cyberthead.jpg (35410 bytes)
How Today's Playgrounds Become Tomorrows Battlefields...
Or will it?

A Special Report
by Shawn Pence

The Internet had become a relatively peaceful home away from home (or from your home, for that matter) to many of us over the last few years. There is seldom a day that many of us do not hop on the internet, if ever so quickly, just to check our mail or the stocks or maybe business news. Software today is heavily reliant on the internet , allowing us not only easy access to patches and updates, but allowing us to cooperate and effectively "play" with one another. Whether that play is simple communication or actual play, in online games like Half-Life: TeamFortress or X-Wing: Alliance.

But that carefree, easygoing  internet of today is quickly becoming a brutal battlefield, with real soldiers battling on it.

Though it has been apparent from the very beginning of large distributed networks, like the internet, that they would someday be a combat theater in their own right, it was the attack by an Israeli hacker (known as the Analyzer) and his accomplices in California that piqued the nations interest in February 1998 (ZDnet/UK CyberWars: Vigilance or Paranoia). These three young men managed to move effortlessly, despite attempts by the paltry information defense lines put in place to stop them, from Defense department computer to computer. From one network to another. While this incident was little more than a prank, it alerted people from the streets to the President of the United states that our information infrastructure, the backbone of not only the US communications networks but the heart of the world wide web, was sorely open for attack.

The reactions came swiftly and, over the next year and a half, several military, governmental and private sector organizations have been formed specifically with the purpose of curtailing acts of information warfare. Organizations not only limited to the United States, but through many other countries as well, including China, France, Russia and Great Britain. In addition, major movements and military-political organizations are forming "task forces" of their own to deal with the growing threat. Most notably are Spain's Basque ETA Commandos, many Colombian Drug cartels and the Irish Republican Army.

Our country's defenses are the most extravagant by far, boasting dozens of information warfare committees and organizations. Most important are major co-operative efforts such as the National Information Protection Center (NIPC). The NIPC is a group primarily consisting of special agents from the FBI but also including representatives from the military and national security sides of the government. Also notable in this arena are the Critical Infrastructure Coordination Group and the US Commerce Department's Critical Infrastructure Assurance Office (CIAO). Each of these is comprised of members of not only government departments and organizations, but of representatives from major businesses and private sector information specialists.

Lastly, and most interestingly, if you ask me, is the Air Force Information Warfare Center (AFIWC) at Kelly Air Force Base in San Antonio. The entire purpose for this group is to monitor and "police" activity in the nations defense networks and to, in the event of an actual cyber attack, go on the offensive against the attacker. Fighting fire with fire. To paraphrase the words of Air Force Colonel James C. Massaro, commander of the AFIWC, "(my) team is prepared to hack back - virus for virus, break-in for break-in, worm for worm."

So there you have it, a massive defense, paid for by the people to protect themselves and their businesses, ready to act at a moments notice. The only problem is, no one knows how the cyberterrorist will attack...or what...or when.

That's right, no one knows. Oh sure, there is plenty of speculation. From collapsing the Stock exchange to poisoning the food supply. But are these truly likely scenarios or are we submitting once again to the "politics of panic?" Let's take a critical eye to four of the proposed methods of attack.

Situation 1: The first situation is the purposeful collapsing of a major stock exchange, Such as the Nikkei(Tokyo) or New York.

The chances of this being a likely target are incredibly small, despite what appears to most to be a big fat juicy target. The problem with taking down a major exchange, especially one as large as the NYSE, is that if your attack were successful, you'd damage and possibly annihilate yourself! Most organizations, legitimate or not, have money that runs to or from them through the market sources in place. If you take one down, the rest might possibly collapse upon themselves as well, leaving a potential attacker with no funds of his own and no simple way to acquire them. This defense, though based on sane reasoning (something which terrorists are not typically characterized as having), is the "mutually assured destruction" defense, the same one the United States and Soviet Union used to prevent to launch of a nuclear weapon and which, despite it's naysayers, seems to have worked. To quote Wayne Madsen, computer security expert and policy fellow at the Electronic Privacy Information Center in Washington, D.C. "Most terrorists move their money through the same networks; they stay in hotels." The FBI seems to disagree with Mr. Madsen, but his reasoning is sound. The FBI also has vested interest in keeping the Cyberterrorism hype loud and strong, since they are receiving special funding for these projects outside of their normal yearly budgets.

There are many who do not see the interconnection of the world market nor the connections between illicit activities and major finical markets and channels, including the President of BeVar Systems, Benedict Varela. To defend my position, let's look at the following logical conclusions. Every major business, from Wall street Traders to Colombian drug cartels, use a part of the world marketplace to move money, not out of want, but out of necessity. This is not a guess, this is a fact. Money laundering is a necessary part of business for most large scale criminal activities and this activity requires, eventually, the use of professional financial organizations and professional legal and financial services (Hot Money and Civil Liability - Financial institutions and professional advisers beware, A & L Goodbody Solicitors)Just because the particular market devices some companies use are not capable of being touched directly by the US government does not mean that these same markets would remain unscathed should any part of the world financial "village" crash or disappear. If the Nikkei drops, the NYSE feels a hit, and so do the offshore trading companies in the Caribbean. So, the Yen suddenly values itself higher? The US Dollar correspondingly will adjust. Even in countries such as the US, just because money transfers are monitored and most, if not all financial institutions lend full support to law enforcement, should they need it, it does not preclude the fact that these countries and their financial institutions are not vulnerable to use from illicit activities. (INCSR-International Narcotics Control Strategy Report 1996 - Money Laundering). Let's not forget that most of the illicit businesses and terrorist movements in the world also have legal and legitimate fronts, business or political, that provide these illicit businesses or movements with support; both financially and popularly. It is common knowledge that so-called "organized crime" uses businesses, completely legitimate ones, to protect the illegal activities. In addition, reactionary movements such as the Irish Republican Army are backed and supported by the support of legitimate political parties, such as the Sein Fein.

An important point put forth by Mora Stevens in her address to the Woodrow Wilson School Policy Conference 401A Intelligence Reform in the Post-Cold War Era (read the Full address) reinforced the concept that large Organized illegal businesses need to use the current financial systems

"...most organized crime groups are only interested in political power for the security it would provide their organization and are primarily motivated by money."

This article not only points out that organized crime and terrorists may use the banks and financial institutions, but that some of these organizations control the banks themselves. In this case, specifically in Russia.

"The Russian Interior Ministry has estimated that organized crime 'controls' most of Russia's 200 banks and half of its financial capital ('"control' ranges from ownership and operation to influence over bank decisions through threats of violence)"

Furthermore, Reuters news service released articles containing the following texts (read the full article), attributed to the Swiss police.

"An analysis of several individual cases allows one to conclude that it is very simple for people from the East to transfer large sums of money to Switzerland from murky sources and that organized crime in eastern countries is using Swiss financial services," said the police annual intelligence report.

"To an increasing extent, dubious people ... and dubious money from the East are starting or buying companies with no visible business activity in Switzerland, acquiring financial stakes and buying property and luxury goods, although Swiss middlemen or companies are often used as intermediaries."

The Swiss financial structure is linked directly with the other major markets and will take a beating should one of them fall or be terribly disrupted.

Things are no different in terrorist specific activities, either. In an article from the Jewish News of Greater Phoenix(article), Matthew Dorf writes about large and continual fund transfers between the Palestinian Hamas and the Texas-based Holy Land Foundation, under investigation by the US state department.

"According to an American counterterrorism official, U.S. authorities have opened an investigation into the Texas-based Holy Land Foundation's relationship to Hamas. U.S. law-enforcement officials are weighing the evidence with an eye toward prosecuting Holy Land Foundation officials under the 1996 anti-terrorism law that bans fund raising in the United States for known terrorist groups, including Hamas".

Going even further, the line between typical terrorism and organized crime is blurring, increasing the necessity and probability of these terrorist groups using standard financial methods, just as the organized crime syndicates do. In the article Terrorism and Transnational Organized Crime: Implications of Convergence,  Neal A. Pollard, President of the Terrorism Research Center, writes:

"Terrorist groups are currently interacting with transnational organized crime syndicates, especially narcotics cartels. Peruvian Shining Path and Colombian FARC guerrillas have provided mercenary security support for narcotics production and trafficking lines in South America, and there is strong evidence that the Palestinian PFLP-GC has been using infrastructure in Lebanon to support drug trafficking. In return, these terrorist groups receive enormous amounts of money, more so than in “traditional” fund-raising operations such as kidnapping and bank robbery—operations that are far riskier than supporting narcotics trafficking. Furthermore, this interaction offers smuggling routes long established and tested by crime syndicates for drug and arms running, potentially providing terrorists with logistical infrastructure to clandestinely move people, arms and materiel... Transnational criminal organizations derive their power through a low profile, working within the existing structure, seeking not to attract the attention of “legitimate” powers. However, criminal syndicates do work for money, and there is no clear reason, given the right price, that such syndicates would not lend their logistical, communications, and transportation infrastructures to support terrorist operations."

Of course, the key phrase comes at the end. Most specifically, the word "infrastructures." Important in the infrastructures of any business are the distribution systems for monies collected from various "enterprises." That money must be cleaned, and that's where the banks and other financial institutions come into play.

Failure to see that most public political and financial institutions will be affected by a major aspect of the world market crashing is horribly shortsighted and I've found no disagreement on this point. Of course, they will be affected. Correspondingly so will the illicit and illegal activities connected to them, that's just plain common sense. Criminal activity and terrorist organizations do not live in a vacuum. Let's not forget that, in the case of a drug cartel, if the people of a country don't have the money to buy the drugs than the sales from these cartels will necessarily drop correspondingly. Whether it be drug money, money from the sale of illegal arms or even monies gathered from the sale of human beings, on the large scale it still primarily goes through some sort of major financial institution in one way or another.

The second, third and fourth examples are put forth by one of the lead panic mongers in these issues, Barry C. Collin, author of the Future of CyberTerrorism: Where the Physical and the Virtual Worlds Converge. Mr. Collin, currently working with the Office of International Criminal Justice (OICJ) and the Institute for Security and Intelligence, has put forth so devastating a report that you would think that we are but mere nanoseconds away from imminent destruction. Mr. Collin is far over-exaggerating the situation and proposing situations so unlikely as to be impossible. Note how in the following examples, directly from his paper, don't imply that these events might happen, but that they will.

Situation 2: "A CyberTerrorist will remotely access the processing control systems of a cereal manufacturer, change the levels of iron supplement, and sicken and kill the children of a nation enjoying their food. That CyberTerrorist will then perform similar remote alterations at a processor of infant formula. The key: the CyberTerrorist does not have to be at the factory to execute these acts."

Ok, sufficiently scared? Because now that Mr. Collin has been nice enough to make us all scared to death about eating our morning Cocoa Puffs, let's look at the problems with his first situation.

  1. Processing control systems are located on factory floors and are loaded by technicians by hand. There is no reason to allow access from the internet or via modem. Each plant is staffed individually specifically for this reason.

  2. Cereal and baby food companies aren't stupid. These are big money operations by companies that hate lawsuits and know how the American people feel about their children. There are massive quality control mechanisms in place to test the food mix before it leaves the factory.

  3. Even if the other two situations aren't true, inventory tracking at these plants is excessive. The amount of iron in each box is carefully noted, and if a massive amount of iron supplement suddenly turned up missing from inventory, the first thought of the manufacturer would be to make sure it hadn't ended up in the mix. This isn't good naturedness, this is the manufacturer covering his butt. Lawsuit paranoia is a beautiful thing, sometimes.

So, there certainly seem to be some holes in this situation, and those holes also translate over to a similar situation Mr. Collin has put forth regarding Pharmaceutical companies.

Ok, one down, now let's take a look at another of Mr. Collin's nearly Orwellian doomsday prophesies:

Situation 3: "A CyberTerrorist will attack the next generation of air traffic control systems, and collide two large civilian aircraft. This is a realistic scenario, since the  CyberTerrorist will also crack the aircraft's in-flight sensors. Much of the same can be done for rail lines."

Oh, ok. This one is "a realistic scenario." Now I believe you, Mr. Collins. This scenario has been a remote probability, very remote, for some time and there are safeguards against it already in place, because the National Transportation and Safety Board jumps at any possible way to keep the planes from falling from the sky. But let's look at the two major problems with this one.

  1. Onboard flight systems are not part of a network, they simply exchange data with the towers and Air traffic controllers. They do not allow someone with access to the land-borne towers access to the plane's systems. If that were the case, why don't towers fly planes, such as golfer Payne Stewart's, to the ground before they run out of gas? The major commercial liners fare no better as evidenced in the recent crash of Egypt Air Flight 990. The only information available was from the tower readings until the "black box" was recovered. if there was a way into the plane as it flew, don't you think the National Transportation and Safety Board would have learned how to use it to their advantage?

  2. Pilots have eyes and you can't turn them off. These pilots are not just along for the ride. They actually fly these planes. Pilots are especially alert when other planes are around, something onboard systems can detect. They are usually more alert in such instances so they have a greater chance of not smashing into another plane. The Human factor is mucho importanto here.

Ok, last situation coming up. Now, In my critical analysis of the 6 possible scenarios provided by Mr. Collin, I've ended up grouping them into three groups. The last group is really the final situation. Just in case you're interested the groups are:

Remote Controlled Mixers of Death: Cereal/Infant Formula and Pharmaceutical scenarios

Remote Controlled Objects of Doom: The Air Traffic Control and Gas Pressure scenarios (see the original document for this one, it's wonderfully melodramatic)

"The CyberTerrorist doesn't need a large truck" Defense of Destruction: In addition to Mr. Collin's unique spin on the first situation, in which he cites the fact that "...a large truck..." pulling alongside the Federal Reserve "...would be noticed," whereas a cyber terrorist can pull the heist from "another continent," He also discusses the following situation. I'd like to stress the fact that these are exact quotes.

Situation 4: "A CyberTerrorist will place a number of bombs around a city, all simultaneously transmitting unique numeric patterns, each bomb receiving each other's pattern. If one bomb stops transmitting, all the bombs detonate simultaneously. The keys: 1) The CyberTerrorist does not have to be strapped to any of these bombs; 2) no large truck is required; 3) the number of bombs and urban dispersion are extensive; 4) the encrypted patterns cannot be predicted and matched through alternate transmission; and 5) the number of bombs prevents disarming them all simultaneously. The bombs will detonate."


I mean it, wow. Not that this is so perfect and ingenious a situation that we are all doomed to certain death, but that this situation is so full of holes that it looks like the shirt I change my oil in. Let's take the pleasure of point by point taking this one apart, shall we?

  1. "The CyberTerrorist does not have to be strapped to any of these bombs." Of course, this is also the case in typical terrorist bombings. For some reason Mr. Collin is convinced that all normal terrorists (and I use the word "normal" loosely) walk, eat and sleep, 24 hours a day, with a bomb strapped to their back, making them easy prey. He also seems to think that dying for their cause is something that stops would-be typical terrorists from doing their deeds. Um, Mr. Collins, it seems many dead terrorists would disagree with you.

  2. "No Large Truck is required"  There it is! Imagine the dialogue between two typical terrorists.

    Terrorist 1:
    "Gosh, I'd sure like to blow up a government building today, Bob"
    Terrorist 2:"But we don't have a truck, Ted"
    Terrorist 1: "Well, Bob, that tanks that plan, you can't blow up a building without a truck."
    Terrorist 2: "But wait, Ted, we have AOL, We can do it from there and without a truck!"

    Despite the obvious ludicrous nature of this point, a simple question to Mr. Collin: How do they get the computer bombs around the city...horseback?

  3. "The number of bombs and urban dispersion are extensive." Huh? Ok, so I get the point that there are a lot of bombs, and that these would best be placed in a big city, but is that your whole point? The mere fact that cities are big and terrorists have bombs just laying everywhere, growing on trees, is not enough to convince me that these new CyberTerrorist will be more likely to use this tactic. CyberTerrorist are, by definition, the fat lazy geeks of the terrorist world. So they are even less likely, logically, to wander around the city carrying bombs, especially without trucks.

  4. "The encrypted patterns cannot be predicted and matched through alternate transmission." Yeah, right, and Windows is a flawless operating system. For this sort of encrypted System to work the other bombs would need to "know" what signal to expect, which most likely will repeat. Not only could those signals be duplicated and passed on in sequence, but modern bomb squads could also use those very signals to locate the other bombs in the sequence, the numbers of which would be limited by transportation purposes (See "2. No Large Truck...")

  5. "The number of bombs prevents disarming them all simultaneously." Number of bombs is limited, truck. Well, I'm no bomb disposal expert, but couldn't you just remove the transmitter unit from the firing circuit so that the transmissions go on normally while you diffuse the bomb in a normal manner? You'd need an extra battery to power the transmitter, but I'm told the Bomb squad might have those. Or maybe you could route the power from the battery around the firing circuit to the transmitter. Of course, no amount of planning will help if the Bomb squad doesn't have a truck. You can't do anything without a truck, and it has to be a large one.

Ok, so I've ridiculed this one enough, suffice it to say that this particular scenario (not to mention all of the others) has a few problems with it. but Mr. Collin has brought up another point in a different section in his remarks that makes me worry. And not only professionally, mind you, but personally.

Mr. Collin makes the following remark in his paper, under the heading Crackers as Facilitators:

"Individuals with a background in intelligence are aware that a frequent element of case execution is enlisting the indigenous, sometimes called "facilitators," to assist in a campaign. At the convergence of the physical and virtual worlds, the indigenous are the crackers."

Now that might not bother most of you reading this, but it does bother me, because part of my job is hacking, since that's what we prefer to call it. I am a hacker. It's part of what makes me a better technician than the other jokers out there. It also bothers me because there are a lot of people like me in this country. Sure we hack, and we're good at it, but we are not traitors to our country because of it. In fact, in the slowly approaching information wars, the best defense this country can muster are the legions of intelligent and skilled hackers that handle security matters such as these every day of their lives. Who do you think staffs the AFIWC? Soldiers? No, hackers. Hackers with stripes, maybe, but hackers first.

These people know the ways in and where the damage could be done. The United states has more hackers and computer security experts than any other country. Companies know this and routinely hire hackers to not only test security systems but to design them. And these jobs pay well, too, Mr. Collins. We, as hackers, are an asset, not a detriment, to this country's computer security.

It's bad enough for us hackers as it is without some "expert" beginning some sort of cyber McCarthyism and hunting down this nation's best and brightest programmers because he thinks we might be "facilitators." What about the phone company, Uncle Joe? If we didn't have phone lines no one would be able to hack us! Are we going to form a new evil empire, the Cyberists? Hell bent on taking control of the computer system and networks of the world!? Out to destroy freedom and democracy!?

No. Hardly.

We'll keep finding your security holes and bringing these faults into the public eye. And we'll do it because we like doing it and with no thanks from anyone.

Is CyberTerrorism real? Of course. It's as real as anything virtual can be and a legitimate threat to people the world over. But is this threat as certain as Mr. Collins portends it to be? No. The greatest threat we face now from the cyber terrorist is propaganda, plain and simple. In the future, when the world is far more connected than it currently is, some of the above scenarios may be possible, but as the technologies develop and grow, so do the defenses.

And so do the hackers manning them.

Have something to say about Cyberterrorism?
Let us Know!