Return-Path: <sentto-279987-1641-998755227-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Sat, 25 Aug 2001 09:01:10 -0700 (PDT) Received: (qmail 1941 invoked by uid 510); 25 Aug 2001 16:00:34 -0000 Received: from n10.groups.yahoo.com (216.115.96.60) by 204.181.12.215 with SMTP; 25 Aug 2001 16:00:34 -0000 X-eGroups-Return: sentto-279987-1641-998755227-fc=all.net@returns.onelist.com Received: from [10.1.4.52] by ej.egroups.com with NNFMP; 25 Aug 2001 16:00:27 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@yahoogroups.com Received: (EGP: mail-7_3_2); 25 Aug 2001 16:00:26 -0000 Received: (qmail 58257 invoked from network); 25 Aug 2001 16:00:26 -0000 Received: from unknown (10.1.10.26) by m8.onelist.org with QMQP; 25 Aug 2001 16:00:26 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta1 with SMTP; 25 Aug 2001 16:00:26 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id JAA15691 for iwar@yahoogroups.com; Sat, 25 Aug 2001 09:00:25 -0700 Message-Id: <200108251600.JAA15691@big.all.net> To: iwar@yahoogroups.com In-Reply-To: <000401c12d82$9eccb9e0$eaf274c0@foo> from "MAGLAN 1" at Aug 25, 2001 09:52:16 AM Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Sat, 25 Aug 2001 09:00:25 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: Re: [iwar] Why 'conventional' terrorist groups Not utilizing Cyber/ Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Per the message sent by MAGLAN 1: > Why 'conventional' terrorist groups (main reference: Patterns of Global > Terrorism" - US State Dept)., e.g. : Kurdistan Worker's Party (PKK), > Chilean Communist Party (FPMR), Fronte di Liberazione Naziunale di a > Corsica (FLNC), Osama Bin Ladin, : > 1. Not utilizing Cyber Terror / Computerized Terror against their opponents > / targets? > 2. Not 'integrated' 'conventional' terrorism with Cyber / Computerized > Terror ? > or may they are ? > Thanks in advance for any answer. Indeed a complex question - or at least I will provide a complex response. I should begin by indicating that I studied this very question with a group of others in some detail until our funding ended a year or so ago (sponsor diddn't have any more budget and couldn't find anyone else with budget to support it - strange world when cyber terrorism is all the scare but nobody wil support real study of the issues...). 1) Groups: I should start by saying that, to me, there is no such thing as a generic 'terrorist group'. Just as each computer attacker is unique and each nation state is unique, so is each organization labelled by the US state department. The answer is different for every group. 2) Cyber terrorism: What exactly are we talking about here? I will take the view that we want to know what the identified groups do relative to information technologies, systems, and infrastructures and ignore which of these acts are 'acts of terrorism' as opposed to all other acts. 3) Capabilities and Intent: We might consider that groups may be able to use or abuse information technology in different ways (i.e., have some capabilities) but may choose to use or not use those capabilities in different ways (i.e., have some intent). Answer to the first question: Many groups identified in the State Department's list of terrorist organizations do use information technology in a wide variety of ways, including 'against' their opponent. These range from the use of IT to coordinate their activities, to gain intelligence about their enemies, to trigger explosive devices, to cause economic harm to their enemies, for propaganda, to pressure individuals and other groups, to take from their opponents, and for a wide variety of other things. Different groups use different IT solutions for different applications, depending on their needs. They build or buy capabilities which in this arena are generally well within their available budget and they use them in a well coordinated manner according to their intent. Answer to the second question: Integrating 'computer terror' with 'physical terror' has been tried but has not proven highly successful in the sense that terror isn't greatly heightenned by using computers rather than other media for conveying messages. The sound and smell of an explosion seems far more effective than the defacement of a web site, and it gets more publicity over a wider area. They apply technology where it best suits them. Why don't they 'bring down the power grid' with IT or some such thing? Because it is not within the scope of their capabilities and intent as of yet, or because it's not as easy or cheap as a well placed hand grenade. Those that do attack infrastructure are highly successful with conventional explosives. Why go to the time, expense, etc. of cyber attacks when they already have the capability with less e3xpensive and easier to use items? A very brief summary - but still a bit long for the venue. FC --This communication is confidential to the parties it is intended to serve-- Fred Cohen Fred Cohen & Associates.........tel/fax:925-454-0171 fc@all.net The University of New Haven.....http://www.unhca.com/ http://all.net/ Sandia National Laboratories....tel:925-294-2087 ------------------------ Yahoo! Groups Sponsor ---------------------~--> The Nissan Sentra Everything but compact http://NissanDriven.com http://us.click.yahoo.com/3vsIKC/txlCAA/ySSFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:40 PDT