Return-Path: <sentto-279987-1327-992265534-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Mon, 11 Jun 2001 06:20:07 -0700 (PDT) Received: (qmail 22274 invoked by uid 510); 11 Jun 2001 12:19:30 -0000 Received: from mo.egroups.com (208.50.144.78) by 204.181.12.215 with SMTP; 11 Jun 2001 12:19:30 -0000 X-eGroups-Return: sentto-279987-1327-992265534-fc=all.net@returns.onelist.com Received: from [10.1.4.54] by mo.egroups.com with NNFMP; 11 Jun 2001 13:18:54 -0000 X-Sender: fc@all.net X-Apparently-To: iwar@yahoogroups.com Received: (EGP: mail-7_1_3); 11 Jun 2001 13:18:53 -0000 Received: (qmail 39278 invoked from network); 11 Jun 2001 13:18:52 -0000 Received: from unknown (10.1.10.26) by l8.egroups.com with QMQP; 11 Jun 2001 13:18:52 -0000 Received: from unknown (HELO all.net) (65.0.156.78) by mta1 with SMTP; 11 Jun 2001 13:18:52 -0000 Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id GAA28050 for iwar@yahoogroups.com; Mon, 11 Jun 2001 06:18:51 -0700 Message-Id: <200106111318.GAA28050@all.net> To: iwar@yahoogroups.com In-Reply-To: <5.0.2.1.2.20010610230745.053d5ec0@brain-stream.com> from "B.K. DeLong" at Jun 10, 2001 11:46:28 PM Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Mon, 11 Jun 2001 06:18:51 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: Re: [iwar] Arab/Israeli "CyberWar" of our own making Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Per the message sent by B.K. DeLong: ... I want to start by saying that I think this discussion is very healthy and that I enjoy it. I will be taking a position that cyber warfare is indeed in play in the Israel PLO conflict - but it is only that - a position. It is subject to change if I become convinced that I am wrong. My position is based on the general notion that war is at the high intensity extreme of conflict. Conflict is always present, but it ranges in intensity. Intensity also changes with time. For example, spears as weapons would not be considered much in the way of intensity by most people today, but 100+ years ago, spears were used in some of the highest intensity conflict that ever happened, and 500 years ago spears were one of the high tech weapons of the day in many parts of the world. Today, the conflict between the PLO and Israel is increasing in intensity and information operations (the DoD term) are in use by both sides. If we choose to call it cyber warfare, that would indicate that it is at the high intensity end of the spectrum of information conflict. I believe that the information operations underway in the Middle East are indeed high intensity. The rhetoric is extreme - on both sides - and the web defacements are reflective of the high intensity racial hatred being pushed by both sides. The use of information operations have included the targeting of PLO leadership by Israeli armed forces using information technology for the targeting. They have included the use of a cellular telephone bomb to blow up a PLO leader (some years back). They have included the use of inciting and inflamatory alterations to web pages - the communications media of the day. They have included luring, kidnapping, and killing. They have included attempts to deny military and civilian government control via information attacks. In order to have a war, we might consider a requirement that the governments on both sides be involved. Otherwise we might simply call these criminal acts. Of course governments know this and tend to avoid the big W word unless they want to be bombed outright. Ever since Viet Nam the US has avoided the term war - but warfare certainly takes place even without the official sanction of calling it a war. So give that we might want to require government sanction (but not require declaration), the PLO/Israeli cyber conflict is indeed a war. The Israeli government has every right and capability to stop the Israeli citizens who are participating in this conflict from doing so. They choose not to. These are known actors - ex Israeli military personnel (all Israelis are - but the apparent leader of this group was a captain I believe - not just a common conscript). The PLO knows who these actors are on their side and their leadership has actively supported and helped to promote their efforts. In the case of the PLO it is essentially their declared policy to support such efforts. The final question we might ask would be whether the level of intensity justifies the use of the term warfare. I think that the answer to this lies in the question of relativity (not Einstein's sort). Just as spears wre high intensity weapons 500 years ago, the techniques in use by these parties are high intensity today. Just as all military weapons tend to improve over time and more advanced nations tend to have more advanced capabilities, the case can be made that the attacks used to day by the PLO and Israeli sides in this conflict are relatively high intensity for today. Three years ago, most of the techniaues used in this conflict would have been shockers to most of the people on the Internet. Now that I have taken a position, I feel I can respond to Mr. DeLong's (who I greatly respect) comments in that context. > At 07:40 PM 06/10/2001 -0700, you wrote: > > The PLO did denial of service attacks against israeli military > > and governmental systems. > Does this include their classified networks where the real work happens? Or > just the unclassified network where their brochureware Web sites revised? > The US government and military is subjected to DDoS and DoS attacks all the > time...I hear they pretty much move on with their lives as classified > networks are relatively isolated from such attack. The notion that the 'real' work happens in classified networks is, in my view, representative of an inaccurate view of how information systems are used today in a military and governmental context. The US DoD, for example, only uses classified communications for less than 10% of its operations. It depends to a great extent on civilian infrastructure that is the same sort of infrastructure attacked in the PLO/Israel conflict. > And how do we know the PLO did these DoSes? We all know that all it takes > is one person with control over hundreds of zombie machines to take down a > small network. A good example of this is detailed by Steve Gibson: > http://grc.com/dos/grcdos.htm The PLO declared the intent to do so and claimed credit for doing so. They wre aided by some terrorist supporters from other nations and by individuals who they slicited to assist them. This sounds to me like an attributable event, but of course I would welcome any evidence that indicates that the PLO only declared that these attacs were theirs because they were successful. The attacks took place against Israeli and Israeli owned businesses and infrastructures in Israel and in the US as well as ISPs that supported them. > > They also stole credit card information and names and contact > > information for supporters of Israel and caused them grief. > You must be talking about the American Israel Public Affairs Committee : > http://www.attrition.org/mirror/attrition/2000/11/02/www.aipac.org/ Indeed. > I'll agree - that's probably the closest we've come to "cyberwar" in my > opinion. (and they POSTED credit card and contact information on the > defaced site - there was never any evidence that they were stolen and > used). But then again, would GForce Pakistan really got involved in this > action had the media not blown it out of proportion? If you look at their > previous defacements you'll see hundreds of sites defaced in the name of > Pakistan regarding the Kashmir conflict. > (http://defaced.alldas.de/defaced.php?attacker=GForce&p=1) I agree that the cyber conflict between India and Paksistan verges, at times, on cyber warfare. > > They also used the Internet to lure, kidnap, and kill an Israeli > > teen. > Who's "they" ? From what I've read, this was certainly not PLO sanctioned. > In the US, sick adults lure kids to their houses to kidnap and/or kill them > every so often as well. I don't see how the above incident was part of an > organized, state-sanctioned "cyberwar". This particular case may or may not have been sanctioned by the PLO - it is unclear to me at this time. Nevertheless, the PLO certainly has promoted such things and has historically supported such actions. > >Israel also participated... > > > > They killed a PLO leader by blowing up their cell phone (before > > the latest round). > Hmmm. Are you talking about the death of Islamic Jihad leader Iyad Hardan > in April? He wasn't killed with his cell phone but a booby-trapped public > telephone. Which in my mind has nothing to do with "cyber" anything. > (http://www.acj.org/april/april_5.htm#3) No - but this would potentially also count if information technology was used to identify him and command the phone to blow up. I was talking about the incident of a few years ago when a cell-phone bomb was used against a PLO leader. > >I want to agree with your assessment but it is not that clear cut. > What activity at this point in time has lead you to say that the > Israel/Arab "cyberwar" is building back up again? While my assessment is > not "clear cut" I think we need to present all the evidence before > declaring a "cyberwar" is going on. It doesn't take much for the media to > drool and let the FUD fly nowadays. I agree that more evidence would be nice - all we see right now is a small increase in defacement rates - that is why I asked if someone wanted to pick up on it ans start to investigate more actively. > You made several valid points but I poked holes in them because there's no > clear-cut definition between a "cyberwar", a security incident, and a > trend. I think use of the word "cyberwar" has serious connotations that the > American public in general cannot distinguish between an actual declaration > of war and a really annoying security incident like we can. Therefore I > think it's important to keep talk away from comparing these incidents to > wartime activity and continue to describe them as the computer security > problems that they are. Otherwise that will not only confuse and scare the > American public but also feed the media into making this incident > longer-lasting then it should be. I agree that we need to continue to consider our definitions, but I do think that in this case I have made a credible case for what cyber warfare may be and that the PLO Israeli conflict supports this notion. Whether the intensity is again picking up is the question I would like to see answered and docuemtned here. FC -- Fred Cohen at Sandia National Laboratories at tel:925-294-2087 fax:925-294-1225 Fred Cohen & Associates: http://all.net - fc@all.net - tel/fax:925-454-0171 Fred Cohen - Practitioner in Residence - The University of New Haven This communication is confidential to the parties it is intended to serve. PGP keys: https://all.net/pgpkeys.html - Have a great day!!! ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-06-30 21:44:16 PDT