[ISN] Of mad snipers and cyber-terrorists

From: InfoSec News (isnat_private)
Date: Tue Oct 29 2002 - 02:56:06 PST

  • Next message: InfoSec News: "[ISN] More people using - and losing - PDAs"

    Forwarded from: Bob <bobat_private>
    By Thomas C Greene in Washington
    Posted: 29/10/2002 at 01:34 GMT
    Last Monday the Internet was attacked in what one Washington official 
    described as "the most sophisticated and largest assault" in its 
    history. Eight of thirteen root DNS servers got whacked simultaneously 
    with a distributed denial of service attack. Had the assault not been 
    shut down in an hour, the constant interchange of e-mail spam and 
    viruses might have been slowed; the ability of millions to BS idly 
    with strangers in IRC might have been impeded; e-commerce orders of 
    bulk dog food might have gone unfulfilled; and millions of teenagers 
    might have been denied their daily downloads of porn and warez and 
    None of this happened, of course. Somehow, the Internet survived. It 
    survived against the dire warnings of White House alarm divas Richard 
    Clarke and Howard Schmidt. It survived against the patently faked 
    predictions of Gartner Experts who recently conducted devastating 
    cyber 'war games' but sleazily neglected to involve a blue team and 
    sleazily neglected to emphasize this curious fact. Had there been 
    people working against the Gartner pseudo attack squads, as there 
    would be in the real world, their pseudo results would have been 
    vastly different. 
    As it turns out, in the real world there are 'blue teams' capable of 
    shifting in difficult situations and putting up obstacles to the 'most 
    sophisticated attack in the history of the Internet' (actually it was 
    a monumentally crude attack, but let's not quibble). Airplanes were 
    not crashed by hackers -- nor will they be so long as pilots continue 
    to fly them rather than Web bots. The flood gates of dams were not 
    opened and no villages were swept away. Chemical additives were not 
    incorporated into foodstuffs in toxic quantities because there are 
    humans working on the production lines. The vast torrents of spam and 
    viruses continued circulating. All was right with the world. 
    Now, admittedly there are better attacks against DNS than some 
    boneheaded packet flood, like cache poisoning for example. But this 
    has been done and no doubt the 'blue teams' have a pretty good idea 
    how to deal with it. Then of course there are 0-day exploits that no 
    one is quite sure how to defend against or recover from because we 
    haven't seen them yet, but here again so long as the equipment is in 
    the hands of normal, adaptive humans, it should get sorted in a 
    reasonable time. 
    And so what if DNS goes down for a while. So what if the Internet 
    slows. What's the worst that can happen? A few million Net addicts 
    will have to go out and get some exercise for a change. 
    You'll put your eye out 
    What this big, non-incident illustrates is the fact that people are 
    capable of dealing with unexpected difficulties in spite of 
    bureaucratic insistence to the contrary. The bureaucrats who devote 
    their lives to interfering with ours tell us that we're weak and 
    stupid and incapable of managing our affairs without their guidance 
    and protection and improvement schemes. 
    Of course this has more to do with their own neuroses and Messiah 
    complexes than the incompetence of ordinary folk. A certain number of 
    deranged people believe they're superior to the general run of mankind 
    and feel uniquely qualified to wield authority and regulate the lives 
    of others. Most of these tortured souls end up among the ranks of 
    bureaucrats, politicians, teachers, televangelists, social workers and 
    'mental-health professionals'. The worst are the bureaucrats and 
    politicians; they wield the greatest power, and exposure to this 
    addictive intoxicant inevitably leads them to underestimate the rest 
    of us to the greatest extent. 
    So we hear the Messianic cries: the "electronic Pearl Harbor" of 
    Richard Clarke; the deadly electronic attacks on "America's soft 
    underbelly" predicted by former NIPC honcho Michael Vatis; and 
    ex-Microserf Howard Schmidt's new slogan, "weapons of mass disruption" 
    -- all signifying horrors about to boil up from the depths of the 
    Internet and destroy our way of life. 
    Real disruption 
    Meanwhile, as Reg readers know, I live well within what, until recent 
    days, has been the Beltway Sniper's line of sight here in our nation's 
    capital. Two unemployed, ignorant losers humiliated and taunted the 
    best minds of our local and federal law-enforcement bureaucracy for 
    three weeks whilst making sport of innocent human beings going about 
    their daily business. 
    So for me it was particularly ironic to hear about cyber-terror and 
    'weapons of mass disruption' and kiddie attacks against DNS while at 
    the same time having, almost daily, a fresh opportunity to contemplate 
    the extraordinary fragility of the human body in competition with 
    high-velocity ammunition. 
    Unlike a kiddie packet flood, a rifle shot does tremendous and often
    irreparable damage to the bodies and lives of people. Consider the
    tiny .223 Remington. Weighing anywhere from 50 to 75 grains (or a mere
    one-eighth of an ounce) and traveling anywhere from 2800 to 3800 feet
    per second, it strikes with up to 1400 foot-pounds of kinetic energy.
    [1] Because of its small diameter and diminutive weight, we might
    expect it to do only local damage along its trajectory; but the .223
    unfortunately has a tendency to exhibit yaw during penetration and to
    break up, especially if it's a semi-jacketed round, which greatly
    increases its effects.
    Obviously as the bullet fishtails and breaks up, its forces and those 
    of its fragments will be transferred to surrounding tissues, spreading 
    the damage. Thus most of the sniper's victims died quickly; the few 
    who survived have sustained devastating, perhaps 
    permanently-crippling, internal injuries. [2] 
    The second thing our sniper did was change forever the lives of every 
    person close to his victims. In three weeks, with thirteen shots, a 
    pair of pathetic drifters caused, to hundreds of people, pain and loss 
    and suffering that will never go away, while the Internet suffered the 
    worst attack in its history and absolutely nothing came of it. 
    I'd like to hear Clarke or Schmidt or one of their fellow 
    cyber-alarmist bureaucrats explain publicly what a so-called 
    cyber-terrorist can accomplish that even approaches this sort of 
    damage. I'd like to see one of these superior creatures address the 
    friends and families of the sniper's victims and explain to them the 
    devastating horrors of Internet mischief and cyber-terrorism.
    [1] Hollywood action-film directors have done much to exaggerate the
    significance of a bullet's stated kinetic energy. This is calculated
    merely by multiplying half the mass of the moving object by the
    velocity squared. Far more important to the person struck is the rate
    and manner of the bullet's deceleration inside them, and its
    trajectory and the trajectories of its fragments in relation to vital
    organs and major blood vessels, all of which depends in each instance
    upon hundreds of variables. Suffice it to say that people shot do not
    fly backwards ten feet through the air. Of course this looks way cool
    on film, especially in slow motion with squibs full of stage blood
    bursting explosively, and has therefore become an established idiom of
    fictional ballistics. The chief myth at play here is that 'stopping
    power' is a function of kinetic energy. In fact it's a function of
    rapid blood loss and consequent loss of consciousness, which in turn
    depends on optimal wound-channel volume and bullet fragmentation --
    both of which tend to favour nicking a major blood vessel.
    [2] There is also a theory of 'hydrostatic shock' claiming that people
    shot by high-velocity rounds, even when major organs and blood vessels
    are missed, often die from internal injuries because a deadly wave of
    fluid pressure bangs up their innards beyond repair. I personally
    think it's an exaggeration at best, but many believe it to be a real
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Oct 29 2002 - 05:27:40 PST