[ISN] 'Black Ice: The Invisible Threat of Cyber-Terrorism' by Dan Verton

From: InfoSec News (isnat_private)
Date: Tue Aug 12 2003 - 02:27:31 PDT

  • Next message: InfoSec News: "[ISN] Slovenian hacker found shot dead"

    http://www.washingtonpost.com/wp-dyn/articles/A31867-2003Aug7.html
    
    BLACK ICE 
    The Invisible Threat of Cyber-Terrorism 
    By Dan Verton
    McGraw-Hill/Osborne. 312 pp. $24.99 
    
    Reviewed by Clive Thompson
    Sunday, August 10, 2003; Page BW04 
    
    Not long ago, cyber-terrorists were Public Enemy Number One. In the
    summer of 2000, a malicious, reclusive hacker released a computer
    virus called "I Love You" that raced around the globe, destroying $10
    billion worth of data. Spies worldwide scrambled to hunt him down, and
    newspapers ran horrified above-the-fold coverage. Cyberspace seemed
    like the scariest place on Earth.
    
    Then two planes flew into the World Trade Center -- and the real,
    physical world became instantly scarier. Terrorists were real, but
    they weren't invading our desktops, and they weren't even very
    technologically innovative. On the contrary, their tools of choice --
    box cutters -- were so savage and low-fi they wouldn't have been out
    of place in an invasion of a suburban home.
    
    Explosions, destroyed buildings -- that's the stuff that scares the
    pants off America. So ever since Sept. 11, it's been hard to get
    worked up about hackers, viruses and digital mayhem. It all seems like
    a narcissistic indulgence of the dot-com era, when the Internet was
    the biggest thing going. When a Manhattan friend recently saw me
    reading a copy of Black Ice, he scoffed: "That stuff is crap. They're
    not gonna attack us on the 'Net. They're going to set off car bombs in
    Times Square. They want dead bodies."
    
    This, in a nutshell, is what the book's author, Dan Verton, is up
    against. Because he argues that terrorists are indeed developing a new
    generation of cyberattacks -- and they'll be far worse than anything
    we could imagine, precisely because we aren't guarding against them.  
    Verton is as credible a digital Cassandra as you can get; he is a
    former intelligence officer, and his superb investigative journalism
    for Computerworld magazine recently forced American Airlines to clamp
    down on its lax wireless technology, which left bag-checking devices
    open to be messed with.
    
    Some of the examples Verton unearths are certainly spooky. Back in
    1996, a Swedish teenager remotely generated so many calls to 911 in
    southern Florida that he tied up the system. Another hacker today is
    developing a virus that can commandeer mobile phones and have them
    similarly flood 911 with phantom calls. Or consider the power grid: In
    the six months following the World Trade Center attacks, security
    companies logged 129,000 intrusions, many of which "appeared to be
    sponsored by governments or organizations in the Middle East," as
    Verton darkly notes. Imagine no electricity for, say, an entire week:  
    food rotting, crime surging, no phones, and business ground to a halt.
    
    Which is Verton's point: Genuine cyberterrorism will be as physical as
    a punch to the gut. Who cares about teenage hackers defacing Web sites
    with misspelled taunts and pictures of porn stars? Let 'er rip, kids.  
    You're only hurting our browsers. Al Qaeda, Verton suggests, would use
    the virtual world merely as a vehicle with which to attack the real
    one, and leave plenty of dead bodies. Verton envisions "swarming
    attacks," combinations of virtual and physical blows: A dirty bomb
    blows up in Washington, D.C., while a cyberattack wreaks havoc at the
    nearby hospitals.
    
    And whoops -- as Verton discovers, those hospital computers aren't
    terribly well guarded. Neither are those of banks, airline systems and
    most utilities. This is because they're for-profit concerns, and,
    frankly, security is expensive and inefficient and cuts down on
    profits. This is a weird turning point in national security. In the
    old days, the government controlled the important borders of sea, air
    and land. But now, folks like Merrill Lynch and Verizon -- and, for
    that matter, you sitting there at your computer -- control the data
    borders. For the first time, a big part of national security is at the
    mercy of a rather indifferent free market. This is not to suggest that
    massive government regulation would be a necessarily better answer; it
    was, after all, the Bush administration that out-Orwelled Orwell by
    patching together the Total Information Awareness program. Just
    imagine the government's paranoid clampdown after the first big
    terrorist cyberstrike takes place.
    
    Or, should I say, if it takes place. In the end, Verton never offers
    up a smoking gun. There may well be Al Qaeda hackers out there
    perfecting evil ways to commandeer air-traffic-control systems. But if
    there are, we never meet them via any first-hand reporting. Verton
    doesn't wear out his shoe leather hunting through Afghanistan and
    Pakistan for these guys; indeed, he rarely seems to leave his desk.  
    Rather, he relies hawkishly on government reports that nervously
    prophesy cyberchaos. And these reports are, unfortunately, maddeningly
    hypothetical: This terribly-bad-thing might happen; that
    even-more-awful-thing could take place. This makes them somewhat hard
    to trust, in the wake of our "Where's Waldo?" hunt for Iraq's supposed
    weapons of mass destruction. Trumping up threats to keep defense
    budgets fat is the oldest game played by Pentagon insiders.
    
    Still, as a longtime computer geek, I've seen how brittle, complex and
    friable computer systems can be. It's possible that Verton is simply
    wrong. But if he's right . . . we'll pine for the days when the worst
    thing a virus could do was waste $10 billion. •
    
    Clive Thompson writes for Wired, the New York Times Magazine and
    Details. He can be reached at cliveat_private
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Aug 12 2003 - 05:46:41 PDT