Slashdot Mirror
E-terrorism, Bark or Bite?
packeteer writes: "Huge multi-part article on CNET news about electronic terrorism. The article has some interesting scenarios about posible types of attacks. It also has some good info about whats being done to prevent attacks as well as some info about media-hype that's put on 'hackers'. Good read."
E-terrorism, FFS, does anybody DIE? No. Its not terrorism.
Yet the hyperbole about an Internet attack frequently overshadows common sense. On Sept. 11, it took less than 24 hours after four passenger jets were used as weapons of mass destruction for cries of cyberterrorism to emerge as the next great threat, triggering calls for new legislation to broaden the authority of law enforcement agencies.
This is exactly the problem. Something incredibly bad happens(9/11), and people look for something to blame. What's the biggest rage in the world right now? The Internet. But most people don't understand the internet, computers, and such. As such, the fact that it's a magic black box that is connected to everything means that it's a danger, and needs to be regulated. We need to stop these knee jerk reactions. I'm not saying that security should not be a concern, but all these calls to regulate the entire internet is blatenly irresponisble. Deregulation fosters growth, much the same as kids with tons of rules generally don't grow up to be extremely crazy thinkers. Stop trying to make anything you see into a scapegoat. The problem is not the internet, nor is it brown skinned people from the middle east. The problem is unenlightened human beings.
I in Europe see this as a strange thing. Media in USA just whips and whips up old dust. It's almost a year and the people still are constantly reminded of the thing that happened. Somewhy the people are kept frightened, someone likes it. Perhaps to justify military budget and raise the ratings of certain politicians. Is the threat really so imminent? Has there been a real open investigation? Sometimes I feel the US government is the real terror to the people, not the zeal-driven desperate madmen of Middle-East.
The comment was that e-terrorism may occur, but that there would be little loss of life. And I really wonder if the terrorists would attack the network themselves.
I would tend to think they would attack the source, which would attack the network indirectly. Like the comment about the tree falling on a power line and cutting off electricity for a while in an area.
Where I think there ought to be more concern is digital theft. Oddly enough we always hear about young hackers breaking into a network and getting caught. Please tell me where the older hackers are? Since I doubt that there are no older hackers. UNLESS, they are successful and do not get caught. Those are the folks that we need to be scared about in digital terms.
Nut balls like Bin Laden I think are more concerned with killing and general mayhem and anarchy. Sure they may use technology, but that is not their main focus. And I really think that Bin Laden's strength is not high tech, but low tech and sheer simplicity. Like using a plane as a missle. Who would have thought it? What scares me about nut balls like him is that he uses our free societies against us!
"You can't make a race horse of a pig"
"No," said Samuel, "but you can make very fast pig"
Obviously there are risks from cyber attacks, regardless of whether they are script kiddies or "eTerrorists". But these scare monger, over hyped "scenarios" have been beaten to death already. This article tries to pass itself off as objective but, it is just more ludicrous hype.
I'm starting to wonder if these stories aren't plants from the justice department designed to generate irrational fear in order to grease the path of John Ashcroft's next chip at American freedoms.
What's the biggest rage in the world right now? The Internet.
They have the internet on computers now?
As such, the fact that it's a magic black box that is connected to everything means that it's a danger, and needs to be regulated.
There is a very real danger in that many systems that have no material reason for being on the internet are accessible from the internet: Maybe the control systems company thought it'd be more economical than using a private frame relay, or they wanted to be able to put in their presentations "Internet enabled". We're talking about the control systems for hydroelectric dams, some power generation and control facilities, traffic control systems, etc. The danger in these cases is very real.
However, personally I would completely agree that there should be a heavy amount of regulation. For instance, each ISP needs to have some onus of responsibility for the traffic originating from them to peering partners. I'm not saying that UUNet needs to censor alt.binaries.*, but rather that a massive DOS attack originating from UUNet sources should be quenched by UUNet and should not be allowed to saturate the destination. There are a myriad of situations like that where the internet is far too reckless (for instance, as has been mentioned in a million postings otherwise, all ISPs should dump packets which contain functionally invalid source IPs. It's pretty trivial stuff).
Granted, the media overplays the whole thing but that is nothing new.
leet hacker: "I could break into your traffic light control system over the Internet and make the lights go green in both directions."
leet traffic light manufacturer: "No you couldn't."
leet hacker: "Why not?"
leet traffic light manufacturer: "Because we have protection in place. Relays physically prevent power being supplied to both red and green lights in opposing directions at the same time."
leet hacker: "What is the response time of those relays? What if I hacked your box and strobed the lights so fast that they appeared to be still lit?"
leet traffic light manufacturer: "Ah....."
E-Terrorist Hackers Foil Local Website
Arny's Dry Cleaning located at 1010 East Kimberly was recently hacked by hackers. The hacking was carried out by E-Terrorists hackers who left this message: you were hacked by hackers
The local police and FBI are working togeher to catch the hackers who hacked this out. More at 11
*DrugCheese rants*
if you provoke, scandalize and create hype about E-Terrorism ;)
Old hackers? I thought they called those "security consultants"?
Why hack when you can make $250/hr?
It's got about as much bite as my 12 year old brother trying to Win Nuke my *nix server because someone in the Yahoo hackers lounge told him it would "totally be pwned".
Myth of eletronic terrorism (trollish site, but still interesting)
Definition of electric terrorism.
Tips on preventing electronic terrorism.
Opinion article by a MIT student about overreacting to terrorism.
First article I can find mentioning electronic terrorism
Remember Y2K!
Remember the hype!
Remember the scare!
Don't trust the mainstream media's portrayal of anything related to computers because the mainstream media is created by and targetted towards a very large group of people who do not understand computers. I don't think I need to explain how people tend to fear what they don't understand.
But, the pontential harm that a large asteroid striking the earth would cause is also _huge_. But, the level of risk is, in fact, rather low.
It is the level of risk that is grossly over-hyped. Sure the risk or potential is there but the risk is easily mitigated with a little bit of effort and a massive dose of common sense.
The venture capitalists and wild stock market speculation beat them to it.
Ergonomica Auctorita Illico!
The reason it keeps coming up as something that they are likely to do is because the media knows fear sells and Congress likes the political mileage they can get out of 'fixing' the 'problem' without stepping on the toes of any constituents that matter to them.
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
Let's think for just a moment. If the internet were to be completely shutdown or even unplugged, do you really think that we will be in such desperate straights as to be terrorized? Sure, for a few wierdos, no Slasdot access may be terrifying. But, for the rest of the world it would mean little. It would mean an inconvenience to many, perhaps a slowdown for commerce and indeed an end to some businesses based on crappy business models. But nothing more.
;)
No dams will open, killing millions. No planes will fall from the sky. Your head will not explode. Your funds will not disappear from the bank.
Try to remember that the internet is not a life giving force. It is not a life support system and it's disappearance will not take away life. Well, perhaps it is to eBay and Amazon but, when we are talking terror on a national of global scale they aren't much cause for concern.
I mean, so what if the internet goes down? It's not like the Seatle Starbucks running out of coffee or something serious like that. Now, that would be real terror.
Even as we "speak", terrorists are signing up for MSCE courses. Be on guard!
One line blog. I hear that they're called Twitters now.
Hijacking planes, blowing up bombs, etc. inspire terror -- people become afraid to go to public areas (in Israel especially), some people are afraid of flying planes, etc. I can't see how "e-terrorism" could possibly inspire the same sort of terror. "Oh, so the online order-tracking system is down? Not like it's the first time this week..."
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
So far, the result has been some defaced web pages, and the deprecation by both governments of Microsoft software.
Ed Craig "Who cares what you think?" George W. Bush, 4th of July 2001
Everyone knows that the e is dead and i is in... this year's buzzword is iTerrorist.
Urgo: "I want to live. I want to experience the universe and I want to eat pie!"
Jack: "Who doesn't??"
The wors case scenario I could see would be an attack on the communication szstem coupled with an attack on another massive attack.
The standard phone network could be attacked in a way that could hamper emergency response, as could the 911 centers. Additionally, if one here to hit the internet, the ability of informaiton to circulate immediately would be reduced, thus increasing the level of uncertainty that the terrorism seeks to create.
Your power plants, air trafic control systems, etc. are hard enough to hack that they fall into the realm of diminishing returns (like chemical attacks) which are much more expensive to pull off than a comparably damaging attack on the communications network.
Or here is another scenario-- hacking Wall Street and hampering the trading of stocks (think about the economic damage of that one).
LedgerSMB: Open source Accounting/ERP
Any real terrorist organization will always find it easier to place a truckload of C4 outside a dam and hit the button than to break into the computer and open the floodgates. It is not "easy" for "just anyone" to break into these systems. I would worry more about vulnerable computers controlling these sites being taken out by one of the far-too-many script kiddies, by accident. After all, there are many more script kiddies than terrorists. Realizing his find, some 15-year jackass in New York opens the floodgates of Hoover Dam and kills a million people just for the hell of it, then goes and wanks off with the porn in his other window. Kids these days. But suffice it to say, I'm not too worried about that either.
What terrorists could do is take most of the internet down with a Warhol or Flash worm, which could be done by terrorists and would take out all vulnerable computers in about a minute. While not killing anyone, this would be horrible for the economy.
Just my $0.02
I hereby place the above post in the public domain.
SIG: HUP
ok, i know this is at least partially OT, but when people make remarks like that in public and the aren't challenged, we all lose.
i understand the position that the bombing of hiroshima and nagasake, and the firebombing of dresden were ethically questionable acts since they were fundamentally civilian targets, but calling them acts of terrorism blurs the distinction too much to let it go.
the fundamental difference between the bombing of the japanese homeland and the world trade center attack was that there was a declared state of war. additional mitigating factors:
in the final tally, bombing japan probably spared lives compared to a massive, D-day style invasion (but then, in the final tally, were all dead anyway...). i'm not saying it was undebatable from an ethics standpoint, but i am saying that it was a tough decision to make, and i think they did the right thing.
grouping a wartime act like hiroshima together with an undeclared attack on a civilian target like the WTC attack is nonsense. its like hearing the talking heads say that enron was a victim of stockholder expectations: they weren't victims, they were perpetrators. don't make the english language any more ambiguous than it already is.
Fermat's other theorem: "I have a simple proof, but I can't write it down as I fear it's a DMCA violation to discuss it"
Ok don't take my word for it. Why do you think that only physical assets are the ones that are threatened? Do you honestly believe that law enforcement systems when splashed wouldn't have an adverse effect on the state of things? How about interbank lending systems? How about aircraft maintenance service record databases? About 100 trillion dollars, that's right, with a T, flow through world financial systems on a daily basis. How MAJORLY a big deal is it to disrupt 3% of that.
We're not talking about minimal protections we're talking about the cost to implement large scale protections on very large systems that are owned by commercial companies who make judgments on how they want to spend their own money. That is, in lieu of insurance dollars.
It's time to grow up pal and see how large institutions really manage and measure risk and stop thinking about technical feasibility; majorly, speaking, that is.
The reason this article is titled "Bark or Bite?" is because it has to do with overblown fears. If you read into it about that dam "hack" was that it was NOT some 12 year old at the controls and was in fact a 27 year old who had no real control over the gates.
This article is very good in that it shows that E-Terrorism is not a big problem. The big problem is that we are worrying about it all the time and are having our rights taken away. This is why its called "Terrorism". It doesn't do THAT much damage, do you know anyone who was killed on 9-11? im sorry if you do but most of us dont. For most of us the real damage comes from the fears and the irrational actions taken because of them. Its a horrible thing what happened but its also horrible how we are reacting.
unzip; strip; touch; finger; mount; fsck; more; yes; unmount; sleep
Remote reset after a conflict detection is possible for some units, but takes 6-10 seconds, during which period all lights are in blinking red/yellow.
There's an NEMA spec for this, and this functionality is required.
Unfortunately, there's a trend towards putting more functionality in the conflict monitor so it can diagnose and report other problems, then giving it some communications capability. This is a concern. But conflict monitors are, intentionally, much dumber than the main controller, which is a full-fledged computer typically running OS-9.
even the soda machines in my dorm are controlled via ethernet (student id/meal card can be used to get beverages). I wounder if it'd be a terrorist attack to h4x0r the soda machines to make them more "friendly"?
Attacks on the IT infrastructure are at most going to yield either localised effects, inconvenience, or a loss of confidence for most people. The proper way to incorporate IT in attacks would be the following...
;) attack the IT systems identified in an appropriate manner, and then release some general malicious software to the net to bog it down so people and responders are hindered yet again. If you really want to have fun, target ASP's providing web-based emergency management solutions specifically - there are a few out there.
Identify some critical infrastructure to attack. Find IT related systems that if hacked can slow the response and recovery effort. Set us up the bomb
Virtual attacks currently seem to work best when used in conjunction with physical attacks - it acts as a catalyst or force multiplier. I wouldn't be too scared about standalone virtual attacks. What is scary is a combined physical and virtual attack on the power grid in Winter using bombs and taking down control networks via the SCADA's.
Cheers Gav
PS and check most definitions of terrorism - they usually single out the use of violence to create fear to achieve political or social objectives. Hacking is non-violent generally.
Depends. Given the current state of the world in which the US defines "terrorism" as most anything that does not follow the US way of life and commerce the BBS piracy i did ten years ago might well be "e-terrorism". And it was real. So it's a bite.
+++ath0
The most likely scenario for a cyber attack on Wall Street is falsification of ticker data by exploiting vulnerabilities in the "Instant Messaging" systems through which the ticker information is distributed.
This, in turn, drives computer-driven buying and selling cycles, which draw the rest of the system into a spiral.
As one example, E*Trade recently announced an association with Yahoo for distribution via Instant Messaging of ticker data to autonomous agents running on user's computers, which would then use the data to may buy/sell decisions based on user specified thresholds.
Exploiting a system like this would be, if not trivial, at least relatively stright forward.
-- Terry
Terrorism is any act designed to drive fear and terror into the minds of a selected target. Targeting of civilians or military can both be considered terrorism. The point of terrorism, in a stric sense is to fuck with people's heads, not nessesarily inflict dammage.
T Money
World Domination with a plastic spoon since 1984
People also forget, once you realize someone is taking control over your system, the easiest way to stop them is to disconnect the system, physicaly. Besides, if the remote controls didn't have a manual override, you've got bigger issues than hackers to deal with
T Money
World Domination with a plastic spoon since 1984
Help me educate the masses. The internet is not a new world with a new set of rules. The internet is the same world which we live in now, except is a more accurate representation. Regardless, the same rules of life apply on the internet.
1) Don't talk to strangers
2) If it's too good to be true, it is
3) Hide your valubles
4) Get ID
5) Don't be a dumbass
6) Use common sense
T Money
World Domination with a plastic spoon since 1984
OK, so what else is new. Web sites and companies are hacked every day. Power goes out all the time. Data get's lost. Have you ever lived through a 2 week black out in the middle of winter? Believe me, bad things happen, but life goes on. The greatest aspect of humanity is our stubbornness. We dont' know when to give up. The world may crash, but we'd come right back and just rebuild.
T Money
World Domination with a plastic spoon since 1984
(At first, I thought you were saying that you ignored this for a living. Bad joke, and not the point of this post.)
You're making one mistake here, the same one that most pundits are making: you're confusing vandalism with terrorism. The difference is in motive. Y'see, most of the attacks are for bragging rights, not to terrify people. Or are you suggesting that the terrorism here is an attempt to scare people away from the Internet? In that case, the media reports themselves are the attack.
"Terrorism" is getting overused a lot nowadays. A lot of what was called extortion is now called terrorism, and spreading FUD is also now slapped with the terrorism label. Just like "genocide" got devalued to mean any percieved oppression, not just the murder of an entire ethnic group.
So yes, there are attacks on electronic resources, but the possibilities of mass destruction/murder are not high enough to warrant the T-word.
E-terrorism! Please, take my first amendment rights away so we can fight off this plague!
Is there enough left of that part of the US Constitution to be taken away.
Oh you're right, everything's perfect. Let's go back to playing Quake. Don't worry your daddy's portfolio can keep you in the style to which.