Slashdot Mirror
FIDNET, Cyberwarfare, and Reality
Neutral: Foxxz writes "Shortly after the article ran on Slashdot about the FBI computer monitoring program called FIDNET, I wrote to my congressman. Finally I have received a response from him concerning FIDNET. Its not a very pretty picture for the internet; allowing email captures and the monitoring of remote logins. I took the time to type up the letter and post it. I hope to get the document scanned early this week." It's just a form letter, firmly in the middle of the road, but interesting anyway.
Pro: Effect sends this article from a legal publication. "The article is a little old, but a new example of how are tax dollars are spent is here. The rundown is on a new $1.5 billion dollar program to gauge the threat of cyberterrorism and looking for security breaches in critical networks like banks, telecoms and government nets. Any one else want the govenment poking their noses into their files looking for problems? Bear in mind that this is just a proposed start up cost, and the actual program will run much higher."
Anti: George Smith, of the Crypt Newsletter, has been debunking this for some years now. His articles include Electronic Pearl Harbor: A slogan for U.S. Info-warriors, An Electronic Pearl Harbor? Not Likely, a tale about how the FBI finds new computer threats (in April Fool's jokes about computer viruses), and a recent piece written for CyberWire Digest. Smith says, ""Clinton" [a fake virus] was an April Fool's joke published in a PC mag along with a number of similar tales, it was republished in an FBI paper on computer crime in 1996. While it's amusing that the FBI would be taken in by an April Fool's joke, it's rather confounding to realize that this was passed off as serious research. It's a great lesson in why it pays to be skeptical of our leaders when they talk of "cyberterror.""
Future: Johan writes "Jane's Intelligence Review is running an article about cyberwarfare for its next issue, which I'm editing at the moment. It has a number of broad assertions, including:
"For terrorists, CBRN/Cyber weapons provide the opportunity to cause death and disruption at unprecedented levels--resulting in thousands of casualties and billions of dollars in damages to critical infrastructure nodes."
"Acquiring a CBRN/Cyber capability requires extensive funding, an overt or covert acquisition capability, a technological research and development program to produce, weaponize and stockpile CBRN materiel (or the capability to purchase or steal ready-made weapons), and a level of technical expertise and logistical infrastructure that is appropriate to launch successful CBRN attacks..."
"Commercial-off-the-shelf (COTS) software products can easily be obtained to conduct cyberterrorism, making CB/Cyber attacks much more feasible to launch than heretofore..."
Although 'cyberwarfare' is a bit of a cliche, given the IT-related nature of many of your readers, I wondered if any of them would like to comment on this, ie, is all this stuff really so?"
The floor is open. -- michael
Ask you Government to fund your useless project!
Just Complete the form where's appropiate and send to your favourite agency.
TO: Security Agency Director
FROM: ___________________________
I need funding for a new project to prevent free world to be dominated by:
(mark with an X)
__Cyberterrorists
__Militias
__Drug Mafia
__Anarchists
__Leftists
__Child Abusers
__Porno Distributors
__MP3 Compression
The project consists in attack this evil organizations by
(mark only 3)
__Disabling the whole Internet
__Reading their e-mail
__suscribing them to the a USENET list
__Banning crypto software
__Filtering web content
__Analizing content of each net packet
__Playing Quake until late night
__Probing for security holes
__Analizing network routing
__Taking over IRC channels
__Spamming them
__Analizing ICQ message contents
__Attacking them with ICBM's
__Rising communication rates
__Invading underdeveloped countries
This resource intensive task can only be acomplished succesfully using high skilled
__Windows Users
__Aliens
__Cobol programmers
__NFL players
__Foreign soldiers
in cooperation with our group of expert
__gourmets
__C++ programmers
__Hollywood script writers
__Linux developers
__NSA Officials
__Bowling Team
The project will be directed by me and myself, and I will be the only person with entire knowledge of the entire secret operation.
Our operating office will be undercovered as a
__Pizza Hut Restaurant
__Software Development Company
__Gay Bar
__Open Source Software Project
The total funding requeriments, for a initial development of the project is
__$1.000
__$1.000.000
__$1.000.000.000
__other, please specify ($_____________)
due the need of high end equipment.
This equipment will be the core of the project and will consist in
(describe quantity)
__Sony Playstations
__Texas Instruments TI99
__Pamela Lee's Videos
__Calculators
__DVD Rentals from BlockBuster
__Complete Ricky Martin discography
__Windows Licences
__cans of Coca-Cola
Waiting for your positive response, yours:
______________
your signature
It's also a bit too close to FIDONET, which is quite unfortunate, since FIDONET is good, while FIDNET is not.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
For every 100 or so pony-tails, there is a guy with short hair who wears a tie to work and knows his shit. He wants to keep America safe and still think the US Government is the most powerful ally he has to do it. It happens. They didn't think the hackers messing with his mainframe were funny. Everyone laughed at him. And now he's keeping cyber-terrorists at bay. Or so he thinks...
Bad Mojo
Bad Mojo
"If you can't win by reason, go for volume." -- Calvin
I wonder what would happen if some script kiddies just happened to hack all the members of congress and US Senators private medical and banking records? MAybe that would change something ...
Yeah, like: programming without a license becomes illegal? Ownership of hack(sic)ing tools becomes restricted ? (same way that guns have become)
There are times when it must be done, but messing with the powerful and (relatively) clueless might provoke the wrong sort of response these days.
Yes, as you indicate, we (the US) will intercept the Canadian (and European) packets. What makes you think we care about the rest of the world's attitude towards international spying - we just had a bunch thrown out of Germany yesterday.
Will in Seattle
For some reason, the thing that comes to my mind is that a better name for FIDNET would be FUDNET...
---
I hope you're not pretending to be evil while secretly being good. That would be dishonest.
First, from the items quoted in the original
But this brings me to the point of this post, and that is that I don't think you can lump a CBRN attack in the same category as a "cyber" attack. An attack on an information technology infrastructure doesn't destroy lives similar to a chemical weapons attack.
Unfortunately, many of our elected and appointed officials apparently haven't gotten this point yet. It's this kind of correlation that can cause the loss of individual freedoms as officials expound on the threat of "cyber" attacks.
$.02 deposited.
Sure, they're the Feds, yes they have lots of money, but fundamentally how are they going to operate at a high level of competence without hiring people who know what they're doing, i.e. some of us? Think 8 days of the Condor Basically its a bunch of guys with ponytails sitting in a boileroom, with an extra guy to fill out requisition forms.
It's a scary thing, but there are probably people working for these agencies that most of us could respect, or even admire under other circumstances. As much as the violation of privacy bothers me, I'm far more disturbed by the perversion of good, powerful brains. How do they convince intelligent geeks that, after all, the long-term assurance of privacy and personal liberties isn't that important. Is it money? Do they snag them early in college? What?
-konstant
-konstant
Yes! We are all individuals! I'm not!
Granted that FIDNET as it is talked about now has some serious Issues. But the issue is bigger than that, I'm going to try to bring up some points, but I may miss some, and may be wrong on some...
Keep in mind that there is a wide variety of people in the world. All too often posts here end up with examples of US and THEM. In a post above, ponytails vs. the guy in ties. The tech students in school right now is a much more varied group of people than there was 10 or 20 years ago.
Asking a question like what self respecting geek would work for the FBI is the same as asking "who goes to work for the FBI in the first place?" or "How does the NSA get people?" The NSA is what, three, four times the size of the CIA?
I think that it may be as simple as service. How does the Military get bright intelligent minds when all they do is Destroy? People want to work on cool stuff. People want to serve. (BTW, my father was career army out of West Point. I am proud of that and support the Military) Nationalism and Patriotism are very strong principles.
The only way to prevent a situation like FIDNET is for another Organization to rise up and take its place. The solution may be sitting in the open source community, but if it is, it won't EVOLVE fast enough to fix this problem. Look at it like this. Hidden in the community is a football team, and the organization I talk about would be the coach, making sure everyone came to practice and showed up to games.
There is another issue that Cyberterrorism IS NOT the same as cracking. The tech is the same, but the purposes and final goals are not. The FBI/Government knows about Terrorism. We as a group are not prepared to deal with it. Your team may have a star Quarterback. But the coach has a whole team of Offensive and Defense Coordinators to figure out the game strategy. What happens if the Quarterback sets up a play that allows that lineman to come around the side and sack him? The QB's smart and fast. His runningbacks were all out in the open and hauling ass downfield. It's just that this one guy came around the side, and BOOM down he goes. What does setting up a secure linux/UNIX/NT server have to do with someone attacking the power grid? We're talking about security at a NATIONAL LEVEL much much more complex than making sure a ISP or a bank is secure.
I bet you that there are PLENTY of security guys who would be willing to work on the counter-terrorism aspect. Why? It's New. It's Different. No ones really done it before. It's very very serious. There is a very real possiblity of innocent people dying. Would you save a life if you could?
And right now the only place you can get access to it is through government work.
Our efforts would be best spent trying to raise public knowledge of what is occuring so that when somethign like FIDNET occurs, it has the correct set of powers so that it saves life and injury without giving up privacy.
Sig:
Barbeque is a noun. Not a verb.
So where can I download it? Do I need new libs? And is it as smashingly cool as regular Perl? Will O'Reilley print a book on this? What animal will be on the cover? Maybe a penguin?
Brad Johnson
Advisory Editor
Brad Johnson
I disagree with your assumption that the technical elite ("people who know what they're doing, i.e. some of us") by definition have a set of moral principles in opposition to the kind of creepy preemptive "counterterrorism" that the Feds are engaging in. As humans, we have a long history of putting our best minds to work on the most nefarious and wicked projects.
Hell, I wouldn't be suprised if some of the best and brightest were attracted to such programs because of the sense of power that must come with the job.
Ruby on Rails resources and more at idolhands.com
And if your job is to worry about security or criminality, it'll be shocking to you.
- Seth Finkelstein