[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[infowar.de] noch ein De-Hype zu Cyberterror

To: "Infowar.de" <infowar - de -! - infopeace - de>
Subject: [infowar.de] noch ein De-Hype zu Cyberterror
From: Ralf Bendrath <bendrath -! - zedat - fu-berlin - de>
Date: Wed, 26 Mar 2003 00:49:37 +0100
Organization: http://www.fogis.de
Reply-to: infowar - de -! - infopeace - de
Sender: bendrath -! - zedat - fu-berlin - de

Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------

Schöne Zitatefundgrube:

"Cyberterrorism lacks a certain something -- namely, terror."

"So warnings of impending cyberterror are rather like those suggestions
of a few weeks back to stock up on duct tape. Maybe Al Qaeda will strike
again; maybe not. But everybody needs duct tape."

RB

<http://www.boston.com/dailyglobe2/083/business/Cutting_through_cyberterror_hype+.shtml>

Cutting through cyberterror hype

By Hiawatha Bray
Boston Globe, 24.3.2003

It seems everybody wants to be a warrior these days, even the most
deskbound technologists. How else to explain the uptick of incoming
e-mail from companies peddling their defenses against the scourge of
cyberterrorism? The messages offer somber hints of an impending geek
Armageddon, with cunning fanatics insinuating themselves into digital
networks that control banking, electric power, water distribution, or
air traffic control. A few typed commands, a shrewdly planted virus, and
the whole system collapses, and perhaps our economy with it. 

There's a certain plausibility to these horror stories. Script kiddies
ravage Web sites on a daily basis, and worms like the recent SQL Slammer
bog down large chunks of the Internet. Still, that's a long way from
causing national or global catastrophe.

There are people in this world who learn to fly jumbo jets, just so they
can kill themselves and 3,000 others. Why haven't such people mastered
computer networks instead, and blacked out California from the safety of
Pakistan?

Raise the question with computer security experts, even those who tout
their products as a defense against cyberterror, and they eventually own
up. Internet-based terrorism simply hasn't lived up to its press
clippings. ''It can be a major threat,'' insists Hezy Yeshurun,
cofounder of ForeScout Technologies Inc., a California network security
firm. But in the next breath, he adds that ''the only problem is it
still hasn't happened.''

Why not? For one thing, cyberterrorism lacks a certain something --
namely, terror. ''I know what terrorism is,'' said Bruce Schneier of
Counterpane Internet Security Inc. ''It's when a school bus blows up or
an airplane flies into a building. When I can't get my e-mail, that's
not terrorism.''

Besides, the ability to bring down large chunks of the nation's
infrastructure would require intimate knowledge of every key component
of the network. What kind of software is running on the critical
servers? Which version? What patches are installed? Are there backup
systems, and can these be compromised?

A teen punk looking to cause a minor disruption can get by with just a
smattering of knowledge. Somebody looking to declare war on the Great
Satan would want to be certain of doing long-lasting damage. Given the
complexity of the Net and of corporate and government networks, the
needed know-how is tough to come by unless you're a rogue employee with
access to inside information.

Which brings us to Vitek Boden, a disgruntled Australian who in 2001
used his laptop to release millions of gallons of raw sewage, after he
was turned down for a job at the local waste management office. Boden,
it seems, had previously been employed by the company that had installed
the computer controls for the sewage system. Schneier says this is the
worst case of cyberterrorism he knows about, and all it did was dump raw
filth into local parks and onto the lawn of a Hyatt hotel. ''Even that's
not terrorism, it's pollution,'' he said.

So is there nothing to worry about? Howard Schmidt, senior adviser to
President Bush on cyberspace security, says a ''pure'' cyberterror
attack isn't the big worry. But imagine it as part of a more
conventional terrorist hit -- an assault on, say, the US Capitol,
combined with a blackout of electricity and phone service in Washington.
That would get ugly. The technical portion of the attack, merely a
nuisance under normal circumstances, would in this case radically worsen
the situation.

What to do? First, dial back the hype. ''We do not use the term
cyberterrorism,'' Schmidt said, because it misses the point. There are
security flaws that threaten the integrity of our computer networks, no
matter the source of the threat.

Next, work the problem. America is already suffering billions in losses
due to garden-variety system cracking and the release of malicious
viruses. Repair the flaws that make these attacks possible, and you make
cyberterrorism less likely than it already is.

So warnings of impending cyberterror are rather like those suggestions
of a few weeks back to stock up on duct tape. Maybe Al Qaeda will strike
again; maybe not. But everybody needs duct tape.

Hiawatha Bray can be reached at bray -!
- globe -
 com -
 

This story ran on page B11 of the Boston Globe on 3/24/2003.



---------------------------------------------------------------
Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.

Prev by Date: [infowar.de] Pentagon lässt Computer-Dolmetscher entwickeln
Next by Date: [infowar.de] Cyberterror and professional paranoiacs
Previous by thread: [infowar.de] Pentagon lässt Computer-Dolmetscher entwickeln
Next by thread: [infowar.de] Cyberterror and professional paranoiacs
Index(es):
- Date
- Thread