Full Disclosure mailing list archives
(Fwd) CWD--Save the Nation; Eat a hacker
From: "lsi" <stuart () cyberdelix net>
Date: Fri, 11 Aug 2006 12:36:12 +0100
[flashback - not much has changed - FUD has a new face, but his modus operandi remains the same. See also: http://en.wikipedia.org/wiki/FUD - Stu] ------- Forwarded message follows ------- From: "Meeks, Brock" <Brock.Meeks () MSNBC COM> To: "'cwd () vorlon mit edu'" <cwd () vorlon mit edu> Subject: CWD--Save the Nation; Eat a hacker Date sent: Fri, 24 Sep 1999 11:25:39 -0700 CyberWire Dispatch // Copyright © 1999 // September 24, 1999 Jacking in from the "Snake in the Grass" Port: Save the Nation; Eat a Hacker By George Smith CWD special correspondent Richard Clarke, President Clinton's baleful counter-terrorism guru on the National Security Council, has a plan to save us from computerized terrorists. Actually, he appears to have lots of plans but we're only going to talk about one today. And while it's not particularly original, it's a real viper. To save the nation from "electronic Pearl Harbor" -- you know, that nebulous electronic doom that's supposed to be creeping toward us from out of the gibbering dark of the Internet -- Clarke democratically "suggested" recently that the U.S. government could change laws that are impediments to information assurance and security. And these impediment laws would be? Why, just the Freedom of Information Act, as well as antitrust regulations and liability law. Clarke was speaking for an extended interview published in the August edition of Signal magazine, a quasi-military trade publication whose editors get hard-ons over Pentagon electronic technology and anything that would aid in the smiting of the Department of Defense's alleged manifold computer enemies. Signal is best known for an utterly weird April 1998 howler on an alleged piece of attack software, called "Blitzkrieg," which was, the magazine seriously told a readership of easily-gulled Pentagon contractors, "more dangerous than nuclear weapons." In one form or another the venomous idea to tamper with FOIA has been bandied around in documents and studies on information warfare since at least 1996, well before the appearance of Clarke on the cyberscene. It is generally coupled to the linking of the military and law enforcement to select industry "groups." The intelligence agencies, Department of Defense and law enforcement would then share classified or supposedly sensitive materials with these ill-defined industrial groups so they could pool resources to quickly thwart potential "electronic Pearl Harbors." The head of the Federation of American Scientists' Secrecy and Government Project, Steven Aftergood, explained the rationale, or rather the lack of it, behind screwing with the FOIA. "Modifying FOIA is the first thing everyone thinks of," said Aftergood. "It's the one thing everyone can agree upon." Whenever someone in the government or military writes something on "electronic Pearl Harbor," they have to come up with a set of recommendations, added Aftergood. The no-brainer is to rip up FOIA, one of the final ramparts used by citizens, as well as journalists, in the preservation of open government. The belief driving this, said Aftergood, is that, (1), industry won't share any information on computer security problems with government if it isn't shielded from FOIA because of the potential for misuse by competitors, and, (2); "It's already too easy to obtain information through FOIA . . . which is ridiculous." How ridiculous? Rob Rosenberger, a well-known independent computer security analyst and one of the U.S. military's first information warriors, recently tried to use FOIA to dig up some simple information about how the Air Force reacted to the Melissa virus. The Department of Defense has a rating system known as INFOCON. It tries, emphasis on the word tries, to emulate the old DEFCON system in that it is a way the military rates a threat and its posture regarding the threat. The conditions range from NORMAL, notes Rosenberger, which means "no significant activity ("a theoretical optimum," he notes dryly on his website, "[that] we cannot achieve if we accept 14-yr-old hackers as a national security threat") to ALPHA, an "increased risk of attack," -- all the way up to DELTA, signifying a "general attack. " INFOCON DELTA computer incidents would "undermine [DoD's] ability to function effectively [and would create a] significant risk of mission failure," Rosenberger explains on his website. "INFOCON DELTA means the military treats the Internet as a battlefield, complete with damaged PCs and smoldering mousepads," added Rosenberger. Rosenberger's FOIA request was simple. He asked a number of Air Force agencies what their INFOCON status was from March 15 to April 15, a window that covered the incidence of the Melissa virus. U.S. Air Force HQ in Europe was the only agency that answered with its status -- INFOCON ALPHA. The HQ Air Intelligence Agency "refused to disclose their INFOCON status" on the grounds that "Unauthorized disclosure of such information could reasonably be expected to cause serious damage to national security. The document is currently classified." The presidential support unit, the 89th Comm Squadron, "passed the buck to HQ Air Mobility Command . . . [which] passed the buck to U.S. Transportation Command . . . which refused to disclose such sensitive data, "the release of which would allow circumvention and substantially hinder the effective performance of a significant function.'" The Air Force Office of Special Investigations didn't respond due to a backlog of FOIA requests, noted Rosenberger. This circle jerk of buck passing makes a mockery of the FOIA acronym: "freedom of information Act." And this is _before_ Richard Clarke protects us from "electronic Pearl Harbor." "Electronic Pearl Harbor," or EPH, in case you missed it, is a descriptor that's been popularized by Alvin Toffler-types, ex-Cold War generals, think tank scholars, national security mandarins, assorted corporate windbags and too many hack journalists. Outside the Beltway, it might as well be an acronym for "electronic propaganda and hype" since no convincing examples of the alleged uber-menace from the Net have been seen since a first sighting of the phrase in 1993. Ironically, the utter lack of EPH since 1993 hasn't hindered repeated mentions of it in the mainstream press in 1999. Countless stories, among them Clarke's spiel for Signal, have run on the subject this year, often seemingly the work of editors and reporters ditching critical thinking on the subject in favor of acting like children overcome by a joy of believing in scary stories. And although there have been many government pointmen called upon to carry the water for EPH during the decade, this year's prime exponent has been Richard Clarke. Normally, the Clarke/EPH mantra goes like this: An electronic attack on the nation could do any and all of the following -- stop water from coming out of the taps, turn off the electricity, rob food from grocery stores, take all of your money from the bank, disconnect 911 service, and completely stymie the most powerful, if muscle-bound, military in the history of the planet. A secret 1997 Pentagon exercise called "Eligible Receiver" is offered as proof that this is possible. Clarke invokes it for the credulous and it has appeared literally hundreds of times in news stories on EPH since 1997. "Eligible Receiver, " depending upon where you read about it, consists of this: Twenty friendly hackers, or 25, or between 30 and 35 friendly hackers, from -- the Pentagon, the National Security Agency, or the Joint Staff, take your pick -- proved they could take down the national power grid, take down 911 service nationwide, disrupt troop movements, buy laptops, steal laptops, foul up the military's command structure in southeast Asia, pose as attacking North Koreans, compromise unspecified secret computer systems, compromise unspecified public computer systems, and all without getting their hair mussed, using off-the-shelf software or hacker scripts trolled from the Net. And you thought we had problems with the Y2K issue... Details, of course, are secret. However, despite Pentagon propaganda claims of the amazing electronic prowess of the "Eligible Receiver" hackers, said hackers appear to have been absent without leave or about as effective as the concerted breaking of wind during every significant real-world U.S. military engagement in the past two years. Osama Bin Laden? We sent cruise missiles, on the advice of our man, Richard Clarke, by the way. Some of them hit the wrong target. Saddam Hussein? Judging from empirical evidence, a man seemingly impervious to electronic Pearl Harbor. Slobodan Milosevic and the Serbian Army? It was "the first cyberwar," claimed the Pentagon's John Hamre. Hold it right there, buddy. It wasn't Pentagon hacker hocus pocus turning out the lights and TV in Belgrade and smashing the bridges over the Danube. Lots of cruise missiles, cluster bombs, fancy chaff dispensers and JDAMS wrecked things the old-fashioned way. Having dispensed with the taxpayer-funded myth of "Eligible Receiver," the other main proof offered by the Clarke's and EPH proponents of the nation is citation after numbing citation, some of them apocryphal, of things like the prevalence of computer viruses in corporate America or teenagers who enjoy defacing government and military websites. Consider this: To date there have been no unclassified studies, let me repeat that, no unclassified studies, that convincingly explain in technically sophisticated and detailed examples how precisely, for instance, teenage hackers could suddenly gain the power to keep bombs from falling on a Belgrade or how computer viruses, which have been infecting corporate and government systems in good numbers for more than a decade with no more than annoying results, could suddenly transform into weapons of mass destruction capable of turning off the water and power nationwide. So, let's put the whole thing in perspective. Because of a potential for "electronic Pearl Harbor" and threats to computer security posed by teenagers and nincompoop virus writers, which the military already won't discuss openly even under threat of FOIA, it is necessary, says our man Clarke, to make FOIA even more toothless. Now that's a plan! In the late 1860's, a con man induced a farmer near Syracuse, New York, to bury a cheap gypsum statue that had been crudely altered to resemble a giant, fossilized man. The statue was then "discovered" and proclaimed "the Cardiff giant," the scary remains of a specimen of a lost race said to have wandered the hills prior to the coming of man. Although immediately dubbed a fake by a few who smelled a rat, there was a great deal of popular acceptance of "the Cardiff giant," which spilled over into the news media of the time. Andrew D. White, the first president of Cornell University and one of the "giant's" earliest skeptics, remarked in his memoirs of the affair: "There was evidently a 'joy in believing' in the marvel, and this was increased by the peculiarly American superstition that the correctness of a belief is decided by the number of the people who can be induced to adopt it." Like "the Cardiff giant," EPH is accompanied by plenty of acceptance by the news media and a "joy in believing" in the absence of compelling proof. However, the people of the late 1860's didn't have to endure a Richard Clarke attempting to tamper with open government under the guise of protecting them from the damn bogus thing. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= George Smith, Ph.D., is editor of "Crypt Newsletter," you can contact him at: crypt () sun soci niu edu. ================================================================ EDITOR'S NOTE: CyberWire Dispatch, with an Internet circulation estimated at more than 600,000 is now developing plans for a once-a-week e-mail publication. Every week, one of five well-known investigative reporters will file for CWD. If you think your company or organization would be interested in more information about establishing an sponsorship relationship with CyberWire Dispatch, please contact Lewis Z. Koch at lzkoch () wwa com. =================== To subscribe to CWD, send a message to: Majordomo () vorlon mit edu No subject needed. In the first line of the message put: Subscribe CWD To remove yourself from this list, send a message to: Majordomo () vorlon mit edu No subject needed. In the first line of the message put: Unsubscribe CWD ------- End of forwarded message ------- --- Stuart Udall stuart at () cyberdelix dot net - http://www.cyberdelix.net/ --- * Origin: lsi: revolution through evolution (192:168/0.2) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- (Fwd) CWD--Save the Nation; Eat a hacker lsi (Aug 11)