Slashdot Mirror
E-terrorism, Bark or Bite?
packeteer writes: "Huge multi-part article on CNET news about electronic terrorism. The article has some interesting scenarios about posible types of attacks. It also has some good info about whats being done to prevent attacks as well as some info about media-hype that's put on 'hackers'. Good read."
Here we go again.
I honestly find myself worrying more about E-terrorism than I do about some crazy person hijacking a plane I'm on.
The effects of an e-terrorism attackw would certainly be much more widespread than a conventional terrorist attack. Nearly everything that we depend on in day to day life can be hacked. It's scary thought to have some ill-minded take control of the Hoover Dam or a nuclear power plant.
How many times are we made complacent by media exposure and official fearmongering? Just because it's tiresome to hear about this doesn't mean that some weak spot won't be found and exploited. Whip us into a frenzy!
Writers imply. Readers infer.
E-terrorism, FFS, does anybody DIE? No. Its not terrorism.
Yet the hyperbole about an Internet attack frequently overshadows common sense. On Sept. 11, it took less than 24 hours after four passenger jets were used as weapons of mass destruction for cries of cyberterrorism to emerge as the next great threat, triggering calls for new legislation to broaden the authority of law enforcement agencies.
This is exactly the problem. Something incredibly bad happens(9/11), and people look for something to blame. What's the biggest rage in the world right now? The Internet. But most people don't understand the internet, computers, and such. As such, the fact that it's a magic black box that is connected to everything means that it's a danger, and needs to be regulated. We need to stop these knee jerk reactions. I'm not saying that security should not be a concern, but all these calls to regulate the entire internet is blatenly irresponisble. Deregulation fosters growth, much the same as kids with tons of rules generally don't grow up to be extremely crazy thinkers. Stop trying to make anything you see into a scapegoat. The problem is not the internet, nor is it brown skinned people from the middle east. The problem is unenlightened human beings.
The comment was that e-terrorism may occur, but that there would be little loss of life. And I really wonder if the terrorists would attack the network themselves.
I would tend to think they would attack the source, which would attack the network indirectly. Like the comment about the tree falling on a power line and cutting off electricity for a while in an area.
Where I think there ought to be more concern is digital theft. Oddly enough we always hear about young hackers breaking into a network and getting caught. Please tell me where the older hackers are? Since I doubt that there are no older hackers. UNLESS, they are successful and do not get caught. Those are the folks that we need to be scared about in digital terms.
Nut balls like Bin Laden I think are more concerned with killing and general mayhem and anarchy. Sure they may use technology, but that is not their main focus. And I really think that Bin Laden's strength is not high tech, but low tech and sheer simplicity. Like using a plane as a missle. Who would have thought it? What scares me about nut balls like him is that he uses our free societies against us!
"You can't make a race horse of a pig"
"No," said Samuel, "but you can make very fast pig"
Obviously there are risks from cyber attacks, regardless of whether they are script kiddies or "eTerrorists". But these scare monger, over hyped "scenarios" have been beaten to death already. This article tries to pass itself off as objective but, it is just more ludicrous hype.
I'm starting to wonder if these stories aren't plants from the justice department designed to generate irrational fear in order to grease the path of John Ashcroft's next chip at American freedoms.
What's the biggest rage in the world right now? The Internet.
They have the internet on computers now?
As such, the fact that it's a magic black box that is connected to everything means that it's a danger, and needs to be regulated.
There is a very real danger in that many systems that have no material reason for being on the internet are accessible from the internet: Maybe the control systems company thought it'd be more economical than using a private frame relay, or they wanted to be able to put in their presentations "Internet enabled". We're talking about the control systems for hydroelectric dams, some power generation and control facilities, traffic control systems, etc. The danger in these cases is very real.
However, personally I would completely agree that there should be a heavy amount of regulation. For instance, each ISP needs to have some onus of responsibility for the traffic originating from them to peering partners. I'm not saying that UUNet needs to censor alt.binaries.*, but rather that a massive DOS attack originating from UUNet sources should be quenched by UUNet and should not be allowed to saturate the destination. There are a myriad of situations like that where the internet is far too reckless (for instance, as has been mentioned in a million postings otherwise, all ISPs should dump packets which contain functionally invalid source IPs. It's pretty trivial stuff).
E-Terrorist Hackers Foil Local Website
Arny's Dry Cleaning located at 1010 East Kimberly was recently hacked by hackers. The hacking was carried out by E-Terrorists hackers who left this message: you were hacked by hackers
The local police and FBI are working togeher to catch the hackers who hacked this out. More at 11
*DrugCheese rants*
While I was reading the articles, I kept imagining this voice in the back of my head. It took me a while to place it, but I did: The voice of reason. Finally! Maybe people will calm the hell down before all the really damaging laws are passed.
if you provoke, scandalize and create hype about E-Terrorism ;)
E-terrorism! Please, take my first amendment rights away so we can fight off this plague!
Open source will lick your face clean, sleep in your bed, shed hair all over your carpet, and generally make your computer look lived in. Open source is so cute! Everybody loves open source.
Old hackers? I thought they called those "security consultants"?
Why hack when you can make $250/hr?
No, that's not right. The most destabilizing force in the world today is religeous intolerance by Islamic fundamentalists.
It's got about as much bite as my 12 year old brother trying to Win Nuke my *nix server because someone in the Yahoo hackers lounge told him it would "totally be pwned".
Here we go again.
Myth of eletronic terrorism (trollish site, but still interesting)
Definition of electric terrorism.
Tips on preventing electronic terrorism.
Opinion article by a MIT student about overreacting to terrorism.
First article I can find mentioning electronic terrorism
Remember Y2K!
Remember the hype!
Remember the scare!
Don't trust the mainstream media's portrayal of anything related to computers because the mainstream media is created by and targetted towards a very large group of people who do not understand computers. I don't think I need to explain how people tend to fear what they don't understand.
well, don't loook hereeeee
I really really wonder why a large attack on the internet out of terrorism motivations hasn't happened already.
:)
E.g. there are some nice white papers out there describing algorithms for really fast worms (keyword warhol) so it would only need a programmer. Probabably not a very hard job for a trained programmer to write such a things. Little work and within minutes to even seconds the internet could be more or less unuseable.
So why hasn't it happened yet? Haven't they (various terrorist - remember, there's not only bin Laden out there, but other mad guys too) learned how to use a computer? Haven't they realized the huge potential harm they could cause yet?
I'd be happy for any insights into this
But, the pontential harm that a large asteroid striking the earth would cause is also _huge_. But, the level of risk is, in fact, rather low.
It is the level of risk that is grossly over-hyped. Sure the risk or potential is there but the risk is easily mitigated with a little bit of effort and a massive dose of common sense.
The venture capitalists and wild stock market speculation beat them to it.
Ergonomica Auctorita Illico!
if they want people to take any of this seriously, maybe they should break away from the buzzwords. E-Terrorism, give me a break. Cyber is just as bad. I'm not sure if anyone's with me on this, but when I see E anything, I dismiss the article as sensationalist journalism for the ignorant masses and ignore it. Troll me if you will, but this pathetic "it's cool to sound techy, e this and cyber that" trend has to stop.
Let's think for just a moment. If the internet were to be completely shutdown or even unplugged, do you really think that we will be in such desperate straights as to be terrorized? Sure, for a few wierdos, no Slasdot access may be terrifying. But, for the rest of the world it would mean little. It would mean an inconvenience to many, perhaps a slowdown for commerce and indeed an end to some businesses based on crappy business models. But nothing more.
;)
No dams will open, killing millions. No planes will fall from the sky. Your head will not explode. Your funds will not disappear from the bank.
Try to remember that the internet is not a life giving force. It is not a life support system and it's disappearance will not take away life. Well, perhaps it is to eBay and Amazon but, when we are talking terror on a national of global scale they aren't much cause for concern.
I mean, so what if the internet goes down? It's not like the Seatle Starbucks running out of coffee or something serious like that. Now, that would be real terror.
I do this for a living and while the world is filled with urban myths and apocryphal stories the risk is real. Every day sites are knocked over or D0S'd or rendered crippled in some way. Most of them are commercial sites or consumer sites but none the less every site is at some risk and many of them fail every single day.
We host government sites that get hammered at 24-7. We host exchanges that someone is trying to break. We host DBs and catalogs that have all sorts of 'risk acceptances' documented all clear and pretty where the customer basically says "yeah I know it's a piece of shit but I'm not paying to fix it so just tell the auditors we're willing to accept the risk."
OK so the proverbial air traffic control system or water treatment plant system or nuclear reactor cooling subsystem hasn't been nuked yet.....
Sleep tight boys and girls, the future is bright.
Hell they cant use that, it makes it sound more like a Sega game.
Didn't you know it's Osama and crew that are terrorizing CS players with all their evil cheating too?
Hijacking planes, blowing up bombs, etc. inspire terror -- people become afraid to go to public areas (in Israel especially), some people are afraid of flying planes, etc. I can't see how "e-terrorism" could possibly inspire the same sort of terror. "Oh, so the online order-tracking system is down? Not like it's the first time this week..."
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
E-Terrorism is self perpetuating hype that the security industry and government control freaks use for job security. Can you ever guarantee security on any network with dial up or internet access? Well maybe if you're using Windows 2000 or XP, this might be possible. I don't know, I'll just have to wait and see if Dubya or J.Edgar Ashcroft authorizes the usage of any other secure NOS. Quit rehashing the same old story, post stuff that matters.
Genuine story? Or are there laws to be passed and money to made?
So far, the result has been some defaced web pages, and the deprecation by both governments of Microsoft software.
Ed Craig "Who cares what you think?" George W. Bush, 4th of July 2001
Everyone knows that the e is dead and i is in... this year's buzzword is iTerrorist.
Urgo: "I want to live. I want to experience the universe and I want to eat pie!"
Jack: "Who doesn't??"
The wors case scenario I could see would be an attack on the communication szstem coupled with an attack on another massive attack.
The standard phone network could be attacked in a way that could hamper emergency response, as could the 911 centers. Additionally, if one here to hit the internet, the ability of informaiton to circulate immediately would be reduced, thus increasing the level of uncertainty that the terrorism seeks to create.
Your power plants, air trafic control systems, etc. are hard enough to hack that they fall into the realm of diminishing returns (like chemical attacks) which are much more expensive to pull off than a comparably damaging attack on the communications network.
Or here is another scenario-- hacking Wall Street and hampering the trading of stocks (think about the economic damage of that one).
LedgerSMB: Open source Accounting/ERP
Any real terrorist organization will always find it easier to place a truckload of C4 outside a dam and hit the button than to break into the computer and open the floodgates. It is not "easy" for "just anyone" to break into these systems. I would worry more about vulnerable computers controlling these sites being taken out by one of the far-too-many script kiddies, by accident. After all, there are many more script kiddies than terrorists. Realizing his find, some 15-year jackass in New York opens the floodgates of Hoover Dam and kills a million people just for the hell of it, then goes and wanks off with the porn in his other window. Kids these days. But suffice it to say, I'm not too worried about that either.
What terrorists could do is take most of the internet down with a Warhol or Flash worm, which could be done by terrorists and would take out all vulnerable computers in about a minute. While not killing anyone, this would be horrible for the economy.
Just my $0.02
I hereby place the above post in the public domain.
Don't say this here on /.
Most people (except some of the trolls) already know that. Talk to your neighbors about this. Tell them to tell their friends, which should tell their friends etc.
Law enforcement is already abusing the USA Patriot Act, or as the article put it "aggressively interpreting the USA Patriot to go beyond what was intended." A few months ago, the FBI obtained my significant other's name, address and bank information from his ISP then specifically instructed the ISP not to inform him, in violation of its own privacy policy. This would not have been possible before the USA Patriot Act. This information led to a search of our apartment and the seizing of our computers (which have not been returned even though it is two months past the return date specificed in the warrant). Why? Well, the investigation has absolutely nothing whatsoever to do with terrorism, cyber or otherwise. The USA Patriot Act was invoked because the MPAA filed a complaint with the FBI for alleged copyright violations.
I'm SO glad this law is being used for its intended purposes. People who have no problems giving up their civil liberties in the name of "homeland security" are sadly mistaken if they think law enforcement has either the ability or desire to restrain themselves from misusing/abusing their new powers.
SIG: HUP
There is an article about this in a recent LA Weekly that some might find interesting:
I completely agree that Internet terrorism is a myth. We also need fewer regulations based solely on the Internet, and more enforcement of the laws we already have in place. Fraud for example is in existence in the real world too, so fraud on the Internet should be dealt with the same as a mail fraud would be.
People who want to hear some straight talk on Internet security, and the bumbling NIPC that has taken on the responsibility for it, should visit Vmyths.com There are great articles there to dispell virus myths, and also documentation of the FBI gaffes from over the years. If e-terrorism were possible, it would have made the news by now, in more than just a "science-fiction" light.
Saskboy's blog is good. 9 out of 10 dentists agree.
I disagree with two of your premise...
/.) and probably wouldn't be compatible with the years of experimentation, playing, and studying needed to master systems hacking. I'm involved with computer security and I have a pilot's license; flying is much much simpler and easier. I also have a physics degree and can comfortably state that building nuclear bombs is, relative to successful system hacking on well-protected sites today, easy. (Realize that nuclear bombs have existed for more than fifty years!)
First, realize that we have malicious and creative hackers educated in the most creative society and the one with the longest P.C. history. Not the most wired anymore, but due to creativity and culture I'd expect our hackers are among the best. And if the Isreali, Korean, or Indian hackers are better, well, they too have been attacking our corporates, gov't, etc for years. Many teenagers are terrors, if not formally terrorists, for a few energetic years. Anything sensitive already has a LOT of firewalls, failsafes, and protections in place. So I disagree with the premise that there's all that much unprotected and tied-in-together, just waiting for a malicious attack.
Second, I disagree with the premise that these terrorists pose a reasonable threat in this arena. Their backgrounds tend towards zealotry (of a different sort than common here on
Would have to be done in Java, it's the most buzzword-compliant language out there.
Remote reset after a conflict detection is possible for some units, but takes 6-10 seconds, during which period all lights are in blinking red/yellow.
There's an NEMA spec for this, and this functionality is required.
Unfortunately, there's a trend towards putting more functionality in the conflict monitor so it can diagnose and report other problems, then giving it some communications capability. This is a concern. But conflict monitors are, intentionally, much dumber than the main controller, which is a full-fledged computer typically running OS-9.
even the soda machines in my dorm are controlled via ethernet (student id/meal card can be used to get beverages). I wounder if it'd be a terrorist attack to h4x0r the soda machines to make them more "friendly"?
If you loosen up the definition you can make anything fit into match. Loosening up definition can lead to fallacy of logic such this statement. "Hitler sees the Jews as terrorists so obviously he was justified in killing them" or just the opposite "The jews thought that Hitler was a terrorists so they were obviously right in opposing him." Anyways, its all word games to justify doing something wrong.
Attacks on the IT infrastructure are at most going to yield either localised effects, inconvenience, or a loss of confidence for most people. The proper way to incorporate IT in attacks would be the following...
;) attack the IT systems identified in an appropriate manner, and then release some general malicious software to the net to bog it down so people and responders are hindered yet again. If you really want to have fun, target ASP's providing web-based emergency management solutions specifically - there are a few out there.
Identify some critical infrastructure to attack. Find IT related systems that if hacked can slow the response and recovery effort. Set us up the bomb
Virtual attacks currently seem to work best when used in conjunction with physical attacks - it acts as a catalyst or force multiplier. I wouldn't be too scared about standalone virtual attacks. What is scary is a combined physical and virtual attack on the power grid in Winter using bombs and taking down control networks via the SCADA's.
Cheers Gav
PS and check most definitions of terrorism - they usually single out the use of violence to create fear to achieve political or social objectives. Hacking is non-violent generally.
Do Cyberterrorists have matching PowerBalaclavas to match their PowerGloves ?
--- Why are you wearing that stupid bunny suit? | Why are you wearing that stupid man suit?
Depends. Given the current state of the world in which the US defines "terrorism" as most anything that does not follow the US way of life and commerce the BBS piracy i did ten years ago might well be "e-terrorism". And it was real. So it's a bite.
+++ath0
The most likely scenario for a cyber attack on Wall Street is falsification of ticker data by exploiting vulnerabilities in the "Instant Messaging" systems through which the ticker information is distributed.
This, in turn, drives computer-driven buying and selling cycles, which draw the rest of the system into a spiral.
As one example, E*Trade recently announced an association with Yahoo for distribution via Instant Messaging of ticker data to autonomous agents running on user's computers, which would then use the data to may buy/sell decisions based on user specified thresholds.
Exploiting a system like this would be, if not trivial, at least relatively stright forward.
-- Terry
It's more or less just a word (like ebook and etoaster), probably not going to go anywhere.
It's only because of the sept stuff that people have become more receptive to people preaching about doomsday stuff comming through all means (mail, phone, the internet) and is getting new laws (or whatever you call them) passed to allow more of an invasion of privacy in the name of 'anti-terrorism' (which is another word).
As far as I can recall there haven't been any major cracker attacks in ages and the thinking that a Middle Eastern (which has become the sterotype for terrorists) guy is going to kill us all with his 56k modem connection is just plain stupid.
Standard approach in the Shadowrun RPG - have a runner hit the systems and shut down the security while the shooters are moving in through the sewer system...heh, heh, heh.
Like any Arabs are ever going to be that coordinated...
Seriously, the main problem with terrorists is their terrifying incompetence - 9/11 was a major suprise to me because VERY few terrorist acts have ever been particularly well-executed...
The second problem with terrorists is: they never follow up. They try to blow up the World Trade Center incompetently first - then it takes them several YEARS to finally get around to doing the job right. You can't run a terrorist campaign like that - you have to be able to deliver chronic, repetitive blows to the enemy, or it's no more significant than getting hit by lightning...
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
People also forget, once you realize someone is taking control over your system, the easiest way to stop them is to disconnect the system, physicaly. Besides, if the remote controls didn't have a manual override, you've got bigger issues than hackers to deal with
T Money
World Domination with a plastic spoon since 1984
Help me educate the masses. The internet is not a new world with a new set of rules. The internet is the same world which we live in now, except is a more accurate representation. Regardless, the same rules of life apply on the internet.
1) Don't talk to strangers
2) If it's too good to be true, it is
3) Hide your valubles
4) Get ID
5) Don't be a dumbass
6) Use common sense
T Money
World Domination with a plastic spoon since 1984
Anyone who watches C-SPAN has noticed that DC bureaucrats simply can't stop talking about this lately. The media has actually been slow on reporting it, which makes sense given that it's difficult to explain most of the risks associated with the very real possibility of cyber-terrorism to the average viewer in less than 30 seconds.
r .htm
That being said, I think this is largely another scare campaign from a very power hungry administration. I can just hear the conversation between Bush's 41 and 43:
41: Son, if you want to be their president, first thing you've got to do is scare them!
43: Huh?
41: Tell them about communists, tell them about drug dealers, tell them about terrorists, tell them about anything that you can to make them want to give you power more than you appear to want to take it!
43: Huh?
The internet is just one more area of American life which John Ashcroft and crew would love to control for the benefit of a future conservative policy agenda. They don't have the legal mechanisms in place to limit "un-American" speech and activity right now, but they know that they're going to need that power someday. Not too fast...inch by inch...while the country is naturally becoming less and less culturally conservative, Ashcroft will do anything he can to push us all back in the other direction "toward the Lord". He's got to be wondering how it is that people can put all those obscene words on the wide world web pages that you can't even say on TV...and the nudity!!!
These neo-con Republicans talk alot about freedom and defending the constitution, but anyone who doesn't share their values can see that they're tyrannical dictators at heart.
"there ought to be limits to freedom" - George W. Bush
http://www.konformist.com/2000/bush-dictato
I guess you have never worked at an ISP. The level of control your asking for would require eveyr ISP in the world to hire way more techies. As it is now ISP's are having trouble making money because the mroe responsible you are the less money you make. The closest ISP to responsible i have found is Speakeasy. Ill admit that my one of my home machines (win2k not my linux boxes of course ;)) was rooted a while ago. The attacked took control while i was on vacation and sent spam out. Speakeasy immediatly shut down ALL internet access after spam was detected. I am glad they did it. I got home took down the box called them and everything was fine. If everyone was on Speakeasy then THERE WOULD BE NO SPAM. So if you really want a responsible ISP start with yourself and go with Speakeasy.
unzip; strip; touch; finger; mount; fsck; more; yes; unmount; sleep
terrorism
The unlawful use or threatened use of force or violence by a person or an organized group against people or property with the intention of intimidating or coercing societies or governments, often for ideological or political reasons.
weap-on
An instrument of attack or defense
weapons of mass destruction
Weapons that are capable of a large-scale damage and/or casualties; can be nuclear, chemical, biological, and radiological weapons
There is no such thing as e-terrorism by definition. Only that intimidation or coercion created by zealots that may profit by wielding DOS/DDOS, RIAA/DMCA, etc as weapons.
Therefore... the RIAA/DMCA are weapons of mass destruction.....