Return-Path: <sentto-279987-1682-999412826-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Sat, 01 Sep 2001 23:41:11 -0700 (PDT) Received: (qmail 9684 invoked by uid 510); 2 Sep 2001 06:40:44 -0000 Received: from n10.groups.yahoo.com (216.115.96.60) by 204.181.12.215 with SMTP; 2 Sep 2001 06:40:44 -0000 X-eGroups-Return: sentto-279987-1682-999412826-fc=all.net@returns.onelist.com Received: from [10.1.4.56] by ej.egroups.com with NNFMP; 02 Sep 2001 06:40:26 -0000 X-Sender: fastflyer28@yahoo.com X-Apparently-To: iwar@yahoogroups.com Received: (EGP: mail-7_3_2); 2 Sep 2001 06:40:25 -0000 Received: (qmail 29135 invoked from network); 2 Sep 2001 06:40:25 -0000 Received: from unknown (10.1.10.142) by l10.egroups.com with QMQP; 2 Sep 2001 06:40:25 -0000 Received: from unknown (HELO web14509.mail.yahoo.com) (216.136.224.168) by mta3 with SMTP; 2 Sep 2001 06:40:25 -0000 Message-ID: <20010902064019.54583.qmail@web14509.mail.yahoo.com> Received: from [12.78.120.46] by web14509.mail.yahoo.com via HTTP; Sat, 01 Sep 2001 23:40:19 PDT To: iwar@yahoogroups.com In-Reply-To: <5.1.0.14.2.20010901085534.03683c80@mail-dnh.mv.net> From: "e.r." <fastflyer28@yahoo.com> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Sat, 1 Sep 2001 23:40:19 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: Re: [iwar] Is China's Guandong province ground zero for hackers? Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit SURE IS. LOOK AT THE PLA WIREING DIAGRAM, AND IT IS QUIRE CLEAR/ --- Brian McWilliams <brian@pc-radio.com> wrote: > Vamosis's article is interesting speculation, but in the case of Code > Red, > there's evidence China *wasn't* ground zero: > > http://www.newsbytes.com/news/01/169636.html > > China and Korea are renowned for having lots of easily compromised > systems > with non-existent system administrators. What's to say some kid from > Fargo > isn't using Guangdong as his launch pad? > > Brian > > > At 02:46 AM 9/1/01, Fred Cohen wrote: > >Is China's Guandong province ground zero for hackers? > > > >By Robert Vamosi, AnchorDesk, 8/31/2001 > >http://dailynews.yahoo.com/h/zd/20010830/tc/is_china_s_guandong_province_ground_zero_for_hackers__1.html > > > >Last week, while discussing new priorities for the Department of > Defense > >(news - web sites), Secretary of Defense Donald Rumsfeld told the > >Washington Post that "serious moves to transform the military to > meet > >such emerging threats as computer warfare, terrorism and missile > >proliferation will not produce new war-fighting capabilities for a > >number of years." Although paraphrased, it sounds to me like > Secretary > >Rumsfeld just told our enemies that we're years away from defending > >ourselves against cyberterrorism. Oops. Now is not the time to > admit > >weakness in this area, Mr. Secretary. > > > >Quietly, the U.S. government had been hacking away at > cyberterrorism. > >The EP-3E spy plane that crash-landed in China earlier this year > was, > >according to James Bamford in his keynote speech at this year's > Black > >Hat Briefing, working for the National Security Agency. Even the > 1999 > >war in Kosovo featured early information warfare techniques against > the > >Serbian government. A recent report by MSNBC explains the emerging > >global information warfare threat in greater detail. If the > secretary > >is serious about transforming the U.S. defense department, then let > me > >suggest that it is much more prudent to shore up our computer > networks > >today than to invest in the 20-year-old concept of laser-toting > >satellites orbiting the earth tomorrow: Our computer networks are > >already under serious attack. > > > >HOSTILE NATIONS, and for that matter, hostile groups, such as Osama > bin > >Laden (news - web sites)'s followers, realize they can't challenge > the > >U.S. military one-on-one. But they can disrupt our utilities, our > >telecommunications, and our e-commerce. Just last spring, during a > >period of rolling blackouts in Northern California, someone hacked > into > >the California Independent System Operators system, which regulates > the > >flow of power in the state. The malicious users were stopped before > >they caused any damage, but the incident shows how vulnerable our > >ancillary government agencies are to attack. The hack was traced > back > >to the Guangdong province in China. Turns out, this was not an > isolated > >incident. > > > >A few weeks ago, I wrote that students at Foshan University in > >Guangdong, China, may have created the Code Red worm. Shortly after > >that column appeared, someone at the Defense Department called me > with a > >serious interest in that information. Now, the recent and very > nasty > >Offensive Trojan horse also happens to share a connection to > Guangdong. > >I don't think this is a coincidence. > > > >Guangdong is the largest and wealthiest province, and Hainan Island, > the > >site where the American EP-3E plane was held after landing last > April, > >is nearby. According to a report prepared by the security company > >Vigilinx, Guangdong is also home to hacker groups, such as the > Honker > >Union of China (also known as the Red Guest Alliance) and China > Eagle, > >and to criminal extortionists who have been terrorizing Hong Kong's > >financial networks for years. Guangdong also happens to be very > >beautiful, historic, and the focus of major Western investment and > >tourism. > > > >RATHER THAN ASSUME the Chinese government is behind Code Red and > >Offensive, I think it is more credible that different groups of > >individuals within Guangdong might be hacking the United States and > >other nations (like Japan) for their own reasons. Like the cracker > >activity once seen in Eastern Europe, these exploits may not be a > >political expression against, but a general frustration with, > Western > >arrogance and influence. The crackers in Guangdong seem to be doing > >their own thing, and they are definitely pushing the envelope of > what is > >possible in terms of malicious activity on the Internet. > > > >Whatever their motives, I suggest we'll hear even more from the > crackers > >in Guangdong. If ego is involved, these crackers probably aren't > done > >flexing their programming muscles or announcing themselves to the > world. > >Now, thanks to comments from the U.S. Defense Secretary, others > >elsewhere might also be tempted to join in their fun. > > > > > > > >------------------ > >http://all.net/ > > > >Your use of Yahoo! Groups is subject to > http://docs.yahoo.com/info/terms/ > > __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ ------------------------ Yahoo! Groups Sponsor ---------------------~--> Secure your servers with 128-bit SSL encryption! Grab your copy of VeriSign's FREE Guide: "Securing Your Web Site for Business." Get it Now! http://us.click.yahoo.com/n7RbFC/zhwCAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ From: <DrewSchaefer@ftnetwork.com> Date: Mon Sep 3, 2001 5:48 am Subject: Information Technology Security policies Hello Fred and all, I am curious whether anyone has a reference to any form of Organization (Corp., NGO, Gov't agency) IT security policy. Whether you helped write one, or know a website that has such items, any references private or public, would be helpful. I am doing some research on the legal aspects (constitutional and employer/employee relationships) of these types of documents. Please reply either privately or to the IWAR list, thank you in advance! Cheers, Drew Drew Schaefer, JD 41 76 549 1907 (Mobile #), 9, ruelle des Galeries 1248 Hermance, Suisse ***************************************************** "In every country and in every age, the priest has been hostile to liberty. He is always in alliance with the despot, abetting his abuses in return for protection to his own." --Thomas Jefferson to Horatio G. Spafford, 1814. ME 14:119 ****************************************************** From: Fred Cohen <fc@all.net> Date: Mon Sep 3, 2001 11:03 am Subject: Re: [iwar] Information Technology Security policies Per the message sent by DrewSchaefer@ftnetwork.com: > Hello Fred and all, > I am curious whether anyone has a reference to any form of > Organization (Corp., NGO, Gov't agency) IT security policy. Try http://all.net/ => Protection Policy --This communication is confidential to the parties it is intended to serve-- Fred Cohen Fred Cohen & Associates.........tel/fax:925-454-0171 fc@all.net The University of New Haven.....http://www.unhca.com/ http://all.net/ Sandia National Laboratories....tel:925-294-2087 From: Fred Cohen <fc@all.net> Date: Mon Sep 3, 2001 6:44 pm Subject: news Subject: China: Air Force Publishes First Information Warfare Teaching Aid. 4/24/01 China: Air Force Publishes First Information Warfare Teaching Aid. Text of report by Tang Baiyun, Chen Kecheng entitled: "Chinese air force publishes `Information Warfare', its first teaching material for signal corps", carried by Chinese news agency Zhongguo Xinwen She Information Warfare, a teaching aid compiled by a signal unit of the Guangzhou air force, was recently published. This is the first teaching aid on information warfare published by the Signal Corps of the Chinese air force. A person connected with the Guangzhou air force said today that with the extensive application of the latest information technology in the military sphere, information warfare has become an important factor deciding the outcome of war. He said that in order to meet the needs of future wars, bring into play the role of the signal corps in modern warfare and meet the requirement of "communicating in the course of combat, confrontation and troop movement", a certain unit of the Guangzhou air force had organized the best of its men and spent six months to compile Information Warfare, the first teaching aid for the Signal Corps of the Chinese air force. The book used an abundance of actual examples of wars across the world as well as relevant CD-ROMs to give a vivid and figurative account of the basic concepts of information warfare, the main techniques and weaponry of information warfare, the strength of information warfare and the development of information weapons. The use of Information Warfare in teaching will play an important role in the training of air force Signal Corps units with "many-sided soldiers with expertise in one field". Source: Zhongguo Xinwen She news agency, Beijing, in Chinese 20 Apr 01. ________________________________________________________________________ Subject: Cyberwar: The Mouse is Mightier Than the Missile 4/4/01 Cyberwar: The Mouse is Mightier Than the Missile By R P C Americo Hacker wars are now a regular part of regional, religious and ethnic conflict - from the Middle East to the Taiwan Strait. Opponents launch sophisticated sneak attacks on each other s websites. A group calling itself the Pakistani Hackerz Club seized the American Israel Public Affairs Committee (AIPAC) website and replaced the powerful pro-Israeli lobby s home page with anti-Israeli slurs. The Pakistanis also broke into AIPAC's databases, lifted the credit card numbers of 700 powerful Jewish supporters and then e-mailed 3,500 AIPAC members to boast about their exploits. Israeli cyber warriors have met their match in extremist groups like Hamas and Hizbollah whose computer-literate youngsters have become adept at throwing virtual electronic stones. The Palestinian side is calling it e-Jihad or electronic holy war against Israel and the US. "It is the first inter-fada , and the cyberconflict will probably intensify. The sophistication of attacks is expected to increase as attackers on both sides have time to prepare and launch more intricate actions. In the event that either side deploys viruses or Trojan horses, digital infections will not remain confined to their intended targets. Such cyber attacks will spread to the Internet as a whole, infecting systems worldwide." The extract above is taken from the introduction to a report released by the Center for Strategic and International Studies (CSIS), Washington, in December 2000. Cyberactivism or hacktivism may be Internet-based but its effects are certainly not virtual. Battle of servers, battle of hearts: new media cyberwar was the name of a symposium which took place in January 2001 at the Ben Gurion University in the southern Israeli town of Beer Sheva. The symposium aimed to examine a relatively unexplored dimension of new media and cybermedia and to assess how they are applied in the context of real war, how they compare with virtual war games, what really happens in virtual wars, are they important and what are the other implications.Speakers at the symposium pointed out that rather than replacing the desire for real conflict, the activities of extremist groups on the web creates wider communities of the like-minded than was previously possible. These direct channels of communication and information distribution may actually result in increased action on the ground. Cyberattacks now arise whenever disputes occur anywhere in the world. They are part of the war of words but can cyberterrorism and cyberwar be far behind? Two young Filipino university drop-outs demonstrated with the love-bug that even amateurs can cause billions of dollars in damage by shutting down a corporate system and effectively putting it out of business for a day or two, or by stealing proprietary data. Limor Yagil who lectures on terror and the Internet at several Israeli universities said at the symposium: "The Muslim world understood the importance of the Internet very early. They adopted a new strategy of online Jihad or e-Jihad. They created an Islamic community on the Internet which unites a Muslim in Afghanistan, for example, with what is happening in Algeria and Israel." However, both sides in the Israel-Palestinian/Arab cyberwar are making use of this distribution channel. For example, Gilad Rabinovich, CEO of NetVision, the leading Israeli ISP admitted: "We started it. It was so sexy, let s put an Israeli flag on the Hizbollah site. And then they woke up." In fact, a group of Israeli hackers has fired multiple salvos in the on-going Israeli-Palestinian cyber-war, defacing several anti-Zionist websites. The group, which goes by the name of "m0sad" (not to be confused with Mossad, Israel s elite intelligence agency), defaced the Internet home page of the service provider Destination, the Internet wing of Beirut's ITX, apparently in retaliation for the company s continued service to al-Manar Television, the official Web site of the Islamic fundamentalist group Hizbollah. The attack disrupted service on ITX s Destination website for over six hours, according to the company. Instead of the normal home page, visitors were treated to a jarring black screen that stated in large white type: "site closed by m0sad". ITX's general manager Ziad Mugraby later told news sources that m0sad had accessed the company's website through NetVision.Ben Venzke, director of intelligence special projects at Internet security firm iDefense.com, reported that m0sad is the first pro-Israeli hacking group to expand the cyber-campaign against the Palestinian Intifada beyond pro-Palestinian websites by targeting websites throughout the Arab world. In fact during six weeks m0sad has defaced sites in Pakistan, Saudi Arabia and Qatar. The group also vandalized the official website of the Iranian President Mohammed Khatami, apparently in protest over pro-Palestinian cyberattacks against official Israeli sites. Despite these recent Israeli hack-attacks, Palestinian hackers are more than holding their own. According to the iDefense report published on January 3, 2001, if sheer quantity is a measure of success, the Palestinian hacktivists seem to be winning. There have been around 40 pro-Israeli assaults against websites sympathetic to the Palestinian cause, versus over 200 assaults against Israeli websites by Palestinian hackers. Ben Venzke claims that the reason for the statistical discrepancy has probably been that Palestinian hackers can attack .il addresses, Israel's top level (TLD) domain, whereas organizations like m0sad have to search out multiple TLD's to wreak equivalent mayhem. Cyberwar, however, is not restricted to Israeli/ Palestinian-Arab conflict. Throughout January computer hackers broke into 26 government Internet sites on three continents in "one of the largest, most systematic defacements of worldwide government servers on the web", according to the news. The defacements affected websites in the US, UK and Australia. The break-ins were attributed to a group called Pentaguard, which has previously been responsible for 48 attacks of a similar nature. The hackers caused servers to crash, sent greetings to other hackers, and left rambling messages with references to beer, sex and Ferraris, but officials claimed that they did not do any serious damage. This was not the largest of recent hacker attacks, but it was significant because it simultaneously spanned three time zones, meaning that the hackers wanted to complete the act while nobody was sleeping. All the sites affected remained defaced for at least 15 minutes. Also in January 2001, during the annual conclave of global political and economic luminaries at the Alpine resort of Davos, Switzerland for the World Economic Forum (WEF), unprecedented security precautions failed to prevent computer hackers from tapping into a database and stealing credit-card numbers of about 1,400 prominent people. The computer break-in came to light when the Swiss weekly SonntagsZeitung revealed that its reporters had been shown data on a CD-ROM containing 80,000 pages of information, including credit-card numbers, passport information and personal cell-phone contacts of some of the WEF s participants. These representatives are among the world's most famous, rich and powerful people. The victims included former US president Bill Clinton, former secretary of state Madeleine Albright, South African President Thabo Mbeki, Microsoft s co-founder Bill Gates and other prominent corporate executives, the Swiss weekly said. SonntagsZeitung was told that the cyber-attack was carried out by unknown hackers who managed to break into a remnant database that contained information about participants who attended some of the WEF s regional meetings held last year. The stolen material appeared to consist mainly of biographical data readily available to the public, but for about 1,400 people more private information was accessed. During the conference, thousands of Swiss police set up an elaborate array of roadblocks and barbed wire barricades that transformed the Davos conference center into an impregnable fortress. The security measures were taken to thwart any mayhem by anti-globalization demonstrators, who had threatened for months to disrupt what they call an elitist conspiracy designed to promote the interests of big business to the detriment of the world s poor. During January 2001, computer hackers obliterated the website of the Egyptian central bank. The website, which usually features billowing Egyptian flags and an old, sepia photograph of the bank, was turned all in black, overlaid red text in Portuguese including several Brazilian Internet addresses: "Ha ha ha ha and you still say Brazilians are stupid..." was part of the triumphant hackers message. In the Asian continent more than 40 Indian sites have been infiltrated during last year by hackers like G Force Pakistan and Doctor Nuker, who have left poignant pro-Pakistan slogans and reasons why Kashmir belongs to that country. On August 1, 1998, the Portuguese group Kaotik Team hacked 45 Indonesian government websites, altering web pages to include messages calling for full autonomy for East Timor. Mailbombs were delivered and several other Indonesian government sites were hacked some days later by hackers from China and Taiwan, to protest the fact that Chinese-Indonesians were targeted for torture, rape and looting during the anti-Suharto riots in May of that year. Incidents that were once locally confined now can have international repercussions, and cross both public and private lines. Despite the prevalence of these amateur hacker attacks, it is clear that there is the possibility of a full-scale cyberwar between national governments. Actual cyberwar is difficult to carry out on a large scale. However, information warfare strategies are becoming increasingly embedded in national defense plans and intelligence operations, not only in the US, but also in countries like the UK, France, Israel, China, and Russia. Although many experts believe that the threat from nation states is currently overstated, the potential for sophisticated cyberwar tactics is likely to evolve rapidly. Experts who believe that the risk is overstated tend to be thinking in terms of traditional threat assessment models, which look for big footprints and may not be appropriate to the much more subtle and obscure cyber threats. In addition, intelligence gathering on information attacks poses strong challenges legally and operationally. Although no serious nation-based attacks have been detected to date, it is important to note that many documented attacks have had national organizations behind them, or have supported nationalist motives. For example, there have been persistent probes of US businesses, universities, and government agencies by Russians, economic espionage by French companies and French intelligence, attacks by Palestinian or pro-Palestinian groups on the websites of US companies that actively do business with Israel and so on. What is information warfare and what are the realistic threats to a country s national security? Information warfare (IW) can encompass everything from electronic jamming to psychological operations. The focus here however, is defense against the deliberate exploitation of information systems inherent vulnerabilities in a manner that affects national security. The reality of IW is that all systems are vulnerable. As states grow more dependent on information systems, vulnerabilities will increase. These weaknesses are compounded by the fact that military and civilian information systems are intimately linked. Railroads for example, are controlled by relatively penetrable civilian systems and much of the military s unclassified message traffic travels on the Internet. In cyberwar, civilian information systems can be as critical as military systems and any effort to build a truly secure national information system will require close cooperation between business and government for each country. As war becomes more information intensive, the need for such cooperation grows. The Gulf War taught us that strong information management skills could translate into battlefield success, but information technology shares one characteristic with older military technology; defensive countermeasures are both simpler and cheaper. Cyberwar requires a small capital investment to achieve tremendous results. The necessary computer equipment is easily obtained and is becoming less expensive every day. A team of computer mercenaries could be hired for less than the cost of one fighter aircraft. IW can also be carried out remotely. A state or terrorist organization could easily disperse its operatives around the world making it difficult to pinpoint any attack and retaliate. The bottom line is that information warfare is cheap, effective and well within the reach of almost any state or well-endowed terrorist organization. The potential for the Davids of the world to fling a well-placed rock against the Goliaths may actually be greater in the information age than in the industrial age. According to a report from the California based think-tank the Rand Corporation, entitled In Athena s Camp: Preparing for Conflict in the Information Age, authors John Arquilla and David Ronfeldt define infowar or cyberwar as, "conducting military operations according to information-related principles. It means disrupting or destroying information and communications systems. It means trying to know everything about an adversary whilst keeping the adversary from knowing much about oneself. It means turning the balance of information and knowledge in one s favor, especially if the balance of forces is not. It means using knowledge so that less capital and labor may have to be expended." University of Ottawa human-rights professor Gregory Walters, wrote in the Ottawa Citizen last year that the world of information warfare is, "a world where logic bombs, computer viruses, Trojan-horses, precision-guided munitions, stealth designs, radio-electronic combat systems, new electronics for intelligence gathering and deception, microwave weapons, space- based weapons, and robotic warfare are being discussed, developed and deployed." Technology is changing the equations of power, challenging the conventional channels of communication, distributing and disseminating influence in the broadest possible fashion. It is democratizing the channels of communication and side stepping the gatekeepers. This technology has a mind-boggling potential to break through barriers and overcome political obstacles, to educate, inform and be an agent of political change. These events should be borne in mind when doing business on the Internet. Every Internet user is in the middle of a battlefield. Security becomes a key work to keep the quality of service and corporation image. The mouse is mightier than the missile. http://www.qsdg.com ________________________________________________________________________ Subject: Information Warfare Alternative for Deterrence and Compellence Though this is not specific to the subcontinent, it contains interesting linkages of Information Warfare to the NMD of Dubya-Cheney-Rumsfeld. Hungry Like A Wolf Whom the Gods Would Destroy: An Information Warfare Alternative for Deterrence and Compellence Major Robert D. Critchlow, U.S. Air Force SINCE THE END OF THE COLD WAR, the threat from weapons of mass destruction (WMD) has expanded beyond the massive arsenal of the former Soviet Union to many nations who are possessors-declared and undeclared-of nuclear, biological, or chemical weapons and the means to deliver them, or are attempting to acquire them. The United States therefore requires the ability to deter these smaller WMD-owning adversaries and, when necessary, to compel them to comply with its will or that of the international community. However, as has been widely noted, the utility and credibility of the U.S. nuclear arsenal for these ends are growing smaller, due to the success of arms control and public abhorrence of the nuclear instrument. Therefore, an alternative strategy is required, one that provides a responsive intermediate step on the escalation ladder. Information warfare (IW) can provide that alternative. Like nuclear weapons, information warfare techniques can, at least theoretically, punish an adversary by striking speedily at his "centers of gravity"-leadership, command and control, national infrastructure, or industry-without defeating conventional forces in the field. It provides an alternative that the public is likely to be more willing to accept than a nuclear response to WMD use by a small power. It also provides a proportionate response to hostile attacks against the U.S. information infrastructure. The military community uses a variety of terms to describe relationships between warfare, information, and information technology.1 Among them are "knowledge-based warfare" and "network-centric warfare," which imply the networking and exploitation of friendly communications, computers, intelligence, reconnaissance, and surveillance systems to maximize the effectiveness of traditional military arms.2 The Department of Defense uses the terms "command and control warfare" and "information operations" in reference to the employment of psychological operations, electronic warfare, operations security, military deception, and physical destruction to strike command and control systems and affect the perceptions of hostile nations.3 In this article, "information warfare" means specifically the use of computer network attacks and electronic warfare techniques against the military systems and, especially, the national information infrastructure of an antagonist. The Proliferation Environment The strategic environment that the United States faces at the turn of the millennium resembles that of the years of President Dwight D. Eisenhower?s "New Look," before the Soviet Union exploded its first hydrogen bomb and developed an intercontinental missile. The nation is once more enjoying economic expansion; it is again in a position of military dominance, though this time through its conventional capability rather than its nuclear might. As in that period, there are few direct threats to the U.S. homeland. The United States of the 1950s faced international challenges in Korea and Indochina; the threats today are once more on the periphery. As in the 1950s, when opponents on the periphery employed unconventional warfare to "end run" U.S. nuclear superiority, this nation?s nuclear and conventional military capabilities are confronted today by an "asymmetrical" threat. Today, the proliferation of weapons of mass destruction increases the dangers and difficulties of the international arena. The number of nations that possess or are aggressively attempting to develop these weapons and ballistic missile systems to deliver them is expanding. James Woolsey, former Director of Central Intelligence, estimated in 1995 that twenty nations had or were developing WMD and delivery means. Fifteen nations already had ballistic missiles, and sixty-six possessed cruise missiles.4 Since that time, India and Pakistan have openly demonstrated nuclear weapons capabilities. North Korea is estimated to have plutonium sufficient to build one or two nuclear weapons.5 The U.S. homeland is expected to face additional ICBM threats from North Korea, Iran, and Iraq in the next fifteen years.6 Of even higher probability is the launch of short and medium-range ballistic or cruise missiles at U.S. or allied military and civilian targets. Nonmissile delivery means is the most likely of all, as it is the easiest to achieve and avoids direct association with the perpetrator or sponsor.7 Whom the gods would destroy they first make mad. -Euripides ________________________________________________________________________ These technologies are spreading to smaller, radical, rogue states. Dr. Barry Schneider, in a coinage worthy of Ian Fleming, has christened these states "NASTIs": nuclear/biological/chemical-arming sponsors of terrorism and intervention. Iraq, Iran, and North Korea rank as charter members of this dubious club, while Libya, Cuba, and Syria are striving to become NASTI members.8 Iran uses its formal adherence to the Non-Proliferation Treaty as a camouflage under which to gain access to key technologies for its nuclear weapons program. Iran is actively improving its civilian nuclear energy program and cooperating with Russian and Chinese agencies to develop facilities that will both complete the nuclear fuel cycle and support weapon materials production.9 It is expanding its chemical weapons program, though it signed the Chemical Weapons Convention; it has hundreds of tons of choking and blister agents in stock, and it is in the process of "weaponizing" its biological warfare research. In an example of the closeness of the NASTI fraternity, Iran has been able to buy Scud-C and No Dong-1 ballistic missiles from North Korea.10 As for Iraq, during the Gulf War it prepared Scud warheads containing chemical and biological agents for launching against Israel and Saudi Arabia, and it embarked on a crash effort to produce one or two nuclear warheads. Although its program was damaged in the war, Iraq preserved critical elements, as well as the expertise to re-create the rest. The CIA considers it likely that Iraq resumed its WMD programs after the air and cruise-missile strikes of Operation DESERT FOX in December 1998.11 In fact, it has already acquired missile components in violation of UN sanctions. Of particular concern are recent revelations about the extent of the Iraqi anthrax program.12 Libya?s budding WMD program also bears watching. The Libyans have a strong chemical weapons program, which is creating mustard gas and nerve gas. Their biological warfare and nuclear weapons are still in the research and development phase, but they are actively recruiting Russian scientists to speed their efforts. North Korea has provided Libya?s program a boost by selling Scud and No Dong missiles. Particularly disturbing has been Libya?s willingness to use these weapons, firing missiles at the island of Lampedusa and employing chemical weapons against Chad.13 The NASTIs will pose a narrowly focused nuclear threat, characterized by small, fission-type arsenals. These weapons will be able to hit troop concentrations, contaminating large areas with fallout, or to strike urban areas, causing mass casualties and terror. However, such weapons will be unable to threaten the American homeland for the foreseeable future: the missiles lack intercontinental range, and their nuclear weapons are too valuable to entrust to individuals to smuggle them in. Thus, the most likely uses for these weapons would be regional attacks to shape crises.14 The spread of missile technology multiplies the severity of the WMD threat to the interests, at least, of the United States. Missiles have a high probability of penetration, given the thinness of ballistic missile defenses. They can be fired at any time and in all weather. They can attack strategic targets in an adversary?s rear areas, even if launched from the attacker?s sovereign territory, where they are difficult to counterattack. Because of their short flight and warning times, they are particularly effective as terror weapons against civilian populations.15 WMD arsenals could create significant roadblocks to U.S. efforts to protect friends and safeguard regional interests. First, as Dean Wilkening and Kenneth Watman suggest, an adversary could employ these weapons to impede U.S. intervention in a crisis by interfering with deployments or attacking rear assembly areas. Second, as Robert Joseph argues, a rogue state could inflict casualties on U.S. servicemen or civilians of host nations in an attempt to sway American public opinion. Third, as Barry Schneider observes, the WMD-proliferating nation could use its arsenal for regional influence. Many nations have only one or two urban concentrations, making them effectively "one-bomb targets." A state with even a small arsenal can threaten such countries with national extinction; it might do so to intimidate U.S. allies, to fracture coalition building, or to compel neighbors to follow its lead. Last, as Schneider further notes, a regime confronted with defeat could use weapons of mass destruction as bargaining levers to preserve itself in a postwar settlement. In general, WMD arsenals allow outlaw nations to pursue asymmetric strategies against the United States.16 U.S. Objectives and Constraints in a Proliferation World If the United States is to cope with this environment of WMD proliferation, it must be clear about its objectives. The primary goal is to remain able to pursue vital international interests in a world pervaded by weapons of mass destruction. This requires deterring rogue states from using such weapons against U.S. interests or partners. This deterrence, if successful, should reduce the value of acquiring WMD, by making them unusable for obtaining political goals. As the United States continues nuclear arms reductions with the Russian Federation and refuses to modernize its arsenal, its overall capability in that area will decline. In any case, threats to use nuclear weapons could backfire, spurring opponents to acquire their own or to ally themselves with nuclear powers. The United States confronts international norms of nonuse that it helped to create and wants to preserve. Some would interpret an actual nuclear attack as a violation of the Non-Proliferation Treaty, which has joined the body of international law. An energetic nuclear deterrent posture, let alone an actual use of nuclear weapons, undoubtedly would lead to a domestic backlash, as well as international condemnation. To gauge the probable domestic response, consider the reactions during the Persian Gulf War to the Al Firdos bunker bombing or the "highway of death"-and multiply it. The American public abhors both nuclear weapons and high casualties, even among enemies.17 Beyond the policy constraints, practical constraints limit the utility of nuclear weapons for regional deterrence. MAD (mutual assured destruction) does not apply. As Philip Ritcheson argues, it is not mutual, because no regional power could hurt the United States as much as the United States could hurt it. Also, it is not assured: a U.S. threat to strike in retaliation would not be credible, because it would cause damage disproportionate to anything that could have been inflicted on the United States.18 Situational constraints also work against a U.S. regional nuclear deterrent. These constraints stem from differences between how the United States and a regional nuclear opponent view the risks. U.S. interests in regional contexts are typically peripheral; the regional player may be defending what it considers vital, bedrock values, in or near its homeland.19 A Strategy for Deterring the NASTIs Given the environment and constraints of a proliferated world, the United States needs a new deterrence vehicle. The ideal instrument would be able to inflict more rapid and severe punishment than can conventional weapons but without the opprobrium that adheres to nuclear weapons. Facing an increased importance of nonstate actors and transnational organizations in the international system, such an instrument would have to be able to strike against such actors, again without the undesirable collateral effects of nuclear weapons. It will be necessary, in addition, to modify the declaratory and practical elements of strategy to reflect both the wider range of threats to be deterred and the broader range of options for response. Current declaratory strategy is weak and vague. During the Gulf War, the United States used what Secretary of State James Baker called "calculated ambiguity" to dissuade the Iraqis from using their WMD arsenal against coalition forces. This perspective reflected President George Bush?s private decision not to respond with nuclear weapons even if the Iraqis used chemical weapons against U.S. forces-but to threaten publicly that he would. U.S. officials believed that this strategy worked and used it again during the winter 1998 confrontation over UN inspections of Iraq?s WMD capability. State Department spokesman James Rubin declared, "We do not rule out in advance any capability available to us."20 In March 1998, Secretary of Defense William S. Cohen was even more specific, proclaiming, "We?ve made it very clear to Iraq and to the rest of the world that if you should ever even contemplate using weapons of mass destruction-chemical, biological, any other type-against our forces, we will deliver a response that?s overwhelming and devast From: Fred Cohen <fc@all.net> Date: Mon Sep 3, 2001 6:44 pm Subject: More news INFORMATION WAR: A NEW FORM OF PEOPLE'S WAR Wei Jincheng This article was excerpted from the Military Forum column, Liberation Army Daily A future war, which may be triggered by a disruption to the network of the financial sector, may be combat between digitized units or a two-man show, with the spaceman (or robot) on the stage and the think tank behind the scenes. It may also be an interaction in the military, political, and economic domains, making it hard to define as a trial of military strength, a political argument, or an economic dispute. All this has something to do with the leap forward of modern technology and the rise of the revolution in the military domain. The technological revolution provides only a stage for confrontations. Only when this revolution is married with military operations can it take on the characteristics of confrontation. Some believe that the information superhighway, the Internet, computers, and multimedia are synonymous with commerce, profit, and communications. In fact, this is far from true. Thanks to modern technology, revolutionary changes in the information domain, such as the development of information carriers and the Internet, are enabling many to take part in fighting without even having to step out of the door. The rapid development of networks has turned each automated system into a potential target of invasion. The fact that information technology is increasingly relevant to people's lives determines that those who take part in information war are not all soldiers and that anybody who understands computers may become a "fighter" on the network. Think tanks composed of nongovernmental experts may take part in decisionmaking; rapid mobilization will not just be directed to young people; information-related industries and domains will be the first to be mobilized and enter the war; traditional modes of operations will undergo major changes; operational plans designed for information warfare will be given priority in formulation and adoption; and so on and so forth. Because other technologies are understood by people only after they are married with information technology and because information technology is becoming increasingly socialized, information warfare is not the business of armed forces alone. Conditions exist that effectively facilitate the participation of the public in information warfare. Ideas Guide Action In the information age, an all-new concept of operations should be established. Information is a "double-edged sword." In the information age, information is not only a weapon of combat but also the object sought after by the warring parties. The quantity, quality, and speed of transmission of information resources are key elements in information supremacy. That is why information is not just a piece of news and information weapons do not refer only to such information-based weapons as precision-guided weapons and electronic warfare weapons. The most effective weapon is information itself. Information can be used to attack the enemy's recognition system and information system either proactively or reactively, can remain effective either within a short time or over an extended period, and can be used to attack the enemy right away or after a period of incubation. Therefore, good information protection and launching a counterattack with information weapons when attacked will become the main subjects of preparation against war during the information age. Information is intercommunicative and therefore must not be categorized by sector or industry. It is very wrong to think that information in only the military field is worth keeping secret and that information for civil purposes does not belong to the category of secrecy. In fact, if no security measures are taken to protect computers and networks, information may be lost. Similarly, if we think it is the business of intelligence and security departments to obtain the enemy's information and that it has nothing to do with anyone else, we would miss a good opportunity to win an information war. In March 1995, Beijing's Jingshan School installed a campus network with 400 PCs, an "intelligent building" design, and multimedia technology. The school runs 10 percent of its courses through computers; students borrow books from the library through a computerized retrieval system; and experiments are conducted with demonstrations based on multimedia simulation systems. This illustrates in microcosm the many information networks that our country has built with its own resources. More than one million PCs were sold in China in 1995, and the figure is expected to reach 2.7 million in 1996. Faced with the tendencies of a networking age, if we looked upon these changes merely from a civil perspective and made no military preparations, we would undoubtedly find ourselves biased and shortsighted. Information War Depends on the Integrity of the Information System Information warfare is entirely different from the conventional concept of aiming at a target and annihilating it with bullets, or of commanders relying on images and pictures obtained by visual detection and with remote-sensing equipment to conduct operations from a map or sand table. The multidimensional, interconnected networks on the ground, in the air (or outer space), and under water, as well as terminals, modems, and software, are not only instruments, but also weapons. A people's war under such conditions would be complicated, broad-spectrum, and changeable, with higher degrees of uncertainty and probability, which requires full preparation and circumspect organization. An information war is inexpensive, as the enemy country can receive a paralyzing blow through the Internet, and the party on the receiving end will not be able to tell whether it is a child's prank or an attack from its enemy. This characteristic of information warfare determines that each participant in the war has a higher sense of independence and greater initiative. However, if organization is inadequate, they may each fight their own battles and cannot form joint forces. Additionally, the Internet may generate a large amount of useless information that takes up limited channels and space and blocks the action of one's own side. Therefore, only by bringing relevant systems into play and combining human intelligence with artificial intelligence under effective organization and coordination can we drown our enemies in the ocean of an information offensive. A people's war in the context of information warfare is carried out by hundreds of millions of people using open-type modern information systems. Because the traditional mode of industrial production has changed from centralization to dispersion and commercial activities have expanded from urban areas to rural areas, the working method and mode of interaction in the original sense are increasingly information-based. Political mobilization for war must rely on information technology to become effective, for example by generating and distributing political mobilization software via the Internet, sending patriotic e-mail messages, and setting up databases for traditional education. This way, modern technical media can be fully utilized and the openness and diffusion effect of the Internet can be expanded, to help political mobilization exert its subtle influence. In short, the meaning and implications of a people's war have profoundly changed in the information age, and the chance of people taking the initiative and randomly participating in the war has increased. The ethnic signature and geographic mark on an information war are more pronounced and the application of strategies is more secretive and unpredictable. Information-based confrontations will aim at reaching tangible peace through intangible war, maintaining the peace of hardware through software confrontations, and deterring and blackmailing the enemy with dominance in the possession of information. The bloody type of war will increasingly be replaced by contention for, and confrontations of, information. The concept of people's war of the old days is bound to continue to be enriched, improved, and updated in the information age to take on a new form. We believe any wise military expert would come to the same conclusion. --------------------------------------------------------- Chinese Views of Future Warfare [National Defense University Press] From: Fred Cohen <fc@all.net> Date: Mon Sep 3, 2001 6:56 pm Subject: Information warfare between PA and Israel really heating up [FC - Recently, the rhetoric between the PA and Israel has really heated up. At the world racism conference, this circus has really become bizarre in the extreme. I hope to present some recent selections from this information war in this forum and welcome others to chime in...] 'Hitler' pamphlet sparks racism indaba row September 03 2001 at 03:17PM By Moffet Mofokeng Palestinian and Israeli teenagers on Monday shouted at each other over the origin of an anti-Zionism pamphlet which had been distributed at the World Conference Against Racism (WCAR) in Durban. The pamphlet contains a picture of Nazi leader Adolf Hitler, with the following words inscribed underneath: "If I had won the war there would be no Palestinian state and no Palestinian blood lost." The Israeli group is accusing Palestinians of distributing the hate-pamphlet, but the Palestinians are denying the accusation. Security personnel were on the scene to prevent any trouble A group of about sixty people have gathered outside the media centre inside the grounds of the Durban Exhibition Centre. An Israeli delegate claimed that he had earlier seen Palestinians handing out the pamphlet. A Palestinian woman said she had also found a pamphlet on the windscreen of her car, but did not know where it came from. Among the group were the five Orthodox Jewish rabbis - opposed to the state of Israel - and their Palestinian friend who have become an institution at each of the marches and protests held over the Palestinian issue. The group of Palestinians did not move to the International Convention Centre where governments from across the world are meeting. A large contingent of security personnel were on the scene to prevent any trouble. The crowd eventually dispersed peacefully about 3pm. Both the American and Israeli delegations to the WCAR have threatened to withdraw because they claim that the Palestinian issue had hijacked the conference. Israel said it would make a decision on the matter later on Monday pending the outcome of Norway's intervention. - Sapa [FC - Note that Israel and the US pulled out later on Monday] From: Fred Cohen <fc@all.net> Date: Mon Sep 3, 2001 6:59 pm Subject: More PA/IS information warfare Europe Puts Sharon on Trial: Sabra and Chatila Revived 3 September 2001 Palestine Media Center - PMC On 4 September, the Swedish City of Yotburi will host the first symbolic trial for Ariel Sharon in Europe. Alsong with Swedish and Arab non-governmental organizations, Swedish parliamentarians and politicians decided to symoblically try Ariel Sharon, Israels current Prime Minister, for his responsibility in the 1982 Sabra and Chatila massacres. The trial comes as part of a solidarity campaign that Swedish humanitarian and political organizations, including the Communist Swedish Party, have launched recently. Mr. Teddy Joan Frank, representative of the Communist Party clarified that the solidarity campaign with the Palestinian People aims to prove that the internationally legitimate rights, as delineated by United Nations resolutions, stress the Palestinian Peoples legitimate right in their land and the illegality of Israels occupation. Mr. Frank also announced that the movement had been able to collect and donate thirty thousand US Dollars to a Palestinian hospital in the West Bank. The decision to hold the mock trial in the City of Yotburi is rather interesting. The City was always known for the strength of its Jewish lobby. It is home to the biggest Jewish community in Sweden and has recently housed hundreds of the Southern Lebanese Army (SLA) soldiers, Israels allies in Southern Lebanon during the occupation. The SLA soldiers fled southern Lebanon after Israel ended its twenty-year occupation of Southern Lebanon in May of last year. The mock trial will be held in the Peoples Home Hall at 2:00 pm on Wednesday. A number of legal and national personalities in addition to the Sabra and Chatila witnesses will be present in the Hall. Among the personalities participating in the mock trial is Swedish Parliament Member Ivon Ruwaida, who will also deliver a speech on the importance of following up on the issue of trying Sharon in international courts. Ms. Bregita Elvistrom, a member of the International Law Committee who specializes in war crimes, will discuss the legal issues pertinent to the case and ways to allow for the detention and persecution of Sharon during the mock trial. One of the Sabra and Chatila witnesses participating in the Swedish mock trial will be nurse Lisa Norman, who worked as nurse in those refugee camps at the time of the massacre. Back in Belgium where the preparations of a real trial against Ariel Sharon are underway, Mr. Valin, a Belgian lawyer, affirmed that his country would resist all pressures aiming to dissuade Belgium from conducting the Sharon trial. He stressed his conviction that the Sabra and Chatila massacre amounts to genocide. Ariel Sharon conspired with and allowed the Israeli-allied Phalange militias to enter the Sabra and Chatila refugee camps in 1982 to commit the most atrocious acts imaginable. At least two thousand Palestinian civilians, mostly women, children, and the elderly were slaughtered, shot, or raped during the massacre. ============================================================================== ISLAMIC NEWS AND INFORMATION NETWORK: http://WWW.ININ.NET VISIT: http://WWW.MEDIAMONITORS.NET WE AFFIRM THAT INJUSTICE ANYWHERE IS A THREAT TO JUSTICE EVERYWHERE!!!! DEFINING APARTHEID Article 2 of the "International Convention of the Suppression and Punishment of the Crime of Apartheid" of 1973 clearly defined the term "crime of apartheid." This includes similar policies and practices of segregation and discrimination as practiced in South Africa and which also apply to inhuman acts committed for the purpose of the establishment and maintaining of domination by one racial group over another. This includes the deliberated imposition of living conditions calculated to cause physical destruction and any legislative or other measures preventing a racial group from full development of their political, social, economic and cultural life. This is an accurate description of what the Arabs are doing to the blacks of the Sudan and Mauritania as they enslave them. From: Fred Cohen <fc@all.net> Date: Mon Sep 3, 2001 7:01 pm Subject: Zimbabwe starts to expel whites Mugabe slams Jews, tells whites to leave Zimbabwe September 01 2001 at 01:01PM Harare - President Robert Mugabe has accused Jews of trying to shut down businesses in Zimbabwe and said it would be "a good thing" if white industrialists left, the state-controlled press reported on Saturday. "Jews in South Africa, working in cahoots with their colleagues here, want our textile and clothing factories to close down. "They want Zimbabwe and Bulawayo to remain with warehouses to create business for South African firms," he said. Mugabe was speaking on Friday at a textile company, owned by a prominent Jewish family in the western city of Bulawayo. 'Open your eyes and tell us which companies are closing' It went into liquidation earlier this year and the company attempted to relocate to neighbouring Botswana because of harsh business conditions in Zimbabwe. However, the move was stopped about three months ago when a band of so-called war veterans invaded the factory and assaulted directors at a board meeting. Mugabe drew accusations of anti-Semitism in 1992 when he declared that white farmers were "hard-hearted, you would think they were Jews." He refused to apologise. Mugabe on Friday urged workers at the factory to monitor companies and to inform the government of their activities. "We want you to be inspectors," he said. "Listen to all factory rumours, open your eyes and tell us which companies are closing. Tell us in good time. "Yes, there are hardships, but if they (whites) leave, it's a good thing, because we will take over the companies." In an impromptu speech in the city centre, he urged people to back his bid to seize white-owned land and declared: "To those of you who support whites, we say down with you." About 400 businesses closed down in Zimbabwe in the first six months of the year, according to official statistics, amid escalating economic chaos. From: David Kennedy CISSP <david.kennedy@acm.org> Date: Tue Sep 4, 2001 11:13 am Subject: Is China's Guandong province ground zero for hackers? ZDNet: Is China's Guandong province ground zero for hackers? Is China's Guandong province ground zero for hackers? By Robert Vamosi, AnchorDesk August 28, 2001 9:00 PM PT URL: http://www.zdnet.com/zdnn/stories/comment/0,5859,2808609,00.html Last week, while discussing new priorities for the Department of Defense, Secretary of Defense Donald Rumsfeld told the Washington Post that "serious moves to transform the military to meet such emerging threats as computer warfare, terrorism and missile proliferation will not produce new war-fighting capabilities for a number of years." Although paraphrased, it sounds to me like Secretary Rumsfeld just told our enemies that we're years away from defending ourselves against cyberterrorism. Oops. Now is not the time to admit weakness in this area, Mr. Secretary. Quietly, the U.S. government had been hacking away at cyberterrorism. The EP-3E spy plane that crash-landed in China earlier this year was, according to James Bamford in his keynote speech at this year's Black Hat Briefing, working for the National Security Agency. Even the 1999 war in Kosovo featured early information warfare techniques against the Serbian government. A recent report by MSNBC explains the emerging global information warfare threat in greater detail. If the secretary is serious about transforming the U.S. defense department, then let me suggest that it is much more prudent to shore up our computer networks today than to invest in the 20-year-old concept of laser-toting satellites orbiting the earth tomorrow: Our computer networks are already under serious attack. HOSTILE NATIONS, and for that matter, hostile groups, such as Osama bin Laden's followers, realize they can't challenge the U.S. military one-on-one. But they can disrupt our utilities, our telecommunications, and our e-commerce. Just last spring, during a period of rolling blackouts in Northern California, someone hacked into the California Independent System Operators system, which regulates the flow of power in the state. The malicious users were stopped before they caused any damage, but the incident shows how vulnerable our ancillary government agencies are to attack. The hack was traced back to the Guangdong province in China. Turns out, this was not an isolated incident. A few weeks ago, I wrote that students at Foshan University in Guangdong, China, may have created the Code Red worm. Shortly after that column appeared, someone at the Defense Department called me with a serious interest in that information. Now, the recent and very nasty Offensive Trojan horse also happens to share a connection to Guangdong. I don't think this is a coincidence. Guangdong is the largest and wealthiest province, and Hainan Island, the site where the American EP-3E plane was held after landing last April, is nearby. According to a report prepared by the security company Vigilinx, Guangdong is also home to hacker groups, such as the Honker Union of China (also known as the Red Guest Alliance) and China Eagle, and to criminal extortionists who have been terrorizing Hong Kong's financial networks for years. Guangdong also happens to be very beautiful, historic, and the focus of major Western investment and tourism. RATHER THAN ASSUME the Chinese government is behind Code Red and Offensive, I think it is more credible that different groups of individuals within Guangdong might be hacking the United States and other nations (like Japan) for their own reasons. Like the cracker activity once seen in Eastern Europe, these exploits may not be a political expression against, but a general frustration with, Western arrogance and influence. The crackers in Guangdong seem to be doing their own thing, and they are definitely pushing the envelope of what is possible in terms of malicious activity on the Internet. Whatever their motives, I suggest we'll hear even more from the crackers in Guangdong. If ego is involved, these crackers probably aren't done flexing their programming muscles or announcing themselves to the world. Now, thanks to comments from the U.S. Defense Secretary, others elsewhere might also be tempted to join in their fun. From: Fred Cohen <fc@all.net> Date: Wed Sep 5, 2001 6:49 am Subject: Code Red virus probably began in China, GAO official says Code Red virus probably began in China, GAO official says Agence France-Presse, 9/4/2001 <a href="http://www.nandotimes.com/technology/story/72365p-1018237c.html">http://ww\ w.nandotimes.com/technology/story/72365p-1018237c.html</a> WASHINGTON (September 2, 2001 11:42 p.m. EDT) - The Code Red computer virus that gummed up Web servers around the world probably originated at a university in China, a congressional report released Friday said. The Code Red virus "is believed to have started at a university in Guangdong, China," according to Keith Rhodes, the chief technologist for the General Accounting Office, Congress' investigative arm of Congress. Rhodes' testimony was given to a hearing Wednesday and released Friday by the GAO. He did not elaborate on the origin of the virus. But he said the virus can do damage to the global Internet infrastructure because it can "decrease the speed of the Internet and cause sporadic but widespread outages among all types of systems." He said that "the first version of Code Red created a randomly generated list of Internet addresses to infect. However, the algorithm used to generate the list was flawed, and infected systems ended up reinfecting each other. The subsequent versions target victims a bit differently, increasing the rate of infection." The so-called Code Red virus is categorized as a "worm" which invades servers and overwhelms their memory capacity, shutting them down just before the worm is passed to another computer. Servers are computers that pass data, such as Web pages and e-mail, across the Internet. Individual computers are not vulnerable to the attack. Some versions of the Code Red virus targeted attacks on the White House Internet server, although officials said no damage was done to the site. Separately, a California-based research group said over 1 million servers were infected by the Code Red virus and that the economic loss from the infections was $2.6 billion dollars. Computer Economics said the cost of cleaning an inspecting servers was $1.1 billion and that $1.5 billion in productivity was lost. It figured the total impact of virus attacks around the world for 2001 has hit $10.7 billion. From: "Leo, Ross" <Ross.Leo@csoconline.com> Date: Wed Sep 5, 2001 6:50 am Subject: RE: [iwar] Is China's Guandong province ground zero for hackers? I agree with some of what Vamosi has stated - The Honourable Rumsfield should know better than to display his hoof-in-mouth illness so publicly - From the "Say It Ain't So" Desk: The EP-3 was working for the NSA (duh)!? And this is supposed to be news? To Whom? Certainly not to the PRC folks... From the "Buy the Farm, But Don't Bet Your Life On It" Department: Just because it appears to be frustrated hackers doing their own thing against the soulless, repressive Western Capitalist pigs doesn't mean it is. Seemingly disorganized, disparate groups using diverse methods to harass is a very old tactic employed by the USSR (and others, including the US) in years past. It is currently in use by terrorist groups that we all know. The spreading of disinformation is an old trick that continues to work well - even better with the Internet to help it. This is once again an example of [naive] perception becoming the asymptotic equivalent of reality. From the "Trust But Verify" Division: Re The PRC Government's denial of involvement in Code Red: How difficult is it to flatly deny something you know with certainty can't be conclusively proven, especially when you control the source? From: lekatis@lekatis.com Date: Wed Sep 5, 2001 7:00 am Subject: New Member I want to introduce myself. My name is George Lekatis. I am Mathematician, MCSE+I, MCT, CISSP, 42 years old, working as IT&IS Director in INTERFACE SA, a company offering security and computer forensics education and consulting in large companies, banks, ministries, public and private sector organizations in Greece. Working in the fields of information security, computer security and forensics and hating crime, like you, it is natural to come here, in this group. But, one more important reason is that in your group I can find a good teacher, Fred. I have learned many things in www.all.net. Thank you for accepting me in your group. George From: Fred Cohen <fc@all.net> Date: Wed Sep 5, 2001 5:50 pm Subject: [NewsBits] NewsBits - 08/31/01 (fwd) Law enforcers report spike in cybercrime Cybercrime cases are rising in high-tech regions, say U.S. law-enforcement officials. Prosecutors and investigators are seeing more cases related to computer hacking, theft of trade secrets and hardware, and other tech crimes. In Silicon Valley, the Santa Clara District Attorney's Office is tackling almost 30 tech-related cases this year =97 twice as many as last year, investigator John McMullen says. http://www.usatoday.com/life/cyber/tech/2001-08-31-cybercrime-wave.htm Computer virus costs reach $10.7 billion this year The worldwide cost of the Code Red computer worms that were unleashed on the Internet in July and August has reached about $2.6 billion, an independent research firm said Friday. While hefty, that was just a part of the total cost of attacks on computer systems this year. http://www.siliconvalley.com/docs/news/tech/038349.htm http://news.cnet.com/news/0-1003-200-7026411.html Top Hacking Tools Site Restricts Access Citing a desire to thwart "script kiddies" and security companies, a popular site that provides free hacking tools has closed its doors to the general public. Hack.co.za will no longer allow all visitors to download its collection of exploits, according to its operator, a South African who uses the nickname Gov-Boi. http://www.newsbytes.com/news/01/169648.html Russia tells computer experts to stay home Russia warned its computer experts Friday of the dangers of visiting the United States after a Russian software designer was arrested there for violating a controversial new law. Last July, Dmitry Sklyarov became the first person to be arrested on charges of selling technology designed to circumvent a 1998 U.S. copyright protection law. Formally arraigned Thursday, he faces up to 25 years in jail if convicted. http://news.cnet.com/news/0-1005-200-7024730.html http://www.msnbc.com/news/622397.asp Cold War II? Russia warns tech experts http://www.zdnet.com/zdnn/stories/news/0,4586,2809895,00.html From: Fred Cohen <fc@all.net> Date: Wed Sep 5, 2001 5:57 pm Subject: [NewsBits] NewsBits - 09/04/01 (fwd) September 4, 2001 New Worms Seek And Destroy Code Red Amid a debate over the ethics of fighting a virus with a virus, security researchers have separately released two programs that hunt down and patch computers infected with Code Red II. CodeGreen, written by a German security expert who uses the nickname "Der HexXer," is designed to randomly scan the Internet for servers running Microsoft's IIS software that are infected with Code Red version II. http://www.newsbytes.com/news/01/169707.html FBI warns as Unix web server flaw gets automated A worm called x.c, which takes advantage of a buffer overflow vulnerability in the telnet daemon program commonly used on Unix boxes, has being discovered, and security experts fear it is a harbinger of worse to come. http://www.theregister.co.uk/content/55/21438.html Apache Web Server Admins Urged To Check Code Administrators of Apache Web servers who use certain add-on software modules to control password-protected access are being warned to shore up potential security holes. The Computer Emergency Response Team at the University of Stuttgart (RUS-CERT) reports that several third-party authentication modules for the open-source Apache server could allow individuals to submit potentially malicious queries to databases on the servers. http://www.newsbytes.com/news/01/169718.html Senate To Vote On High-Tech Export Laws This Week On the first day back from its August recess, the U.S. Senate will begin debate on the Export Administration Act (EAA), a law that seeks to update export laws to balance trade in U.S. high-tech goods with national security. Yet, any momentum that proponents of the measure hope to gain from today=92s early start isn=92t likely to last long. http://www.newsbytes.com/news/01/169711.html Welsh Assembly blocks school emails Fears over children's safety on the Internet halt plans to give Welsh school pupils their own email addresses. The Welsh Assembly has halted its pledge to provide every school pupil in Wales with a personal email address because of security fears. Minutes from an Assembly cabinet meeting in June have revealed that the proposal was shelved following concerns that children could be individually identified through their personal email addresses. http://news.zdnet.co.uk/story/0,,t269-s2094481,00.html E-signatures battle =91fear factor=92 "DOD to use GSA digital certificates" "No more dotted line" At the Army's White Sands Missile Range, electronic signatures have greatly speeded up the mail. Routine correspondence is signed and delivered in a matter of seconds, eliminating hours, days or even weeks of waiting for a memo in the mail. "Basically, this is about trying to get a document through the process faster," said Carl Saenz, an information systems manager at the New Mexico installation. Rain, snow, bad traffic or distance no longer matter now that signed, authenticated documents can be delivered electronically, he said. http://www.fcw.com/fcw/articles/2001/0903/pol-esigs-09-03-01.asp Gulf residents gasp for freedom in cyberworld In a land where sex outside marriage can be punishable by death and women must be fully covered in public, frustrated men are turning to the Internet. Beyond the immediate reach of Saudi Arabia's religious police, the Internet is the next best thing to sexual freedom found in the West and some Arab countries. ``All that you can see (here) of a woman is her face if you are lucky. On the net I see all,'' said 24-year-old George, a Lebanese Christian who declined to give his last name. http://www.siliconvalley.com/docs/news/reuters_wire/1453952l.htm From: Tony Bartoletti <azb@llnl.gov> Date: Wed Sep 5, 2001 6:32 pm Subject: RE: [iwar] Is China's Guandong province ground zero for hackers? ... I cannot resist ... :) At 08:50 AM 9/5/01 -0500, you wrote: >I agree with some of what Vamosi has stated - The Honourable Rumsfield >should know better than to display his hoof-in-mouth illness so publicly - Perhaps he was taking a page from Sun Tsu: When you are strong, make the enemy believe you are weak. > >From the "Say It Ain't So" Desk: > >The EP-3 was working for the NSA (duh)!? And this is supposed to be news? >To Whom? Certainly not to the PRC folks... Gee, I thought it was the Department of Agriculture that conducted foreign signals surveillance ... > >From the "Buy the Farm, But Don't Bet Your Life On It" Department: > >Just because it appears to be frustrated hackers doing their own thing >against the soulless, repressive Western Capitalist pigs doesn't mean it is. >Seemingly disorganized, disparate groups using diverse methods to harass is >a very old tactic employed by the USSR (and others, including the US) in >years past. It is currently in use by terrorist groups that we all know. >The spreading of disinformation is an old trick that continues to work well >- even better with the Internet to help it. This is once again an example >of [naive] perception becoming the asymptotic equivalent of reality. Too much to say on this one. The observation cuts both ways. The activity in question is so easily accomplished by almost any small ring of dedicated code-heads, it could have been Elbonians who developed the virus and planted it surreptitiously. The related article on the GAO report seems particularly provocative. "... is believed to have started at a university in Guangdong, China." Without any further elaboration. Does the GAO maintain foreign operatives that ferret out this information? Was the conclusion based upon some kind of firsthand evidence? Perhaps a leak from a U.S. security agency? Or was the statement simply a reflection of the "consensus gut feeling". Curiously gratuitous offering from a congressional report. > >From the "Trust But Verify" Division: > >Re The PRC Government's denial of involvement in Code Red: How difficult is >it to flatly deny something you know with certainty can't be conclusively >proven, especially when you control the source? Not sure what you mean by "control the source". I can "flatly deny" involvement myself (or, claim to be the actual author, having subsequently destroyed all source material.) What percentage of people who hear this proclamation would be in a position to assess its accuracy? For that matter, suppose both that China "created or endorsed" this virus, and knew that it could be "conclusively proven" (to some tiny band of highly compartmented analysts.) What harm would there be in "flatly denying" involvement? Some 99.99% of the audience would have no way to appreciate or understand such a "proof of involvement". What would China care about the fact that some tiny number of people know that the denial was a falsehood? Do they get assessed some extra penalty points in the big game? (Man, this iwar/misinformation stuff can make you real cynical ;) ___tony___ Tony Bartoletti 925-422-3881 <azb@llnl.gov> Information Operations, Warfare and Assurance Center Lawrence Livermore National Laboratory Livermore, CA 94551-9900 From: Fred Cohen <fc@all.net> Date: Wed Sep 5, 2001 7:00 pm Subject: interesting piece... Dallas Morning News September 5, 2001 Study: JSF Deal Worth $137 Billion To Texas Economy Lockheed victory would create about 20,000 jobs a year By Katie Fairbank, The Dallas Morning News FORT WORTH - If Lockheed Martin Corp. wins the competition to build the Joint Strike Fighter, more than $137 billion would flow through Texas over the next four decades creating an average of about 20,000 jobs a year, a study released Tuesday projects. The Fort Worth Chamber of Commerce funded the study for an undisclosed amount to assess the impact if Lockheed wins the richest U.S. military contract in history for its Fort Worth-based manufacturing plant. "This is a project extremely important for the area. It's worth a full-court press," said Waco economist Dr. Ray Perryman, who prepared the economic analysis. According to the study, a Lockheed win would create thousands of jobs in the state, both in and outside of the defense industry. "In the 1990s, seven microchip plants were built in Texas. If you take those seven and add them together, you've just about got the size of this contract," said Dr. Perryman. Most of the jobs would be in building pieces of the next-generation fighter aircraft, but others would be created to support the defense workers by providing such things as health care services, retail stores and restaurants. The most significant economic benefits would be during the production phase of the JSF. The impact in a typical year of production is projected to be $4.16 billion in total spending and 23,607 jobs in a variety of business sectors, said Dr. Perryman. The study helps show what's at stake in the competition between Lockheed Martin and Boeing Co. for the $200 billion contract. "We all know that it means jobs, houses that are purchased and college educations that are paid for," said U.S. Rep. Kay Granger, R-Fort Worth. But even so, the study is unlikely to sit well with decision-makers in the Department of Defense, said defense analyst Richard Aboulafia of the Teal Group. "It's kind of sad because the Lockheed Martin contender stands on its own legs. I don't think this [study] enhances it at all - quite the opposite," he said. "Economic studies are usually for depressed areas." He said the study's only use should be to alert legislators to support the JSF program overall. "If they intervene exclusively on Lockheed Martin's behalf instead of on the program's behalf, that can only end in tears," he added. U.S. Rep. Martin Frost, D-Dallas, said that the study's information was important to remind people that Lockheed Martin is the "backbone of our economy." "Fort Worth's prosperity was built on the defense industry," he said, "and the continuing role of Lockheed Martin in sustaining our region's growth cannot be overstated." Currently, about 11,000 employees work at the company's Fort Worth plant. Lockheed Martin has said that the JSF contract would add about 2,000 net jobs to its plant workforce over the next couple of years. Northrop Grumman Corp., which hopes to build the JSF's center fuselage in El Segundo, Calif., as a Lockheed team member, will release an estimate on Thursday of the number of jobs that would be created in California. Communities hoping for a Boeing victory aren't likely to do similar job studies, the company said. "We don't plan any," said Chick Ramey, a spokesman for Boeing. "Obviously, a JSF win would positively impact Seattle and St. Louis and other areas. We have said in the past that we can't determine a final number of JSF positions, but currently the estimate based on a winner-take-all scenario is between 3,000 and 5,000 jobs in St. Louis and approximately 3,000 jobs in Seattle." The decision on who will win the JSF program is expected by late next month. From: Fred Cohen <fc@all.net> Date: Wed Sep 5, 2001 6:58 pm Subject: DMCA effects Dug Song is a highly respected OpenBSD, OpenSSH programmer, the author of Dsniff and numerous security papers including a common vulnerability in many firewall applications and servers. He has censored his own website, citing the DMCA: http://www.monkey.org/~dugsong/ At this time it is not clear whether the site was taken down under pressure from corporations or simply attempting to express feelings about the DMCA and possibly start a trend whereby security researchers withhold their own research because they are at risk under the DMCA. Many people outside of the security industry do not fully understand that independent security research by people like Dug Song often find security holes, vulnerabilities and are the driving force toward stronger software and security practices within corporations. They are the watch dogs that ensure independent security testing (often, if not always) without compensation and simply for the challenge and to promote safer, stronger software. From: Fred Cohen <fc@all.net> Date: Wed Sep 5, 2001 10:12 pm Subject: How bigger, badder Code Red worms are being built How bigger, badder Code Red worms are being built Robert Vamosi, Associate Editor, ZDNet Reviews http://www.zdnet.com/anchordesk/stories/story/0,10738,2810238,00.html As I write this, there are two new fast-spreading Internet worms for Windows users: Apost <http://www.zdnet.com/products/stories/reviews/0,4161,2810219,00.html> does the now-familiar "e-mail itself to everyone" thing we've come to expect from Windows worms and viruses, except this worm sends multiple copies of itself. And then there's an updated version of Magistr <http://www.zdnet.com/products/stories/reviews/0,4161,2810225,00.html> , redesigned to infect even more users with its destructive payload. Faster propagation has been the trend with Win32 viruses and worms, but what if rapid propagation methods were employed for network-savvy worms such as Code Red? Well, someone has already given thought to that. Andy Warhol is famous for saying "In the future, everybody will have 15 minutes of fame." Nicolas Weaver at UC Berkeley has written a paper <http://www.cs.Berkeley.edu/~nweaver/warhol.html> proposing that virus writers constructing some future Code Red-like worm add a list of 10,000 to 50,000 "well connected" Internet servers, then launch the virus. The advantage, he argues, is that even if only 10 to 20 percent of the servers are vulnerable to the worm's exploit, that would still be an enormous jump on Code Red and previous worms. Weavers adds that the initial 10 percent infection could be achieved in the first minute or so; he then proposes that his "uberworm" could infect most of the Internet within 15 minutes (hence the Warhol worm). NOT TO BE OUTDONE, the team of Suart Staniford, Gary Grim, and Roelof Jonkman at Silicon Defense proposed <http://www.silicondefense.com/flash> an even greater propagation rate: they claim they can infect the Internet in 30 seconds. They argue that a worm writer could scan the Internet in advance and identify almost all of the vulnerable systems on the Internet before launching the worm. With a very fast Internet connection (they mention an OC12 link), they argue even a 48MB address list of vulnerable Internet address could be sent out in about 4 minutes. Jose Nazario, a biochemist by trade who has previously offered valuable insights on digital worms <http://www.zdnet.com/anchordesk/stories/story/0,10738,2797739,00.html> , points out that neither of these papers take into account the basic elements of propagation on the Internet. Nazario points to an IBM paper called "How Topology Affects Population Dynamics <http://researchweb.watson.ibm.com/antivirus/SciPapers/Kephart/ALIFE3/alife3 .html> ," which looks at lessons learned from biological infections and how, with an understanding of this model, programmers might better design future digital organisms (they don't specifically say "worms"). Basically, the authors of both the Warhol and Flash worms assumed a very simple Internet model where every node to be infected is a neighbor of every other node. The reality is much more complicated. That's what Nazario says torpedoes the technical merits of both of these studies. SO WHY even mention this research? Nicolas Weaver himself posts that he is leaving his paper up online so that people can understand, with documentation, what danger there is in a homogenous Internet. Someone will attempt to do what these authors have proposed, and someone might someday make a worm that "flashes" the entire Internet with a malicious payload. Rather than be caught unaware, isn't it better to realize this is out there and take steps to minimize its impact? Weaver proposes that companies use context-sensitive firewalls where only "that which is not explicitly allowed is forbidden." He further suggests internal firewalls throughout the company and regular security audits. He adds, "regular backups are also essential." He further suggests that: "Homogenous populations, whether in potatoes or computers, are always more vulnerable to diseases." That's something to remember when implementing one or multiple types of servers on your network. Just as biodiversity has kept life going on Earth, mixing up one's operating systems can only strengthen the Internet From: Fred Cohen <fc@all.net> Date: Wed Sep 5, 2001 10:18 pm Subject: Code Red busting code gets cool reception Code Red busting code gets cool reception By John Leyden, The Register, 9/5/2001 http://www.theregister.co.uk/content/56/21496.html The use of virus-like code that is geared to patching security holes on vulnerable systems has received the thumbs down by members of the security community. In the wake of the widespread (though at times exaggerated) impact of the Code Red worm and its variants, white hat hackers have posted programs on the net which repairs systems and guards against further infection. CodeGreen, which was written by Herbert HexXer, goes as far as downloading and installing patches from Microsoft on vulnerable systems. Crclean works in a similar way to Code Green but only spreads itself onto servers which scan a box onto which it has been installed. The idea of "fighting fire with fire" in this way was used before by the Cheese worm, which fixed a flaw exploited by the Li0n worm on vulnerable Linux boxes. Alex Shipp, senior antivirus technologist at MessageLabs, which scans its users email for viruses, said whatever the intent behind programs like Code Green they performed unauthorised changes on a network, which could cause serious problems. Updating systems can go wrong and cause more damage than gets fixed. Programs similar to Code Green might actually create other security holes, said Shipp, who added the best route was for sys admins to organise a security audit on their own machines. . From: Fred Cohen <fc@all.net> Date: Thu Sep 6, 2001 3:30 am Subject: news China Web bulletin board closed, students angry One of China's hottest college Internet bulletin boards has been shut down after students posted articles about the 1989 Tiananmen Square massacre, officials and students said Wednesday. The closure of the bulletin board at the Huazhong University of Science and Technology in the central city of Wuhan has triggered an angry response from its tens of thousands of college-age users. http://www.siliconvalley.com/docs/news/tech/033345.htm British Navy embraces Web for war games The British Navy is taking the Internet to its heart in its new three-month military manoeuvres in the Gulf starting next month. The commanders of the biggest deployment of ships since the Falklands war will use a secure Net chatroom to discuss tactics and problems. http://www.theregister.co.uk/content/6/21483.html EU approves recommendations to counter Echelon spy network An alleged worldwide spy network dubbed Echelon and led by the United States does exist -- and European nations should set up an encryption system to guard against it, the European Parliament said Wednesday. The European Union assembly voted 367 to 159, with 34 abstentions, to adopt 44 recommendations on how to counter Echelon. http://www.siliconvalley.com/docs/news/tech/027758.htm http://www.newsbytes.com/news/01/169770.html
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:40 PDT