Winn's War Against The Net

[InfoSec News <isn () C4I ORG>]

http://www.zdnet.com/intweek/stories/columns/0,4164,2584807,00.html

By Lewis Z. Koch Special To Inter@ctive Week, Inter@ctive Week
June 8, 2000 2:32 PM PT

The only shocking element to Winn Schwartau's newest book, Cybershock
- Surviving Hackers, Phreakers, Identity Thieves, Internet Terrorists
and Weapons of Mass Disruption - is the depth of its irresponsibility.
Its slick attempt to terrorize the reader about the dangers of the
Internet and the fearsome, loathsome "hackers" who lurk within marks a
new low.

The ninth paragraph of the first page sets the tone for the rest of
this book. "I don't mean to scare you right off the bat here; there is
plenty of time for that. But, if you are already part of the
twenty-first century, which you are, you should be concerned at a
minimum, and maybe, just maybe, very scared."

Of course Schwartau means to frighten - enough so that his book will
probably make good bedtime reading for North Korea's Kim Jong Il or
Pakistan's General Pervez Musharraf. They'll be sure to underline his
caution to "Consider using psychological profiling of staff hopefuls
to learn about their ethics, morals, tendencies, and proclivities . .
."

The proof is in the mail

"The hacking problem is big. No, make that huge," Schwartau proclaims,
then adds the little caveat that "despite the studies, we really don't
know exactly how huge. Is it $100 million or $100 billion? Does it
matter?"

Yes, Schwartau, it does matter. It matters very much.

What "hacking" is Schwartau talking about? Vandalizing a Web page?
Stealing state secrets? Business-to-business competitive
intelligence-gathering that goes beyond legality?

Is he talking about the kind of hacking where someone enters a site
uninvited and peeks around, or is he talking about computer crimes -
the theft of credit cards or cash, or blackmail or denial-of-service
attacks? Is all "hacking" to be equally punished, or are some hacks
more heinous than others? Is he talking about mindless despoiling of
Web pages or so-called "hactivism" - electronic displays of political
discontent and dissent?

Schwartau refers in passing, without specific citation, to hacker
"studies." What studies? You can count the number of solid hacker
"studies" on the fingers of one hand. (I recommend Suelette Dreyfus'
Underground - Tales of Hacking, Madness and Obsession on the
Electronic Frontier, Mandarin Books, Australia, 1997 and Paul A.
Taylor's Hackers - Crime in the Digital Sublime, Routledge, New York,
1999.)

Who is out there?

Schwartau creates a "laundry list" psychological profile of an average
hacker - one that might just as easily describe the typical venture
capitalist in Silicon Valley: "dysfunctional upbringings," "smart . .
. but they also tend to perform below par in school," "addictive
personalities" and "Narcissistic Personality Disorder." However, he
never even offers a cursory explanation for this very complicated
diagnosis.

Schwartau's stunning revelation that "drugs and alcohol abuse are also
common with this crowd" boggles the mind with banality. He actually
means to tell us that there are young people who simultaneously abuse
drugs, alcohol and computers? Shocking!

I don't have the space or the inclination to even begin dealing with
Schwartau's affection for the mysterious EMP and Herf guns or my
personal favorite, "mind hacking," which, he projects, will be ". . .
microwaves that are tuned to specific frequencies and turn your
fillings into radio receivers."

Hello? Earth to Schwartau. Earth to Schwartau.

The full nightmare revealed

Schwartau devotes much of his energy to what he calls "The Many Faces
of Deception." He proposes network security to defeat threats from
hackers, a Web life that assimilates and embraces concealment,
camouflage, false/planted information, ruses, displays,
demonstrations, feints, lies, honey pots - a virtual 24/7 effort to
secure one's site and data.

The futility of this massive attempt at security was first described
more than 70 years ago by Franz Kafka in his story, The Burrow
(Selected Short Stories of Franz Kafka, The Modern Library, 1952). The
story, a single paragraph 30 pages in length, is a narration that
follows an animal that must seek refuge from his perceived enemies. He
carves out a burrow by battering a tunnel beneath the ground. He uses
his forehead as a kind of shovel, securely packing the dirt along the
walls with the blood that leaks from his forehead.

He must hide the burrow's entrance from his enemies, so it must be
camouflaged; he must also devise and camouflage an exit, lest his
enemies deviously discover the entrance and seek him out. Day after
day, month after month, season after season, he builds this complex
series of tunnels, each with its own entrances and exits, a maze to
confuse his enemies. Emergency escape passages must be created, and
food must be stored and hidden from the dangers that lurk above. No
place is secure.

"And it is not only by external enemies that I am threatened," the
narration notes. "There are also enemies in the bowels of the earth. I
have never seen them, but legend tells of them and I firmly believe
them. They are creatures of the inner earth . . . they come, you hear
the scratching of their claws just under you in the ground . . . and
already you are lost."

Winn's world

The genius of Kafka is that he could envision a world so filled with
paranoia, so replete with dangers from within and without, a
never-ending building and rebuilding of tunnels, eternal vigilance
maintained, silence endured, and always, always listening for threats.

With Kafka we are made aware of a genuine psychological reality of the
20th century, a sense of alienation and impending doom.

With Schwartau, we encounter a writer intent on manufacturing fears of
the Internet that have little basis in reality, fears based on a
monolithic stereotype of the sexless, feral, diabolical hacker whose
supposed threat provides an excuse for policing every burrow of the
Internet.

It's not that hackers present no real danger. In fact, we need a sober
analyst of Internet reality, someone who can identify who is doing
real damage and how that damage can legitimately be monitored and
contained. But Schwartau, peddling his Cybershock warning of a virtual
doomsday, is just another hysterical infowarrior playing to our primal
burrowing instincts.

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".