Slashdot Mirror
Is the Cyberterror Threat Credible?
Scott Pinzon writes "Is the idea that cyber terrorists might take down US networks or utilities realistic, or over-hyped? One of the authors of the Patriot Act and several Black Hat 2005 speakers debated the issue informally at WatchGuard's "Security and Beer Roundtable." Participants include Dan Kaminsky, Johnny "Google Hacker" Long, Tim Mullen, Sensepost penetration testers, a guy from Microsoft's ISA team, and others."
Who cares if the power company's website is defaced or their web server brought down? That won't lead to the lights going out.
The question is not whether the threat from cyberterrorism (what a stupid term) is credible, but who in their right mind sees it necessary to put critical systems online?
If you want to take out half the internet, you don't need hackers. A backhoe works just fine. So why in the world would anyone put such important things on a network that is easily disabled?
Jesus saved me from my past. He can save you as well.
Criminals that use computers for fraud and other crimes should be described by a less stupid and emotive term than cyberterrorism.
Even if it's not credible, it doesn't mean it's okay to leave networks unsecured. Having consultants do security analysis is probably a good idea (although I don't personally know to what extent the federal government deliberately gets ripped off by those consultants, as you contend).
The threat of cyberterrorism has more to do with whether we should spend money analyzing threats to electronic infrastructure, and planning responses to potential attacks on it. Not the sort of thing you hire pen-testers for.
Personally, I don't feel in any way threatened by any word, phrase, or sentence with the prefix "cyber" in it. Cyber*, to me, means a way for non-geeks to explain something that they don't in any way understand.
Frankly, I think most terror threats aren't credible. My philosophy is that in most cases, if you're on the ball enough to understand a threat, it's not threatening. The real terrorism are the attacks (cyber and...um...Analog?) that come from behind.
In Soviet Russia, backwards is everything.
The Bush administration has been warning of a digital Pearl Harbor for years.
However, their desire to collect and to centralize information on government computers for 'homeland security' purposes makes such a threat more dangerous, not less dangerous.
If their proposals for government-accessible backdoors for all encryption were actually to become reality, then a single successful hacker could compromise millions of secure computers and documents in a single attack.
The best solution is to go back to the policies of Clinton's presidency. Let us, the people, take care of our own security without government intrusion, as is our natural right and privilege.
We live in a culture of fear.
First it's anthrax (anyone remember that?)
Then it's suitcase nukes..
Then it's bird flu..
Suddenly terrorists are going break into our computers?!
All of these are existant 'problems' blown WAY out of proportion. I'm counting the days before termites are found in the whitehouse, thus becoming the next terrorist threat.
The broader question: is the treat of terrorism credible? Considering that politicians made up the whole concept of "the terror network" from disinformation planted in european newspapers and then failed to listen to the CIA when they told them the Soviet Union was not funding terrorist groups and in-fact it was the CIA that was planting the propaganda, how can we possibly believe that terrorism is capable of any more than the few isolated incidents that have befallen the world in the last dozen years? We're talking about a total number of deaths less than a year of ordinary people driving cars on the national highways. The chances of becoming a victim of terrorism are less than the chances of being hit by falling space debris.
How we know is more important than what we know.
Maybe. But probably not. If terrorists use a computer to do something that kills people, its regular terrorism. If somebody screws with my computer, that person is not a "cyber-terrorist," he is just a regular criminal (and also, likely, a douchebag.)
So maybe what I mean is... no, it isn't remotely credible.
Who did what now?
There's something a little strange about spending hundreds of billions to create a missile shield on the off chance the terrorists are smart enough to build a viable nuclear weapon AND deliver it on target via ICBM from thousands of miles away... but too dumb to figure out how to trigger a cascading failure with a DDOS attack.
Truth is, if the raids on strongholds in Iraq are any indication, they can barely figure out how to upgrade to Windows 98. I'd be more worried about my government bankrupting me than anything the evil terrorists could pull off.
I'm not sure that's really what you want. IIRC, the attempts to make key escrow mandatory with Clipper were on Clinton's watch. The sooner we quit believing that one party or another is interested in freedom, the sooner we have a chance to preserve the dwindling amount of it we have left.
I too have felt the cold finger of injustice.
Fear is a fantastic way to control people and get big dollars into big lobbiests pockets. It is also a good way to divert focus from real issues.
Unfortunately these measures only give a false sense of security. All the aircraft carriers can't stop a few punks with box cutters from hijacking a plane or whatever.
Huge security measures in the internat will be equivalent to airport security. Pain in the ass (in more ways than one), queues, loss of service etc for Joe Average and ineffective.
Engineering is the art of compromise.
And have it flash the BIOS with 0's as its first action, then force reboot after spreading. That's data loss and hardware loss. Unless we start hot-swapping motherboards.
I was working at home on 9/11, and yes: CNN was down until they put up a no-graphics static page. Slashdot was up and running just fine.
Anent to the article, I think the so-called cyberterror threat is not so much Al Qaeda as it is Eastern European organized crime, and the threat is more centered towards e-commerce (Amazon, eBay, gambling sites) than public infrastructure.
Al Qaeda wants to perform acts that make people afraid to go to work, not acts that keep them from bidding on Beanie Babies or playing Texas Hold-em. DDos-ing Amazon or Partypoker.com isn't the sort of deadly blow against the infidels that gets them out of bed in the morning. Yuri and Vladimir, on the other hand...
But the real "cyberterror" threat is the potential US Government overreaction towards any potential threat, real or imagined. Since the early '90s, the government has viewed the Internet as something big, scary, and untamed. COPA, DMCA, you name it, they'll regulate it. Even now, look at the way the Federal Election Commission has been eyeballing political blogs: free speech or political contributions?
If there's a threat, it'll be from Capitol Hill or 1600 Pennsylvania Avenue, not some cave on the Afghani-Pakistani border.
k.
"In spite of everything, I still believe that people are really good at heart." - Anne Frank
The combination is quite deliberate to spread FUD.
If you ever watch the news on TV, they constantly want to portray the Internet as this newfangled thing (still) that vague and murky and might bite you at any second. I think that's simply out of touch for most people (actually I think the TV industry is just jealous) but the FUD must play well with some of them because the mechanics of it isn't so easy to grasp as say any other appliance, like a blender or how TV generally works.
Combined with the vogue word of this decade, terrorism, voila: a whole new genre for the powers that be to terrorize, er, I mean inform others with propaganda.
It's the same old shit (SOS) put in a new dress.
I disagree with that statement. How many times has the "If but one death could be prevented..." mantra been passed around? Too many people expect EVERYTHING to be risk free, and often propose and avdvocate extreme measures to gain that certainty. No matter how absurd the measure might be for the majority of the people. And if CHILDREN are involved? Oh my god.
Look at all the handwaving currently going on regarding video game violence, dispite the fact that teen violence levels are at the lowest they've been in decades. But no, SOMETHING caused Columbine, and that something must be eliminated.
And if it can't be eliminated one way, they'll try another. A "defective" product? Sue the company. An unforeseen drug interaction? It's class action time. Some kid jumps off a bridge because a character in a game did so? Obviously, it's time to ban all games.
We demand perfection, every time, all the time. And if it's not perfect, then someone, obviously, is to blame.
Any sect, cult, or religion will legislate its creed into law if it acquires the political power to do so.