Re: Terrorists could launch cyber-war / RFF Reply to First-Rate FUD

[InfoSec News <isn () c4i org>]

Forwarded from: Richard Forno <rforno () infowarrior org>

Regarding:

> http://news.com.au/common/story_page/0,4057,4286006%255E15318,00.html

> A "CYBER jihad" could be launched against the West as terrorists
> moved from the real world to an internet-based virtual world, a US
> expert warns.

Sensational, fear-mongering term here. "CyberJihad" ??? Crikey, we
better run for the hills.....

> Michele Zanini, a consultant with the think-tank McKinsey and
> Company, said terrorist groups such as al-Qaeda were already making
> huge use of the web for communications, propaganda, recruitment and
> target data.

Never heard of them, but it must be a think-tank full of stagnant
thoughts and conventional thinking. The web and internet is a
communication medium.....a tool.....criminals use it to plan
traditional crimes, it's only natural that a terrorist would use it
for such purposes too. Doesn't mean it's the end of the world. Prior
to 0911, a civilian airliner was used to fly between airports, not
serve as human-guided missiles against skyscrapers. But we don't see
talk about "aerojihads" being the next harbringer of evil against the
West, do we?  How quickly we forget that anything that can be used by
a human can be turned into a weapon. This is NOT new.  What we also
forget is that just because something CAN be used as a weapon doesn't
mean it WILL, either.

> Another expert, Rand Europe senior policy analyst Kevin O'Brien said
> there was potential for terrorists to cause huge losses to the West
> by damaging information technology systems.

We have that now, but nobody seems to give a hoot. It's called
Microsoft and the incessant amount of security problems costing how
many billions to address, and most of the problems NEVER FULLY GO
AWAY.  If you're worried about cyber-security, why not point the
finger and take action against a known cause of repeated and quite
significant problems and vulnerabilities we ALREADY KNOW where they
come from?

I guess it's still easier to point the fingers for our INFOSEC
problems at shadowy cyber-terrorists and such, thereby ducking blame
and avoiding responsibility for the current state of world information
insecurity.

> Dr Zanini and Dr O'Brien were speaking at an international
> conference on global terror in Hobart.
>
> Dr O'Brien said Western-developed IT had become the "great
> equaliser" as it was exploited by terrorists and rogue states.

Yeah, and the electron is the ultimate guided weapon, like former DCI
Deutch said. What a crock.

> He said the cyber world was chaotic and without boundaries and
> Western security agencies were traditionally ill-equipped to deal
> with its threats.

Agreed. They have a hard enough time keeping their own systems
secured.
 
> In the wake of September 11, it was clear terrorists were using the
> internet as a weapon of war, the experts said.

"Weapon of war"??? Sensational fear-mongering. They also used
airplanes as a real and quite deadly 'weapon of war' but nobody here
seems to remember that. Under these guys' definitions, a USG visa,
fraudulent drivers' licenses, and a copy of the Koran would be
'weapons of war' too.....
 
> Terrorists used the net to gather intelligence, including target
> information, and counter-intelligence.

Net notwithstanding, it didn't take a genius to know where the WTC
was. They didn't need the Net, GPS, or Mapquest to find it.  After
0911 we saw the USG rush to strip the GPS and map coords of nuke
plants off the Web -- so what? What real good did that do to thwart
terrorism? You can go to the library and look it up. Or, if the
library's database was destroyed (per USG orders post-0911) they can
go to 7-11 and buy a Rand Mcnally driving map. Or, golly gee, they
could get in a car and drive around, following road signs and look for
the cooling towers found at a nuke facility.  They don't need GPS
coordinates to attack something as large as a nuke plant or
skyscraper. The web may have made it easier to communicate between
terrorists, but it wasn't a major force multiplier these guys say it
was.

> They made and moved money on it and were suspected of even
> manipulating stocks for profit.

Gee. Maybe al-Qaeda sat on the Enron Board...

> They could also use it for worldwide planning and coordination,
> propaganda, psychological terrorism and rumour-mongering.

Old news. Regarding propaganda, psyops, and rumor-mongering, the net's
been used for this for years. Anyone remember ELF, Electrohippies, or
the Zapatistas? The transparancy of the net, plus the number of ways
to confirm/deny such rumors/propaganda is a countermeasure that's
already built-in to the net and the information age. No real danger.

> Dr O'Brien said the danger to business was of great concern, with
> some websites particularly vulnerable.
>
> An interruption of a few seconds on the New York foreign exchange
> market could cost billions of dollars.

Dollars lost in a momentary hiccup on the Exchange will still not
concern the population, or stick in their minds, like knowing that
thousands were killed when 2 110-story skyscrapers went tumbling down
in NYC, or when the Pentagon was attacked.  I'll prolly not remember
where I will be if/when NYSE get's hacked, but you can bet I'll be
telling my grandkids EXACTLY what I was doing and where I was
minute-by-minute the morning of 0911. While billions lost in a hiccup
is problematic - face it, it's tragic, and it's angering, but hacking
NYSE or NASDAQ is essentially an inconvienience. Nobody probably will
be killed during such an event, unlike a physical attack like we saw
on 0911.

> Companies could also be damaged through extortion, brand destruction
> and fraud.

That already happens, but terrorists aren't to blame.
 
> Australia, Britain and Canada had moved in this direction, but the
> US response was still hampered by agency turf wars and personal
> rivalries, he said.

Yep - that is not likely to change anytime soon.

> However, on the wild world of the web, there's an unlikely ally in
> the war against terror.
>
> Dr Zanini said traditional hackers had a quite different culture to
> terrorists and the two did not mix well.
>
> There was even an organisation called Hackers Against Terrorism, a
> sort of virtual vigilante group, he said.

Zanini is WAY OFF the mark here. Hackers Against Terrorism was a scam
by German dotcom playboy Kim Schmitz - who after a brief time on the
lam, was returned to Germany and is currently awaiting trial.  He's
not a hacker, he's a charletan who enjoys the images of a fast global
lifestyle.

This Register article tells part of the story.
http://www.theregister.co.uk/content/55/22457.html

An April 11, 2002 this Business Week story tells the rest, including
describing in more detail his alleged wrongdoings and activities over
the past few years. Be your own judge....but I think it's pretty clear
he's not the 'unlikely ally in the war against terror' that Zanini
says he is.
http://www.businessweek.com/bwdaily/dnflash/apr2002/nf20020411_3688.htm

Its this kind of short-range, sensational, half-witted analysis and
proclaimations that muddies the waters in developing and implementing
an effective information assurance strategy for the country.
Unfortunately, this kind of tripe is heard all the time in the halls
of Congress, DoD, and by various firms that claim to provide
commerical 'cyber-intelligence' services. It terrifies me that such
advice and analysis is actually believed by those in-charge of our
countries -- talk about the blind leading the blind.

I need more coffee now.


Rick
infowarrior.org
(c) 2002. Permission granted to reproduce in entirety.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.