[defaced-commentary] Commentary on "Patriotic Hacking"

[InfoSec News <isn () c4i org>]

---------- Forwarded message ----------
Date: Thu, 20 Sep 2001 21:26:23 -0600 (MDT)
From: Sioda an Cailleach <sioda () attrition org>
To: defaced-commentary () attrition org
Subject: [defaced-commentary] Commentary on "Patriotic Hacking"

Commentary on Patriotic Hacking

Attrition staff have been getting several mails warning of impending
"patriotic hacking" in retaliation for the terrorist attacks on
September 11.  Some are from the usual opportunists, exploiting
world-wide attention on the recent terrorist attacks to further their
own agenda. Others are from people who just want to do -something- to
feel like they are striking back at those responsible, even if it's
the wrong thing. We have all been profoundly affected in our own way
by what has occurred, but a reality check is in order. How effective
are "cyber-attacks"?

First, let's put "cyber-war/jihad/whatever" in perspective to the very
real, physical attacks of September 11, 2001. Buildings that were as
familar to people as their homes were utterly destroyed. Thousands of
people were killed. There are no "backups" to restore what has been
lost forever. -No one- was ever killed from a "cyber attack".

In a "cyber-war", where is the enemy? The FBI would just love to know
that hackers have managed to positively identify which sites belong to
those responsible for the terrorist attacks. Even if they could be
identified, attacking them could destroy crucial evidence. Blindly
attacking sites perceived to be vaguely Arabic is just plain stupid.
Attacking sites of people who aren't even remotely involved to vent
emotions is even more moronic.

What would be the results of a so-called "hacker call to arms"?
Typical bottom-feeders will exploit the opportunity presented to
generate press and revenue.  Law-enforcement is already demanding
greater discretionary powers and restrictions on cryptography. The
Internet was not the instrument of this any more than freedom was.
Hackers who participate in this are providing a nicely wrapped package
to justify knee-jerk legislation that will restrict our freedom in the
name of "security". Make no mistake - legislating the Internet will
not make us more secure. A group with the resolve to murder thousands
of innocent people will not be deterred by Internet restrictions. They
will just find another way.

The biggest result of a "hacker call to arms" is that it will generate
a lot of noise that will aid the enemy in destroying our freedom -
something they will not permit their own people. If what is perceived
to be "our side"  attacks "their side", the retaliatory attacks will
keep fueling this futile "battle". Our industries need to focus on
rebuilding, not responding to nonsense. Those who participate in this
should be considered agents of the enemy.

This is not to say that we shouldn't take extra precautions to
safeguard our networks. People are in a very raw emotional state right
now, no doubt making mistakes trying to cope with compromise
solutions. Technical people who want to help should do so in whatever
way they can, whether it be to volunteer time and skill to the
businesses affected, or even just answering technical questions. Those
who can't do that should at least help by staying out of the way for
now. Don't exploit this for self aggrandizement.



-
The information and commentary is Copyright 2001, by the individual author.
Permission is granted to quote, reprint or redistribute provided the text is not
altered, and the author and attrition.org is credited. The opinions expressed
in this mail are not necessarily the opinion of all Attrition staff members.

Commentary Archive: http://www.attrition.org/security/commentary/
The Attrition Mirror: http://www.attrition.org/mirror/attrition/
Country/TLD Statistics: http://www.attrition.org/mirror/attrition/country.html
Attrition Defacement Statistics: http://www.attrition.org/mirror/attrition/stats.html
Operating System Graphs: http://www.attrition.org/mirror/attrition/os-graphs.html

Other Web Defacement Mailing Lists: http://www.attrition.org/security/lists.html
Contacting Attrition Staff: staff () attrition org

To subscribe to Defaced Commentary, send mail to majordomo () attrition org
with "subscribe defaced-commentary" in the BODY of the mail (without
quotes). To unsubscribe, include "unsubscribe defaced-commentary" in
the BODY of the mail.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.