[ISN] Tech threats: the new front in the War on Terror

InfoSec News isn at c4i.org
Wed Sep 8 08:48:30 EDT 2004

Forwarded from: Simple Nomad <thegnome at nmrc.org>

On Thu, 2004-09-02 at 06:50, InfoSec News wrote:
> http://www.cbc.ca/news/viewpoint/vp_hughes/20040901.html
> Greg Hughes 
> September 01, 2004
> There's little doubt nowadays that the 21st century is shaping up to 
> be a very unstable era in human history. Non-state actors like 
> al-Qaeda are stepping up their fight against nation-states, employing 
> mostly conventional, low-tech solutions to their acts of terrorism. 
> Yet there is a new frontier emerging in the War on Terror - cyber 
> terrorism. As the internet continues to grow in popularity and usage 
> around the globe, more malevolent forces are using the web as a means 
> to spark fear and spread their messages of hate and violence. 

I have yet see a website spark the same level of fear that 9/11 did.
This is nothing but fear-mongering.

> Cyber terrorism is a diverse set of technologies that ranges from 
> viruses and denial-of-service attacks to posting messages, pictures 
> and videos on websites whose purpose is to scare people. 

By that definition this article is cyberterrorism, as its only purpose
seems to be to "scare people". This is the same speculation we've seen
for years. Viruses and DoS attacks are not acts of terrorism.

> It's particularly effective in the West because westerners are the 
> most connected people in the world. For terrorists, the web offers the 
> ability to reach the common people in a way that's uncontrolled and 
> unnerving. If a website or virus reaches enough people and incites 
> enough chaos, it's a cheap, easy way to scare people on a level 
> similar to a "real world" terrorist attack. And you don't even have to 
> be in a western country to make it all happen. 

More fear-mongering. I've never seen a computer virus insite chaos.

> The most obvious example of cyber terrorism so far has been websites 
> devoted to westerners held hostage by terrorists in the aftermath of 
> the war in Iraq. The videos available on these sites have featured 
> content that includes torture and live beheadings - content not 
> suitable for any time of day on TV or radio. But online, the curious 
> will, eventually, find it. 

Ok, so I think I know why snuff videos are "content not suitable for any
time of day" on the radio ;-) but this stuff has been available in one
form or another for years -- snuff films have been around for decades.
So claiming that terrorists are using snuff films to incite chaos is a
bit of a stretch, at best.

> More disturbing, however, is that a cyber terrorist attack could, in 
> theory, help to create more damage than the events of 9/11 could ever 
> have accomplished. 
> Here's a potential scenario. Let's say a major city in the U.S. or 
> Canada is hit with a terrorist attack similar to the attacks on the 
> World Trade Center. The casualties are not as high as 9/11, but many 
> people are injured and need help quickly. 
> Under normal circumstances, emergency dispatchers would be sending 
> medical teams to help the wounded. But what if, at the same time as 
> the physical attacks were occurring, an army of viruses with 
> instructions to crash communication networks - emergency radio 
> frequencies and cellphone radio towers - was deployed from elsewhere? 

Now we are finally reaching into the realm of bad science fiction, where
Internet-based terrorists from the Middle East are able to launch
attacks against specific radio frequencies and cell phone towers from
across the global -- tied in with a physical attack. Wouldn't it be much
easier to have a few extra suicide attackers drive bomb-laden trucks
into cell towers and communication centers, since you already have guys
here crashing planes into buildings? Much easier to train your
terrorists to drive things into immobile objects than to code up what is
essentially magic to these terrorists, let alone virtual technological
impossibilities to the technical experts.

> This isn't an unfeasible scenario; various viruses such as MyDoom have 
> taken down entire networks with relative ease. Who's to say that an 
> enterprising, net-savvy terrorist group couldn't make this happen? And 
> how many more people could be in trouble because our high-tech 
> communication networks are down after the fallout of a major 
> explosion? 

More fear-mongering, by pulling together facts with fiction -- applying
the aftermaths of a computer virus with the scenario of communications
networks failing. Also, MyDoom did not take down "entire networks with
relative ease". It spread from computer to computer across a network via
multiple vectors, including email. MyDoom *relied* on an available
network. Clearly the author did not even research the facts he is using
to draw conclusions, which brings into question the entire article for

> The United States, the prime target of many terrorist groups, is 
> charged with the greatest burden in making sure cyber terrorism 
> scenarios don't actually happen. But it's a tough task, given how 
> quickly things can spread online. It only takes one downloaded file, 
> one opened e-mail, to spread a virus worldwide in a matter of days. 
> BBC News has reported that in July of this year, a U.S. Department of 
> Homeland Security internal memo described cyber terrorism as one of 
> America's top five security threats. A new unit within the DHS, the 
> National Cyber Security Division, was created explicitly for the 
> purpose of tackling net security and addressing criticisms that the 
> U.S. government has not done a good enough job of preventing future 
> cyber terrorist attacks. 
> Some have argued that cyber terrorism is hardly a threat in comparison 
> to a weapon of mass destruction going off in a major city like Chicago 
> or London. Perhaps they're right and talk of cyber terrorism is simply 
> fear mongering. But the tools that could enable terrorists to gain 
> possession of weapons of mass destruction are already online. And 
> technology that allows terrorists to gain information required to 
> create these weapons is only improving as the web continues to evolve. 

Cite one example of an online weapon of mass destruction. Please. Just
one. Bear in mind a weapon of mass destruction is typically thought of
as a weapon capable of killing a lot of people at once, like a nuke or
chemical weapon.

> Quantum encryption - the use of photons as gatekeepers - is one such 
> example. While still a few years away from being used for mass-market 
> purposes, quantum encryption could be the most impenetrable form of 
> encryption ever created. The use of decryption sequences employing 
> quantum variables known only to the sender and recipient makes the job 
> of intercepting and cracking encrypted e-mails, instant messages and 
> websites nearly impossible. This is very worrisome for groups devoted 
> to preventing terrorist acts, for how do you stop communications you 
> can't even find a source for? 

Good god, this has got to be the worse misunderstanding to date of
technology by an article writer of technological issues. Where do we
start? The range of quantum crypto is just a few miles. Peer-to-peer is
basically all you can set up, and you need some serious fiber optic
skills to make it happen. I seriously doubt it will ever be used for the
last mile from the CO to the home -- ever. Too expensive to maintain,
and there are dozens of low-tech solutions. But let's say using oil
money two terrorist groups that are within 54 miles of each other (the
max limit to date of quantum crypto links) use quantum crypto to create
a secure phone line between each other, or a secure communication link
for a couple of computers. Is it protected from eavesdropping on the
line? You bet. 100% secure. However, this does nothing to secure the
computers on either end of the connection, defeat keystroke recorders,
Van Eck phreaking, hidden cameras and listening devices near each
computer, or secure the data sitting on the hard drives. That is serious
money to be spending to make sure the line isn't tapped.

> Various websites have for years offered detailed instructions on 
> bomb-making techniques. So-called "darknets" - intranets that have no 
> IP addresses listed so they can't be traced - spring up overnight 
> where terror groups can share information secretly and disappear 
> without a trace. 

Does this guy really know what he is talking about? A "darknet" is a
term that refers to widely-dispersed P2P networks that essentially ride
on the application layer to share information. You know, where you can
download all of that free music from. IP addresses that cannot be
traced? Not quite.

> Should we be worried? Possibly. Is this a reason to minimize our 
> dependence on the web? Not in the least. The internet is becoming the 
> tool of choice for many aspects of our lives; abandoning what has 
> become one of our greatest inventions would be to give in to fear. Yet 
> like most technology, the web is a double-edged sword: for every 
> benefit we gain from it, there's an equal trade-off. 
> All we can do is be vigilant, be responsible and be educated about the 
> web - the better informed we are, the less chance cyber terrorists 
> will succeed. 

Then what was the point of this article? Explain being vigilant,
responsible, and educated about the web in this content. Please. Let me
help you with this first piece of education -- any hack, including Greg
Hughes, can write an article where buzzwords and various technologies
can be used to create a made-up nightmare world of scariness and fear
are abound -- and yet the article can still be complete fiction. In
other words, when it comes to articles on the Internet about not
trusting the Internet, don't believe everything you read. Check the
facts. The author of this article didn't.

> Greg Hughes is a 26 year-old freelance writer. He has written on 
> culture and technology for Shift, Silicon Valley North and 
> globetechnology.com, and he has also contributed to the National Post, 
> the Queen's Alumni Review and other publications. He holds a Bachelor 
> of Arts (Honours) from Queen's University in Kingston, Ontario.
> _________________________________________
> Donate online for the Ron Santo Walk to Cure Diabetes - http://www.c4i.org/ethan.html
- Simple Nomad ---- thegnome at nmrc.org ---- thegnome at razor.bindview.com -
- "Patriotism means to stand by the country. It does not mean to stand -
- by the President or any other public official." - Theodore Roosevelt -

More information about the ISN mailing list