Return-Path: <sentto-279987-1323-992226591-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Sun, 10 Jun 2001 19:31:08 -0700 (PDT) Received: (qmail 15795 invoked by uid 510); 11 Jun 2001 01:30:54 -0000 Received: from ch.egroups.com (208.50.99.226) by 204.181.12.215 with SMTP; 11 Jun 2001 01:30:54 -0000 X-eGroups-Return: sentto-279987-1323-992226591-fc=all.net@returns.onelist.com Received: from [10.1.4.56] by ch.egroups.com with NNFMP; 11 Jun 2001 02:29:51 -0000 X-Sender: bkdelong@pobox.com X-Apparently-To: iwar@yahoogroups.com Received: (EGP: mail-7_1_3); 11 Jun 2001 02:29:51 -0000 Received: (qmail 57759 invoked from network); 11 Jun 2001 02:29:50 -0000 Received: from unknown (10.1.10.27) by l10.egroups.com with QMQP; 11 Jun 2001 02:29:50 -0000 Received: from unknown (HELO avocet.mail.pas.earthlink.net) (207.217.121.50) by mta2 with SMTP; 11 Jun 2001 02:29:45 -0000 Received: from dreadnought.pobox.com (dialup-63.214.110.241.Dial1.Boston1.Level3.net [63.214.110.241]) by avocet.mail.pas.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id TAA13952; Sun, 10 Jun 2001 19:29:39 -0700 (PDT) Message-Id: <5.0.2.1.2.20010610215700.045f8180@brain-stream.com> X-Sender: bkdelong@brain-stream.com X-Mailer: QUALCOMM Windows Eudora Version 5.0.2 To: iwar@yahoogroups.com Cc: staff@attrition.org In-Reply-To: <200106110154.SAA23890@all.net> From: "B.K. DeLong" <bkdelong@pobox.com> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Sun, 10 Jun 2001 22:29:25 -0400 Reply-To: iwar@yahoogroups.com Subject: [iwar] Arab/Israeli "CyberWar" of our own making Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit At 06:54 PM 06/10/2001 -0700, you wrote: >I guess the cyber war is on again? Anyone want to pick things up and >provide a feed for reopenning the cyberwar site on this conflict? In all honesty, I don't think there ever WAS a cyberwar. If you count any defacement against an Israeli or Arab run Web site that has a politically-oriented note about this conflict as a wartime action then the "cyberwar" never really ended. I did a commentary today about the defacement of a US Federal Law Enforcement Web site with anti-Arab sentiments and included a roundup of other sites in predominately Arab countries that suffered the same attack. Fred already posted part of it . I've included the full text below. Has anyone ever sat down to define the term "cyberwar" ? To me, a cyberwar is when countries with an unfriendly or hostile relationship begin attacking one another's technological infrastructure - breaking into classified networks and stealing secrets, finding open, unsecure dialups of various computer-run systems from power to airport security and taking them over/shutting them down, causing a massive crash or "denial of service" in the country's primary networks or various other activities that have wartime equivalents in the real world. Web site defacements? I see them as nothing but kids spray painting a building. Some of them may be more serious - like spray painting a swastika on a temple or nailing up propaganda-filled leaflets all over a mosque. But this type of activity does not constitute a cyberwar - even the Chinese/US activity of April and early May was a bunch of foreign kids trying to one-up each other, feeding off the media's manipulation of the incident. No, I don't think we've witnessed any incidents that constitute a true cyberwar - at least not in the US. They may be happening in other countries but even if they are, they haven't been widely publicized. Take for instance an incident almost 4 years ago where some kid gained control over a Western US hydroelectric generator via an open modem to turn off an "enemy's" power. Didn't hear about that did you? Turns out the kid didn't know what he had done, much to everyone's luck, but it still could have caused major issues - and something I would expect to see during a true wartime effort. Let's not jump to conclusions and say all because a couple of defacements and the threat of a real-world war from a Saudi prince in a German publication constitutes the "reopening" of a "cyberwar". As members of the computer security community we have a responsibility to be careful with our words lest the media blows them out of proportion thus creating a self-fulfilling prophecy. (See: http://www.attrition.org/security/commentary/cn-us-war.html) I can guarantee you if we start saying that a cyberwar is picking back up, the media will start reporting it this way and the kids (no matter what their nationality or political leanings) will begin hitting little but Arab and Israeli sites for the next month. My commentary covered a series of incidents caused by one group with a central political message and if more groups start doing it (like the Chinese vs. US defacement incident) then it becomes a trend. If we label it as a cyberwar then it will become one. Such is the power of the computer security community's observations. We have a responsibility to be careful with what we say and how we label things. Thanks. >Date: Sun, 10 Jun 2001 12:01:38 -0400 >To: defaced-commentary@attrition.org >From: McIntyre <mcintyre@forced.attrition.org> >Subject: [defaced-commentary] Joint FBI/NW3C Internet Fraud Complaint >Center defaced >Reply-To: McIntyre <mcintyre@forced.attrition.org> > >About 6:15am ET on Sunday, June 10th, the Web site for the Internet Fraud >Complaint Center was defaced. > > http://defaced.alldas.de/mirror/2001/06/10/www.ifccfbi.gov/ > > According to the site, the mission of the IFCC (a partnership between > the FBI and the National White Collar Crime Center), is to "address fraud > committed over the Internet" and to "provide a convenient and easy-to-use > reporting mechanism that alerts authorities of a suspected criminal or > civil violation". > >Who are the defacers? Whomever defaced the IFCC Web site is not claiming >to be with a group or even leaving a nickname. All that's stated is that >the person is a 14-year old from Israel who is angry over the recent >suicide bombing outside a Tel Aviv nightclub that killed 17 Israelis - >most of them young teenagers. > >The same defacer appears to have defaced government and commercial Web >sites in several predominately Arab countries in the past week including >servers in Iran, Egypt, Pakistan, Saudi Arabia, the Arab Emirates, Lebanon >and Oman. Each defacement links to one or more pro-Israeli, anti-Arab Web >sites and many post pictures of several of the tens killed in the blast. > > Acer Middle East > http://defaced.alldas.de/mirror/2001/06/10/www2.acer.co.ae > > Azzahra University (Iran) > http://defaced.alldas.de/mirror/2001/06/08/www.azzahra.ac.ir > > Ferdowsi University Central Library > http://defaced.alldas.de/mirror/2001/06/08/c-library.um.ac.ir > > MDS Lebanon > http://defaced.alldas.de/mirror/2001/06/07/www.mdsl.com.lb > > Murree Christian School in Karachi, Pakistan > http://defaced.alldas.de/mirror/2001/06/05/www.mcs.com.pk > > OrbitNet > http://defaced.alldas.de/mirror/2001/06/05/www.orbit.net.pk > > Data Express Egypt "Own Site" Service > http://defaced.alldas.de/mirror/2001/06/05/ownsite.dataxprs.com.eg > > National Bank of Oman > http://defaced.alldas.de/mirror/2001/06/05/www.nbo.co.om > > Saudia Arabia Ministry of Higher Education > http://defaced.alldas.de/mirror/2001/06/05/www.mohe.gov.sa > > Amirkabir University Of Technology in Iran > http://defaced.alldas.de/mirror/2001/06/05/www.aku.ac.ir > > Ministry of Water Resources and Irrigation > http://defaced.alldas.de/mirror/2001/06/05/www.mwri.gov.eg > >- >The information and commentary is Copyright 2001, by the individual author. >Permission is granted to quote, reprint or redistribute provided the text >is not >altered, and the author and attrition.org is credited. The opinions expressed >in this mail are not necessarily the opinion of all Attrition staff members. > >Commentary Archive: http://www.attrition.org/security/commentary/ >The Attrition Mirror: http://www.attrition.org/mirror/attrition/ >Country/TLD Statistics: http://www.attrition.org/mirror/attrition/country.html >Attrition Defacement Statistics: >http://www.attrition.org/mirror/attrition/stats.html >Operating System Graphs: >http://www.attrition.org/mirror/attrition/os-graphs.html > >Other Web Defacement Mailing Lists: >http://www.attrition.org/security/lists.html >Contacting Attrition Staff: staff@attrition.org > >To subscribe to Defaced Commentary, send mail to majordomo@attrition.org >with "subscribe defaced-commentary" in the BODY of the mail (without >quotes). To unsubscribe, include "unsubscribe defaced-commentary" in >the BODY of the mail. -- B.K. DeLong bkdelong@pobox.com 617.877.3271 http://www.brain-stream.com Play. http://www.the-leaky-cauldron.org Potter. http://www.attrition.org Security. http://www.artemisiabotanicals.com Herb. ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-06-30 21:44:16 PDT