Return-Path: <sentto-279987-2240-1001193259-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Sat, 22 Sep 2001 14:16:09 -0700 (PDT) Received: (qmail 6393 invoked by uid 510); 22 Sep 2001 21:15:24 -0000 Received: from n26.groups.yahoo.com (216.115.96.76) by 204.181.12.215 with SMTP; 22 Sep 2001 21:15:24 -0000 X-eGroups-Return: sentto-279987-2240-1001193259-fc=all.net@returns.onelist.com Received: from [10.1.1.220] by fg.egroups.com with NNFMP; 22 Sep 2001 21:15:00 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_3_2_2); 22 Sep 2001 21:14:19 -0000 Received: (qmail 67009 invoked from network); 22 Sep 2001 21:14:18 -0000 Received: from unknown (10.1.10.142) by 10.1.1.220 with QMQP; 22 Sep 2001 21:14:18 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta3 with SMTP; 22 Sep 2001 21:14:58 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id OAA21571 for iwar@onelist.com; Sat, 22 Sep 2001 14:14:58 -0700 Message-Id: <200109222114.OAA21571@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Sat, 22 Sep 2001 14:14:58 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] Critical infrastructure vulnerabilities Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit http://cryptome.org/telecomm-weak.htm To: M From: John Young <jya@pipeline.com> Date: 21 Sept 2001 I've been told that vulnerable points in the telecomm network are the landfalls of undersea cables (especially latest fiber optic), or somewhat offshore if the landfall huts are protected. There are only a relatively small number of these compared to the large number of national cables and wireless systems that branch from them. The older cables' locations used to be shown on nautical maps to warn off ships, but I do not know if the newest fiber optics are. Satellites now carry a good amount of traffic once carried only by undersea wire cables but the fiber optics are expected to carry more than satellites. (Aside: There has been recent discussion on whether NSA can tap the fiber optic cables, and if so, how much more difficult is it than tapping wire cables.) Another vulnerability are the principal, central operations control facilities of telecomms which monitor national and international systems. There are only a few of these for all nations. Then there are the interfaces between civilian systems and those for the military. Some military are said to be totally independent of civilian, but nearly all have some civilian aspect, if not that of providing services for classified systems then for interfacing classified and non-classified. The companies which provide equipment and operational support for highly classified military telecomm systems could be vulnerable in ways the military components are not. There are dozens of these, giants which provide a range of services and smaller specialists. In particular, the companies which provide products and services for communications security would be attractive targets for physical attack, product compromise or personnel subversion. On vulnerabilities of military systems: the Defense Science Board published a study in March 2001 called "Defensive Information Operations:" http://cryptome.org/dio/dio.htm This 270 page report outlined vulnerabilities of military and civilian information systems and what needs to be done to protect them. I would guess that it had a classified component not made public. National military command systems, classified intelligence systems, public emergency communication systems, law enforcement communication systems, and others for which there is little public information, in varying degrees interface with and depend upon civilian telecommunications infrastructure. What I am told is that there are not a whole lot of people who know how the whole thing works and what its most vulnerable points are. ATT, Lucent (Bell Labs), MIT and other US and non-US telecomm research facilities which helped invent, build, modify, upgrade and operate global governmental, military, intelligence and civilian systems, have researchers and databanks on the infrastructure which could be vulnerable to attack, extortion, kidnapping, bribery, burglary, even theft of information on vulnerabilities which might not be discovered for years afterwards, as we have seen in several espionage cases. Now, you probably know everything I've told you and much more. What do I have to offer that is not frequently discussed on the Net? Not much. I guess I would call attention to the vulnerabilities of physical facilities which house telecomm systems. And in addition to simple burglary I would highlight the hazard of compromising emanations of protected data, especially the data that controls operation of national and global telecomm systems Acquisition of that control data and its use to disrupt systems, or to corrupt the data with injection of erroneous commands, is what many national security agencies are surely working very hard on, for defense and for attack. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide! http://us.click.yahoo.com/JNm9_D/33_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:48 PDT