[iwar] [fc:Doubt.cast.on.al.Qaeda's.cyber.skills]

From: Fred Cohen (fc@all.net)
Date: 2002-08-08 08:14:25


Return-Path: <sentto-279987-5142-1028819648-fc=all.net@returns.groups.yahoo.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Thu, 08 Aug 2002 08:16:07 -0700 (PDT)
Received: (qmail 24055 invoked by uid 510); 8 Aug 2002 15:12:50 -0000
Received: from n25.grp.scd.yahoo.com (66.218.66.81) by all.net with SMTP; 8 Aug 2002 15:12:50 -0000
X-eGroups-Return: sentto-279987-5142-1028819648-fc=all.net@returns.groups.yahoo.com
Received: from [66.218.66.94] by n25.grp.scd.yahoo.com with NNFMP; 08 Aug 2002 15:14:08 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_0_7_4); 8 Aug 2002 15:14:07 -0000
Received: (qmail 2696 invoked from network); 8 Aug 2002 15:14:07 -0000
Received: from unknown (66.218.66.216) by m1.grp.scd.yahoo.com with QMQP; 8 Aug 2002 15:14:07 -0000
Received: from unknown (HELO red.all.net) (12.232.72.152) by mta1.grp.scd.yahoo.com with SMTP; 8 Aug 2002 15:14:07 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g78FEPf17739 for iwar@onelist.com; Thu, 8 Aug 2002 08:14:25 -0700
Message-Id: <200208081514.g78FEPf17739@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Thu, 8 Aug 2002 08:14:25 -0700 (PDT)
Subject: [iwar] [fc:Doubt.cast.on.al.Qaeda's.cyber.skills]
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, hits=0.1 required=5.0 tests=PORN_10,DIFFERENT_REPLY_TO version=2.20
X-Spam-Level: 

Doubt cast on al Qaeda's cyber skills

By LISA HOFFMAN
Scripps Howard News Service
August 07, 2002

- Are we in danger of an al Qaeda cyber attack?

Ask government officials that question, and the answer is likely to be yes, sooner 
rather than later. House terrorism panel chairman Lamar Smith, for instance, recently 
predicted there is a "50 percent" chance the next al Qaeda attack against America 
will involve potentially devastating Internet sabotage.

But ask many computer security and intelligence experts, and the answer is decidedly 
different.

These analysts and consultants contend that scant evidence exists that Osama bin 
Laden's terrorist network is capable of conducting such an attack or is even much 
inclined to try. In fact, they say, al Qaeda has so far demonstrated it is a largely 
low-tech operation that has used the Internet and telecommunications in simple, rudimentary 
ways.

"Basically, they're just a bunch of Gomers," said John Pike a military and high-tech 
analyst at Globalsecurity.org, referring to the hayseed Marine in the old "Gomer 
Pyle" TV show. "I don't think there is any documented evidence of a well-developed 
interest or capability in this area."

That's not the message emanating from the Bush administration's cyber cops or many 
on Capitol Hill, who speak darkly of an electronic "Pearl Harbor" awaiting America 
around the corner.

In that scenario, al Qaeda terrorists would use computer networks to sabotage the 
nation's financial, transportation, communications or other such infrastructures, 
either in an electronic assault alone or in concert with a bomb or other act of physical 
violence.

The digital debacle that would result could shut down Wall Street, banks and the 
nation's air traffic control system; decimate the electrical power grid; and even 
cause dams to unleash torrents of water. The damage could amount to billions of dollars 
and result in general panic, this theory contends.

Al Qaeda computers seized in Afghanistan and cyber sleuthing by U.S. agents showed 
that users had collected information on dams and "dirty" nuclear bombs, and had explored 
all sorts of U.S. infrastructure-related sites.

Members of al Qaeda established Web sites they apparently employ to communicate 
with one another and are believed to have used encryption methods to disguise messages 
in pornographic sites.

But skeptics of al Qaeda's computer smarts contend that no indication exists that 
the terrorists were doing anything but run-of-the-mill Internet research, accessing 
mostly innocuous information openly available online. Their technological knowledge 
was so limited that it wasn't until last year that they learned cell phone conversations 
could be intercepted and public Internet terminals in libraries, for instance, could 
also e-mail.

"It doesn't seem technical skills have been any priority" for al Qaeda, said Jim 
Melnick, director of threat intelligence for iDefense, a security intelligence services 
firm.

Of course, al Qaeda could ally with others who do have such capabilities, even using 
hired guns to do its cyber-dirty work. But, these experts say, the very nature of 
a cyber attack - which would occur out-of-sight without the horrific visual impact 
the Sept. 11 airliner crashes brought - wouldn't suit bin Laden's main goal, which 
is spreading fear.

"The guy wants to kill humans, not hard disks," said Rob Rosenberger of VMyths.com, 
a Web site dedicated to countering "computer security hysteria." "It is not in al 
Qaeda's best interest to attack us over the Internet."

Marcus Ranum, a computer security whiz in Baltimore who has watched over networks 
for the White House, said the nation is right to be concerned about cyber attacks 
but must keep the threat in perspective.

While in 20 years cyber warfare could pose a substantial danger, for now no one 
should lose much sleep over it. "There's a potential for headaches. That's about 
it," Ranum said of the current threat.

Aside from needless worry, an unrealistic assessment of al Qaeda's capability also 
can result in curtailed civil liberty protections and greater government intrusion, 
experts say.

"We should not be in a panic. What we have to do is move forward smartly and in 
an organized way to plug the (security) holes, with government and private industry 
working together," iDefense's Melnick said.

------------------------ Yahoo! Groups Sponsor ---------------------~-->
4 DVDs Free +s&p Join Now
http://us.click.yahoo.com/pt6YBB/NXiEAA/Ey.GAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2002-10-01 06:44:32 PDT