[iwar] [fc:Cyberterrorists:.our.invisible.enemies]

From: Fred Cohen (fc@all.net)
Date: 2001-09-25 07:07:55


Return-Path: <sentto-279987-2340-1001426895-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Tue, 25 Sep 2001 07:10:09 -0700 (PDT)
Received: (qmail 10139 invoked by uid 510); 25 Sep 2001 14:08:36 -0000
Received: from n2.groups.yahoo.com (216.115.96.52) by 204.181.12.215 with SMTP; 25 Sep 2001 14:08:36 -0000
X-eGroups-Return: sentto-279987-2340-1001426895-fc=all.net@returns.onelist.com
Received: from [10.1.4.54] by hi.egroups.com with NNFMP; 25 Sep 2001 14:08:16 -0000
X-Sender: fc@big.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_3_2_2); 25 Sep 2001 14:08:15 -0000
Received: (qmail 5123 invoked from network); 25 Sep 2001 14:07:56 -0000
Received: from unknown (10.1.10.142) by l8.egroups.com with QMQP; 25 Sep 2001 14:07:56 -0000
Received: from unknown (HELO big.all.net) (65.0.156.78) by mta3 with SMTP; 25 Sep 2001 14:07:56 -0000
Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id HAA25997 for iwar@onelist.com; Tue, 25 Sep 2001 07:07:56 -0700
Message-Id: <200109251407.HAA25997@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Tue, 25 Sep 2001 07:07:55 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:Cyberterrorists:.our.invisible.enemies]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Cyberterrorists: our invisible enemies

By Rob Fixmer, Interactive Week, 9/24/01
<a href="http://www.zdnet.com/zdnn/stories/comment/0,5859,2814190,00.html">http://www.zdnet.com/zdnn/stories/comment/0,5859,2814190,00.html>

As Attorney General John Ashcroft fielded reporters' questions last
Tuesday about the attack on the World Trade Center and the Pentagon, one
journalist asked if a new computer worm, discovered only hours earlier,
was in any way related to the terrorist strikes.  It was not, Ashcroft
assured the nation--or at least, there was as yet no evidence linking it
to Osama bin Laden and his ilk. 

Somehow that was not altogether reassuring.  Yes, it suggested that the
same evil minds who plotted the deaths of thousands and the destruction
of our national icons in a relatively low-tech assault had not evinced
the technological sophistication to attack our computer networks.  Not
yet, anyway. 

But it also reminded us that the numbers of our invisible enemies are
growing each day, turning our commitment to freedom and openness into
sundry weapons capable of destroying us. 

It is no exaggeration to describe the creation of computer viruses and
worms as terrorism.  While none has yet threatened loss of life, as our
culture grows increasingly dependent on the network of networks to
organize and maintain our social, commercial, military and political
institutions, some highly sophisticated worm will eventually wield
deadly powers.  It will not kill through physical assault, but through
deprivation - emergency supplies cut off, urgent calls for help unheard,
defenses unplugged.  It will kill by throwing crucial institutions into
chaos by simply erasing or corrupting the data on which we increasingly
depend for daily sustenance. 

As the world's political leaders counsel patience and perseverance in a
type of war never before waged, we risk enormous peril if we take our
eyes off the cyberfront.  In some ways, digital terrorism will be even
harder to combat than suicide bombers and elusive snipers--first,
because the attackers are often armies of one whose motivation is
unknown, and second, because so much of our aggregate defenses depends
on private companies whose allegiances will always be divided between
social responsibility and profits. 

As intoxicated as we've become with the notion that the market must
decide all things commercial, software developers have proven themselves
to be socially irresponsible by consistently releasing products that are
vulnerable to attack.  Surely, the leaders of the computer industry--men
and women cited as visionaries at every opportunity--have realized that
network terrorism is an escalating war.  It's time to adopt and enforce
industry standards with enough teeth to make them stick. 

That said, before we start pointing fingers at Microsoft, I suggest we
take a long hard look in the mirror.  How many of us have been vigilant
in applying the patches developers have made readily available--often
proactively? How many of us have circumvented password protections
because we couldn't be bothered? How many can say we have been
completely vigilant in monitoring firewalls and network diagnostics? How
many of us, in fact, have been asleep at the wheel?

It's not Microsoft's job to protect us from ourselves, from our inertia
or our unwillingness to invest human and capital resources in our own
barricades.  It's not Microsoft's job to force ISPs to wage a
cooperative war on denial-of-service attacks.  Nor can Microsoft, as
large as it is, act as the world's software police or central
administrator of defensive information.  That role lies with industry
and government, which have so far compiled a very sorry record in
collaborating against cyberterrorism. 

And finally, a great deal of responsibility lies with the hacker
community, which consistently criticizes worm and virus attacks and
denies any responsibility for their existence, but in truth condones a
shadowy subculture that nurtures these terrorists.  Three years ago, IBM
sponsored a daylong seminar on cyberforensics at its headquarters in
Armonk, N.Y.  The event drew some of the brightest lights in the hacker
world, but when one speaker attempted to distinguish between "black hat"
and "white hat" hackers, he was booed.  Hacking was "not about
morality," one member of the audience shouted. 

In the immortal words of Harry Truman: bullshit! There are no moral
shades of gray here.  We cannot condone the argument put forth by social
misfits at keyboards that Microsoft products must be attacked to expose
their vulnerabilities.  Everyone knows there are responsible ways to
hack a product.  Releasing a worm or otherwise attacking an undefended
network is not among them.  It's time the hacker community weeded out
the evil in its midst. 

The bottom line is that we are already engaged in an escalating
confrontation that holds frightening consequences for our economy,
culture and well-being.  Winning the war against cyberterrorism will
require never-ending vigilance--and patience and perseverance --on the
part of all of us. 

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide!
http://us.click.yahoo.com/JNm9_D/33_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:49 PDT