Forwarded from: Bob <bobat_private> http://www.theregister.co.uk/content/6/27819.html By Thomas C Greene in Washington Posted: 29/10/2002 at 01:34 GMT Last Monday the Internet was attacked in what one Washington official described as "the most sophisticated and largest assault" in its history. Eight of thirteen root DNS servers got whacked simultaneously with a distributed denial of service attack. Had the assault not been shut down in an hour, the constant interchange of e-mail spam and viruses might have been slowed; the ability of millions to BS idly with strangers in IRC might have been impeded; e-commerce orders of bulk dog food might have gone unfulfilled; and millions of teenagers might have been denied their daily downloads of porn and warez and MP3s. None of this happened, of course. Somehow, the Internet survived. It survived against the dire warnings of White House alarm divas Richard Clarke and Howard Schmidt. It survived against the patently faked predictions of Gartner Experts who recently conducted devastating cyber 'war games' but sleazily neglected to involve a blue team and sleazily neglected to emphasize this curious fact. Had there been people working against the Gartner pseudo attack squads, as there would be in the real world, their pseudo results would have been vastly different. As it turns out, in the real world there are 'blue teams' capable of shifting in difficult situations and putting up obstacles to the 'most sophisticated attack in the history of the Internet' (actually it was a monumentally crude attack, but let's not quibble). Airplanes were not crashed by hackers -- nor will they be so long as pilots continue to fly them rather than Web bots. The flood gates of dams were not opened and no villages were swept away. Chemical additives were not incorporated into foodstuffs in toxic quantities because there are humans working on the production lines. The vast torrents of spam and viruses continued circulating. All was right with the world. Now, admittedly there are better attacks against DNS than some boneheaded packet flood, like cache poisoning for example. But this has been done and no doubt the 'blue teams' have a pretty good idea how to deal with it. Then of course there are 0-day exploits that no one is quite sure how to defend against or recover from because we haven't seen them yet, but here again so long as the equipment is in the hands of normal, adaptive humans, it should get sorted in a reasonable time. And so what if DNS goes down for a while. So what if the Internet slows. What's the worst that can happen? A few million Net addicts will have to go out and get some exercise for a change. You'll put your eye out What this big, non-incident illustrates is the fact that people are capable of dealing with unexpected difficulties in spite of bureaucratic insistence to the contrary. The bureaucrats who devote their lives to interfering with ours tell us that we're weak and stupid and incapable of managing our affairs without their guidance and protection and improvement schemes. Of course this has more to do with their own neuroses and Messiah complexes than the incompetence of ordinary folk. A certain number of deranged people believe they're superior to the general run of mankind and feel uniquely qualified to wield authority and regulate the lives of others. Most of these tortured souls end up among the ranks of bureaucrats, politicians, teachers, televangelists, social workers and 'mental-health professionals'. The worst are the bureaucrats and politicians; they wield the greatest power, and exposure to this addictive intoxicant inevitably leads them to underestimate the rest of us to the greatest extent. So we hear the Messianic cries: the "electronic Pearl Harbor" of Richard Clarke; the deadly electronic attacks on "America's soft underbelly" predicted by former NIPC honcho Michael Vatis; and ex-Microserf Howard Schmidt's new slogan, "weapons of mass disruption" -- all signifying horrors about to boil up from the depths of the Internet and destroy our way of life. Real disruption Meanwhile, as Reg readers know, I live well within what, until recent days, has been the Beltway Sniper's line of sight here in our nation's capital. Two unemployed, ignorant losers humiliated and taunted the best minds of our local and federal law-enforcement bureaucracy for three weeks whilst making sport of innocent human beings going about their daily business. So for me it was particularly ironic to hear about cyber-terror and 'weapons of mass disruption' and kiddie attacks against DNS while at the same time having, almost daily, a fresh opportunity to contemplate the extraordinary fragility of the human body in competition with high-velocity ammunition. Unlike a kiddie packet flood, a rifle shot does tremendous and often irreparable damage to the bodies and lives of people. Consider the tiny .223 Remington. Weighing anywhere from 50 to 75 grains (or a mere one-eighth of an ounce) and traveling anywhere from 2800 to 3800 feet per second, it strikes with up to 1400 foot-pounds of kinetic energy.  Because of its small diameter and diminutive weight, we might expect it to do only local damage along its trajectory; but the .223 unfortunately has a tendency to exhibit yaw during penetration and to break up, especially if it's a semi-jacketed round, which greatly increases its effects. Obviously as the bullet fishtails and breaks up, its forces and those of its fragments will be transferred to surrounding tissues, spreading the damage. Thus most of the sniper's victims died quickly; the few who survived have sustained devastating, perhaps permanently-crippling, internal injuries.  The second thing our sniper did was change forever the lives of every person close to his victims. In three weeks, with thirteen shots, a pair of pathetic drifters caused, to hundreds of people, pain and loss and suffering that will never go away, while the Internet suffered the worst attack in its history and absolutely nothing came of it. I'd like to hear Clarke or Schmidt or one of their fellow cyber-alarmist bureaucrats explain publicly what a so-called cyber-terrorist can accomplish that even approaches this sort of damage. I'd like to see one of these superior creatures address the friends and families of the sniper's victims and explain to them the devastating horrors of Internet mischief and cyber-terrorism.  Hollywood action-film directors have done much to exaggerate the significance of a bullet's stated kinetic energy. This is calculated merely by multiplying half the mass of the moving object by the velocity squared. Far more important to the person struck is the rate and manner of the bullet's deceleration inside them, and its trajectory and the trajectories of its fragments in relation to vital organs and major blood vessels, all of which depends in each instance upon hundreds of variables. Suffice it to say that people shot do not fly backwards ten feet through the air. Of course this looks way cool on film, especially in slow motion with squibs full of stage blood bursting explosively, and has therefore become an established idiom of fictional ballistics. The chief myth at play here is that 'stopping power' is a function of kinetic energy. In fact it's a function of rapid blood loss and consequent loss of consciousness, which in turn depends on optimal wound-channel volume and bullet fragmentation -- both of which tend to favour nicking a major blood vessel.  There is also a theory of 'hydrostatic shock' claiming that people shot by high-velocity rounds, even when major organs and blood vessels are missed, often die from internal injuries because a deadly wave of fluid pressure bangs up their innards beyond repair. I personally think it's an exaggeration at best, but many believe it to be a real effect. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Oct 29 2002 - 05:27:40 PST