Re: [iwar] Is China's Guandong province ground zero for hackers?

From: e.r. (fastflyer28@yahoo.com)
Date: 2001-09-01 23:40:19
Next message: e.r.: "Re: [iwar] How bigger, badder Code Red worms are being built"
Previous message: Fred Cohen: "[iwar] More news"
In reply to: Brian McWilliams: "Re: [iwar] Is China's Guandong province ground zero for hackers?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <20010902064019.54583.qmail@web14509.mail.yahoo.com>
To: iwar@yahoogroups.com
In-Reply-To: <5.1.0.14.2.20010901085534.03683c80@mail-dnh.mv.net>
From: "e.r." <fastflyer28@yahoo.com>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Precedence: bulk
Date: Sat, 1 Sep 2001 23:40:19 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: Re: [iwar] Is China's Guandong province ground zero for  hackers?
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

SURE IS.  LOOK AT THE PLA WIREING DIAGRAM, AND IT IS QUIRE CLEAR/
--- Brian McWilliams <brian@pc-radio.com> wrote:
> Vamosis's article is interesting speculation, but in the case of Code
> Red, 
> there's evidence China *wasn't* ground zero:
> 
> http://www.newsbytes.com/news/01/169636.html
> 
> China and Korea are renowned for having lots of easily compromised
> systems 
> with non-existent system administrators. What's to say some kid from
> Fargo 
> isn't using Guangdong as his launch pad?
> 
> Brian
> 
> 
> At 02:46 AM 9/1/01, Fred Cohen wrote:
> >Is China's Guandong province ground zero for hackers?
> >
> >By Robert Vamosi, AnchorDesk, 8/31/2001
>
>http://dailynews.yahoo.com/h/zd/20010830/tc/is_china_s_guandong_province_ground_zero_for_hackers__1.html
> >
> >Last week, while discussing new priorities for the Department of
> Defense
> >(news - web sites), Secretary of Defense Donald Rumsfeld told the
> >Washington Post that "serious moves to transform the military to
> meet
> >such emerging threats as computer warfare, terrorism and missile
> >proliferation will not produce new war-fighting capabilities for a
> >number of years." Although paraphrased, it sounds to me like
> Secretary
> >Rumsfeld just told our enemies that we're years away from defending
> >ourselves against cyberterrorism.  Oops.  Now is not the time to
> admit
> >weakness in this area, Mr.  Secretary.
> >
> >Quietly, the U.S.  government had been hacking away at
> cyberterrorism.
> >The EP-3E spy plane that crash-landed in China earlier this year
> was,
> >according to James Bamford in his keynote speech at this year's
> Black
> >Hat Briefing, working for the National Security Agency.  Even the
> 1999
> >war in Kosovo featured early information warfare techniques against
> the
> >Serbian government.  A recent report by MSNBC explains the emerging
> >global information warfare threat in greater detail.  If the
> secretary
> >is serious about transforming the U.S.  defense department, then let
> me
> >suggest that it is much more prudent to shore up our computer
> networks
> >today than to invest in the 20-year-old concept of laser-toting
> >satellites orbiting the earth tomorrow: Our computer networks are
> >already under serious attack.
> >
> >HOSTILE NATIONS, and for that matter, hostile groups, such as Osama
> bin
> >Laden (news - web sites)'s followers, realize they can't challenge
> the
> >U.S.  military one-on-one.  But they can disrupt our utilities, our
> >telecommunications, and our e-commerce.  Just last spring, during a
> >period of rolling blackouts in Northern California, someone hacked
> into
> >the California Independent System Operators system, which regulates
> the
> >flow of power in the state.  The malicious users were stopped before
> >they caused any damage, but the incident shows how vulnerable our
> >ancillary government agencies are to attack.  The hack was traced
> back
> >to the Guangdong province in China.  Turns out, this was not an
> isolated
> >incident.
> >
> >A few weeks ago, I wrote that students at Foshan University in
> >Guangdong, China, may have created the Code Red worm.  Shortly after
> >that column appeared, someone at the Defense Department called me
> with a
> >serious interest in that information.  Now, the recent and very
> nasty
> >Offensive Trojan horse also happens to share a connection to
> Guangdong.
> >I don't think this is a coincidence.
> >
> >Guangdong is the largest and wealthiest province, and Hainan Island,
> the
> >site where the American EP-3E plane was held after landing last
> April,
> >is nearby.  According to a report prepared by the security company
> >Vigilinx, Guangdong is also home to hacker groups, such as the
> Honker
> >Union of China (also known as the Red Guest Alliance) and China
> Eagle,
> >and to criminal extortionists who have been terrorizing Hong Kong's
> >financial networks for years.  Guangdong also happens to be very
> >beautiful, historic, and the focus of major Western investment and
> >tourism.
> >
> >RATHER THAN ASSUME the Chinese government is behind Code Red and
> >Offensive, I think it is more credible that different groups of
> >individuals within Guangdong might be hacking the United States and
> >other nations (like Japan) for their own reasons.  Like the cracker
> >activity once seen in Eastern Europe, these exploits may not be a
> >political expression against, but a general frustration with,
> Western
> >arrogance and influence.  The crackers in Guangdong seem to be doing
> >their own thing, and they are definitely pushing the envelope of
> what is
> >possible in terms of malicious activity on the Internet.
> >
> >Whatever their motives, I suggest we'll hear even more from the
> crackers
> >in Guangdong.  If ego is involved, these crackers probably aren't
> done
> >flexing their programming muscles or announcing themselves to the
> world.
> >Now, thanks to comments from the U.S.  Defense Secretary, others
> >elsewhere might also be tempted to join in their fun.
> >
> >
> >
> >------------------
> >http://all.net/
> >
> >Your use of Yahoo! Groups is subject to
> http://docs.yahoo.com/info/terms/
> 
> 


__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Secure your servers with 128-bit SSL encryption! Grab your copy of VeriSign's FREE Guide: "Securing Your Web Site for Business." Get it Now!
http://us.click.yahoo.com/n7RbFC/zhwCAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



From:  <DrewSchaefer@ftnetwork.com>
Date:  Mon Sep 3, 2001  5:48 am
Subject:  Information Technology Security policies

Hello Fred and all,

I am curious whether anyone has a reference to any form of Organization (Corp.,
NGO, Gov't agency) IT security policy.

Whether you helped write one, or know a website that has such items, any
references private or public, would be helpful.  I am doing some research on
the legal aspects (constitutional and employer/employee relationships) of these
types of documents.

Please reply either privately or to the IWAR list, thank you in advance!

Cheers,
Drew

Drew Schaefer, JD 
41 76 549 1907 (Mobile #),
9, ruelle des Galeries
1248 Hermance, Suisse 
*****************************************************
"In every country and in every age, the priest has been hostile to liberty.  He
is always in alliance with the despot, abetting his abuses in return for
protection to his own." --Thomas Jefferson to Horatio G. Spafford, 1814. ME
14:119 
******************************************************


From:  Fred Cohen <fc@all.net>
Date:  Mon Sep 3, 2001  11:03 am
Subject:  Re: [iwar] Information Technology Security policies

Per the message sent by DrewSchaefer@ftnetwork.com:

> Hello Fred and all,

> I am curious whether anyone has a reference to any form of
> Organization (Corp., NGO, Gov't agency) IT security policy. 

Try http://all.net/
        => Protection Policy 

--This communication is confidential to the parties it is intended to serve--
Fred Cohen              Fred Cohen & Associates.........tel/fax:925-454-0171
fc@all.net              The University of New Haven.....http://www.unhca.com/
http://all.net/         Sandia National Laboratories....tel:925-294-2087


From:  Fred Cohen <fc@all.net>
Date:  Mon Sep 3, 2001  6:44 pm
Subject:  news

Subject: China: Air Force Publishes First Information Warfare Teaching Aid.

4/24/01

China: Air Force Publishes First Information Warfare Teaching Aid.

Text of report by Tang Baiyun, Chen Kecheng entitled: "Chinese air force 
publishes `Information Warfare', its first teaching material for signal 
corps", carried by Chinese news agency Zhongguo Xinwen She

Information Warfare, a teaching aid compiled by a signal unit of the 
Guangzhou air force, was recently published. This is the first teaching aid 
on information warfare published by the Signal Corps of the Chinese air 
force.

A person connected with the Guangzhou air force said today that with the 
extensive application of the latest information technology in the military 
sphere, information warfare has become an important factor deciding the 
outcome of war. He said that in order to meet the needs of future wars, 
bring into play the role of the signal corps in modern warfare and meet the 
requirement of "communicating in the course of combat, confrontation and 
troop movement", a certain unit of the Guangzhou air force had organized the 
best of its men and spent six months to compile Information Warfare, the 
first teaching aid for the Signal Corps of the Chinese air force.

The book used an abundance of actual examples of wars across the world as 
well as relevant CD-ROMs to give a vivid and figurative account of the basic 
concepts of information warfare, the main techniques and weaponry of 
information warfare, the strength of information warfare and the development 
of information weapons. The use of Information Warfare in teaching will play 
an important role in the training of air force Signal Corps units with 
"many-sided soldiers with expertise in one field".

Source: Zhongguo Xinwen She news agency, Beijing, in Chinese 20 Apr 01.
________________________________________________________________________


Subject: Cyberwar: The Mouse is Mightier Than the Missile

4/4/01

Cyberwar: The Mouse is Mightier Than the Missile

By R P C Americo

Hacker wars are now a regular part of regional, religious and ethnic 
conflict - from the Middle East to the Taiwan Strait. Opponents launch 
sophisticated sneak attacks on each other s websites. A group calling itself 
the Pakistani Hackerz Club seized the American Israel Public Affairs 
Committee (AIPAC) website and replaced the powerful pro-Israeli lobby s home 
page with anti-Israeli slurs. The Pakistanis also broke into AIPAC's 
databases, lifted the credit card numbers of 700 powerful Jewish supporters 
and then e-mailed 3,500 AIPAC members to boast about their exploits. Israeli 
cyber warriors have met their match in extremist groups like Hamas and 
Hizbollah whose computer-literate youngsters have become adept at throwing

virtual electronic stones. The Palestinian side is calling it

e-Jihad or electronic holy war against Israel and the US.

"It is the first

inter-fada , and the cyberconflict will probably intensify. The 
sophistication of attacks is expected to increase as attackers on both sides 
have time to prepare and launch more intricate actions. In the event that 
either side deploys viruses or Trojan horses, digital infections will not 
remain confined to their intended targets. Such cyber attacks will spread to 
the Internet as a whole, infecting systems worldwide."

The extract above is taken from the introduction to a report released by the 
Center for Strategic and International Studies (CSIS), Washington, in 
December 2000.

Cyberactivism or hacktivism may be Internet-based but its effects are
certainly not virtual. 

Battle of servers, battle of hearts: new media cyberwar was the name of a 
symposium which took place in January 2001 at the Ben Gurion University in 
the southern Israeli town of Beer Sheva. The symposium aimed to examine a 
relatively unexplored dimension of new media and cybermedia and to assess 
how they are applied in the context of real war, how they compare with 
virtual war games, what really happens in virtual wars, are they important 
and what are the other implications.Speakers at the symposium pointed out 
that rather than replacing the desire for real conflict, the activities of 
extremist groups on the web creates wider communities of the like-minded 
than was previously possible. These direct channels of communication and 
information distribution may actually result in increased action on the 
ground.

Cyberattacks now arise whenever disputes occur anywhere in the world. They 
are part of the war of words but can cyberterrorism and cyberwar be far 
behind? Two young Filipino university drop-outs demonstrated with the

love-bug that even amateurs can cause billions of dollars in damage by 
shutting down a corporate system and effectively putting it out of business 
for a day or two, or by stealing proprietary data.

Limor Yagil who lectures on terror and the Internet at several Israeli 
universities said at the symposium: "The Muslim world understood the 
importance of the Internet very early. They adopted a new strategy of online 
Jihad or e-Jihad. They created an Islamic community on the Internet which 
unites a Muslim in Afghanistan, for example, with what is happening in 
Algeria and Israel."

However, both sides in the Israel-Palestinian/Arab cyberwar are making use 
of this distribution channel. For example, Gilad Rabinovich, CEO of 
NetVision, the leading Israeli ISP admitted: "We started it. It was so sexy, 
let s put an Israeli flag on the Hizbollah site. And then they woke up."

In fact, a group of Israeli hackers has fired multiple salvos in the 
on-going Israeli-Palestinian cyber-war, defacing several anti-Zionist 
websites. The group, which goes by the name of "m0sad" (not to be confused 
with Mossad, Israel s elite intelligence agency), defaced the Internet home 
page of the service provider Destination, the Internet wing of Beirut's ITX, 
apparently in retaliation for the company s continued service to al-Manar 
Television, the official Web site of the Islamic fundamentalist group 
Hizbollah. The attack disrupted service on ITX s Destination website for 
over six hours, according to the company. Instead of the normal home page, 
visitors were treated to a jarring black screen that stated in large white 
type: "site closed by m0sad". ITX's general manager Ziad Mugraby later told 
news sources that m0sad had accessed the company's website through 
NetVision.Ben Venzke, director of intelligence special projects at Internet
security 
firm iDefense.com, reported that m0sad is the first pro-Israeli hacking 
group to expand the cyber-campaign against the Palestinian Intifada beyond 
pro-Palestinian websites by targeting websites throughout the Arab world. In 
fact during six weeks m0sad has defaced sites in Pakistan, Saudi Arabia and 
Qatar. The group also vandalized the official website of the Iranian 
President Mohammed Khatami, apparently in protest over pro-Palestinian 
cyberattacks against official Israeli sites.

Despite these recent Israeli hack-attacks, Palestinian hackers are more than 
holding their own. According to the iDefense report published on January 3, 
2001, if sheer quantity is a measure of success, the Palestinian hacktivists 
seem to be winning. There have been around 40 pro-Israeli assaults against 
websites sympathetic to the Palestinian cause, versus over 200 assaults 
against Israeli websites by Palestinian hackers. Ben Venzke claims that the 
reason for the statistical discrepancy has probably been that Palestinian 
hackers can attack


.il addresses, Israel's top level (TLD) domain, whereas organizations like 
m0sad have to search out multiple TLD's to wreak equivalent mayhem.

Cyberwar, however, is not restricted to Israeli/ Palestinian-Arab conflict. 
Throughout January computer hackers broke into 26 government Internet sites 
on three continents in "one of the largest, most systematic defacements of 
worldwide government servers on the web", according to the news. The 
defacements affected websites in the US, UK and Australia. The break-ins 
were attributed to a group called Pentaguard, which has previously been 
responsible for 48 attacks of a similar nature. The hackers caused servers 
to crash, sent greetings to other hackers, and left rambling messages with 
references to beer, sex and Ferraris, but officials claimed that they did 
not do any serious damage. This was not the largest of recent hacker 
attacks, but it was significant because it simultaneously spanned three time 
zones, meaning that the hackers wanted to complete the act while nobody was 
sleeping. All the sites affected remained defaced for at least 15 minutes.

Also in January 2001, during the annual conclave of global political and
economic luminaries at the Alpine resort of Davos, Switzerland for the
World Economic Forum (WEF), unprecedented security precautions failed to
prevent computer hackers from tapping into a database and stealing
credit-card numbers of about 1,400 prominent people.  The computer
break-in came to light when the Swiss weekly SonntagsZeitung revealed
that its reporters had been shown data on a CD-ROM containing 80,000
pages of information, including credit-card numbers, passport
information and personal cell-phone contacts of some of the WEF s
participants.  These representatives are among the world's most famous,
rich and powerful people.  The victims included former US president Bill
Clinton, former secretary of state Madeleine Albright, South African
President Thabo Mbeki, Microsoft s co-founder Bill Gates and other
prominent corporate executives, the Swiss weekly said.  SonntagsZeitung
was told that the cyber-attack was carried out by unknown hackers who
managed to break into a remnant database that contained information
about participants who attended some of the WEF s regional meetings held
last year.  The stolen material appeared to consist mainly of
biographical data readily available to the public, but for about 1,400
people more private information was accessed. 

During the conference, thousands of Swiss police set up an elaborate array 
of roadblocks and barbed wire barricades that transformed the Davos 
conference center into an impregnable fortress. The security measures were 
taken to thwart any mayhem by anti-globalization demonstrators, who had 
threatened for months to disrupt what they call an elitist conspiracy 
designed to promote the interests of big business to the detriment of the 
world s poor.


During January 2001, computer hackers obliterated the website of the 
Egyptian central bank. The website, which usually features billowing 
Egyptian flags and an old, sepia photograph of the bank, was turned all in 
black, overlaid red text in Portuguese including several Brazilian Internet 
addresses: "Ha ha ha ha and you still say Brazilians are stupid..." was part 
of the triumphant hackers message.

In the Asian continent more than 40 Indian sites have been infiltrated 
during last year by hackers like G Force Pakistan and Doctor Nuker, who have 
left poignant pro-Pakistan slogans and reasons why Kashmir belongs to that 
country.

On August 1, 1998, the Portuguese group Kaotik Team hacked 45 Indonesian 
government websites, altering web pages to include messages calling for full 
autonomy for East Timor. Mailbombs were delivered and several other 
Indonesian government sites were hacked some days later by hackers from 
China and Taiwan, to protest the fact that Chinese-Indonesians were targeted 
for torture, rape and looting during the anti-Suharto riots in May of that 
year.

Incidents that were once locally confined now can have international 
repercussions, and cross both public and private lines. Despite the 
prevalence of these amateur hacker attacks, it is clear that there is the 
possibility of a full-scale cyberwar between national governments. Actual 
cyberwar is difficult to carry out on a large scale. However, information 
warfare strategies are becoming increasingly embedded in national defense 
plans and intelligence operations, not only in the US, but also in countries 
like the UK, France, Israel, China, and Russia. Although many experts 
believe that the threat from nation states is currently overstated, the 
potential for sophisticated cyberwar tactics is likely to evolve rapidly.

Experts who believe that the risk is overstated tend to be thinking in
terms of traditional threat assessment models, which look for big
footprints and may not be appropriate to the much more subtle and
obscure cyber threats.  In addition, intelligence gathering on
information attacks poses strong challenges legally and operationally. 
Although no serious nation-based attacks have been detected to date, it
is important to note that many documented attacks have had national
organizations behind them, or have supported nationalist motives.  For
example, there have been persistent probes of US businesses,
universities, and government agencies by Russians, economic espionage by
French companies and French intelligence, attacks by Palestinian or
pro-Palestinian groups on the websites of US companies that actively do
business with Israel and so on. 

What is information warfare and what are the realistic threats to a
country s national security? Information warfare (IW) can encompass
everything from electronic jamming to psychological operations.  The
focus here however, is defense against the deliberate exploitation of
information systems inherent vulnerabilities in a manner that affects
national security.  The reality of IW is that all systems are
vulnerable.  As states grow more dependent on information systems,
vulnerabilities will increase. 


These weaknesses are compounded by the fact that military and civilian
information systems are intimately linked.  Railroads for example, are
controlled by relatively penetrable civilian systems and much of the
military s unclassified message traffic travels on the Internet.  In
cyberwar, civilian information systems can be as critical as military
systems and any effort to build a truly secure national information
system will require close cooperation between business and government
for each country. 

As war becomes more information intensive, the need for such cooperation
grows.  The Gulf War taught us that strong information management skills
could translate into battlefield success, but information technology
shares one characteristic with older military technology; defensive
countermeasures are both simpler and cheaper. 

Cyberwar requires a small capital investment to achieve tremendous
results.  The necessary computer equipment is easily obtained and is
becoming less expensive every day.  A team of computer mercenaries could
be hired for less than the cost of one fighter aircraft.  IW can also be
carried out remotely.  A state or terrorist organization could easily
disperse its operatives around the world making it difficult to pinpoint
any attack and retaliate.  The bottom line is that information warfare
is cheap, effective and well within the reach of almost any state or
well-endowed terrorist organization.  The potential for the Davids of
the world to fling a well-placed rock against the Goliaths may actually
be greater in the information age than in the industrial age. 

According to a report from the California based think-tank the Rand 
Corporation, entitled In Athena s Camp: Preparing for Conflict in the 
Information Age, authors John Arquilla and David Ronfeldt define infowar or 
cyberwar as, "conducting military operations according to 
information-related principles. It means disrupting or destroying 
information and communications systems. It means trying to know everything 
about an adversary whilst keeping the adversary from knowing much about 
oneself. It means turning the

balance of information and knowledge in one s favor, especially if the 
balance of forces is not. It means using knowledge so that less capital and 
labor may have to be expended."

University of Ottawa human-rights professor Gregory Walters, wrote in the 
Ottawa Citizen last year that the world of information warfare is, "a world 
where logic bombs, computer viruses, Trojan-horses, precision-guided 
munitions, stealth designs, radio-electronic combat systems, new electronics 
for intelligence gathering and deception, microwave weapons, space- based 
weapons, and robotic warfare are being discussed, developed and deployed."

Technology is changing the equations of power, challenging the conventional 
channels of communication, distributing and disseminating influence in the 
broadest possible fashion. It is democratizing the channels of communication 
and side stepping the gatekeepers. This technology has a mind-boggling 
potential to break through barriers and overcome political obstacles, to 
educate, inform and be an agent of political change. These events should be 
borne in mind when doing business on the Internet. Every Internet user is in 
the middle of a battlefield. Security becomes a key work to keep the quality 
of service and corporation image.

The mouse is mightier than the missile.

http://www.qsdg.com


________________________________________________________________________

Subject: Information Warfare Alternative for Deterrence and Compellence

Though this is not specific to the subcontinent, it contains interesting 
linkages of Information Warfare to the NMD of Dubya-Cheney-Rumsfeld.

Hungry Like A Wolf


Whom the Gods Would Destroy:
An Information Warfare Alternative for Deterrence and Compellence

Major Robert D. Critchlow, U.S. Air Force

SINCE THE END OF THE COLD WAR, the threat from weapons of mass destruction 
(WMD) has expanded beyond the massive arsenal of the former Soviet Union to 
many nations who are possessors-declared and undeclared-of nuclear, 
biological, or chemical weapons and the means to deliver them, or are 
attempting to acquire them. The United States therefore requires the ability 
to deter these smaller WMD-owning adversaries and, when necessary, to compel 
them to comply with its will or that of the international community. 
However, as has been widely noted, the utility and credibility of the U.S. 
nuclear arsenal for these ends are growing smaller, due to the success of 
arms control and public abhorrence of the nuclear instrument. Therefore, an 
alternative strategy is required, one that provides a responsive 
intermediate step on the escalation ladder.

Information warfare (IW) can provide that alternative. Like nuclear weapons, 
information warfare techniques can, at least theoretically, punish an 
adversary by striking speedily at his "centers of gravity"-leadership, 
command and control, national infrastructure, or industry-without defeating 
conventional forces in the field. It provides an alternative that the public 
is likely to be more willing to accept than a nuclear response to WMD use by 
a small power. It also provides a proportionate response to hostile attacks 
against the U.S. information infrastructure.

The military community uses a variety of terms to describe relationships 
between warfare, information, and information technology.1 Among them are 
"knowledge-based warfare" and "network-centric warfare," which imply the 
networking and exploitation of friendly communications, computers, 
intelligence, reconnaissance, and surveillance systems to maximize the 
effectiveness of traditional military arms.2 The Department of Defense uses 
the terms "command and control warfare" and "information operations" in 
reference to the employment of psychological operations, electronic warfare, 
operations security, military deception, and physical destruction to strike 
command and control systems and affect the perceptions of hostile nations.3 
In this article, "information warfare" means specifically the use of 
computer network attacks and electronic warfare techniques against the 
military systems and, especially, the national information infrastructure of 
an antagonist.


The Proliferation Environment

The strategic environment that the United States faces at the turn of the 
millennium resembles that of the years of President Dwight D. Eisenhower?s 
"New Look," before the Soviet Union exploded its first hydrogen bomb and 
developed an intercontinental missile. The nation is once more enjoying 
economic expansion; it is again in a position of military dominance, though 
this time through its conventional capability rather than its nuclear might. 
As in that period, there are few direct threats to the U.S. homeland. The 
United States of the 1950s faced international challenges in Korea and 
Indochina; the threats today are once more on the periphery.

As in the 1950s, when opponents on the periphery employed unconventional 
warfare to "end run" U.S. nuclear superiority, this nation?s nuclear and 
conventional military capabilities are confronted today by an "asymmetrical" 
threat. Today, the proliferation of weapons of mass destruction increases 
the dangers and difficulties of the international arena. The number of 
nations that possess or are aggressively attempting to develop these weapons 
and ballistic missile systems to deliver them is expanding. James Woolsey, 
former Director of Central Intelligence, estimated in 1995 that twenty 
nations had or were developing WMD and delivery means. Fifteen nations 
already had ballistic missiles, and sixty-six possessed cruise missiles.4 
Since that time, India and Pakistan have openly demonstrated nuclear weapons 
capabilities. North Korea is estimated to have plutonium sufficient to build 
one or two nuclear weapons.5 The U.S. homeland is expected to face 
additional ICBM threats from North Korea, Iran, and Iraq in the next fifteen 
years.6 Of even higher probability is the launch of short and medium-range 
ballistic or cruise missiles at U.S. or allied military and civilian 
targets. Nonmissile delivery means is the most likely of all, as it is the 
easiest to achieve and avoids direct association with the perpetrator or 
sponsor.7

Whom the gods would destroy they first make mad.

-Euripides

________________________________________________________________________

These technologies are spreading to smaller, radical, rogue states. Dr. 
Barry Schneider, in a coinage worthy of Ian Fleming, has christened these 
states "NASTIs": nuclear/biological/chemical-arming sponsors of terrorism 
and intervention. Iraq, Iran, and North Korea rank as charter members of 
this dubious club, while Libya, Cuba, and Syria are striving to become NASTI 
members.8

Iran uses its formal adherence to the Non-Proliferation Treaty as a 
camouflage under which to gain access to key technologies for its nuclear 
weapons program. Iran is actively improving its civilian nuclear energy 
program and cooperating with Russian and Chinese agencies to develop 
facilities that will both complete the nuclear fuel cycle and support weapon 
materials production.9 It is expanding its chemical weapons program, though 
it signed the Chemical Weapons Convention; it has hundreds of tons of 
choking and blister agents in stock, and it is in the process of 
"weaponizing" its biological warfare research. In an example of the 
closeness of the NASTI fraternity, Iran has been able to buy Scud-C and No 
Dong-1 ballistic missiles from North Korea.10


As for Iraq, during the Gulf War it prepared Scud warheads containing 
chemical and biological agents for launching against Israel and Saudi 
Arabia, and it embarked on a crash effort to produce one or two nuclear 
warheads. Although its program was damaged in the war, Iraq preserved 
critical elements, as well as the expertise to re-create the rest. The CIA 
considers it likely that Iraq resumed its WMD programs after the air and 
cruise-missile strikes of Operation DESERT FOX in December 1998.11 In fact, 
it has already acquired missile components in violation of UN sanctions. Of 
particular concern are recent revelations about the extent of the Iraqi 
anthrax program.12

Libya?s budding WMD program also bears watching. The Libyans have a strong 
chemical weapons program, which is creating mustard gas and nerve gas. Their 
biological warfare and nuclear weapons are still in the research and 
development phase, but they are actively recruiting Russian scientists to 
speed their efforts. North Korea has provided Libya?s program a boost by 
selling Scud and No Dong missiles. Particularly disturbing has been Libya?s 
willingness to use these weapons, firing missiles at the island of Lampedusa 
and employing chemical weapons against Chad.13

The NASTIs will pose a narrowly focused nuclear threat, characterized by 
small, fission-type arsenals. These weapons will be able to hit troop 
concentrations, contaminating large areas with fallout, or to strike urban 
areas, causing mass casualties and terror. However, such weapons will be 
unable to threaten the American homeland for the foreseeable future: the 
missiles lack intercontinental range, and their nuclear weapons are too 
valuable to entrust to individuals to smuggle them in. Thus, the most likely 
uses for these weapons would be regional attacks to shape crises.14

The spread of missile technology multiplies the severity of the WMD threat 
to the interests, at least, of the United States. Missiles have a high 
probability of penetration, given the thinness of ballistic missile 
defenses. They can be fired at any time and in all weather. They can attack 
strategic targets in an adversary?s rear areas, even if launched from the 
attacker?s sovereign territory, where they are difficult to counterattack. 
Because of their short flight and warning times, they are particularly 
effective as terror weapons against civilian populations.15

WMD arsenals could create significant roadblocks to U.S. efforts to protect 
friends and safeguard regional interests. First, as Dean Wilkening and 
Kenneth Watman suggest, an adversary could employ these weapons to impede 
U.S. intervention in a crisis by interfering with deployments or attacking 
rear assembly areas. Second, as Robert Joseph argues, a rogue state could 
inflict casualties on U.S. servicemen or civilians of host nations in an 
attempt to sway American public opinion. Third, as Barry Schneider observes, 
the WMD-proliferating nation could use its arsenal for regional influence. 
Many nations have only one or two urban concentrations, making them 
effectively "one-bomb targets." A state with even a small arsenal can 
threaten such countries with national extinction; it might do so to 
intimidate U.S. allies, to fracture coalition building, or to compel 
neighbors to follow its lead. Last, as Schneider further notes, a regime 
confronted with defeat could use weapons of mass destruction as bargaining 
levers to preserve itself in a postwar settlement. In general, WMD arsenals 
allow outlaw nations to pursue asymmetric strategies against the United 
States.16


U.S. Objectives and Constraints in a Proliferation World

If the United States is to cope with this environment of WMD proliferation, 
it must be clear about its objectives. The primary goal is to remain able to 
pursue vital international interests in a world pervaded by weapons of mass 
destruction. This requires deterring rogue states from using such weapons 
against U.S. interests or partners. This deterrence, if successful, should 
reduce the value of acquiring WMD, by making them unusable for obtaining 
political goals.

As the United States continues nuclear arms reductions with the Russian 
Federation and refuses to modernize its arsenal, its overall capability in 
that area will decline. In any case, threats to use nuclear weapons could 
backfire, spurring opponents to acquire their own or to ally themselves with 
nuclear powers. The United States confronts international norms of nonuse 
that it helped to create and wants to preserve. Some would interpret an 
actual nuclear attack as a violation of the Non-Proliferation Treaty, which 
has joined the body of international law. An energetic nuclear deterrent 
posture, let alone an actual use of nuclear weapons, undoubtedly would lead 
to a domestic backlash, as well as international condemnation. To gauge the 
probable domestic response, consider the reactions during the Persian Gulf 
War to the Al Firdos bunker bombing or the "highway of death"-and multiply 
it. The American public abhors both nuclear weapons and high casualties, 
even among enemies.17

Beyond the policy constraints, practical constraints limit the utility of 
nuclear weapons for regional deterrence. MAD (mutual assured destruction) 
does not apply. As Philip Ritcheson argues, it is not mutual, because no 
regional power could hurt the United States as much as the United States 
could hurt it. Also, it is not assured: a U.S. threat to strike in 
retaliation would not be credible, because it would cause damage 
disproportionate to anything that could have been inflicted on the United 
States.18

Situational constraints also work against a U.S. regional nuclear deterrent. 
These constraints stem from differences between how the United States and a 
regional nuclear opponent view the risks. U.S. interests in regional 
contexts are typically peripheral; the regional player may be defending what 
it considers vital, bedrock values, in or near its homeland.19

A Strategy for Deterring the NASTIs

Given the environment and constraints of a proliferated world, the United 
States needs a new deterrence vehicle. The ideal instrument would be able to 
inflict more rapid and severe punishment than can conventional weapons but 
without the opprobrium that adheres to nuclear weapons. Facing an increased 
importance of nonstate actors and transnational organizations in the 
international system, such an instrument would have to be able to strike 
against such actors, again without the undesirable collateral effects of 
nuclear weapons.

It will be necessary, in addition, to modify the declaratory and practical 
elements of strategy to reflect both the wider range of threats to be 
deterred and the broader range of options for response. Current declaratory 
strategy is weak and vague. During the Gulf War, the United States used what 
Secretary of State James Baker called "calculated ambiguity" to dissuade the 
Iraqis from using their WMD arsenal against coalition forces. This 
perspective reflected President George Bush?s private decision not to 
respond with nuclear weapons even if the Iraqis used chemical weapons 
against U.S. forces-but to threaten publicly that he would. U.S. officials 
believed that this strategy worked and used it again during the winter 1998 
confrontation over UN inspections of Iraq?s WMD capability. State Department 
spokesman James Rubin declared, "We do not rule out in advance any 
capability available to us."20 In March 1998, Secretary of Defense William 
S. Cohen was even more specific, proclaiming, "We?ve made it very clear to 
Iraq and to the rest of the world that if you should ever even contemplate 
using weapons of mass destruction-chemical, biological, any other 
type-against our forces, we will deliver a response that?s overwhelming and 
devast
From:  Fred Cohen <fc@all.net>
Date:  Mon Sep 3, 2001  6:44 pm
Subject:  More news

INFORMATION WAR: A NEW FORM OF PEOPLE'S WAR

Wei Jincheng

This article was excerpted from the Military Forum column, Liberation Army 
Daily

A future war, which may be triggered by a disruption to the network of the 
financial sector, may be combat between digitized units or a two-man show, 
with the spaceman (or robot) on the stage and the think tank behind the 
scenes. It may also be an interaction in the military, political, and 
economic domains, making it hard to define as a trial of military strength, 
a political argument, or an economic dispute. All this has something to do 
with the leap forward of modern technology and the rise of the revolution in 
the military domain.

The technological revolution provides only a stage for confrontations. Only 
when this revolution is married with military operations can it take on the 
characteristics of confrontation. Some believe that the information 
superhighway, the Internet, computers, and multimedia are synonymous with 
commerce, profit, and communications. In fact, this is far from true.

Thanks to modern technology, revolutionary changes in the information 
domain, such as the development of information carriers and the Internet, 
are enabling many to take part in fighting without even having to step out 
of the door. The rapid development of networks has turned each automated 
system into a potential target of invasion. The fact that information 
technology is increasingly relevant to people's lives determines that those 
who take part in information war are not all soldiers and that anybody who 
understands computers may become a "fighter" on the network. Think tanks 
composed of nongovernmental experts may take part in decisionmaking; rapid 
mobilization will not just be directed to young people; information-related 
industries and domains will be the first to be mobilized and enter the war; 
traditional modes of operations will undergo major changes; operational 
plans designed for information warfare will be given priority in formulation 
and adoption; and so on and so forth. Because other technologies are 
understood by people only after they are married with information technology 
and because information technology is becoming increasingly socialized, 
information warfare is not the business of armed forces alone. Conditions 
exist that effectively facilitate the participation of the public in 
information warfare.


Ideas Guide Action

In the information age, an all-new concept of operations should be 
established. Information is a "double-edged sword." In the information age, 
information is not only a weapon of combat but also the object sought after 
by the warring parties. The quantity, quality, and speed of transmission of 
information resources are key elements in information supremacy. That is why 
information is not just a piece of news and information weapons do not refer 
only to such information-based weapons as precision-guided weapons and 
electronic warfare weapons. The most effective weapon is information itself. 
Information can be used to attack the enemy's recognition system and 
information system either proactively or reactively, can remain effective 
either within a short time or over an extended period, and can be used to 
attack the enemy right away or after a period of incubation. Therefore, good 
information protection and launching a counterattack with information 
weapons when attacked will become the main subjects of preparation against 
war during the information age.
Information is intercommunicative and therefore must not be categorized by 
sector or industry. It is very wrong to think that information in only the 
military field is worth keeping secret and that information for civil 
purposes does not belong to the category of secrecy. In fact, if no security 
measures are taken to protect computers and networks, information may be 
lost. Similarly, if we think it is the business of intelligence and security 
departments to obtain the enemy's information and that it has nothing to do 
with anyone else, we would miss a good opportunity to win an information 
war.

In March 1995, Beijing's Jingshan School installed a campus network with 400 
PCs, an "intelligent building" design, and multimedia technology. The school 
runs 10 percent of its courses through computers; students borrow books from 
the library through a computerized retrieval system; and experiments are 
conducted with demonstrations based on multimedia simulation systems. This 
illustrates in microcosm the many information networks that our country has 
built with its own resources. More than one million PCs were sold in China 
in 1995, and the figure is expected to reach 2.7 million in 1996. Faced with 
the tendencies of a networking age, if we looked upon these changes merely 
from a civil perspective and made no military preparations, we would 
undoubtedly find ourselves biased and shortsighted.


Information War Depends on the Integrity of the Information System


Information warfare is entirely different from the conventional concept of 
aiming at a target and annihilating it with bullets, or of commanders 
relying on images and pictures obtained by visual detection and with 
remote-sensing equipment to conduct operations from a map or sand table. The 
multidimensional, interconnected networks on the ground, in the air (or 
outer space), and under water, as well as terminals, modems, and software, 
are not only instruments, but also weapons. A people's war under such 
conditions would be complicated, broad-spectrum, and changeable, with higher 
degrees of uncertainty and probability, which requires full preparation and 
circumspect organization.
An information war is inexpensive, as the enemy country can receive a 
paralyzing blow through the Internet, and the party on the receiving end 
will not be able to tell whether it is a child's prank or an attack from its 
enemy. This characteristic of information warfare determines that each 
participant in the war has a higher sense of independence and greater 
initiative. However, if organization is inadequate, they may each fight 
their own battles and cannot form joint forces. Additionally, the Internet 
may generate a large amount of useless information that takes up limited 
channels and space and blocks the action of one's own side. Therefore, only 
by bringing relevant systems into play and combining human intelligence with 
artificial intelligence under effective organization and coordination can we 
drown our enemies in the ocean of an information offensive.

A people's war in the context of information warfare is carried out by 
hundreds of millions of people using open-type modern information systems. 
Because the traditional mode of industrial production has changed from 
centralization to dispersion and commercial activities have expanded from 
urban areas to rural areas, the working method and mode of interaction in 
the original sense are increasingly information-based. Political 
mobilization for war must rely on information technology to become 
effective, for example by generating and distributing political mobilization 
software via the Internet, sending patriotic e-mail messages, and setting up 
databases for traditional education. This way, modern technical media can be 
fully utilized and the openness and diffusion effect of the Internet can be 
expanded, to help political mobilization exert its subtle influence.

In short, the meaning and implications of a people's war have profoundly 
changed in the information age, and the chance of people taking the 
initiative and randomly participating in the war has increased. The ethnic 
signature and geographic mark on an information war are more pronounced and 
the application of strategies is more secretive and unpredictable.

Information-based confrontations will aim at reaching tangible peace through 
intangible war, maintaining the peace of hardware through software 
confrontations, and deterring and blackmailing the enemy with dominance in 
the possession of information. The bloody type of war will increasingly be 
replaced by contention for, and confrontations of, information.

The concept of people's war of the old days is bound to continue to be 
enriched, improved, and updated in the information age to take on a new 
form. We believe any wise military expert would come to the same conclusion.

---------------------------------------------------------

Chinese Views of Future Warfare
[National Defense University Press]
From:  Fred Cohen <fc@all.net>
Date:  Mon Sep 3, 2001  6:56 pm
Subject:  Information warfare between PA and Israel really heating up

[FC - Recently, the rhetoric between the PA and Israel has really heated
up.  At the world racism conference, this circus has really become
bizarre in the extreme.  I hope to present some recent selections from
this information war in this forum and welcome others to chime in...]

             'Hitler' pamphlet sparks racism indaba row
                    September 03 2001 at 03:17PM
                          By Moffet Mofokeng

 Palestinian and Israeli teenagers on Monday shouted at each other
over the origin of an anti-Zionism pamphlet which had been distributed
at the World Conference Against Racism (WCAR) in Durban.

The pamphlet contains a picture of Nazi leader Adolf Hitler, with the
following words inscribed underneath: "If I had won the war there
would be no Palestinian state and no Palestinian blood lost."

The Israeli group is accusing Palestinians of distributing the
hate-pamphlet, but the Palestinians are denying the accusation.

Security personnel were on the scene to prevent any trouble
A group of about sixty people have gathered outside the media centre
inside the grounds of the Durban Exhibition Centre.

An Israeli delegate claimed that he had earlier seen Palestinians
handing out the pamphlet. A Palestinian woman said she had also found
a pamphlet on the windscreen of her car, but did not know where it
came from.

Among the group were the five Orthodox Jewish rabbis - opposed to the
state of Israel - and their Palestinian friend who have become an
institution at each of the marches and protests held over the
Palestinian issue.

The group of Palestinians did not move to the International Convention
Centre where governments from across the world are meeting.

A large contingent of security personnel were on the scene to prevent
any trouble. The crowd eventually dispersed peacefully about 3pm.

Both the American and Israeli delegations to the WCAR have threatened
to withdraw because they claim that the Palestinian issue had hijacked
the conference.

Israel said it would make a decision on the matter later on Monday
pending the outcome of Norway's intervention. - Sapa

[FC - Note that Israel and the US pulled out later on Monday]
From:  Fred Cohen <fc@all.net>
Date:  Mon Sep 3, 2001  6:59 pm
Subject:  More PA/IS information warfare

Europe Puts Sharon on Trial: Sabra and Chatila Revived
3 September 2001
Palestine Media Center - PMC

On 4 September, the Swedish City of Yotburi will host the first symbolic
trial for Ariel Sharon in Europe.  Alsong with Swedish and Arab
non-governmental organizations, Swedish parliamentarians and politicians
decided to symoblically try Ariel Sharon, Israels current Prime
Minister, for his responsibility in the 1982 Sabra and Chatila
massacres.  The trial comes as part of a solidarity campaign that
Swedish humanitarian and political organizations, including the
Communist Swedish Party, have launched recently.  Mr.  Teddy Joan Frank,
representative of the Communist Party clarified that the solidarity
campaign with the Palestinian People aims to prove that the
internationally legitimate rights, as delineated by United Nations
resolutions, stress the Palestinian Peoples legitimate right in their
land and the illegality of Israels occupation.  Mr.  Frank also
announced that the movement had been able to collect and donate thirty
thousand US Dollars to a Palestinian hospital in the West Bank.  The
decision to hold the mock trial in the City of Yotburi is rather
interesting.  The City was always known for the strength of its Jewish
lobby.  It is home to the biggest Jewish community in Sweden and has
recently housed hundreds of the Southern Lebanese Army (SLA) soldiers,

Israels allies in Southern Lebanon during the occupation.  The SLA
soldiers fled southern Lebanon after Israel ended its twenty-year
occupation of Southern Lebanon in May of last year.  The mock trial will
be held in the Peoples Home Hall at 2:00 pm on Wednesday.  A number of
legal and national personalities in addition to the Sabra and Chatila
witnesses will be present in the Hall.  Among the personalities
participating in the mock trial is Swedish Parliament Member Ivon
Ruwaida, who will also deliver a speech on the importance of following
up on the issue of trying Sharon in international courts.  Ms.  Bregita
Elvistrom, a member of the International Law Committee who specializes
in war crimes, will discuss the legal issues pertinent to the case and
ways to allow for the detention and persecution of Sharon during the
mock trial.  One of the Sabra and Chatila witnesses participating in the
Swedish mock trial will be nurse Lisa Norman, who worked as nurse in
those refugee camps at the time of the massacre.  Back in Belgium where
the preparations of a real trial against Ariel Sharon are underway, Mr. 
Valin, a Belgian lawyer, affirmed that his country would resist all
pressures aiming to dissuade Belgium from conducting the Sharon trial. 
He stressed his conviction that the Sabra and Chatila massacre amounts
to genocide.  Ariel Sharon conspired with and allowed the Israeli-allied
Phalange militias to enter the Sabra and Chatila refugee camps in 1982
to commit the most atrocious acts imaginable.  At least two thousand
Palestinian civilians, mostly women, children, and the elderly were
slaughtered, shot, or raped during the massacre. 

==============================================================================

ISLAMIC NEWS AND INFORMATION NETWORK: http://WWW.ININ.NET
VISIT: http://WWW.MEDIAMONITORS.NET
WE AFFIRM THAT INJUSTICE ANYWHERE IS A THREAT TO JUSTICE
EVERYWHERE!!!!

DEFINING APARTHEID Article 2 of the "International Convention of the
Suppression and Punishment of the Crime of Apartheid" of 1973 clearly
defined the term "crime of apartheid." This includes similar policies
and practices of segregation and discrimination as practiced in South
Africa and which also apply to inhuman acts committed for the purpose of
the establishment and maintaining of domination by one racial group over
another.  This includes the deliberated imposition of living conditions
calculated to cause physical destruction and any legislative or other
measures preventing a racial group from full development of their
political, social, economic and cultural life.  This is an accurate
description of what the Arabs are doing to the blacks of the Sudan and
Mauritania as they enslave them. 



From:  Fred Cohen <fc@all.net>
Date:  Mon Sep 3, 2001  7:01 pm
Subject:  Zimbabwe starts to expel whites

 Mugabe slams Jews, tells whites to leave Zimbabwe

September 01 2001 at 01:01PM

Harare - President Robert Mugabe has accused Jews of trying to shut down
businesses in Zimbabwe and said it would be "a good thing" if white
industrialists left, the state-controlled press reported on Saturday. 

"Jews in South Africa, working in cahoots with their colleagues here,
want our textile and clothing factories to close down.  "They want
Zimbabwe and Bulawayo to remain with warehouses to create business for
South African firms," he said. 

Mugabe was speaking on Friday at a textile company, owned by a prominent
Jewish family in the western city of Bulawayo. 

'Open your eyes and tell us which companies are closing'

It went into liquidation earlier this year and the company attempted to
relocate to neighbouring Botswana because of harsh business conditions
in Zimbabwe. 

However, the move was stopped about three months ago when a band of
so-called war veterans invaded the factory and assaulted directors at a
board meeting. 

Mugabe drew accusations of anti-Semitism in 1992 when he declared that
white farmers were "hard-hearted, you would think they were Jews." He
refused to apologise. 

Mugabe on Friday urged workers at the factory to monitor companies and
to inform the government of their activities. 

"We want you to be inspectors," he said.  "Listen to all factory
rumours, open your eyes and tell us which companies are closing.  Tell
us in good time. 

"Yes, there are hardships, but if they (whites) leave, it's a good
thing, because we will take over the companies."

In an impromptu speech in the city centre, he urged people to back his
bid to seize white-owned land and declared: "To those of you who support
whites, we say down with you."

About 400 businesses closed down in Zimbabwe in the first six months of
the year, according to official statistics, amid escalating economic
chaos. 
From:  David Kennedy CISSP <david.kennedy@acm.org>
Date:  Tue Sep 4, 2001  11:13 am
Subject:  Is China's Guandong province ground zero for hackers?

ZDNet: Is China's Guandong province ground zero for hackers?


Is China's Guandong province ground zero for hackers?
By Robert Vamosi, AnchorDesk
August 28, 2001 9:00 PM PT
URL: http://www.zdnet.com/zdnn/stories/comment/0,5859,2808609,00.html

Last week, while discussing new priorities for the Department of Defense,
Secretary of Defense Donald Rumsfeld told the Washington Post that "serious
moves to transform the military to meet such emerging threats as computer
warfare, terrorism and missile proliferation will not produce new
war-fighting capabilities for a number of years." Although paraphrased, it
sounds to me like Secretary Rumsfeld just told our enemies that we're years
away from defending ourselves against cyberterrorism.  Oops.  Now is not
the time to admit weakness in this area, Mr. Secretary.

Quietly, the U.S. government had been hacking away at cyberterrorism. The
EP-3E spy plane that crash-landed in China earlier this year was, according
to James Bamford in his keynote speech at this year's Black Hat Briefing,
working for the National Security Agency.  Even the 1999 war in Kosovo
featured early information warfare techniques against the Serbian
government.  A recent report by MSNBC explains the emerging global
information warfare threat in greater detail.  If the secretary is serious
about transforming the U.S. defense department, then let me suggest that it
is much more prudent to shore up our computer networks today than to invest
in the 20-year-old concept of laser-toting satellites orbiting the earth
tomorrow:  Our computer networks are already under serious attack.

HOSTILE NATIONS, and for that matter, hostile groups, such as Osama bin
Laden's followers, realize they can't challenge the U.S. military
one-on-one. But they can disrupt our utilities, our telecommunications, and
our e-commerce. Just last spring, during a period of rolling blackouts in
Northern California, someone hacked into the California Independent System
Operators system, which regulates the flow of power in the state.  The
malicious users were stopped before they caused any damage, but the
incident shows how vulnerable our ancillary government agencies are to
attack.  The hack was traced back to the Guangdong province in China.
Turns out, this was not an isolated incident.

A few weeks ago, I wrote that students at  Foshan University in Guangdong,
China, may have created the Code Red worm. Shortly after that column
appeared, someone at the Defense Department called me with a serious
interest in that information.  Now, the recent and very nasty Offensive
Trojan horse also happens to share a connection to Guangdong.  I don't
think this is a coincidence.

Guangdong is the largest and wealthiest province, and Hainan Island, the
site where the American EP-3E plane was held after landing last April, is
nearby.  According to a report prepared by the security company Vigilinx,
Guangdong is also home to hacker groups, such as the Honker Union of China
(also known as the Red Guest Alliance) and China Eagle, and to criminal
extortionists who have been terrorizing Hong Kong's financial networks for
years. Guangdong also happens to be very beautiful, historic, and the focus
of major Western investment and tourism.

RATHER THAN ASSUME the Chinese government is behind Code Red and Offensive,
I think it is more credible that different groups of individuals within
Guangdong might be hacking the United States and other nations (like Japan)
for their own reasons.  Like the cracker activity once seen in Eastern
Europe, these exploits may not be a political expression against, but a
general frustration with, Western arrogance and influence. The crackers in
Guangdong seem to be doing their own thing, and they are definitely pushing
the envelope of what is possible in terms of malicious activity on the
Internet.

Whatever their motives, I suggest we'll hear even more from the crackers in
Guangdong. If ego is involved, these crackers probably aren't done flexing
their programming muscles or announcing themselves to the world.  Now,
thanks to comments from the U.S. Defense Secretary, others elsewhere might
also be tempted to join in their fun.



From:  Fred Cohen <fc@all.net>
Date:  Wed Sep 5, 2001  6:49 am
Subject:  Code Red virus probably began in China, GAO official says

Code Red virus probably began in China, GAO official says 
Agence France-Presse, 9/4/2001
<a
href="http://www.nandotimes.com/technology/story/72365p-1018237c.html">http://ww\
w.nandotimes.com/technology/story/72365p-1018237c.html</a>

WASHINGTON (September 2, 2001 11:42 p.m. EDT) - The Code Red computer
virus that gummed up Web servers around the world probably originated at
a university in China, a congressional report released Friday said.

The Code Red virus &quot;is believed to have started at a university in
Guangdong, China,&quot; according to Keith Rhodes, the chief technologist for
the General Accounting Office, Congress' investigative arm of Congress.

Rhodes' testimony was given to a hearing Wednesday and released Friday
by the GAO. He did not elaborate on the origin of the virus.

But he said the virus can do damage to the global Internet
infrastructure because it can &quot;decrease the speed of the Internet and
cause sporadic but widespread outages among all types of systems.&quot;

He said that &quot;the first version of Code Red created a randomly generated
list of Internet addresses to infect. However, the algorithm used to
generate the list was flawed, and infected systems ended up reinfecting
each other. The subsequent versions target victims a bit differently,
increasing the rate of infection.&quot;

The so-called Code Red virus is categorized as a &quot;worm&quot; which invades
servers and overwhelms their memory capacity, shutting them down just
before the worm is passed to another computer.

Servers are computers that pass data, such as Web pages and e-mail,
across the Internet. Individual computers are not vulnerable to the
attack.

Some versions of the Code Red virus targeted attacks on the White House
Internet server, although officials said no damage was done to the site.

Separately, a California-based research group said over 1 million
servers were infected by the Code Red virus and that the economic loss
from the infections was $2.6 billion dollars.

Computer Economics said the cost of cleaning an inspecting servers was
$1.1 billion and that $1.5 billion in productivity was lost.

It figured the total impact of virus attacks around the world for 2001
has hit $10.7 billion.


From:  "Leo, Ross" <Ross.Leo@csoconline.com>
Date:  Wed Sep 5, 2001  6:50 am
Subject:  RE: [iwar] Is China's Guandong province ground zero for hackers?

I agree with some of what Vamosi has stated - The Honourable Rumsfield
should know better than to display his hoof-in-mouth illness so publicly - 

From the "Say It Ain't So" Desk: 

The EP-3 was working for the NSA (duh)!? And this is supposed to be news?
To Whom?  Certainly not to the PRC folks...

From the "Buy the Farm, But Don't Bet Your Life On It" Department:

Just because it appears to be frustrated hackers doing their own thing
against the soulless, repressive Western Capitalist pigs doesn't mean it is.
Seemingly disorganized, disparate groups using diverse methods to harass is
a very old tactic employed by the USSR (and others, including the US) in
years past.  It is currently in use by terrorist groups that we all know.
The spreading of disinformation is an old trick that continues to work well
- even better with the Internet to help it.  This is once again an example
of [naive] perception becoming the asymptotic equivalent of reality.

From the "Trust But Verify" Division:

Re The PRC Government's denial of involvement in Code Red:  How difficult is
it to flatly deny something you know with certainty can't be conclusively
proven, especially when you control the source?


From:  lekatis@lekatis.com
Date:  Wed Sep 5, 2001  7:00 am
Subject:  New Member

I want to introduce myself.

My name is George Lekatis. I am Mathematician, MCSE+I, MCT, CISSP, 42 
years old, working as IT&IS Director in INTERFACE SA, a company 
offering security and computer forensics education and consulting in 
large companies, banks, ministries, public and private sector 
organizations in Greece.

Working in the fields of information security, computer security and 
forensics and hating crime, like you, it is natural to come here, in 
this group. But, one more important reason is  that in your group I 
can find a good teacher, Fred. I have learned many things in 
www.all.net.

Thank you for accepting me in your group.

George



From:  Fred Cohen <fc@all.net>
Date:  Wed Sep 5, 2001  5:50 pm
Subject:  [NewsBits] NewsBits - 08/31/01 (fwd)

Law enforcers report spike in cybercrime Cybercrime cases are rising in
high-tech regions, say U.S.  law-enforcement officials.  Prosecutors and
investigators are seeing more cases related to computer hacking, theft
of trade secrets and hardware, and other tech crimes.  In Silicon
Valley, the Santa Clara District Attorney's Office is tackling almost 30
tech-related cases this year =97 twice as many as last year,
investigator John McMullen says. 
http://www.usatoday.com/life/cyber/tech/2001-08-31-cybercrime-wave.htm

Computer virus costs reach $10.7 billion this year The worldwide cost of
the Code Red computer worms that were unleashed on the Internet in July
and August has reached about $2.6 billion, an independent research firm
said Friday.  While hefty, that was just a part of the total cost of
attacks on computer systems this year. 
http://www.siliconvalley.com/docs/news/tech/038349.htm
http://news.cnet.com/news/0-1003-200-7026411.html

Top Hacking Tools Site Restricts Access Citing a desire to thwart
"script kiddies" and security companies, a popular site that provides
free hacking tools has closed its doors to the general public. 
Hack.co.za will no longer allow all visitors to download its collection
of exploits, according to its operator, a South African who uses the
nickname Gov-Boi.
http://www.newsbytes.com/news/01/169648.html

Russia tells computer experts to stay home Russia warned its computer
experts Friday of the dangers of visiting the United States after a
Russian software designer was arrested there for violating a
controversial new law.  Last July, Dmitry Sklyarov became the first
person to be arrested on charges of selling technology designed to
circumvent a 1998 U.S.  copyright protection law.  Formally arraigned
Thursday, he faces up to 25 years in jail if convicted. 
http://news.cnet.com/news/0-1005-200-7024730.html
http://www.msnbc.com/news/622397.asp

Cold War II? Russia warns tech experts
http://www.zdnet.com/zdnn/stories/news/0,4586,2809895,00.html


From: Fred Cohen <fc@all.net>
Date:  Wed Sep 5, 2001  5:57 pm
Subject:  [NewsBits] NewsBits - 09/04/01 (fwd)

September 4, 2001

New Worms Seek And Destroy Code Red Amid a debate over the ethics of
fighting a virus with a virus, security researchers have separately
released two programs that hunt down and patch computers infected with
Code Red II.  CodeGreen, written by a German security expert who uses
the nickname "Der HexXer," is designed to randomly scan the Internet for
servers running Microsoft's IIS software that are infected with Code Red
version II.
http://www.newsbytes.com/news/01/169707.html

FBI warns as Unix web server flaw gets automated A worm called x.c,
which takes advantage of a buffer overflow vulnerability in the telnet
daemon program commonly used on Unix boxes, has being discovered, and
security experts fear it is a harbinger of worse to come. 
http://www.theregister.co.uk/content/55/21438.html

Apache Web Server Admins Urged To Check Code Administrators of Apache
Web servers who use certain add-on software modules to control
password-protected access are being warned to shore up potential
security holes.  The Computer Emergency Response Team at the University
of Stuttgart (RUS-CERT) reports that several third-party authentication
modules for the open-source Apache server could allow individuals to
submit potentially malicious queries to databases on the servers. 
http://www.newsbytes.com/news/01/169718.html

Senate To Vote On High-Tech Export Laws This Week On the first day back
from its August recess, the U.S.  Senate will begin debate on the Export
Administration Act (EAA), a law that seeks to update export laws to
balance trade in U.S.  high-tech goods with national security.  Yet, any
momentum that proponents of the measure hope to gain from today=92s
early start isn=92t likely to last long. 
http://www.newsbytes.com/news/01/169711.html

Welsh Assembly blocks school emails Fears over children's safety on the
Internet halt plans to give Welsh school pupils their own email
addresses.  The Welsh Assembly has halted its pledge to provide every
school pupil in Wales with a personal email address because of security
fears.  Minutes from an Assembly cabinet meeting in June have revealed
that the proposal was shelved following concerns that children could be
individually identified through their personal email addresses. 
http://news.zdnet.co.uk/story/0,,t269-s2094481,00.html

E-signatures battle =91fear factor=92 "DOD to use GSA digital
certificates" "No more dotted line" At the Army's White Sands Missile
Range, electronic signatures have greatly speeded up the mail.  Routine
correspondence is signed and delivered in a matter of seconds,
eliminating hours, days or even weeks of waiting for a memo in the mail. 
"Basically, this is about trying to get a document through the process
faster," said Carl Saenz, an information systems manager at the New
Mexico installation.  Rain, snow, bad traffic or distance no longer
matter now that signed, authenticated documents can be delivered
electronically, he said. 
http://www.fcw.com/fcw/articles/2001/0903/pol-esigs-09-03-01.asp

Gulf residents gasp for freedom in cyberworld In a land where sex
outside marriage can be punishable by death and women must be fully
covered in public, frustrated men are turning to the Internet.  Beyond
the immediate reach of Saudi Arabia's religious police, the Internet is
the next best thing to sexual freedom found in the West and some Arab
countries.  ``All that you can see (here) of a woman is her face if you
are lucky.  On the net I see all,'' said 24-year-old George, a Lebanese
Christian who declined to give his last name. 
http://www.siliconvalley.com/docs/news/reuters_wire/1453952l.htm


From:  Tony Bartoletti <azb@llnl.gov>
Date:  Wed Sep 5, 2001  6:32 pm
Subject:  RE: [iwar] Is China's Guandong province ground zero for hackers?

... I cannot resist ... :)

At 08:50 AM 9/5/01 -0500, you wrote:
>I agree with some of what Vamosi has stated - The Honourable Rumsfield
>should know better than to display his hoof-in-mouth illness so publicly -

Perhaps he was taking a page from Sun Tsu:  When you are strong, make the 
enemy believe you are weak.

> >From the "Say It Ain't So" Desk:
>
>The EP-3 was working for the NSA (duh)!? And this is supposed to be news?
>To Whom?  Certainly not to the PRC folks...

Gee, I thought it was the Department of Agriculture that conducted foreign 
signals surveillance ...

> >From the "Buy the Farm, But Don't Bet Your Life On It" Department:
>
>Just because it appears to be frustrated hackers doing their own thing
>against the soulless, repressive Western Capitalist pigs doesn't mean it is.
>Seemingly disorganized, disparate groups using diverse methods to harass is
>a very old tactic employed by the USSR (and others, including the US) in
>years past.  It is currently in use by terrorist groups that we all know.
>The spreading of disinformation is an old trick that continues to work well
>- even better with the Internet to help it.  This is once again an example
>of [naive] perception becoming the asymptotic equivalent of reality.

Too much to say on this one.  The observation cuts both ways.  The activity 
in question is so easily accomplished by almost any small ring of dedicated 
code-heads, it could have been Elbonians who developed the virus and 
planted it surreptitiously.


The related article on the GAO report seems particularly provocative.  "... 
is believed to have started at a university in
Guangdong, China."  Without any further elaboration.  Does the GAO maintain 
foreign operatives that ferret out this information?  Was the conclusion 
based upon some kind of firsthand evidence?  Perhaps a leak from a U.S. 
security agency?  Or was the statement simply a reflection of the 
"consensus gut feeling".  Curiously gratuitous offering from a 
congressional report.

> >From the "Trust But Verify" Division:
>
>Re The PRC Government's denial of involvement in Code Red:  How difficult is
>it to flatly deny something you know with certainty can't be conclusively
>proven, especially when you control the source?

Not sure what you mean by "control the source".  I can "flatly deny" 
involvement myself (or, claim to be the actual author, having subsequently 
destroyed all source material.)  What percentage of people who hear this 
proclamation would be in a position to assess its accuracy?

For that matter, suppose both that China "created or endorsed" this virus, 
and knew that it could be "conclusively proven" (to some tiny band of 
highly compartmented analysts.)  What harm would there be in "flatly 
denying" involvement?  Some 99.99% of the audience would have no way to 
appreciate or understand such a "proof of involvement".  What would China 
care about the fact that some tiny number of people know that the denial 
was a falsehood?  Do they get assessed some extra penalty points in the big 
game?

(Man, this iwar/misinformation stuff can make you real cynical ;)

___tony___

Tony Bartoletti 925-422-3881 <azb@llnl.gov>
Information Operations, Warfare and Assurance Center
Lawrence Livermore National Laboratory
Livermore, CA 94551-9900
From:  Fred Cohen <fc@all.net>
Date:  Wed Sep 5, 2001  7:00 pm
Subject:  interesting piece...

Dallas Morning News
September 5, 2001
Study: JSF Deal Worth $137 Billion To Texas Economy
Lockheed victory would create about 20,000 jobs a year
By Katie Fairbank, The Dallas Morning News
FORT WORTH - If Lockheed Martin Corp. wins the competition to build the
Joint Strike Fighter, more than $137 billion would flow through Texas over
the next four decades creating an average of about 20,000 jobs a year, a
study released Tuesday projects. 
The Fort Worth Chamber of Commerce funded the study for an undisclosed
amount to assess the impact if Lockheed wins the richest U.S. military
contract in history for its Fort Worth-based manufacturing plant. 
"This is a project extremely important for the area. It's worth a full-court
press," said Waco economist Dr. Ray Perryman, who prepared the economic
analysis. 
According to the study, a Lockheed win would create thousands of jobs in the
state, both in and outside of the defense industry. 
"In the 1990s, seven microchip plants were built in Texas. If you take those
seven and add them together, you've just about got the size of this
contract," said Dr. Perryman. 
Most of the jobs would be in building pieces of the next-generation fighter
aircraft, but others would be created to support the defense workers by
providing such things as health care services, retail stores and
restaurants. 
The most significant economic benefits would be during the production phase
of the JSF. The impact in a typical year of production is projected to be
$4.16 billion in total spending and 23,607 jobs in a variety of business
sectors, said Dr. Perryman. 
The study helps show what's at stake in the competition between Lockheed
Martin and Boeing Co. for the $200 billion contract. 
"We all know that it means jobs, houses that are purchased and college
educations that are paid for," said U.S. Rep. Kay Granger, R-Fort Worth. 
But even so, the study is unlikely to sit well with decision-makers in the
Department of Defense, said defense analyst Richard Aboulafia of the Teal
Group. 
"It's kind of sad because the Lockheed Martin contender stands on its own
legs. I don't think this [study] enhances it at all - quite the opposite,"
he said. "Economic studies are usually for depressed areas." 
He said the study's only use should be to alert legislators to support the
JSF program overall. 
"If they intervene exclusively on Lockheed Martin's behalf instead of on the
program's behalf, that can only end in tears," he added. 
U.S. Rep. Martin Frost, D-Dallas, said that the study's information was
important to remind people that Lockheed Martin is the "backbone of our
economy." 
"Fort Worth's prosperity was built on the defense industry," he said, "and
the continuing role of Lockheed Martin in sustaining our region's growth
cannot be overstated." 
Currently, about 11,000 employees work at the company's Fort Worth plant.
Lockheed Martin has said that the JSF contract would add about 2,000 net
jobs to its plant workforce over the next couple of years. 
Northrop Grumman Corp., which hopes to build the JSF's center fuselage in El
Segundo, Calif., as a Lockheed team member, will release an estimate on
Thursday of the number of jobs that would be created in California. 
Communities hoping for a Boeing victory aren't likely to do similar job
studies, the company said. 
"We don't plan any," said Chick Ramey, a spokesman for Boeing. "Obviously, a
JSF win would positively impact Seattle and St. Louis and other areas. We
have said in the past that we can't determine a final number of JSF
positions, but currently the estimate based on a winner-take-all scenario is
between 3,000 and 5,000 jobs in St. Louis and approximately 3,000 jobs in
Seattle." 
The decision on who will win the JSF program is expected by late next month.

From:  Fred Cohen <fc@all.net>
Date:  Wed Sep 5, 2001  6:58 pm
Subject:  DMCA effects

Dug Song is a highly respected OpenBSD, OpenSSH programmer, the 
author of Dsniff and numerous security papers including a common 
vulnerability in many firewall applications and servers.

He has censored his own website, citing the DMCA:

http://www.monkey.org/~dugsong/

At this time it is not clear whether the site was taken down under 
pressure from corporations or simply attempting to express feelings
about the DMCA and possibly start a trend whereby security researchers
withhold their own research because they are at risk under the DMCA.

Many people outside of the security industry do not fully understand
that independent security research by people like Dug Song often find
security holes, vulnerabilities and are the driving force toward stronger
software and security practices within corporations. They are the watch
dogs that ensure independent security testing (often, if not always) without
compensation and simply for the challenge and to promote safer, stronger 
software.


From:  Fred Cohen <fc@all.net>
Date:  Wed Sep 5, 2001  10:12 pm
Subject:  How bigger, badder Code Red worms are being built

How bigger, badder Code Red worms are being built 

Robert Vamosi,
Associate Editor,
ZDNet Reviews

http://www.zdnet.com/anchordesk/stories/story/0,10738,2810238,00.html

As I write this, there are two new fast-spreading Internet worms for Windows
users: Apost
<http://www.zdnet.com/products/stories/reviews/0,4161,2810219,00.html>  does
the now-familiar "e-mail itself to everyone" thing we've come to expect from
Windows worms and viruses, except this worm sends multiple copies of itself.
And then there's an updated version of Magistr
<http://www.zdnet.com/products/stories/reviews/0,4161,2810225,00.html> ,
redesigned to infect even more users with its destructive payload. Faster
propagation has been the trend with Win32 viruses and worms, but what if
rapid propagation methods were employed for network-savvy worms such as Code
Red? Well, someone has already given thought to that. 

  
Andy Warhol is famous for saying "In the future, everybody will have 15
minutes of fame." Nicolas Weaver at UC Berkeley has written a paper
<http://www.cs.Berkeley.edu/~nweaver/warhol.html>  proposing that virus
writers constructing some future Code Red-like worm add a list of 10,000 to
50,000 "well connected" Internet servers, then launch the virus. The
advantage, he argues, is that even if only 10 to 20 percent of the servers
are vulnerable to the worm's exploit, that would still be an enormous jump
on Code Red and previous worms. Weavers adds that the initial 10 percent
infection could be achieved in the first minute or so; he then proposes that
his "uberworm" could infect most of the Internet within 15 minutes (hence
the Warhol worm). 

NOT TO BE OUTDONE, the team of Suart Staniford, Gary Grim, and Roelof
Jonkman at Silicon Defense proposed <http://www.silicondefense.com/flash>
an even greater propagation rate: they claim they can infect the Internet in
30 seconds. They argue that a worm writer could scan the Internet in advance
and identify almost all of the vulnerable systems on the Internet before
launching the worm. With a very fast Internet connection (they mention an
OC12 link), they argue even a 48MB address list of vulnerable Internet
address could be sent out in about 4 minutes. 


Jose Nazario, a biochemist by trade who has previously offered valuable
insights on digital worms
<http://www.zdnet.com/anchordesk/stories/story/0,10738,2797739,00.html> ,
points out that neither of these papers take into account the basic elements
of propagation on the Internet. Nazario points to an IBM paper called "How
Topology Affects Population Dynamics
<http://researchweb.watson.ibm.com/antivirus/SciPapers/Kephart/ALIFE3/alife3
.html> ," which looks at lessons learned from biological infections and how,
with an understanding of this model, programmers might better design future
digital organisms (they don't specifically say "worms"). 

Basically, the authors of both the Warhol and Flash worms assumed a very
simple Internet model where every node to be infected is a neighbor of every
other node. The reality is much more complicated. That's what Nazario says
torpedoes the technical merits of both of these studies. 
SO WHY even mention this research? Nicolas Weaver himself posts that he is
leaving his paper up online so that people can understand, with
documentation, what danger there is in a homogenous Internet. Someone will
attempt to do what these authors have proposed, and someone might someday
make a worm that "flashes" the entire Internet with a malicious payload.
Rather than be caught unaware, isn't it better to realize this is out there
and take steps to minimize its impact? 

Weaver proposes that companies use context-sensitive firewalls where only
"that which is not explicitly allowed is forbidden." He further suggests
internal firewalls throughout the company and regular security audits. He
adds, "regular backups are also essential." He further suggests that:
"Homogenous populations, whether in potatoes or computers, are always more
vulnerable to diseases." That's something to remember when implementing one
or multiple types of servers on your network. Just as biodiversity has kept
life going on Earth, mixing up one's operating systems can only strengthen
the Internet
From:  Fred Cohen <fc@all.net>
Date:  Wed Sep 5, 2001  10:18 pm
Subject:  Code Red busting code gets cool reception

Code Red busting code gets cool reception

By John Leyden, The Register, 9/5/2001
http://www.theregister.co.uk/content/56/21496.html

The use of virus-like code that is geared to patching security holes on
vulnerable systems has received the thumbs down by members of the
security community. 
In the wake of the widespread (though at times exaggerated) impact of
the Code Red worm and its variants, white hat hackers have posted
programs on the net which repairs systems and guards against further
infection. 
CodeGreen, which was written by Herbert HexXer, goes as far as
downloading and installing patches from Microsoft on vulnerable systems.
Crclean works in a similar way to Code Green but only spreads itself
onto servers which scan a box onto which it has been installed. 
The idea of "fighting fire with fire" in this way was used before by the
Cheese worm, which fixed a flaw exploited by the Li0n worm on vulnerable
Linux boxes. 
Alex Shipp, senior antivirus technologist at MessageLabs, which scans
its users email for viruses, said whatever the intent behind programs
like Code Green they performed unauthorised changes on a network, which
could cause serious problems. 
Updating systems can go wrong and cause more damage than gets fixed. 
Programs similar to Code Green might actually create other security
holes, said Shipp, who added the best route was for sys admins to
organise a security audit on their own machines. .


From:  Fred Cohen <fc@all.net>
Date:  Thu Sep 6, 2001  3:30 am
Subject:  news

China Web bulletin board closed, students angry One of China's hottest
college Internet bulletin boards has been shut down after students
posted articles about the 1989 Tiananmen Square massacre, officials and
students said Wednesday.  The closure of the bulletin board at the
Huazhong University of Science and Technology in the central city of
Wuhan has triggered an angry response from its tens of thousands of
college-age users. 
http://www.siliconvalley.com/docs/news/tech/033345.htm

British Navy embraces Web for war games The British Navy is taking the
Internet to its heart in its new three-month military manoeuvres in the
Gulf starting next month.  The commanders of the biggest deployment of
ships since the Falklands war will use a secure Net chatroom to discuss
tactics and problems.
http://www.theregister.co.uk/content/6/21483.html

EU approves recommendations to counter Echelon spy network An alleged
worldwide spy network dubbed Echelon and led by the United States does
exist -- and European nations should set up an encryption system to
guard against it, the European Parliament said Wednesday.  The European
Union assembly voted 367 to 159, with 34 abstentions, to adopt 44
recommendations on how to counter Echelon. 
http://www.siliconvalley.com/docs/news/tech/027758.htm
http://www.newsbytes.com/news/01/169770.html
Next message: e.r.: "Re: [iwar] How bigger, badder Code Red worms are being built"
Previous message: Fred Cohen: "[iwar] More news"
In reply to: Brian McWilliams: "Re: [iwar] Is China's Guandong province ground zero for hackers?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:40 PDT