If anyone has had any difficulties in getting visas or has had new security issues impacting on their research, please get in touch at pguinnessy@yahoo.com. I'm conducting research in this area for a story I'm working on, and any or all information would be extremely useful. Discretion can be used for those scientists/students worried about their current status.
And how often does that happen? Once in a blue moon! Come on, since when would CNN change its url? They are not that stupid and besides, that's why you redirect people at the web site, not at your browser. Its a pointless feature to add unless there is something else behind it.
My point is (and why I wondered what the slashdot community would make of it) is that IE is now on about 96% of the world's computers and it is not easy to change or delete that bookmark list (its actually one feature that none of them have ever got right). I've had a lot of trouble trying to import my old bookmarks and I think its a lot better simply to have www.cnn.com in a bookmark than a search string that already contains the url.
I don't mind a web site doing it, but its a bit different if your computer is logging on to microsoft everytime you use a default bookmark. Especially considering that most people are not computer experts and never will be.
It is another reason why the microsoft internet divsion should be split away from the rest of the company. This sort of integration distrubs me, not for what it does now, but what it could do in the future. Its a security risk.
First off you have to remember that Jane publications are more similar to scientific journals than magazines such as Fortune.
In journal publishing you have a series of referees to check out the quality of the work submitted. When you are dealing with a completely new field, such as cyberterrorism, it is exceedingly hard to find experts in such fields, or know whether they are pulling the wool over your eyes.
Hence I don't think its a completely new model, but more likely a public version of a journal process. Although I was pleased (like the Editor) of the quality of the responses.
You can also see a similar process on the Los Alamos eprint server (xxx.lanl.gov), except that comments are posted directly to the author.
Dixons said in one of its recent press releases that it now sells mainly widescreen TV's. I bought one myself last year for 500 pounds (28' Thomson) and never looked back. The only problem is that it gives you the urge to buy a DVD player, better video recorder, home cinema package......
The other advantage is that you can play US video's and DVD's on them without any problem, which is quite handy.
Second best new product I bought last year (after my Psion Series 5).
The views below are my own and not that of my employer.
Using CT, how easy or otherwise is it to bring down or attack vital systems?
Depends how you define a vital system. The claims by some hackers to take out an electricity system are over rated. Finance institutions is another matter. As more and more internal computer networks move over to open standards away from customised systems you increase the risk of a security breech as it is more likely that an attacker would have experience of your system. The greatest (current) danger is in a reduction of security protocols to help increase 'ease-of-use' of web products such as internet banking. In most cases, unless the attacker can get access to the administrators account, it should have a limited effect. Dialling directly into the mainframe is another big potential problem that is sometimes overlooked.
Another important point to realise is that nearly every major computer network now has back up systems in case of terrorist attacks, fire, or earthquakes. This policy reduces the impact of a whole system being wiped out as backups are frequently made.
However, the more invasive product that can cause immerse damage (as Microsoft UK found out a couple of months ago) are viruses. An average company receiving documents from the web gets on average 100-390 viruses each week. By timing a virus to active at a particular time, you can cause the most havoc inside any organisation. I would rate virus programmers as more dangerous than any hacking attempt.
Another area that perhaps you should look at is satellite highjacking. This does require some specialistic knowledge (as well as a radio dish) but can be quite effective in taking down a vital system (such as a telecommunications network).
What sort of skills would be needed to do so, and are they common/teachable?
Writing viruses is pretty easy, but developing a sophisticated package to escape around the more common virus detecting programs would require some experience. With hacking it always helps to have some expertise of the organisation that you are trying to break into. If you wanted to do more than simply trash a site, it would take a couple of years of solid research to pick up the skills from scratch.
Commercial-off-the-shelf software: can it really do CT?
On the whole, no. That is a myth unless you include standard programming tools such as C++, Visual basic, java etc..
Which systems are actually attackable?
Any computer system is attackable but the ones with the greatest risk are those that allow remote access or have things such as ActiveX active on their systems.
Can a recovery be made from such attacks?
Yes, as long as you do good back ups.
Is it likely to improve/get worse?
It is likely to get worse over the next ten years, and then improve.
What sort of preventitive work would you recommend them to carry out?
Simple stuff, good virus checker, do not put systems onto the web that do not need such access. make sure units such as ActiveX are disabled if possible, introduce firewalls for your company, make your staff aware of the risk of activating files from people unknown. Switch to systems that are not so well known to hackers such as MacOS. Have very strong encryption. Make sure the telephone network is disconnected from the mainframe if possible. ------------------------------------------------
I've got some general comments about the article as well.
Cyberterrorism is not beyond the skills of some terrorists. The nature of terrorism has changed in the past twenty years. As both bombs and detection methods have increased in sophistication, so have the skills of the terrorists. Today's terrorist is more likely to have a higher education degree than at any time since the second world war. The attraction of a number of engineers to the Aum Shinrikyo cult, or to Hamas has shown that.
Moreover, the biggest cyberterrorism threat comes from communication and information. The cost of running a large terrorist organisation has dropped significantly because of the internet. It is now simply a lot cheaper to set up terrorist cells and communicate securely with them worldwide compared to a few years ago. This is the single biggest threat intelligence agencies have to contend with. Not attacks against government web sites, but the fact tracking terrorists has just got a lot harder. You've also seen that the amount of scientific material put on the web can make building some weapons a lot easier, as the recent case from Los Alamos has shown (although Lee I believe is innocent. But the lax security may have cost them some information).
During the kosovo crisis NATO's web site was hacked on a number of occasions, but because NATO doesn't store any serious information there, it had no impact on the eventual outcome - in other words, cyberterrorism in this instance was useless (except for propaganda purposes).
Claims by other hackers of stealing data on India's nuclear weapon program was bunk. The data they produced clearly showed standard civilian experiments which had nothing to do with bombs.
It is also unlikely that most terrorist states such as North Korea would have experienced personnel to train terrorists in hacking techniques. It is much more likely that these groups will be either recruit people or train people from the west.
Finally, the main significant threat to the network remains the actual physical connections. Most countries outside Europe/USA only have a few limited links out to the internet. By targeting these cables you can cut off the country from the internet. This would have a large effect on any society that is gradually becoming dependent on these links. However, as the number of these connections grow, you reduce the chances of such an event happening. I think there is a window of about 10 years in which this could be a problem. After that it becomes a misnomer.
I also think the phase cyberterrorism is misleading in that it suggests only a linkage to the internet. TechnologyTerrorism is a better description as it describes the use of technology to carry out acts of terrorism, not just the internet.
The thing that struck me in the article was the comment that most hackers don't have any ethics. Nearly every scientific field doesn't teach ethics to a great degree. When I carried out a survey of physics undergraduates in the mid-1990s, the majority of respondants said it was the first time anyone had mentioned ethics to them, despite physicists being involved in the H-bomb and in the defence industry.
There are a number of groups trying to change this (such as UNESCO) but I suggest people take a look at the pledge campaign at the Student Pugwash USA web site (http://www.spusa.org/pugwash/) as the site has a stock of documents related to ethics and technology.
I actually broke this story on New Scientist (1 November 1997 'Set phasers to shock') so I'm very interested to see the Sunday Times take on it. For example, they don't mention that Herr's patent says you can kill someone in under 2 seconds with this device, nor that you can torture an individual over 100 m's away using it. The potential for abuse is very high and its also very easy to build, a lot easier than he describes in the article.
Considering the UK's record at shipping this sort of stuff out to dodgy regimes I would be quite worried.
Slashdot Mirror
See http://www.physicstoday.org/vol-59/iss-9/pdf/vol59 no9p24_25.pdf
If anyone has had any difficulties in getting visas or has had new security issues impacting on their research, please get in touch at pguinnessy@yahoo.com. I'm conducting research in this area for a story I'm working on, and any or all information would be extremely useful. Discretion can be used for those scientists/students worried about their current status.
There was a good profile (well, I would say that as I wrote it :->) on Physics Today about Goldin and where he sees NASA going. You can read it here.
And how often does that happen? Once in a blue moon! Come on, since when would CNN change its url? They are not that stupid and besides, that's why you redirect people at the web site, not at your browser. Its a pointless feature to add unless there is something else behind it.
My point is (and why I wondered what the slashdot community would make of it) is that IE is now on about 96% of the world's computers and it is not easy to change or delete that bookmark list (its actually one feature that none of them have ever got right). I've had a lot of trouble trying to import my old bookmarks and I think its a lot better simply to have www.cnn.com in a bookmark than a search string that already contains the url.
I don't mind a web site doing it, but its a bit different if your computer is logging on to microsoft everytime you use a default bookmark. Especially considering that most people are not computer experts and never will be.
It is another reason why the microsoft internet divsion should be split away from the rest of the company. This sort of integration distrubs me, not for what it does now, but what it could do in the future. Its a security risk.
First off you have to remember that Jane publications are more similar to scientific journals than magazines such as Fortune.
In journal publishing you have a series of referees to check out the quality of the work submitted. When you are dealing with a completely new field, such as cyberterrorism, it is exceedingly hard to find experts in such fields, or know whether they are pulling the wool over your eyes.
Hence I don't think its a completely new model, but more likely a public version of a journal process. Although I was pleased (like the Editor) of the quality of the responses.
You can also see a similar process on the Los Alamos eprint server (xxx.lanl.gov), except that comments are posted directly to the author.
Paul Guinnessy
Editor, PhysicsWeb
Dixons said in one of its recent press releases that it now sells mainly widescreen TV's. I bought one myself last year for 500 pounds (28' Thomson) and never looked back. The only problem is that it gives you the urge to buy a DVD player, better video recorder, home cinema package......
The other advantage is that you can play US video's and DVD's on them without any problem, which is quite handy.
Second best new product I bought last year (after my Psion Series 5).
Paul
The views below are my own and not that of my employer.
Using CT, how easy or otherwise is it to bring down or attack vital systems?
Depends how you define a vital system. The claims by some hackers to take out an electricity system are over rated. Finance institutions is another matter. As more and more internal computer networks move over to open standards away from customised systems you increase the risk of a security breech as it is more likely that an attacker would have experience of your system. The greatest (current) danger is in a reduction of security protocols to help increase 'ease-of-use' of web products such as internet banking. In most cases, unless the attacker can get access to the administrators account, it should have a limited effect. Dialling directly into the mainframe is another big potential problem that is sometimes overlooked.
Another important point to realise is that nearly every major computer network now has back up systems in case of terrorist attacks, fire, or earthquakes. This policy reduces the impact of a whole system being wiped out as backups are frequently made.
However, the more invasive product that can cause immerse damage (as Microsoft UK found out a couple of months ago) are viruses. An average company receiving documents from the web gets on average 100-390 viruses each week. By timing a virus to active at a particular time, you can cause the most havoc inside any organisation. I would rate virus programmers as more dangerous than any hacking attempt.
Another area that perhaps you should look at is satellite highjacking. This does require some specialistic knowledge (as well as a radio dish) but can be quite effective in taking down a vital system (such as a telecommunications network).
What sort of skills would be needed to do so, and are they common/teachable?
Writing viruses is pretty easy, but developing a sophisticated package to escape around the more common virus detecting programs would require some experience. With hacking it always helps to have some expertise of the organisation that you are trying to break into. If you wanted to do more than simply trash a site, it would take a couple of years of solid research to pick up the skills from scratch.
Commercial-off-the-shelf software: can it really do CT?
On the whole, no. That is a myth unless you include standard programming tools such as C++, Visual basic, java etc..
Which systems are actually attackable?
Any computer system is attackable but the ones with the greatest risk are those that allow remote access or have things such as ActiveX active on their systems.
Can a recovery be made from such attacks?
Yes, as long as you do good back ups.
Is it likely to improve/get worse?
It is likely to get worse over the next ten years, and then improve.
What sort of preventitive work would you recommend them to carry out?
Simple stuff, good virus checker, do not put systems onto the web that do not need such access. make sure units such as ActiveX are disabled if possible, introduce firewalls for your company, make your staff aware of the risk of activating files from people unknown. Switch to systems that are not so well known to hackers such as MacOS. Have very strong encryption. Make sure the telephone network is disconnected from the mainframe if possible. ------------------------------------------------
I've got some general comments about the article as well.
Cyberterrorism is not beyond the skills of some terrorists. The nature of terrorism has changed in the past twenty years. As both bombs and detection methods have increased in sophistication, so have the skills of the terrorists. Today's terrorist is more likely to have a higher education degree than at any time since the second world war. The attraction of a number of engineers to the Aum Shinrikyo cult, or to Hamas has shown that.
Moreover, the biggest cyberterrorism threat comes from communication and information. The cost of running a large terrorist organisation has dropped significantly because of the internet. It is now simply a lot cheaper to set up terrorist cells and communicate securely with them worldwide compared to a few years ago. This is the single biggest threat intelligence agencies have to contend with. Not attacks against government web sites, but the fact tracking terrorists has just got a lot harder. You've also seen that the amount of scientific material put on the web can make building some weapons a lot easier, as the recent case from Los Alamos has shown (although Lee I believe is innocent. But the lax security may have cost them some information).
During the kosovo crisis NATO's web site was hacked on a number of occasions, but because NATO doesn't store any serious information there, it had no impact on the eventual outcome - in other words, cyberterrorism in this instance was useless (except for propaganda purposes).
Claims by other hackers of stealing data on India's nuclear weapon program was bunk. The data they produced clearly showed standard civilian experiments which had nothing to do with bombs.
It is also unlikely that most terrorist states such as North Korea would have experienced personnel to train terrorists in hacking techniques. It is much more likely that these groups will be either recruit people or train people from the west.
Finally, the main significant threat to the network remains the actual physical connections. Most countries outside Europe/USA only have a few limited links out to the internet. By targeting these cables you can cut off the country from the internet. This would have a large effect on any society that is gradually becoming dependent on these links. However, as the number of these connections grow, you reduce the chances of such an event happening. I think there is a window of about 10 years in which this could be a problem. After that it becomes a misnomer.
I also think the phase cyberterrorism is misleading in that it suggests only a linkage to the internet. TechnologyTerrorism is a better description as it describes the use of technology to carry out acts of terrorism, not just the internet.
There are a number of groups trying to change this (such as UNESCO) but I suggest people take a look at the pledge campaign at the Student Pugwash USA web site (http://www.spusa.org/pugwash/) as the site has a stock of documents related to ethics and technology.
Considering the UK's record at shipping this sort of stuff out to dodgy regimes I would be quite worried.