Slashdot Mirror
Cyberterrorism Article in Jane's is Available
James McP writes "Guess what gang, we're published!
The cyberterrorism article we all helped with a while back is now available at
Jane's Intelligence Review. It's targeted for PC laymen but still does a decent job of getting the idea across. To be honest, it sounds like a Slashdot article. :)" If you are quoted, please e-mail me to arrange payment as promised here. It'll only be a token thing, I'm sure, but it's still kind of cool.
Compared to what is being put forth by other media outlets, the article is brilliant. Sure, lotsa goofs, but consider-- these people are spook reporters, not computer reporters. I only hope that it has an impact on its intended readership: Intelligence professionals. Anyone here with a military background, will realize after about one second of reflection, that the people who do IT work in the intelligence field have almost certainly got their bosses completely baffled with BS, inflating their own importance and value, by grossly exaggerating the power of their adversaries, and the dangers they are "holding at bay".
Why is Janet Reno on record with the view that computers are "weapons of mass destruction"? Because that is what her IT employees are telling her, in hopes of bigger better everything-- promotions, offices, toys, etc. I *really* hope that senior FBI management reads Jane's.
Maybe the Jane's/Slashdot atticle will knock a tiny little dent in the problem. I sure hope so. I sweated over my post, and it got used in the "summing up".
I'm sorry, but I had to stop reading it after I got to the part that said (to paraphrase):
"A computer could be embedded into the base of a lamp, with an infrared port pointing out the window transmitting information."
Ok... um... If I saw a network cable coming from my *DESKLAMP*, I think I'd suspect something. Especially if the base of the lamp *also* had this little red plastic filter strategically pointed right up close to and out of a window.
Is this guy SERIOUS about this article? He doesn't give *any* background to anything, (except a *little* about the hack/crack debate), and expects GOVERNMENT SECURITY PROFESSIONALS to relate to this???
Wow.
Makes me worry a *LOT* less about Eschelon... It's probably a bunch of radio shack scanners connected to old Ampex reel tape recorders!!!
mindslip
is that kevin not only commited every crime in the book, but also whistled trunk tones so perfectly from the pay phone in jail that he was able to remote hack a commodore vic-20 tape drive into spinning its rewind cogs fast enough to reverse time and commit various exploits that allowed him to at one point play global thermonuclear war with WOPR and thusly almost destroy the world. He turned down thwe chance to play himself claiming he hated tab so much that he would rather see ferris beuller in the role. With an evil giggle he then used a beowulf cluster of slide rules to ping flood god and return himself to his cozy record breaking pre-trial confinement.
if you guys watched more tv you'd know that.
Sadly, the article contains many factual errors and editing slip-ups such as repeated and misplaced sentences.
Definitions are suspect and inconsistently used. For example, their use of the term "spoofing" does not match my understanding of the word. Doesn't it usually refer to forging packets? But I might be wrong.
Some of the arguments seem incoherent, and many statements are unsubstantiated.
For example, in the "Beyond the hype" section, an argument is made that terrorist attacks on the infrastructure might not be effective because the infrastructure fails often anyway. This ignores the significant difference between normal failure modes and a planned terrorist attack. They could have done better - I wrote some comments on physical infrastructure attacks in the original Slashdot article, and other comments from people with more knowlege than I did as well.
The statement "Any system put together in the last few years will have been implemented with security in mind" is simply false, with many counterexamples available.
Really, the commentary on the original Slashdot article asking for input was more interesting and informative. I expected Janes to go beyond that with some really interesting research.
Disappointing.
Torrey (Azog) Hoffman
Torrey Hoffman (Azog)
"HTML needs a rant tag" - Alan Cox
Not to start accusing Jane's, but they clearly plagiarized my post to Slashdot and did not provide credit. Here is a snippet of the Jane's article:
As pointed out by Clifford Stoll in The Cuckoo's Egg, automated 'data mining' techniques can be used to search for useful patterns in vast stores of insecure and seemingly unrelated data. A bank may assume its electronic fund transfer system is the most vital system to protect, but a terrorist may only want access to the financial records of persons or groups that are the bank's customers. This may not even involve destruction of data, as the pure information is often much more valuable than simply destroying random records. Reconnaissance attacks such as these are difficult to stop but extremely damaging. In the long-term banking scenario, the terrorist may simply choose to track sources of funding based on deposit records to harm the person or group who is the target. In a situation like this, going into the bank to destroy the information is only a temporary setback and will raise attention. Why destroy a valuable point of information gathering by doing something short-term like disrupting operations?
Here is a quote from the original thread with my (long) post:
"For instance, a bank may assume their electronic funds transfer system is the most vital system to protect, but a terrorist may only want access to the financial records of persons or groups that are the bank's customers. This may not even involve destruction of data (which is what most people think is the end goal but isn't always), rather the pure information which is often much more valuable than simply destroying random records. Reconnaissance attacks like these are difficult to stop but extremely damaging. In the case of the bank, the terrorist may simply choose to track sources of funding based on deposit records to harm the person or group who is the target. In a situation like this, going into the bank to destroy the information is only a temporary setback and will raise attention. Why completely destroy a valuable point of information gathering by doing something silly like disrupting operations? It's rare that a single offensive has any lasting effect, you must attack from different levels and leverage all available resources for maximum impact. Only dispose of resources that you need to. "
I assume it is a case of inappropriate referencing. However, they didn't even bother to put quotes around the paragraph indicating it as a direct quote. Instead they just did a cut and paste. I don't want to be rude, but this is not very professional. I can only hope it was a mistake on the author's part. I would hope they would at least offer a retraction/correction for this.
Is this a preliminary article? This looks like it's in a seriously unfinished state.
:-) Although there's better ways to do it, the writer was trying to say that there's an large number of ways to spy on you that you wouldn't even think of, but an evil cracker might.
Several sentences were repeated (whole paragraphs even). Some factual information was incorrect (wargames/Mitnick? hahahahha!). There weren't many quotes, although I saw some paraphrasing.
Frankly, I could write a better article.
Still, it gets the gist of the idea right. Thank god Jane's noticed the hacker/cracker difference. I wish they point out the importance of that more.
Although it has some stupid examples (IR in a lamp? WTF?), they're mainly used to make a point. The point being that a good hacker thinks outside the lines, to some extent. I don't normally check my lamps for hidden transmitters, do you?
A bit stupid all in all. C'mon Janes, go for the gusto. Get a bit technical. Don't be afraid of having to write for a layman. The layman is smarter than you give him credit for. Use analogies (sp?). Make it interesting for crying out loud.
ah well...
---
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Secondly, again, no matter what anyone else's critisism may be, I felt that the article gave a good, solid introduction to the CONCEPTS involved. The "facts" used are not, IMHO, all that important, as it's not aimed at security specialists, but people outside the field.
Lastly, I felt that it was a great first step, in the CO-OPERATION between journals and specialists, in which neither was trying to feed off the other, but rather co-exist in a mutually supportive way.
Personally, I'd say ignore any glitches and look at what's been gained, by all sides.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Come on, guys - compared to the amount of rubbish that's written on this subject by mainstream journalists, this is pretty good. OK, so if you can't find any really major problems with it, you can always look closer to find smaller and smaller ones, but I think they deserve congratulating on producing what seems to be a pretty good summary of the current situation.
When it comes down to it, small things like the fact that Wargames wasn't, in fact, based on what Kevin Mitnick did is not important. The important thing is that they seem to have got most of their facts right.
I would say Slashdot's input has managed to create the most sensible and accurate piece of journalism on crackers and their activities written by a mainstream journalist that I have ever read.
Gerv
I was quoted pretty extensively (the intelligence-gathering section). I assume this means I will be getting paid.
This is cool, but not nearly as cool as a $2.56 check from Donald Knuth would be.
---
Maybe that's just the price you pay for the chains that you refuse.
Hand me that airplane glue and I'll tell you another story.