Re: [iwar] Arab/Israeli "CyberWar" of our own making

From: Fred Cohen (
Date: 2001-06-11 19:17:10

Return-Path: <>
Received: from by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Mon, 11 Jun 2001 19:18:08 -0700 (PDT)
Received: (qmail 15494 invoked by uid 510); 12 Jun 2001 01:17:46 -0000
Received: from ( by with SMTP; 12 Jun 2001 01:17:46 -0000
Received: from [] by with NNFMP; 12 Jun 2001 02:17:11 -0000
Received: (EGP: mail-7_1_3); 12 Jun 2001 02:17:11 -0000
Received: (qmail 79891 invoked from network); 12 Jun 2001 02:17:10 -0000
Received: from unknown ( by with QMQP; 12 Jun 2001 02:17:10 -0000
Received: from unknown (HELO ( by mta3 with SMTP; 12 Jun 2001 02:17:10 -0000
Received: (from fc@localhost) by (8.9.3/8.7.3) id TAA01747 for; Mon, 11 Jun 2001 19:17:10 -0700
Message-Id: <>
In-Reply-To: <> from "B.K. DeLong" at Jun 11, 2001 10:05:31 PM
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <>
Mailing-List: list; contact
Delivered-To: mailing list
Precedence: bulk
List-Unsubscribe: <>
Date: Mon, 11 Jun 2001 19:17:10 -0700 (PDT)
Subject: Re: [iwar] Arab/Israeli "CyberWar" of our own making
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Per the message sent by B.K. DeLong:

> At 06:38 PM 06/11/2001 -0700, you wrote:
> >Israel knows who is launching attacks from their side, and they include
> >reserve military officers over which they have control should they
> >choose to exert it.  They do nothing to stop these attacks and they
> >clearly have the ability to do so.  This is done as a matter of national
> >policy - whether de-facto by ignoring it or explicitly by supporting it.

> Oh come on, Fred. That's like saying the US knows every single kid doing a 
> DoS attack at any given time. Hell, the NIPC takes months to find these 
> people. What makes you think the Israeli government knows who's doing it ?

The Israeli attackers are quite vocal.  They appear in newspaper
interviews.  They use real names in many cases.  Israel has a far more
closely controlled and smaller infrastructure and for more suerveillance
capability per user than the US does.

The US can indeed exert control over connections to Chinese sites should
it choose to do so.  In addition, many of those launching these attacks
are quite open about it and are not hard to track, meet, and chat with.
They are not exactly trying to hide.

> >While I am here, let's talk about the US and China - same situation as
> >far as I can tell.

> Nah - I'll dispute that. I spent a lot of time on the primary Chinese-based 
> IRC server where this action was being coordinated. I found a handful of 
> people who could speak English and were hanging out with l1on and the 
> "honker union of China " or HUC, ChinaEagle and Redhackers and asked them 
> what the deal was for the 4-8 days of the defacement spree.

>  From what I heard (multiple sources) it was a bunch of low-level script 
> kiddies retaliating against the US for all the English-speaking hackers 
> hitting their sites and that all the "medium to high level hackers" were 
> staying out of the whole thing. There was rumblings towards the end of the 
> activity that the more experienced hackers would get involved if the US 
> kids didn't stop the heavily-racial insults that appeared on defacements of 
> high-level Chinese government sites.

> I don't believe it was "government sanctioned" or ordered...but you have to 
> remember that the Chinese train of thought is that everything is "for the 
> government". became a target because they couldn't believe 
> such a site was not US government sanctioned.

Indeed, some of the attacks came from Chinese government computers.  The
Chinese have arrested cyber criminals and have a demonstrated
surveillance capability for their Internet systems.  They could stop it
if they chose to.  Indeed I think that they did.  Once attribution to
the Chinese government started to be asserted, the attacks cooled

> Most of my thoughts are inline with this commentary (which I posted last 
> night):

> The Chinese defacers I was in touch with were not reading English-based 
> press. Yet it was quite clear the kids attacking China were and stepped up 
> attacks in tune with the media coverage. IMNSHO, this whole incident could 
> have been ended almost instantly if the US media did not blow it out of 
> proportion and feed the egos of English-speaking teens.

I agree that the Us attackers have a relationship with the media that I
do not like.  But I disagree about the notion that these are not related
to government policy. 

And I welcome this discourse - keep it coming.

Fred Cohen at Sandia National Laboratories at tel:925-294-2087 fax:925-294-1225
  Fred Cohen & Associates: - - tel/fax:925-454-0171
      Fred Cohen - Practitioner in Residence - The University of New Haven
   This communication is confidential to the parties it is intended to serve.
	PGP keys: - Have a great day!!!


Your use of Yahoo! Groups is subject to 

This archive was generated by hypermail 2.1.2 : 2001-06-30 21:44:17 PDT