On Mon, Aug 27, 2001 at 05:55:56PM -0500, Michael J. Cannon wrote: > > For those that joined this thread late, again, I am not saying these ARE the > authors, I am advocating that we use this opportunity as a 'tactical > exercise' in a well-known public forum, to show the public what tools are > used and some of the procedures for tracking down these incidents. If this > is not the correct forum, I expect the relevant authorities (the list > moderator/admin) will tell us (and maybe make a suggestion on where would be > more appropriate). I will agree that this is a reasonable idea. This is, of course, FAR short of what the most likely public response is going to be (hell, already is): Congress and the talking heads are going to call for new, more stringent laws, public floggings, maybe executions... oh, wait, they've only _implied_ that so far. <grin> > Finally, for any lurkers from the press: I don't believe that this is in > any way 'cyber-terrorism,' whoever perpetrated 'Code Red,' its variants, or > virii like SirCam. I don't believe that the TAO and their sibling > organizations are terrorists. I don't believe whoever created Code Red is a > terrorist. Terrorism kills people, not networks and computers. Terrorism > costs lives and limbs, not money and bandwidth/inconvenience. What goes on > in Israel/Palestine, Macedonia/Yugoslavia, Sri Lanka and elsewhere is > terrorism. Erm... _In the main,_ I agree with you - but, just to play the devil's advocate, what happens when someone crashes a hospital's network, or something similar where life does indeed equal the machine being up? The issue is not quite all that black-and-white. > The computer security community is on the job and we do care. We want to > make the Internet a safer place for communities and commerce. But to call > any of what our opposition does 'terrorism' is to demean the lives and > efforts of those who risk their lives combating that FAR more grievous > menace. Bruce Schneier has said we in the security industry have lost the > battle with the press when it comes to 'hacker' vs. 'cracker.' Let us not > allow the press to portray activists, curious children, petty criminals and > misguided individuals in the same way they do the animals that kill people > with guns and bombs. 'Hacktivism' and electronic civil disobedience are > better terms more amenable to the result of the crime. Erm... no, sorry, try again. "Hacktivism" is a positively-loaded term; I see very few (note that I carefully do not say "no") positive facets to cracking, and while cracking may on occasion be an instance of "hacktivism", confuting the two, IMO, is an even _worse_ evil than the "hacking/cracking" confusion. "Electronic civil disobedience"... I believe that I'm expressing the common sentiment that this sounds like marketroid-speak, and will be accepted to about the same degree; i.e., "sounds like bullshit to me!" Catchy phrases have their place; this one does not fit. It's not even catchy. Worse yet, the concept itself does not fit. Cracking may not be terrorism, but it's not a harmless prank, either. Some folks might see it as "well, gee, it only hurts these companies - no big deal!" *WRONG*. "These companies" are someone's blood, sweat, and tears; often, a whole lot of someones. I speak as a man who has "raised" a company from scratch, ran it for a number of years, and then watched it die (not this crash; this was the '80s.) Buddy, lemme tell ya... if I caught someone destroying that company's resources, the resources that I painstakingly built up one penny at a time, I would skin the bastard with a dull file and spread the salt liberally. Crackers love to hide behind the shielding image of the rebel, the revolutionary. Puh-lease. A 13-year-old script kiddie is not a revolutionary; he's out to satisfy his adolescent curiosity and doesn't care in the least about the cost to others. Cracking is nothing but wanton destruction of someone's resources; end of story. Terrorism? No. Innocent exploration? Not that, either. Not by a *damn* long shot. Ben Okopnik -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Criminals do not die by the hands of the law. They die by the hands of other men. -- George Bernard Shaw ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sat Sep 01 2001 - 10:53:45 PDT