Return-Path: <sentto-279987-1647-998917745-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Mon, 27 Aug 2001 06:10:07 -0700 (PDT) Received: (qmail 11228 invoked by uid 510); 27 Aug 2001 13:09:12 -0000 Received: from n13.groups.yahoo.com (216.115.96.63) by 204.181.12.215 with SMTP; 27 Aug 2001 13:09:12 -0000 X-eGroups-Return: sentto-279987-1647-998917745-fc=all.net@returns.onelist.com Received: from [10.1.4.52] by jj.egroups.com with NNFMP; 27 Aug 2001 13:09:07 -0000 X-Sender: ellisd@cs.ucsb.edu X-Apparently-To: iwar@yahoogroups.com Received: (EGP: mail-7_3_2); 27 Aug 2001 13:09:04 -0000 Received: (qmail 2014 invoked from network); 27 Aug 2001 13:07:29 -0000 Received: from unknown (10.1.10.26) by m8.onelist.org with QMQP; 27 Aug 2001 13:07:29 -0000 Received: from unknown (HELO n16.groups.yahoo.com) (10.1.1.34) by mta1 with SMTP; 27 Aug 2001 13:07:29 -0000 X-eGroups-Return: ellisd@cs.ucsb.edu Received: from [10.1.10.31] by mo.egroups.com with NNFMP; 27 Aug 2001 13:07:28 -0000 To: iwar@yahoogroups.com Message-ID: <9mdgme+b390@eGroups.com> In-Reply-To: <200108251600.JAA15691@big.all.net> User-Agent: eGroups-EW/0.82 X-Mailer: eGroups Message Poster X-Originating-IP: 128.29.4.2 From: ellisd@cs.ucsb.edu Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Mon, 27 Aug 2001 13:07:26 -0000 Reply-To: iwar@yahoogroups.com Subject: [iwar] Re: Why 'conventional' terrorist groups Not utilizing Cyber/ Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Good question and comments MAGLAN and Fred. --- In iwar@y..., Fred Cohen <fc@a...> wrote: > Per the message sent by MAGLAN 1: > > > Why 'conventional' terrorist groups (main reference: Patterns of Global > > Terrorism" - US State Dept)., e.g. : Kurdistan Worker's Party (PKK), > > Chilean Communist Party (FPMR), Fronte di Liberazione Naziunale di a > > Corsica (FLNC), Osama Bin Ladin, : > > 1. Not utilizing Cyber Terror / Computerized Terror against their opponents > > / targets? > > 2. Not 'integrated' 'conventional' terrorism with Cyber / Computerized > > Terror ? > > > or may they are ? > > > Thanks in advance for any answer. > > Indeed a complex question - or at least I will provide a complex response. > > I should begin by indicating that I studied this very question with a > group of others in some detail until our funding ended a year or so ago > (sponsor diddn't have any more budget and couldn't find anyone else with > budget to support it - strange world when cyber terrorism is all the > scare but nobody wil support real study of the issues...). > Definitely indicative that leadership is paralyzed with incompetence. [snip] > Answer to the first question: > > Many groups identified in the State Department's list of terrorist > organizations do use information technology in a wide variety of ways, > including 'against' their opponent. These range from the use of IT to > coordinate their activities, to gain intelligence about their enemies, > to trigger explosive devices, to cause economic harm to their enemies, > for propaganda, to pressure individuals and other groups, to take from > their opponents, and for a wide variety of other things. Different > groups use different IT solutions for different applications, depending > on their needs. They build or buy capabilities which in this arena are > generally well within their available budget and they use them in a well > coordinated manner according to their intent. Maybe they have developed more advanced tools and are just waiting for a special occasion. Or maybe they are developing more sophisticated tools and realize that they don't know how to control it. Is either a likely scenario? As for available budget, what kind of budget is necessary to develop offensive weapons? I suggest that a small lab of half a dozen PCs, a couple of staff years, an internet connection--easily under the $40k mark for developing countries. I don't think budget is the limiting factor. > > Answer to the second question: > > Integrating 'computer terror' with 'physical terror' has been tried but > has not proven highly successful in the sense that terror isn't greatly > heightenned by using computers rather than other media for conveying > messages. The sound and smell of an explosion seems far more effective > than the defacement of a web site, and it gets more publicity over a > wider area. I agree that bombs are more effective than web defacements. But I don't think they are more effective than more sinister attacks. >They apply technology where it best suits them. Why > don't > they 'bring down the power grid' with IT or some such thing? Because it > is not within the scope of their capabilities and intent as of yet, or > because it's not as easy or cheap as a well placed hand grenade. Those > that do attack infrastructure are highly successful with conventional > explosives. Why go to the time, expense, etc. of cyber attacks when > they already have the capability with less e3xpensive and easier to use > items? Capabilities (creativity, expertise, knowledge), intent, resources (time, finances, materials), effect -- very reasonable breakdown of the prerequisites. Of these, I think capabilities is the most limiting factor. I have already discounted budget. It may be true that there exists some operations that have a very high startup cost, but such are the exception: there is a lot of low-lying fruit. As for intent... I don't believe at all the idea that some of these militants have refrained from executing absolutely devastating attacks because they just didn't want to. As far as hatred goes, there is more than enough to destroy the world several times over. As for effect... There may be something here. I think they know the effect that they want to achieve (fear, anyway possible). As for what attacks will bring about that effect is a harder question. Web defacements have obviously fallen short of terror. Are there more sinister attacks that could have a greater effect, produce more terror, than a well-placed bomb? I think so. Are they cheaper or easier to execute than placing a bomb? I don't know. But I don't think they are an order of magnitude more expensive or harder to execute (assuming the proper expertise is in place). Dissensions welcome. The capabilities then, are what I suggest is the limiting factor. Specifically expertise, creativity, and the right mindset. By expertise, I think of expertise in dealing with information systems (including computers), the decision cycle. I think there are at least some terrorists who have the expertise. (After all, the US higher education system is doing a great job of training students across the world--at least a few of which will apply their skills thus.) I think the hard part is creativity and getting the right mindset. The ability to understand a system well enough to know how to break it is the prerequisite mindset. This mindset is not that common. Most people just want to abstract away the complexity of life and the universe. There are a select few who are not satisfied with the black-box approach to life. They want to understand how everything works. Having understood how something works, they then know how to break it. However, the mindset is not enough. There must be sufficient domain knowledge. That is, they need to understand how to break something that matters. Breaking a program or a computer is not too hard. But breaking something bigger: air traffic control systems, C2 systems, financial systems, power systems, etc.--these require a high degree of domain knowledge to understand how they work, and how to break them. The hard part is translating the tactics (breaking computers or information systems) into strategy (how to break a larger system to get the desired effect). This is the knowledge that the terrorists lack. This is also a reason that the insider threat is such a significant threat. It is true that an insider has access and authorization, but equally important is an understanding of how the system works well enough to break it. Once an insider has left (i.e., lost authorization and access), he still poses a significant threat because of his knowledge of how things work. Combine this domain knowledge with the proper mindset and intent, and voila, you have a potent threat. Conclusion: if terrorists want to perform very sinister attacks, they need to: -understand what effect they want (terror) -what large system needs to be broken to achieve that effect -somebody who domain knowledge and knows how the system works and how to break it -somebody who can provide the low-level operations to do that Dissensions are, of course, welcome. Any thoughts? > > A very brief summary - but still a bit long for the venue. This is one area that I think needs to be explored with a lot more scrutiny. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Get VeriSign's FREE GUIDE: "Securing Your Web Site for Business." Learn about using SSL for serious online security. Click Here! http://us.click.yahoo.com/KYe3qC/I56CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:40 PDT