[ISN] At least 100 countries building cyber weapons - expert

From: InfoSec News (isnat_private)
Date: Wed Sep 25 2002 - 00:22:12 PDT

  • Next message: InfoSec News: "[ISN] Getting a copy of the UK "dossier""

    Forwarded from: Jei <jeiat_private>
    By John Lettice
    Posted: 24/09/2002 at 10:09 GMT
    Cyberterrorism hyping has reached new heights - according to a report
    in the Melbourne Herald Sun, at least. The Herald quotes expert
    Matthew Devost, speaking at a meeting at the US consulate there
    recently, as claiming the CIA believes at least 100 countries are
    investigating waging war by computer, or cyberterror.
    Mr Devost is proprietor of terrorism.com, incidentally, which is
    something of a misnomer, as he's in the counter-terrorism game. Should
    any bona fide terrorist take him to the ICANN disputes panel we fear
    he'd be on difficult ground. But 100 countries? Could the CIA possibly
    believe this? Who are these countries?
    "How many do we need to worry about - six? Twelve?," Devost is quoted
    as saying. "What are the capabilities of number 100 on the list?"
    Disappointingly, it turns out that "a lot of questions haven't been
    answered." So we've no idea what the point of saying 100 countries are
    working on it is, aside from trying to grab headlines.
    The CIA itself, in the shape of its most excellent World Fact Book,
    reveals (as of July 1st 2001) that the top 100 countries by GDP per
    capita is headed by Luxembourg, with Gabon coming in at number 100.
    Per capita GDP is however clearly a hopeless yardstick to try to
    estimate cyberterror capability against. There are a lot of names in
    the top 100 (San Marino? Aruba?) that sound improbable proprietors of
    cyberwarefare development programmes, and some obvious suspects who
    are just to poor to make it. Yugoslavia, for example, is there way
    down at 160, and we seem to recall the locals nevertheless being
    pretty handy when it comes to the deployment of cyber weapons.
    So GDP doesn't really work. How about Internet connections? One can of
    course wreak a deal of havoc with just one Internet connection, but
    the number of them in a country ought to provide some kind of measure
    of the potential raw expertise. This chart here isn't ordered, nor is
    it weighted by population, and the figures are a tad old. But there
    are somewhere in excess of 30 countries with more than a million
    people connected. Again, it's a very rough yardstick, and our friends
    in Yugoslavia are still nowhere near the cut. However, the more you
    look at the list, the less probable it seems that you can drag out 100
    with even the capability for a stupid, futile and laughable stab at a
    cyberweapons development programme.
    So maybe you just go anecdotal. Start with major, rich economies with
    developed IT businesses. Add other economies known to have expertise
    and/or strategic plans in that area (so India definitely qualifies on
    expertise, China on both). Cross out the ones who don't have serious
    armies (e.g. Andorra). Add in a couple of mad dictators. Add in those
    with money and known agendas. Add in anybody you don't like. Add
    anybody whose justice minister has pissed-off the White House
    recently. On our turn through the whole list on this basis, we come to
    a total of approximately 60, many of whom are barely credible and who
    would only be counted by the most paranoid and drug-addled CIA
    For example, we included the Vatican on the basis of money and known
    agenda, and Finland and Estonia on the basis of sheer cleverness
    (nothing personal people, we mean to flatter). We offer our services
    to the CIA should it wish to recruit a research capability willing to
    try to justify future ludicrous claims in exchange for money.
    Mr Devost himself seems an intriguing cove. He is co-author of
    "Information terrorism - can you trust your toaster?", which won the
    1996 Sun Tzu Art of War Research Award (disappointingly, we are unable
    to identify any other winners of this award, which in any event seems
    to be no more). This document includes the phrase "digital Pearl
    Harbor," which may be one of the first recorded uses of the
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed Sep 25 2002 - 03:05:19 PDT