Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Cyber terrorism is 'fantasy'//ERRI Reply

From: InfoSec News <isn () c4i org>
Date: Mon, 3 Dec 2001 01:48:45 -0600 (CST)
Forwarded from: C. L. Staten <sysop () emergency com>
Cc: junkmail () barnowl com

Mr. Rosenberger:

While I agree that sometimes computer journalists have overblown the
threat of cyberterrorism, I must also offer a simple observation that
attacks on/corruption of the world's main DNS servers, telco switches,
or other means could prove to be particularly troubling.

Secondarily, as far as viruses are concerned, I can tell you that I
have received message traffic to indicate many .gov and .mil mail
servers are currently suffering at the hands of BadTrans.b, which most
will agree is not really a terribly damaging or prolific virus. One
only need consider the creation of a new virus that is multi-platform,
polymorphic, has several of the features of recent viruses, and add a
couple of new wrinkles to make it a real "nightmare."

The last thing our government and industry needs in the midst of a
physical terror attack is overloaded servers and outages on the
internet...where much information is shared to help resolve problems
created by any catastrophe. Our concern revolves around DDoS, virus,
and other exploits being concurrently used to amplify the effects of a
terrorist attack in the real world. "Destroying America with a
computer virus," as you say, may not be feasible in the traditional
sense...but professionals from a hostile nation-state, with truly evil
intent, could cause us more problems than the IT community is
currently prepared/equipped to handle.

While I certainly defend your right to publish your opinion that
"Cyber terrorism is fantasy," It would be my fear that you are not
being creative enough in your analysis of the future. IMHO, troubles
lie ahead in cyberspace...

Most Respectfully,

C. L. Staten

Emergency Response & Research Institute
6348 N. Milwaukee Ave. #312
Chicago, IL 60646, USA
773-631-3774 - Voice/Messages
773-631-4703 - Facsimile
webmaster () emergency com - E-Mail
http://www.emergency.com - Main Webpage 


-----Original Message-----
From: owner-isn () attrition org [mailto:owner-isn () attrition org] On Behalf
Of InfoSec News
Sent: Friday, November 30, 2001 6:15 AM
To: isn () attrition org
Subject: RE: [ISN] Cyber terrorism is 'fantasy' 


Forwarded from: Junkmail Rosenberger <junkmail () barnowl com>

I reject Knowles' argument out-of-hand.  He misses the point when he
asserts "[who] would have thought that someone would have hijacked
commercial jetliners and used them as cruise missiles."

The simple fact is that terrorists *always* had the ability to turn
planes into cruise missiles; their effectiveness as flying bombs merely
grew in proportion to their fuel payload.  On the other hand, Cluley & I
& others insist no one [yet] has the ability to destroy America with a
computer virus (read http://Vmyths.com/rant.cfm?id=410&page=4 for
starters).  We can therefore sum up Knowles' misguided argument as
follows:

   --> "commercial aircraft as bomb" is VERY feasible but NOT likely;
   --> "computer virus as bomb" is NOT feasible but VERY likely.

Knowles & others (e.g. Michael Vatis, Richard Clarke) could validate
their cyber-terrorism arguments with just one -- I repeat, ONE --
technologically feasible idea for destroying America with a computer
virus.

Rob Rosenberger, Vmyths editor
Truth about computer virus hysteria
http://Vmyths.com



[WK Note: One problem I have is occasionally I don't make myself clear
in my commentary on ISN, this can be attributed to lack of sleep, lack
of RedBull in the fridge, and the thought of business travel. There are
others, but I'd have to sleep on that.


I guess Cluley thinks the same about landmines too, if one is not
careful where placing them and mapping their location, one could also 
very well be a victim, but viruses like landmines make for great force



multipliers for a cyberterrorist."

 
What I was meaning to say is that I don't expect the Internet to melt
down over one virus, but that the tactical use of viruses would be one
weapon of several that a cyberterrorist would likely use to create
mayhem. Just as you would use landmines, razor wire, & interlocking
fields of machinegun fire to slow your enenmy down.


I am not looking forward to the day of when we see a simultaneous
cross-platform, multiple vulnerability virus that would have the AV 
companies pulling their hair out trying to find a solution, and then 
able to push that software update onto networks severely choked with a



combination of DDoS attacks, virus traffic, network outages, and major



DNS servers down from repeated hacking attacks.


I agree with Rob that Usama is not interested in melting your MP3's,
Russian pr0n pics, or mailing out everyone in your Outlook address book
'I send this for your advice' with a virus, Usama wants you dead. I have
yet to see anyone bring up cyberterrorism with regular terrorism, and
that is another point that I should make clear here, I have always
belived (along with a few others) that cyberterrorism would be used
first before a large scale terrorist attack.

Slowing down or stopping commerical, goverment, and military networks
along with the interdependence of the Internet would cripple the basic
command and control of government and first responders to a major
terrorism event. 


But enough of me ranting on, I have to get some sleep and run to
Costco for another case of RedBull.     - William Knowles 9.30.01]




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: