FIDNET, Cyberwarfare, and Reality

Slashdot has received a number of submissions about FIDNET, so-called cyberwarfare, etc., since our first article about it two months ago. Here's a grab bag of more news about it -- Pro-, Neutral, and Anti-. Click below to read more.

Neutral: Foxxz writes "Shortly after the article ran on Slashdot about the FBI computer monitoring program called FIDNET, I wrote to my congressman. Finally I have received a response from him concerning FIDNET. Its not a very pretty picture for the internet; allowing email captures and the monitoring of remote logins. I took the time to type up the letter and post it. I hope to get the document scanned early this week." It's just a form letter, firmly in the middle of the road, but interesting anyway.

Pro: Effect sends this article from a legal publication. "The article is a little old, but a new example of how are tax dollars are spent is here. The rundown is on a new $1.5 billion dollar program to gauge the threat of cyberterrorism and looking for security breaches in critical networks like banks, telecoms and government nets. Any one else want the govenment poking their noses into their files looking for problems? Bear in mind that this is just a proposed start up cost, and the actual program will run much higher."

Anti: George Smith, of the Crypt Newsletter, has been debunking this for some years now. His articles include Electronic Pearl Harbor: A slogan for U.S. Info-warriors, An Electronic Pearl Harbor? Not Likely, a tale about how the FBI finds new computer threats (in April Fool's jokes about computer viruses), and a recent piece written for CyberWire Digest. Smith says, ""Clinton" [a fake virus] was an April Fool's joke published in a PC mag along with a number of similar tales, it was republished in an FBI paper on computer crime in 1996. While it's amusing that the FBI would be taken in by an April Fool's joke, it's rather confounding to realize that this was passed off as serious research. It's a great lesson in why it pays to be skeptical of our leaders when they talk of "cyberterror.""

Future: Johan writes "Jane's Intelligence Review is running an article about cyberwarfare for its next issue, which I'm editing at the moment. It has a number of broad assertions, including:

"For terrorists, CBRN/Cyber weapons provide the opportunity to cause death and disruption at unprecedented levels--resulting in thousands of casualties and billions of dollars in damages to critical infrastructure nodes."

"Acquiring a CBRN/Cyber capability requires extensive funding, an overt or covert acquisition capability, a technological research and development program to produce, weaponize and stockpile CBRN materiel (or the capability to purchase or steal ready-made weapons), and a level of technical expertise and logistical infrastructure that is appropriate to launch successful CBRN attacks..."

"Commercial-off-the-shelf (COTS) software products can easily be obtained to conduct cyberterrorism, making CB/Cyber attacks much more feasible to launch than heretofore..."

Although 'cyberwarfare' is a bit of a cliche, given the IT-related nature of many of your readers, I wondered if any of them would like to comment on this, ie, is all this stuff really so?"

The floor is open. -- michael

It's just a bunch of guys sitting in a boiler room

[konstant]

Sure, they're the Feds, yes they have lots of money, but fundamentally how are they going to operate at a high level of competence without hiring people who know what they're doing, i.e. some of us? Think 8 days of the Condor Basically its a bunch of guys with ponytails sitting in a boileroom, with an extra guy to fill out requisition forms.

It's a scary thing, but there are probably people working for these agencies that most of us could respect, or even admire under other circumstances. As much as the violation of privacy bothers me, I'm far more disturbed by the perversion of good, powerful brains. How do they convince intelligent geeks that, after all, the long-term assurance of privacy and personal liberties isn't that important. Is it money? Do they snag them early in college? What?


-konstant

Widen your views...

[Capt+Dan]

Granted that FIDNET as it is talked about now has some serious Issues. But the issue is bigger than that, I'm going to try to bring up some points, but I may miss some, and may be wrong on some...

Keep in mind that there is a wide variety of people in the world. All too often posts here end up with examples of US and THEM. In a post above, ponytails vs. the guy in ties. The tech students in school right now is a much more varied group of people than there was 10 or 20 years ago.

Asking a question like what self respecting geek would work for the FBI is the same as asking "who goes to work for the FBI in the first place?" or "How does the NSA get people?" The NSA is what, three, four times the size of the CIA?

I think that it may be as simple as service. How does the Military get bright intelligent minds when all they do is Destroy? People want to work on cool stuff. People want to serve. (BTW, my father was career army out of West Point. I am proud of that and support the Military) Nationalism and Patriotism are very strong principles.

The only way to prevent a situation like FIDNET is for another Organization to rise up and take its place. The solution may be sitting in the open source community, but if it is, it won't EVOLVE fast enough to fix this problem. Look at it like this. Hidden in the community is a football team, and the organization I talk about would be the coach, making sure everyone came to practice and showed up to games.

There is another issue that Cyberterrorism IS NOT the same as cracking. The tech is the same, but the purposes and final goals are not. The FBI/Government knows about Terrorism. We as a group are not prepared to deal with it. Your team may have a star Quarterback. But the coach has a whole team of Offensive and Defense Coordinators to figure out the game strategy. What happens if the Quarterback sets up a play that allows that lineman to come around the side and sack him? The QB's smart and fast. His runningbacks were all out in the open and hauling ass downfield. It's just that this one guy came around the side, and BOOM down he goes. What does setting up a secure linux/UNIX/NT server have to do with someone attacking the power grid? We're talking about security at a NATIONAL LEVEL much much more complex than making sure a ISP or a bank is secure.

I bet you that there are PLENTY of security guys who would be willing to work on the counter-terrorism aspect. Why? It's New. It's Different. No ones really done it before. It's very very serious. There is a very real possiblity of innocent people dying. Would you save a life if you could?

And right now the only place you can get access to it is through government work.

Our efforts would be best spent trying to raise public knowledge of what is occuring so that when somethign like FIDNET occurs, it has the correct set of powers so that it saves life and injury without giving up privacy.