(Fwd) CWD--Save the Nation; Eat a hacker

["lsi" <stuart () cyberdelix net>]

[flashback - not much has changed - FUD has a new face, but his modus
operandi remains the same. See also: http://en.wikipedia.org/wiki/FUD
 - Stu]

------- Forwarded message follows -------
From:                   "Meeks, Brock" <Brock.Meeks () MSNBC COM>
To:                     "'cwd () vorlon mit edu'" <cwd () vorlon mit edu>
Subject:                CWD--Save the Nation; Eat a hacker
Date sent:              Fri, 24 Sep 1999 11:25:39 -0700

CyberWire Dispatch // Copyright © 1999 // September 24, 1999

Jacking in from the "Snake in the Grass" Port:

Save the Nation; Eat a Hacker
By George Smith
CWD special correspondent

Richard Clarke, President Clinton's baleful counter-terrorism
guru on the National Security Council, has a plan to save us from
computerized terrorists. Actually, he appears to have lots of
plans but we're only going to talk about one today. And while
it's not particularly original, it's a real viper.

To save the nation from "electronic Pearl Harbor" -- you
know, that nebulous electronic doom that's supposed to be
creeping toward us from out of the gibbering dark of the
Internet -- Clarke democratically "suggested" recently that
the U.S. government could change laws that are impediments to
information assurance and security.

And these impediment laws would be?

Why, just the Freedom of Information Act, as well as antitrust
regulations and liability law.

Clarke was speaking for an extended interview published in the
August edition of Signal magazine, a quasi-military trade
publication whose editors get hard-ons over Pentagon electronic
technology and anything that would aid in the smiting of the
Department of Defense's alleged manifold computer enemies. Signal
is best known for an utterly weird April 1998 howler on an
alleged piece of attack software, called "Blitzkrieg," which was,
the magazine seriously told a readership of easily-gulled Pentagon
contractors, "more dangerous than nuclear weapons."

In one form or another the venomous idea to tamper with FOIA
has been bandied around in documents and studies on information
warfare since at least 1996, well before the appearance of
Clarke on the cyberscene. It is generally coupled to the linking of
the military and law enforcement to select industry "groups." The
intelligence agencies, Department of Defense and law enforcement
would then share classified or supposedly sensitive materials with
these ill-defined industrial groups so they could pool resources
to quickly thwart potential "electronic Pearl Harbors."

The head of the Federation of American Scientists' Secrecy and
Government Project, Steven Aftergood, explained the rationale,
or rather the lack of it, behind screwing with the FOIA.

"Modifying FOIA is the first thing everyone thinks of," said
Aftergood. "It's the one thing everyone can agree upon."

Whenever someone in the government or military writes something
on "electronic Pearl Harbor," they have to come up with a set
of recommendations, added Aftergood.  The no-brainer is to rip up
FOIA, one of the final ramparts used by citizens, as well as
journalists, in the preservation of open government.

The belief driving this, said Aftergood, is that, (1), industry
won't share any information on computer security problems with
government if it isn't shielded from FOIA because of the
potential for misuse by competitors, and, (2); "It's already
too easy to obtain information through FOIA . . . which is
ridiculous."

How ridiculous?

Rob Rosenberger, a well-known independent computer
security analyst and one of the U.S. military's first information
warriors, recently tried to use FOIA to dig up some simple
information about how the Air Force reacted to the Melissa
virus.

The Department of Defense has a rating system known as INFOCON.
It tries, emphasis on the word tries, to emulate the old DEFCON
system in that it is a way the military rates a threat and its
posture regarding the threat.

The conditions range from NORMAL, notes Rosenberger, which
means "no significant activity ("a theoretical optimum," he
notes dryly on his website, "[that] we cannot achieve if
we accept 14-yr-old hackers as a national security threat") to
ALPHA, an "increased risk of attack," -- all the way up
to  DELTA, signifying a "general attack. "

INFOCON DELTA computer incidents would "undermine [DoD's]
ability to function effectively [and would create a]
significant risk of mission failure," Rosenberger explains
on his website.

"INFOCON DELTA means the military treats the Internet as a
battlefield, complete with damaged PCs and smoldering
mousepads," added Rosenberger.

Rosenberger's FOIA request was simple. He asked a number of Air
Force agencies what their INFOCON status was from March 15 to
April 15, a window that covered the incidence of the Melissa
virus.

U.S. Air Force HQ in Europe was the only agency that answered
with its status -- INFOCON ALPHA.

The HQ Air Intelligence Agency "refused to disclose their
INFOCON status" on the grounds that "Unauthorized disclosure of
such information could reasonably be expected to cause serious
damage to national security. The document is currently
classified."

The presidential support unit, the 89th Comm Squadron, "passed
the buck to HQ Air Mobility Command . . . [which] passed the
buck to U.S. Transportation Command . . . which refused to
disclose such sensitive data, "the release of which would allow
circumvention and substantially hinder the effective performance
of a significant function.'"

The Air Force Office of Special Investigations didn't respond
due to a backlog of FOIA requests, noted Rosenberger.

This circle jerk of buck passing makes a mockery of the FOIA acronym:

"freedom of information Act."

And this is _before_ Richard Clarke protects us from
"electronic Pearl Harbor."

"Electronic Pearl Harbor," or EPH, in case you missed it, is a
descriptor that's been popularized by Alvin Toffler-types, ex-Cold
War generals, think tank scholars, national security mandarins,
assorted corporate windbags and too many hack journalists. Outside
the
Beltway, it might as well be an acronym for "electronic propaganda
and hype" since no convincing examples of the alleged uber-menace
from the Net have been seen since a first sighting of the phrase
in 1993.

Ironically, the utter lack of EPH since 1993 hasn't hindered
repeated mentions of it in the mainstream press in 1999.

Countless stories, among them Clarke's spiel for Signal, have run
on the subject this year, often seemingly the work of editors and
reporters ditching critical thinking on the subject in favor of
acting like children overcome by a joy of believing in scary stories.

And although there have been many government pointmen called upon
to carry the water for EPH during the decade, this year's prime
exponent has been Richard Clarke.

Normally, the Clarke/EPH mantra goes like this: An electronic attack
on the nation could do any and all of the following -- stop water
from coming out of the taps, turn off the electricity, rob food from
grocery stores, take all of your money from the bank, disconnect
911 service, and completely stymie the most powerful, if
muscle-bound, military in the history of the planet.

A secret 1997 Pentagon exercise called "Eligible Receiver" is
offered as proof that this is possible. Clarke invokes it
for the credulous and it has appeared literally hundreds of times
in news stories on EPH since 1997. "Eligible Receiver, " depending
upon where you read about it, consists of this:

Twenty friendly hackers, or 25, or between 30 and 35
friendly hackers, from -- the Pentagon, the National Security
Agency, or the Joint Staff, take your pick -- proved they could
take down the national power grid, take down 911 service nationwide,
disrupt troop movements, buy laptops, steal laptops, foul up
the military's command structure in southeast Asia, pose as
attacking North Koreans, compromise unspecified secret computer
systems, compromise unspecified public computer systems, and all
without getting their hair mussed, using off-the-shelf software or
hacker scripts trolled from the Net.

And you thought we had problems with the Y2K issue...

Details, of course, are secret.

However, despite Pentagon propaganda claims of the amazing
electronic prowess of the "Eligible Receiver" hackers,
said hackers appear to have been absent without leave
or about as effective as the concerted breaking of wind during
every significant real-world U.S. military engagement in the
past two years.

Osama Bin Laden? We sent cruise missiles, on the advice of
our man, Richard Clarke, by the way. Some of them hit the
wrong target. Saddam Hussein? Judging from empirical evidence, a
man seemingly impervious to electronic Pearl Harbor.

Slobodan Milosevic and the Serbian Army? It was "the first cyberwar,"

claimed the Pentagon's John Hamre. Hold it right there, buddy.
It wasn't Pentagon hacker hocus pocus turning out the lights and
TV in Belgrade and smashing the bridges over the Danube. Lots of
cruise missiles, cluster bombs, fancy chaff dispensers and JDAMS
wrecked things the old-fashioned way.

Having dispensed with the taxpayer-funded myth of "Eligible
Receiver," the other main proof offered by the Clarke's and EPH
proponents of the nation is citation after numbing citation, some
of them apocryphal, of things like the prevalence of computer
viruses in corporate America or teenagers who enjoy defacing
government and military websites.

Consider this: To date there have been no unclassified studies,
let me repeat that, no unclassified studies,
that convincingly explain in technically sophisticated and detailed
examples how precisely, for instance, teenage hackers could
suddenly gain the power to keep bombs from falling on a Belgrade
or how computer viruses, which have been infecting corporate and
government systems in good numbers for more than a decade with no
more than annoying results, could suddenly transform into weapons
of mass destruction capable of turning off the water and power
nationwide.

So, let's put the whole thing in perspective. Because of a
potential for "electronic Pearl Harbor" and threats
to computer security posed by teenagers and nincompoop virus
writers, which the military already won't discuss openly
even under threat of FOIA, it is necessary, says our man Clarke,
to make FOIA even more toothless.  Now that's a plan!

In the late 1860's, a con man induced a farmer near
Syracuse, New York, to bury a cheap gypsum statue that had been
crudely altered to resemble a giant, fossilized man. The statue
was then "discovered" and proclaimed "the Cardiff giant," the
scary remains of a specimen of a lost race said to have
wandered the hills prior to the coming of man.

Although immediately dubbed a fake by a few who smelled a
rat, there was a great deal of popular acceptance of "the Cardiff
giant," which spilled over into the news media of the time.

Andrew D. White, the first president of Cornell University and
one of the "giant's" earliest skeptics, remarked in his memoirs
of the affair: "There was evidently a 'joy in believing' in the
marvel, and this was increased by the peculiarly American
superstition that the correctness of a belief is decided by the
number of the people who can be induced to adopt it."

Like "the Cardiff giant," EPH is accompanied by plenty of
acceptance by the news media and a "joy in believing"
in the absence of compelling proof. However, the people
of the late 1860's didn't have to endure a Richard Clarke
attempting to tamper with open government under the guise
of protecting them from the damn bogus thing.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

George Smith, Ph.D., is editor of "Crypt Newsletter," you can contact
him
at:
crypt () sun soci niu edu.
================================================================

EDITOR'S NOTE:  CyberWire Dispatch, with an Internet circulation
estimated
at more than 600,000 is now developing plans for a once-a-week e-mail
publication.
Every week, one of five well-known investigative reporters will file
for
CWD.  If you think your company or organization would be interested
in more
information about establishing an sponsorship relationship with
CyberWire
Dispatch, please contact Lewis Z. Koch at lzkoch () wwa com.

===================

To subscribe to CWD, send a message to:

        Majordomo () vorlon mit edu

No subject needed.

In the first line of the message put:

        Subscribe CWD

To remove yourself from this list, send a message to:

        Majordomo () vorlon mit edu

No subject needed.

In the first line of the message put:

        Unsubscribe CWD


------- End of forwarded message -------

---
Stuart Udall
stuart at () cyberdelix dot net - http://www.cyberdelix.net/

---
 * Origin: lsi: revolution through evolution (192:168/0.2)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/