Re: [iwar] et all - some comments

...
> 'Cyber terrorism': Don't believe the hype says Gartner

Gartner also recently said that "Intrusion Detection is Dead" - they
are prone to hyperbole.

> Posted Thursday, November 13, 2003 - 5:35pm by
> <mailto:kirkhope@terrorism.com>kirkhope
> Theory and reality are distant relations.... Gartner's information security
> and risk research director has dismissed cyber-terrorism as a "theory". The
> comments came during a media round-table session at the Gartner Symposium
> and IT Expo, which began today in Sydney, Australia. The director, Rich
> Mogull, told journalists that despite the incidence of high profile digital
> attacks, cyber terrorism is a phenomenon that has never occurred.

Of course depending on how you define it this may be more or less true.
We have not seen a terrorist attack that blew up a building using
information technology as the weapon yet, but we likely will not see
such a thing for the forseeable future. On the other hand, terrorist
groups use information technology a great deal. This includes a lot of
different things.

http://all.net/
        => Managing Network Security
                => May, 2002 - Terrorism and Cyberspace

I quote from it:

What Terrorists do in Cyberspace

So if we are going to look out for the cyber terrorists, it will
probably be helpful to know what to look for. I cannot tell you what
will happen in the future. If I knew, I would probably keep it to
myself anyway. So all I can really do is tell you about the past.
Recent history shows that terrorists do the following things in
cyberspace:

Planning: Information technology is used to plan terrorist operations.
This generally includes intelligence gathering, analysis, coordination
of personnel and equipment, and other aspects of operations. If you
encounter a planning process or system, contact local authorities right
away - do not pass go - do not go through normal corporate processes to
avoid potential liabilities or anything like that. If a terrorist
detects that you have detected their planning system, you will probably
be killed as soon as possible, so don't wait around. They will also
move on and others will get killed unless they are stopped, so be quick
about it.

Finance: Information technology is one of the keys in the financial
system of terrorist organizations. They use information system to get
funding, track books, move money around, coordinate financial actions,
and make purchases. Funding often goes through so-called charitable
donations, through computer crimes like credit card theft, through
solicitations of any sort, and naturally, through the drug trade. The
drug trade is facilitated by information technology in the money
laundering and funds transfer arenas as well as acting as a
communications media for the sales and delivery process. As with
planning, detected systems and networks should be reported to law
enforcement, in this case at the federal level. The risk to life tends
to be lower in the finance arena than in the planning or operations
arena and these systems tend to persist longer and be more deeply
embedded in communities. In cases involving computer crimes, it is
important to report to authorities so they can coordinate the actions of
groups across many small activities to see the bigger picture.

Coordination and operations: Many activities are coordinated through
information technology. This ranges from the transmission of 'go'
signals for coordinated starts of operations, to synchronization of
global activities, to arrangements to meet incoming shipments, to
digital versions of dead drops. The convenience of information
technology on a global scale makes it ideal for small groups to act on a
globally coordinated basis with relative safety through encryption and
steganographic technologies combined with anonymity. Information
technology in the form of radios, telephones, and pagers, is used as an
operational tool all the time. Computers are also used in real-time for
activities ranging from checking identities to determine who to keep in
a kidnap operation to satellite links for tracking ongoing operations
via the media. With increasing frequency, information systems are being
exploited to facilitate operations or as the objective of an operation.
If you encounter a computer used in terrorist coordination or
operations, you should immediately call the authorities. Chances are
you will not be close enough to a real terrorist to get killed right
away, but just in case, do it sooner rather than later.

Political Action: One of the key efforts or terrorist groups is the use
of information technology to gain political action and attention. This
ranges from high profile web sites that urge supporters to contact their
congress-people to sites that give detailed instructions on how to hold
protests for maximum media effect. These sites are legal, as long as
they are created in a legal manner. They are interesting to read
because they clearly show that these organizations are oriented toward
media attention and that most if not all of the street protests and
similar activities are not spontaneous - they are planned media events.

Propaganda: Many web sites are used by terrorist organizations as part
of their propaganda machines. These sites actively promote the ideals
of the movements, provide selected facts and lots of misleading
statements, include pictures that are identified as one thing when they
are in fact something else, and so forth. They include smear campaigns,
pictures of blown up bodies, ancient propaganda as the basis for current
propaganda, and so forth. For the most part, these sites are legal and
designed to support current and future membership by providing support
for their pre-existing notions and giving them 'facts' to back up their
beliefs. The vast majority of the information is not directly false,
but is clearly slanted. You should probably block these sites from
corporate access or identify those within the organization that go there
often from work.

While there are some other ways that terrorist groups might use
information technology, the vast majority of activities to date have
been in the areas described above. There have been outliers - ranging
from the use of a chat room by a Palestinian group to lure and kill an
Israeli teenager - to the attempts to break into US energy companies by
middle Eastern groups - to the sale of software to run police systems by
the Aum Shinrikyo group in Japan - to the exploitation of laser-based
remote bomb controls by the IRA. Obviously, if you encounter anything
like this you would want to report it to federal authorities right away.

> "The goal
> of terrorism is to change society through the use of force or violence,
> resulting in fear," he explained. "I want to put this cyber terrorism thing
> to rest. It's a theory, it's not a fact." Even though there were examples
> of attacks that have physical consequences - they could not be described as
> terrorist acts, Mogull explained. To a large extent it comes down to
> motive, he said.

If you define it away that does not change the fact that organized
groups use information technology to achieve their goals.

...

> Oh By the Way - When was the last time any of us thanked Fred for running
> the list?

You are welcome - but the best way to thank me is by posting interesting
articles. My lack of participation lately has been largely because I am
very occupied and because of a lack of funding in this area. The lack of
funding does't stop me but it does prevent me from spending enough time
to make as much of a difference.

FC
-- This communication is confidential to the parties it is intended to serve --
Fred Cohen - http://all.net/ - fc@all.net - fc@unhca.com - tel/fax: 925-454-0171
Fred Cohen & Associates - University of New Haven - Security Posture

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Buy Ink Cartridges or Refill Kits for your HP, Epson, Canon or Lexmark
Printer at MyInks.com. Free s/h on orders $50 or more to the US & Canada.
http://www.c1tracking.com/l.asp?cid=5511
http://us.click.yahoo.com/mOAaAA/3exGAA/qnsNAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
Received on Thu Nov 27 08:03:09 2003