Slashdot Mirror
CyberTerrorism - Reality or FUD?
Random Utinni writes "The director of the U.S. Cyber Consequences Unit (part of Homeland Security) claims that terrorist hackers are poised to create total chaos. He predicts all sorts of scenarios, from changing the formulae for medications to causing cars to explode after a few weeks of driving. Is this guy fearmongering for an increased budget, or is he on to something here?"
It's no good burying your heads in the sand. Cyberterrorism is VERY real
the term is being used to justify basically anything the american government wants to loegalize to suppress its peoples rights. the reason? who knows..
Is that the best they can come up with?
Attacks on SCADA systems?
Who puts their vital power infrastructure controls online anyway?
I cry FUD, and let slip the dogs of mainstream media.
I am a leaf on the wind
Reminds me of the up coming horrors of Y2K that amounted to a few slot machines not working after midnight.
;).
Although chicken littles can be right once in a while given the sheer number of warnings tossed about, and then no one listens to them when they should have
I mean, really, this all sounds more like industrial sabotage than terror. I mean, are you really going to have people running in fear for their lives that... say... the next time they fill up their car, the gas pump might explode? Or that any pill that they take next could be their last?
Most acts that they're looking at would be one time things, and isolated/restricted in nature. (Also making it easy to identify/avoid/fix.) I can't see that something like this would actually cause terror.
Again, CyberSabotage. Nothing more.
It would take an expert insider a lot of work to cause the kind of catastrophes the author is predicting here. Making a bomb is quick, easy way to kill a lot of people, and it gets a lot more media attention. It's also much closer to Al-Quaeda's traditional area of expertise.
I hereby place the above post in the public domain.
From TFA:
"Chatter on Scada attacks is increasing," says Borg, referring to patterns of behaviour that suggest that criminal gangs and militant groups are now fully capable of unleashing such attacks.
Then especially in the case of terrorists, WHY THE HELL HAVEN'T THEY DONE IT YET? If one of them had a shot at bombing the White House tomorrow, do you think he'd say "Eh...no, I'd rather wait until next week and hope they don't improve security by then."
This is not fearmongering for money. This is fearmongering for POWER-and the power they're going to shoot for is the power to control the Internet.
What a hell of an ironic name for that guy, Borg. I think that might tell us about everything we need to know.
To fight the war on terror, stop being afraid.
Period.
"Think of the control systems for chemical plants, railway lines, or manufacturing facilities. Shutting these systems down is a nuisance. Causing them to do the wrong thing at the wrong time is much worse."
Am I the only one who is thinking? Why the hell are these things connected to the Internet then? And if its an absolute must why not setup the companies using a system like the US Governments's SIPRNet
I'd like to suggest he is on something rather than on to something.
Many years ago, I worked for a small company that had a contract to service the massive dot matrix signs that are spaced every few miles along the Southern California freeway network.
As part of the job, we were given a portable ascii terminal to enter test pattern data directly into the sign controller. Just for fun, we held an internal contest to think up 'What was the worst possible thing that we could type into the portable terminal for posting over the freeway at rush hour'.
The winner?
"INCOMING NUKE ATTACK - EST 15 MIN"
Just imagine the bedlam .
"A microprocessor... is a terrible thing to waste." --
GeneralEmergency
Okay, folks, tell me: what can a cyber-terrorist do to a car that will cause it to burst into flames in a few weeks? All I can think of offhand is changing the spec for the gas line to gum rubber instead of neopreme, or soemthing like that --- and, of course, no one involved will ever notice, because cars are completely assembled by robots and no human ever sees the specs, buys the materials, or checks the figures.
And, if they were to do so, what happens? Someone announces a recall and a bunch of people take their cars to the dealerships.
Hell, why not do it the cheap way: wait until there is an accident, and just announce that it was done by your super secret ninja terror 31ee7 hax0rs.
Or consider the sources: this guy from the "U.S. Cyber Consequences Unit" --- with their empty website on a non-government '.us' domain.
Remember, kids, only a few years ago, the world didn't need computers to run. Chemical plants and other control systems have failsafes and safety valves and emergency shutdowns; people survive power blackouts, even if the birth rate does go up; we still have analog radios and mechanical water valves.
On the other hand --- here's some guy with a nifty-sounding name on a web-site, and Richard Clarke, who has been making a living from running around with his hair on fire ever since he said cyber-terror was a bigger threat than al Qaeda. Get a little attention, and people will start taking their calls again; maybe the USCCA" can even hire someone to make a web site.
Who benefits from this story?
now that it's been publicized we'll have terrorists sittin around in their boxers and socks drinkin beer at their puter screen giggling when they confuse the subway employees on the recipe for a roast beef sandwich.
Cindy Sheehan was really effective against Bush for a while because she's a strong family-protection figure who made it clear that Bush had endangered her family rather than protecting it. And Katrina was even more effective, because it demonstrated that Bush wasn't decisive, or strong, or competent, when faced with an actual threat that he couldn't control but could have responded to. Osama bin Laden was just fine - if you're crying Wolf Wolf and a real Wolf shows up on occasion, that demonstrates that your strong leadership is needed just like you said.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I would like to see some discourse on the ability of these FUD spewers to actually react or inform people on actual network security.
I attended a cyber security thing once put on by these guys. It was completely worthless. When I say completely worthless I'm talking screendoor on a submarine worthless.
A scenario: "Half of your computers on the network are infected by a virus, it is tying up your internet bandwidth trying to spread itself, what do you do? what...do...you...do?"
Ok, for 1 if you're worth a damn you don't open port 25 outbound to client PCs anyway and proxy most internet traffic. The only outbound ports are for legacy systems with dedicated IPs. Second, say you do notice your bandwidth is consumed by something. Sniff the port, and close the firewall rule for said traffic until you have the info to take further action. Implicit deny anyone?
Their scenario was geared toward the morons of the IT industry who might truly be perplexed by such a situation, but I found it laughable.
That wasn't the totally useless part. The exercise as it was to be performed: IT provides the info on systems we are running and possible vulnerabilities. They come up with semi-plausable scenarios to exploit them. But in this event the EOC is fake-active and public safety officials are in a paper simulation of cyber attacks going on in their network. Notably, the analog radio system at the core is not mentioned.
For every problem the solution would be to call IT. IT isn't even part of the exercise. Our fire chief who knows fire and fire personnel management inside and out, doesn't know the difference between PCL6 and PostScript. Nor would anyone in their right mind ask him to write an ACL for cisco equipment much less give him enable priviledges. Not that he would ask for them, he knows better. He knows that if you have a leaky pipe you call a plumber, not an ambulance.
So the point of the whole exercise it to blow taxpayer money, ensure that public safety knows the numbers of appropriate IT personnel, possibly expose idiotic IT practices, and give public safety guys a little more FUD stress they could do without.
Have they even simulated what would happen if a local ISP had a truck full of manure driven into it. That could easily take out half a city's internet and probably a few people downstream in a single point of failure. Would it effect first responders? Not at all. They have radios.
I can't imagine many scenarios where cyber terrorism would be life threatening. Possibly have an economic impact, but I bet it would pale in comparison to phishing scams which they can't even police now.
So I don't think this guy is fearmongering. He is doing his job just as a firemen who tells you your house is going to burn down.
After reading your comment I found that I totally agree with you. He's not fearmongering but the article sure is!
I didn't see a single quote in that article with reference to terrorism. The quotes from those interviewed refered to criminal activities, but the terms "terrorism" and "cyber-terrorism" were thrown in by the jornalist. Why? Does it matter if they're "terrorists" or not? I couldn't care less - the potential consequences are what matters.
The only reason why the reporter uses the word "Terrorist" is because it gets far more attention than the pre 9/11 "Hacker".
"Who says nothing is impossible? Some people do it every day!" - Alfred E. Neuman
Instead they have what they consider a growing problem with domestic terrorists. That's right, their own citizens taking terrorist actions against their government. Except we in America don't consider it terrorism because we don't like the Communist totalitarian rulers of China. So you tell me which is preferable, being hated by extremist members of other countries, or being hated by the general population of your own country. Take your time, I'll wait.
just some guy