Information Security News mailing list archives
Winn's War Against The Net
From: InfoSec News <isn () C4I ORG>
Date: Fri, 9 Jun 2000 07:02:39 -0500
http://www.zdnet.com/intweek/stories/columns/0,4164,2584807,00.html By Lewis Z. Koch Special To Inter@ctive Week, Inter@ctive Week June 8, 2000 2:32 PM PT The only shocking element to Winn Schwartau's newest book, Cybershock - Surviving Hackers, Phreakers, Identity Thieves, Internet Terrorists and Weapons of Mass Disruption - is the depth of its irresponsibility. Its slick attempt to terrorize the reader about the dangers of the Internet and the fearsome, loathsome "hackers" who lurk within marks a new low. The ninth paragraph of the first page sets the tone for the rest of this book. "I don't mean to scare you right off the bat here; there is plenty of time for that. But, if you are already part of the twenty-first century, which you are, you should be concerned at a minimum, and maybe, just maybe, very scared." Of course Schwartau means to frighten - enough so that his book will probably make good bedtime reading for North Korea's Kim Jong Il or Pakistan's General Pervez Musharraf. They'll be sure to underline his caution to "Consider using psychological profiling of staff hopefuls to learn about their ethics, morals, tendencies, and proclivities . . ." The proof is in the mail "The hacking problem is big. No, make that huge," Schwartau proclaims, then adds the little caveat that "despite the studies, we really don't know exactly how huge. Is it $100 million or $100 billion? Does it matter?" Yes, Schwartau, it does matter. It matters very much. What "hacking" is Schwartau talking about? Vandalizing a Web page? Stealing state secrets? Business-to-business competitive intelligence-gathering that goes beyond legality? Is he talking about the kind of hacking where someone enters a site uninvited and peeks around, or is he talking about computer crimes - the theft of credit cards or cash, or blackmail or denial-of-service attacks? Is all "hacking" to be equally punished, or are some hacks more heinous than others? Is he talking about mindless despoiling of Web pages or so-called "hactivism" - electronic displays of political discontent and dissent? Schwartau refers in passing, without specific citation, to hacker "studies." What studies? You can count the number of solid hacker "studies" on the fingers of one hand. (I recommend Suelette Dreyfus' Underground - Tales of Hacking, Madness and Obsession on the Electronic Frontier, Mandarin Books, Australia, 1997 and Paul A. Taylor's Hackers - Crime in the Digital Sublime, Routledge, New York, 1999.) Who is out there? Schwartau creates a "laundry list" psychological profile of an average hacker - one that might just as easily describe the typical venture capitalist in Silicon Valley: "dysfunctional upbringings," "smart . . . but they also tend to perform below par in school," "addictive personalities" and "Narcissistic Personality Disorder." However, he never even offers a cursory explanation for this very complicated diagnosis. Schwartau's stunning revelation that "drugs and alcohol abuse are also common with this crowd" boggles the mind with banality. He actually means to tell us that there are young people who simultaneously abuse drugs, alcohol and computers? Shocking! I don't have the space or the inclination to even begin dealing with Schwartau's affection for the mysterious EMP and Herf guns or my personal favorite, "mind hacking," which, he projects, will be ". . . microwaves that are tuned to specific frequencies and turn your fillings into radio receivers." Hello? Earth to Schwartau. Earth to Schwartau. The full nightmare revealed Schwartau devotes much of his energy to what he calls "The Many Faces of Deception." He proposes network security to defeat threats from hackers, a Web life that assimilates and embraces concealment, camouflage, false/planted information, ruses, displays, demonstrations, feints, lies, honey pots - a virtual 24/7 effort to secure one's site and data. The futility of this massive attempt at security was first described more than 70 years ago by Franz Kafka in his story, The Burrow (Selected Short Stories of Franz Kafka, The Modern Library, 1952). The story, a single paragraph 30 pages in length, is a narration that follows an animal that must seek refuge from his perceived enemies. He carves out a burrow by battering a tunnel beneath the ground. He uses his forehead as a kind of shovel, securely packing the dirt along the walls with the blood that leaks from his forehead. He must hide the burrow's entrance from his enemies, so it must be camouflaged; he must also devise and camouflage an exit, lest his enemies deviously discover the entrance and seek him out. Day after day, month after month, season after season, he builds this complex series of tunnels, each with its own entrances and exits, a maze to confuse his enemies. Emergency escape passages must be created, and food must be stored and hidden from the dangers that lurk above. No place is secure. "And it is not only by external enemies that I am threatened," the narration notes. "There are also enemies in the bowels of the earth. I have never seen them, but legend tells of them and I firmly believe them. They are creatures of the inner earth . . . they come, you hear the scratching of their claws just under you in the ground . . . and already you are lost." Winn's world The genius of Kafka is that he could envision a world so filled with paranoia, so replete with dangers from within and without, a never-ending building and rebuilding of tunnels, eternal vigilance maintained, silence endured, and always, always listening for threats. With Kafka we are made aware of a genuine psychological reality of the 20th century, a sense of alienation and impending doom. With Schwartau, we encounter a writer intent on manufacturing fears of the Internet that have little basis in reality, fears based on a monolithic stereotype of the sexless, feral, diabolical hacker whose supposed threat provides an excuse for policing every burrow of the Internet. It's not that hackers present no real danger. In fact, we need a sober analyst of Internet reality, someone who can identify who is doing real damage and how that damage can legitimately be monitored and contained. But Schwartau, peddling his Cybershock warning of a virtual doomsday, is just another hysterical infowarrior playing to our primal burrowing instincts. ISN is sponsored by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Winn's War Against The Net InfoSec News (Jun 09)