligence.  
    There are plenty of books and sites out there that talk about this.  
    But like you said, it doesn't take a genius to see the Pentagon or WTC
    from the air, particularly when you're right over it.
    
    > > They made and moved money on it and were suspected of even
    > > manipulating stocks for profit.
    > 
    > Gee. Maybe al-Qaeda sat on the Enron Board...
    
    More FUD..."suspected".  By whom?  If they were suspected, and it
    wasn't proven, why mention it?  Or, why not quote whomever stated
    this?  Nope, can't do that...not sensational enough.
    
    Rick, I think you're really pointing out here that it isn't weaknesses
    in the infrastructure...we know this, and they're more political than
    technological...but the need for far too many "journalists" to justify
    their existance with over-sensationalized garbage.
    
    Just the fact that we're discussing (or rebutting) the article gives
    it credence.  After all, it's clear that the "journalist's" intention
    wasn't to produce an accurate article...it was to get paid.
     
    > > They could also use it for worldwide planning and coordination,
    > > propaganda, psychological terrorism and rumour-mongering.
    > 
    > Old news. Regarding propaganda, psyops, and rumor-mongering, the
    > net's been used for this for years.
    
    Rumor-mongering?  Interesting...isn't that exactly what the media is
    doing with this article?
    
    > > Dr O'Brien said the danger to business was of great concern, 
    > > with some websites particularly vulnerable.
    
    Yeah, some are.  So what?  They're web sites.  The NYSE isn't tied
    directly into their public web site.  The author of this article
    doesn't seem to realize that defacing web sites is as passe as the
    graffiti on highway overpasses.
    
    > > Companies could also be damaged through extortion, brand 
    > > destruction and fraud.
    > 
    > That already happens, but terrorists aren't to blame.
    
    Yeah, no doubt.  Wait...wouldn't that make the senior management of
    companies like Enron and Winstar "terrorists"?  I mean, both companies
    laid off thousands of workers and for all intents and purposes have
    disappeared due to fraud, etc.
       
    > I need more coffee now.
    
    Me, too.  See you at Starbucks...
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue May 14 2002 - 14:27:31 PDT