Forwarded from: H C <firstname.lastname@example.org> Cc: email@example.com > > A "CYBER jihad" could be launched against the West > > as terrorists moved from the real world to an internet-based > > virtual world, a US expert warns. > > Sensational, fear-mongering term here. "CyberJihad" ??? Crikey, we > better run for the hills..... Crikey? Really, Rick?! Have you taken to wearing khaki shorts and speaking w/ an Aussie accent? I think it's also important to point out the operative term in the above quote, which is "could". Yeah, a lot of things "could"...but how likely is this "cyberjihad"? Does the intel community still hold on to the belief that terrorists are staying away from computer networks as weapons simply b/c they aren't as reliable or poignant as, say, a suicide bomber? > > Michele Zanini, a consultant with the think-tank > > McKinsey and Company, said terrorist groups such as al-Qaeda > > were already making huge use of the web for communications, > > propaganda, recruitment and target data. > > Never heard of them, but it must be a think-tank full of stagnant > thoughts and conventional thinking. The web and internet is a > communication medium.....a tool.....criminals use it to plan > traditional crimes, it's only natural that a terrorist would use it > for such purposes too. Not only is this "think-tank" largely unheard of (what happened...the magazine couldn't get a sound bite from Gartner or RAND?), but it's old news. Wasn't it about a year ago that a "news" story about terrorists using steganography and porno Usenet groups to communicate? > This is NOT new. What we also forget is that just because something > CAN be used as a weapon doesn't mean it WILL, either. Correct. Maybe it's better to chalk this one up to the author of the article (a media-hound looking for something sensational) rather than to whomever he quoted. I'm sure most folks who do authorize a quote or two have found that many times the quotes are used out of context. > > Another expert, Rand Europe senior policy analyst > > Kevin O'Brien said there was potential for terrorists to > > cause huge losses to the West by damaging information technology > > systems. > > We have that now, but nobody seems to give a hoot. At least it's a quote from an organization we've heard of. But again, we're back to "potential"..."could"...that sort of thing. > It's called Microsoft and the incessant amount of security problems > costing how many billions to address, and most of the problems NEVER > FULLY GO AWAY. If you're worried about cyber-security, why not > point the finger and take action against a known cause of repeated > and quite significant problems and vulnerabilities we ALREADY KNOW > where they come from? While Microsoft does produce products that are full of holes, one thing needs to be understood. Take a look at the recent articles about the "Deceptive Duo" and the nmap scans of some of their "victims" on AllDas.org. Microsoft systems with NetBIOS ports exposed to the Internet. At least one article quoted the DD as saying they broke in by way of weak passwords on user accounts. In one case, MS-SQL server was exposed to the Internet w/ an admittedly (by a spokesman for the victim) "weak password". At that point, whose fault does it become? MS for producing products, or the admins for not allowing two neurons to interact and pass chemical messages back and forth, thereby allowing them to form a "thought" to protect their networks? After all, even MS put out information on how to protect IIS servers...one of the instructions was to disable unnecessary script mappings. Code Red demonstrated that most IIS admins seem to be illiterate. > I guess it's still easier to point the fingers for our INFOSEC > problems at shadowy cyber-terrorists and such, thereby ducking blame > and avoiding responsibility for the current state of world > information insecurity. Not easier. Remember, Rick, it's the media that's doing this sort of finger pointing. Why? B/c it's "cool" and sensational. Take this Kevin O'Brien from RAND...he's an "expert", reportedly, but of what? Who recognizes Mr. O'Brien's credibility as an "expert" at anything? I'm not trying to disparage Mr. O'Brien, b/c I don't know him...but the author of the original article simply expected his readers to accept this fact, that's all. > > Dr Zanini and Dr O'Brien were speaking at an international > > conference on global terror in Hobart. > > > > Dr O'Brien said Western-developed IT had become > > the "great equaliser" as it was exploited by terrorists > > and rogue states. > > Yeah, and the electron is the ultimate guided weapon, like former > DCI Deutch said. What a crock. Yeah, Deutch. The DCI who took classified info home to his unprotected PC...the one his kid played games on. Great source. Perhaps Dr. O'Brien's quote has significance...after all, anyone can call up Dell and order a bunch of systems. In fact, someone purchasing a gross of computer systems from Dell today will be an a far better footing than some corporations who haven't upgraded their systems in...6 months. A year. > > He said the cyber world was chaotic and without boundaries > > and Western security agencies were traditionally ill-equipped > > to deal with its threats. > > Agreed. They have a hard enough time keeping their own systems > secured. Sure. But I don't think this is an issue just for Western security agencies. Wasn't it the Brits who had a laptop stolen during Desert Shield? Sure, I know the State Dept. has done a much better job of loosing laptops, but it's not an issue unique to the West. > > In the wake of September 11, it was clear terrorists were using > > the internet as a weapon of war, the experts said. > > "Weapon of war"??? Sensational fear-mongering. No doubt! Who is this clear to? Not to me! Obviously not to you, Rick. So...who? > They also used airplanes as a real and quite deadly 'weapon of war' > but nobody here seems to remember that. Under these guys' > definitions, a USG visa, fraudulent drivers' licenses, and a copy of > the Koran would be 'weapons of war' too.... So would an ATM debit card. But how do the trips to WalMart and T&A bars fit in? > > Terrorists used the net to gather intelligence, including target > > information, and counter-intelligence. > > Net notwithstanding, it didn't take a genius to know where the WTC > was. Yeah, big deal. Anyone can use the 'Net to gather intelligence. There are plenty of books and sites out there that talk about this. But like you said, it doesn't take a genius to see the Pentagon or WTC from the air, particularly when you're right over it. > > They made and moved money on it and were suspected of even > > manipulating stocks for profit. > > Gee. Maybe al-Qaeda sat on the Enron Board... More FUD..."suspected". By whom? If they were suspected, and it wasn't proven, why mention it? Or, why not quote whomever stated this? Nope, can't do that...not sensational enough. Rick, I think you're really pointing out here that it isn't weaknesses in the infrastructure...we know this, and they're more political than technological...but the need for far too many "journalists" to justify their existance with over-sensationalized garbage. Just the fact that we're discussing (or rebutting) the article gives it credence. After all, it's clear that the "journalist's" intention wasn't to produce an accurate article...it was to get paid. > > They could also use it for worldwide planning and coordination, > > propaganda, psychological terrorism and rumour-mongering. > > Old news. Regarding propaganda, psyops, and rumor-mongering, the > net's been used for this for years. Rumor-mongering? Interesting...isn't that exactly what the media is doing with this article? > > Dr O'Brien said the danger to business was of great concern, > > with some websites particularly vulnerable. Yeah, some are. So what? They're web sites. The NYSE isn't tied directly into their public web site. The author of this article doesn't seem to realize that defacing web sites is as passe as the graffiti on highway overpasses. > > Companies could also be damaged through extortion, brand > > destruction and fraud. > > That already happens, but terrorists aren't to blame. Yeah, no doubt. Wait...wouldn't that make the senior management of companies like Enron and Winstar "terrorists"? I mean, both companies laid off thousands of workers and for all intents and purposes have disappeared due to fraud, etc. > I need more coffee now. Me, too. See you at Starbucks... - ISN is currently hosted by Attrition.org To unsubscribe email firstname.lastname@example.org with 'unsubscribe isn' in the BODY of the mail. - ISN is currently hosted by Attrition.org To unsubscribe email email@example.com with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue May 14 2002 - 14:27:31 PDT