Slashdot Mirror
E-terrorism, Bark or Bite?
packeteer writes: "Huge multi-part article on CNET news about electronic terrorism. The article has some interesting scenarios about posible types of attacks. It also has some good info about whats being done to prevent attacks as well as some info about media-hype that's put on 'hackers'. Good read."
I honestly find myself worrying more about E-terrorism than I do about some crazy person hijacking a plane I'm on.
The effects of an e-terrorism attackw would certainly be much more widespread than a conventional terrorist attack. Nearly everything that we depend on in day to day life can be hacked. It's scary thought to have some ill-minded take control of the Hoover Dam or a nuclear power plant.
How many times are we made complacent by media exposure and official fearmongering? Just because it's tiresome to hear about this doesn't mean that some weak spot won't be found and exploited. Whip us into a frenzy!
Writers imply. Readers infer.
E-terrorism, FFS, does anybody DIE? No. Its not terrorism.
Yet the hyperbole about an Internet attack frequently overshadows common sense. On Sept. 11, it took less than 24 hours after four passenger jets were used as weapons of mass destruction for cries of cyberterrorism to emerge as the next great threat, triggering calls for new legislation to broaden the authority of law enforcement agencies.
This is exactly the problem. Something incredibly bad happens(9/11), and people look for something to blame. What's the biggest rage in the world right now? The Internet. But most people don't understand the internet, computers, and such. As such, the fact that it's a magic black box that is connected to everything means that it's a danger, and needs to be regulated. We need to stop these knee jerk reactions. I'm not saying that security should not be a concern, but all these calls to regulate the entire internet is blatenly irresponisble. Deregulation fosters growth, much the same as kids with tons of rules generally don't grow up to be extremely crazy thinkers. Stop trying to make anything you see into a scapegoat. The problem is not the internet, nor is it brown skinned people from the middle east. The problem is unenlightened human beings.
The comment was that e-terrorism may occur, but that there would be little loss of life. And I really wonder if the terrorists would attack the network themselves.
I would tend to think they would attack the source, which would attack the network indirectly. Like the comment about the tree falling on a power line and cutting off electricity for a while in an area.
Where I think there ought to be more concern is digital theft. Oddly enough we always hear about young hackers breaking into a network and getting caught. Please tell me where the older hackers are? Since I doubt that there are no older hackers. UNLESS, they are successful and do not get caught. Those are the folks that we need to be scared about in digital terms.
Nut balls like Bin Laden I think are more concerned with killing and general mayhem and anarchy. Sure they may use technology, but that is not their main focus. And I really think that Bin Laden's strength is not high tech, but low tech and sheer simplicity. Like using a plane as a missle. Who would have thought it? What scares me about nut balls like him is that he uses our free societies against us!
"You can't make a race horse of a pig"
"No," said Samuel, "but you can make very fast pig"
Obviously there are risks from cyber attacks, regardless of whether they are script kiddies or "eTerrorists". But these scare monger, over hyped "scenarios" have been beaten to death already. This article tries to pass itself off as objective but, it is just more ludicrous hype.
I'm starting to wonder if these stories aren't plants from the justice department designed to generate irrational fear in order to grease the path of John Ashcroft's next chip at American freedoms.
What's the biggest rage in the world right now? The Internet.
They have the internet on computers now?
As such, the fact that it's a magic black box that is connected to everything means that it's a danger, and needs to be regulated.
There is a very real danger in that many systems that have no material reason for being on the internet are accessible from the internet: Maybe the control systems company thought it'd be more economical than using a private frame relay, or they wanted to be able to put in their presentations "Internet enabled". We're talking about the control systems for hydroelectric dams, some power generation and control facilities, traffic control systems, etc. The danger in these cases is very real.
However, personally I would completely agree that there should be a heavy amount of regulation. For instance, each ISP needs to have some onus of responsibility for the traffic originating from them to peering partners. I'm not saying that UUNet needs to censor alt.binaries.*, but rather that a massive DOS attack originating from UUNet sources should be quenched by UUNet and should not be allowed to saturate the destination. There are a myriad of situations like that where the internet is far too reckless (for instance, as has been mentioned in a million postings otherwise, all ISPs should dump packets which contain functionally invalid source IPs. It's pretty trivial stuff).
E-Terrorist Hackers Foil Local Website
Arny's Dry Cleaning located at 1010 East Kimberly was recently hacked by hackers. The hacking was carried out by E-Terrorists hackers who left this message: you were hacked by hackers
The local police and FBI are working togeher to catch the hackers who hacked this out. More at 11
*DrugCheese rants*
While I was reading the articles, I kept imagining this voice in the back of my head. It took me a while to place it, but I did: The voice of reason. Finally! Maybe people will calm the hell down before all the really damaging laws are passed.
if you provoke, scandalize and create hype about E-Terrorism ;)
E-terrorism! Please, take my first amendment rights away so we can fight off this plague!
Old hackers? I thought they called those "security consultants"?
Why hack when you can make $250/hr?
It's got about as much bite as my 12 year old brother trying to Win Nuke my *nix server because someone in the Yahoo hackers lounge told him it would "totally be pwned".
Myth of eletronic terrorism (trollish site, but still interesting)
Definition of electric terrorism.
Tips on preventing electronic terrorism.
Opinion article by a MIT student about overreacting to terrorism.
First article I can find mentioning electronic terrorism
Remember Y2K!
Remember the hype!
Remember the scare!
Don't trust the mainstream media's portrayal of anything related to computers because the mainstream media is created by and targetted towards a very large group of people who do not understand computers. I don't think I need to explain how people tend to fear what they don't understand.
... and christian fundamentalists
"Go into the hall of mirrors and have a bloody hard look at yourself" - HG Nelson
But, the pontential harm that a large asteroid striking the earth would cause is also _huge_. But, the level of risk is, in fact, rather low.
It is the level of risk that is grossly over-hyped. Sure the risk or potential is there but the risk is easily mitigated with a little bit of effort and a massive dose of common sense.
The venture capitalists and wild stock market speculation beat them to it.
Ergonomica Auctorita Illico!
if they want people to take any of this seriously, maybe they should break away from the buzzwords. E-Terrorism, give me a break. Cyber is just as bad. I'm not sure if anyone's with me on this, but when I see E anything, I dismiss the article as sensationalist journalism for the ignorant masses and ignore it. Troll me if you will, but this pathetic "it's cool to sound techy, e this and cyber that" trend has to stop.
The reason it keeps coming up as something that they are likely to do is because the media knows fear sells and Congress likes the political mileage they can get out of 'fixing' the 'problem' without stepping on the toes of any constituents that matter to them.
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
Let's think for just a moment. If the internet were to be completely shutdown or even unplugged, do you really think that we will be in such desperate straights as to be terrorized? Sure, for a few wierdos, no Slasdot access may be terrifying. But, for the rest of the world it would mean little. It would mean an inconvenience to many, perhaps a slowdown for commerce and indeed an end to some businesses based on crappy business models. But nothing more.
;)
No dams will open, killing millions. No planes will fall from the sky. Your head will not explode. Your funds will not disappear from the bank.
Try to remember that the internet is not a life giving force. It is not a life support system and it's disappearance will not take away life. Well, perhaps it is to eBay and Amazon but, when we are talking terror on a national of global scale they aren't much cause for concern.
I mean, so what if the internet goes down? It's not like the Seatle Starbucks running out of coffee or something serious like that. Now, that would be real terror.
I do this for a living and while the world is filled with urban myths and apocryphal stories the risk is real. Every day sites are knocked over or D0S'd or rendered crippled in some way. Most of them are commercial sites or consumer sites but none the less every site is at some risk and many of them fail every single day.
We host government sites that get hammered at 24-7. We host exchanges that someone is trying to break. We host DBs and catalogs that have all sorts of 'risk acceptances' documented all clear and pretty where the customer basically says "yeah I know it's a piece of shit but I'm not paying to fix it so just tell the auditors we're willing to accept the risk."
OK so the proverbial air traffic control system or water treatment plant system or nuclear reactor cooling subsystem hasn't been nuked yet.....
Sleep tight boys and girls, the future is bright.
Even as we "speak", terrorists are signing up for MSCE courses. Be on guard!
One line blog. I hear that they're called Twitters now.
Hijacking planes, blowing up bombs, etc. inspire terror -- people become afraid to go to public areas (in Israel especially), some people are afraid of flying planes, etc. I can't see how "e-terrorism" could possibly inspire the same sort of terror. "Oh, so the online order-tracking system is down? Not like it's the first time this week..."
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
So far, the result has been some defaced web pages, and the deprecation by both governments of Microsoft software.
Ed Craig "Who cares what you think?" George W. Bush, 4th of July 2001
Everyone knows that the e is dead and i is in... this year's buzzword is iTerrorist.
Urgo: "I want to live. I want to experience the universe and I want to eat pie!"
Jack: "Who doesn't??"
The wors case scenario I could see would be an attack on the communication szstem coupled with an attack on another massive attack.
The standard phone network could be attacked in a way that could hamper emergency response, as could the 911 centers. Additionally, if one here to hit the internet, the ability of informaiton to circulate immediately would be reduced, thus increasing the level of uncertainty that the terrorism seeks to create.
Your power plants, air trafic control systems, etc. are hard enough to hack that they fall into the realm of diminishing returns (like chemical attacks) which are much more expensive to pull off than a comparably damaging attack on the communications network.
Or here is another scenario-- hacking Wall Street and hampering the trading of stocks (think about the economic damage of that one).
LedgerSMB: Open source Accounting/ERP
Any real terrorist organization will always find it easier to place a truckload of C4 outside a dam and hit the button than to break into the computer and open the floodgates. It is not "easy" for "just anyone" to break into these systems. I would worry more about vulnerable computers controlling these sites being taken out by one of the far-too-many script kiddies, by accident. After all, there are many more script kiddies than terrorists. Realizing his find, some 15-year jackass in New York opens the floodgates of Hoover Dam and kills a million people just for the hell of it, then goes and wanks off with the porn in his other window. Kids these days. But suffice it to say, I'm not too worried about that either.
What terrorists could do is take most of the internet down with a Warhol or Flash worm, which could be done by terrorists and would take out all vulnerable computers in about a minute. While not killing anyone, this would be horrible for the economy.
Just my $0.02
I hereby place the above post in the public domain.
Don't say this here on /.
Most people (except some of the trolls) already know that. Talk to your neighbors about this. Tell them to tell their friends, which should tell their friends etc.
SIG: HUP
There is an article about this in a recent LA Weekly that some might find interesting:
I completely agree that Internet terrorism is a myth. We also need fewer regulations based solely on the Internet, and more enforcement of the laws we already have in place. Fraud for example is in existence in the real world too, so fraud on the Internet should be dealt with the same as a mail fraud would be.
People who want to hear some straight talk on Internet security, and the bumbling NIPC that has taken on the responsibility for it, should visit Vmyths.com There are great articles there to dispell virus myths, and also documentation of the FBI gaffes from over the years. If e-terrorism were possible, it would have made the news by now, in more than just a "science-fiction" light.
Saskboy's blog is good. 9 out of 10 dentists agree.
I disagree with two of your premise...
/.) and probably wouldn't be compatible with the years of experimentation, playing, and studying needed to master systems hacking. I'm involved with computer security and I have a pilot's license; flying is much much simpler and easier. I also have a physics degree and can comfortably state that building nuclear bombs is, relative to successful system hacking on well-protected sites today, easy. (Realize that nuclear bombs have existed for more than fifty years!)
First, realize that we have malicious and creative hackers educated in the most creative society and the one with the longest P.C. history. Not the most wired anymore, but due to creativity and culture I'd expect our hackers are among the best. And if the Isreali, Korean, or Indian hackers are better, well, they too have been attacking our corporates, gov't, etc for years. Many teenagers are terrors, if not formally terrorists, for a few energetic years. Anything sensitive already has a LOT of firewalls, failsafes, and protections in place. So I disagree with the premise that there's all that much unprotected and tied-in-together, just waiting for a malicious attack.
Second, I disagree with the premise that these terrorists pose a reasonable threat in this arena. Their backgrounds tend towards zealotry (of a different sort than common here on
Yeah, the more Microsoft-pushing consultants out there, the quicker our civilization will be brought to its knees! Forget DoS attacks - the terrorists are far more subtle than that. Through Windows they can impose a DoPP (denial of processing power) attack on nearly every computer in the land!
Remote reset after a conflict detection is possible for some units, but takes 6-10 seconds, during which period all lights are in blinking red/yellow.
There's an NEMA spec for this, and this functionality is required.
Unfortunately, there's a trend towards putting more functionality in the conflict monitor so it can diagnose and report other problems, then giving it some communications capability. This is a concern. But conflict monitors are, intentionally, much dumber than the main controller, which is a full-fledged computer typically running OS-9.
Religious people in general tend to be people that are good at dismissing logic, they replace it with faith. Who knows what they might do?
even the soda machines in my dorm are controlled via ethernet (student id/meal card can be used to get beverages). I wounder if it'd be a terrorist attack to h4x0r the soda machines to make them more "friendly"?
Attacks on the IT infrastructure are at most going to yield either localised effects, inconvenience, or a loss of confidence for most people. The proper way to incorporate IT in attacks would be the following...
;) attack the IT systems identified in an appropriate manner, and then release some general malicious software to the net to bog it down so people and responders are hindered yet again. If you really want to have fun, target ASP's providing web-based emergency management solutions specifically - there are a few out there.
Identify some critical infrastructure to attack. Find IT related systems that if hacked can slow the response and recovery effort. Set us up the bomb
Virtual attacks currently seem to work best when used in conjunction with physical attacks - it acts as a catalyst or force multiplier. I wouldn't be too scared about standalone virtual attacks. What is scary is a combined physical and virtual attack on the power grid in Winter using bombs and taking down control networks via the SCADA's.
Cheers Gav
PS and check most definitions of terrorism - they usually single out the use of violence to create fear to achieve political or social objectives. Hacking is non-violent generally.
Do Cyberterrorists have matching PowerBalaclavas to match their PowerGloves ?
--- Why are you wearing that stupid bunny suit? | Why are you wearing that stupid man suit?
Depends. Given the current state of the world in which the US defines "terrorism" as most anything that does not follow the US way of life and commerce the BBS piracy i did ten years ago might well be "e-terrorism". And it was real. So it's a bite.
+++ath0
The most likely scenario for a cyber attack on Wall Street is falsification of ticker data by exploiting vulnerabilities in the "Instant Messaging" systems through which the ticker information is distributed.
This, in turn, drives computer-driven buying and selling cycles, which draw the rest of the system into a spiral.
As one example, E*Trade recently announced an association with Yahoo for distribution via Instant Messaging of ticker data to autonomous agents running on user's computers, which would then use the data to may buy/sell decisions based on user specified thresholds.
Exploiting a system like this would be, if not trivial, at least relatively stright forward.
-- Terry
Standard approach in the Shadowrun RPG - have a runner hit the systems and shut down the security while the shooters are moving in through the sewer system...heh, heh, heh.
Like any Arabs are ever going to be that coordinated...
Seriously, the main problem with terrorists is their terrifying incompetence - 9/11 was a major suprise to me because VERY few terrorist acts have ever been particularly well-executed...
The second problem with terrorists is: they never follow up. They try to blow up the World Trade Center incompetently first - then it takes them several YEARS to finally get around to doing the job right. You can't run a terrorist campaign like that - you have to be able to deliver chronic, repetitive blows to the enemy, or it's no more significant than getting hit by lightning...
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
They're signing up for MCSE courses?
Then we have nothing to worry about....
Never mind...
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
People also forget, once you realize someone is taking control over your system, the easiest way to stop them is to disconnect the system, physicaly. Besides, if the remote controls didn't have a manual override, you've got bigger issues than hackers to deal with
T Money
World Domination with a plastic spoon since 1984
Help me educate the masses. The internet is not a new world with a new set of rules. The internet is the same world which we live in now, except is a more accurate representation. Regardless, the same rules of life apply on the internet.
1) Don't talk to strangers
2) If it's too good to be true, it is
3) Hide your valubles
4) Get ID
5) Don't be a dumbass
6) Use common sense
T Money
World Domination with a plastic spoon since 1984
I guess you have never worked at an ISP. The level of control your asking for would require eveyr ISP in the world to hire way more techies. As it is now ISP's are having trouble making money because the mroe responsible you are the less money you make. The closest ISP to responsible i have found is Speakeasy. Ill admit that my one of my home machines (win2k not my linux boxes of course ;)) was rooted a while ago. The attacked took control while i was on vacation and sent spam out. Speakeasy immediatly shut down ALL internet access after spam was detected. I am glad they did it. I got home took down the box called them and everything was fine. If everyone was on Speakeasy then THERE WOULD BE NO SPAM. So if you really want a responsible ISP start with yourself and go with Speakeasy.
unzip; strip; touch; finger; mount; fsck; more; yes; unmount; sleep