CyberTerrorism - Reality or FUD? 358
Random Utinni writes "The director of the U.S. Cyber Consequences Unit (part of Homeland Security) claims that terrorist hackers are poised to create total chaos. He predicts all sorts of scenarios, from changing the formulae for medications to causing cars to explode after a few weeks of driving. Is this guy fearmongering for an increased budget, or is he on to something here?"
TERRORISM IS FUD PERIOD (Score:3, Insightful)
Oh please... (Score:4, Insightful)
Attacks on SCADA systems?
Who puts their vital power infrastructure controls online anyway?
I cry FUD, and let slip the dogs of mainstream media.
Really... more sabotage than TERROR, isn't it? (Score:5, Insightful)
Most acts that they're looking at would be one time things, and isolated/restricted in nature. (Also making it easy to identify/avoid/fix.) I can't see that something like this would actually cause terror.
Again, CyberSabotage. Nothing more.
It's FUD (Score:5, Insightful)
My question... (Score:5, Insightful)
From TFA:
"Chatter on Scada attacks is increasing," says Borg, referring to patterns of behaviour that suggest that criminal gangs and militant groups are now fully capable of unleashing such attacks.
Then especially in the case of terrorists, WHY THE HELL HAVEN'T THEY DONE IT YET? If one of them had a shot at bombing the White House tomorrow, do you think he'd say "Eh...no, I'd rather wait until next week and hope they don't improve security by then."
This is not fearmongering for money. This is fearmongering for POWER-and the power they're going to shoot for is the power to control the Internet.
What a hell of an ironic name for that guy, Borg. I think that might tell us about everything we need to know.
Fearmongering for an increased budget (Score:5, Insightful)
Re:Really... more sabotage than TERROR, isn't it? (Score:2, Insightful)
Why the hell... (Score:5, Insightful)
Am I the only one who is thinking? Why the hell are these things connected to the Internet then? And if its an absolute must why not setup the companies using a system like the US Governments's SIPRNet [wikipedia.org]
Re:Chicken Littles? (Score:5, Insightful)
I saw some testing of systems in '95, I can tell you for a fact that they would have failed in some very spectacular ways.
It's like knowing there is going to be a tidle wave on a specific time. Then building a huge wall to prevent it. Then when the wave comes and the wall prevents people from dying people say "That wasn't so bad, we shouldn't have built the wall"
SCADA with backend windows machines (Score:3, Insightful)
it just has to have a corrupted windows box attached to it.
Scott Borg? (Score:2, Insightful)
As far as fear mongering, you don't get a $93 million dollar budget for simply recommending that companies follow well established security procedures, including vigilance against social engineering.
Re:Chicken Littles? (Score:3, Insightful)
I get sick and tired of the "Y2K was all nonsense" line of argument. I saw plenty of companies that would have been unable to function without their Y2K upgrades.
Sure, the Hollywood spectacular was never on the cards, but we all knew that right?
Y2K was real. It was a problem. We solved it. Well done to all concerned.
Re:TERRORISM IS FUD PERIOD (Score:5, Insightful)
Power, money, Jesus, hot and cold running hookers.
I think that pretty much covers it.
One of these things is not like the others. One of these things just doesn't belong. . .
KFG
Re:TERRORISM IS FUD PERIOD (Score:5, Insightful)
Try telling that to the families of the 2000+ people that died on 9/11/01.
End of internet (and world) predicted. Film at 11 (Score:5, Insightful)
And, if they were to do so, what happens? Someone announces a recall and a bunch of people take their cars to the dealerships.
Hell, why not do it the cheap way: wait until there is an accident, and just announce that it was done by your super secret ninja terror 31ee7 hax0rs.
Or consider the sources: this guy from the "U.S. Cyber Consequences Unit" --- with their empty website [usccu.us] on a non-government '.us' domain.
Remember, kids, only a few years ago, the world didn't need computers to run. Chemical plants and other control systems have failsafes and safety valves and emergency shutdowns; people survive power blackouts, even if the birth rate does go up; we still have analog radios and mechanical water valves.
On the other hand --- here's some guy with a nifty-sounding name on a web-site, and Richard Clarke, who has been making a living from running around with his hair on fire ever since he said cyber-terror was a bigger threat than al Qaeda. Get a little attention, and people will start taking their calls again; maybe the USCCA" can even hire someone to make a web site.
Who benefits from this story?
Well, someone certainly messed up his prescription (Score:3, Insightful)
There are serious cyber threats, though, denial-of-service attacks, attacks on online trading systems,... But that was probably not as dramatic as exploding cars.
boxcutters people (Score:3, Insightful)
so let's loose the technophilia when addressing terrorism
it's the low tech/ no tech exploits that should be our focus
Re:TERRORISM IS FUD PERIOD (Score:5, Insightful)
~2k from 9/11 + 2.5k in Iraq(Which seems silly but we can add them in if you want...) / 6 = ~750 / year.
So my annual risk from TERRORISM is about 250,000,000 / 750 US deaths / year or so my risk is around 1 in 333,333 per year.
Let's compare that to:
"Normal" Homicide which kills over 20,000 people in the US every year. Which means I am 27 times as likely to be killed by someone in the US vs. a foreign TERRORIST.
Motor Vehicle Crashes: 26,000+ US deaths / year aka 35x as likely to kill me vs. Al Qaeda, yet I still drive.
Poor Diet and Physical Inactivity: 365,000 US deaths / year aka 467x as likely to kill me which is why I work out and try to keep a healthy diet.
Yet we are spending how much to fight TERRORISM?
Re:TERRORISM IS FUD PERIOD (Score:4, Insightful)
I was responding to the statement that "terrorism is fud period". For people that lost relatives in the terrorist attacks, it's more than just FUD period. I said nothing about taking freedoms away, etc. I wasn't even responding to the article.
And you are just as guilty as our President for spreading your idiotic rhetoric.
I said nothing about politics. You as a human should be able to see that the previous post was extremely insensative and just plain old not true. Terrorism is more than FUD. If it were just FUD, no one would have died. Even if you hate Bush, etc....you should really think about what you say.
Its too late, get freaking over it.
Forget about politics for a minute and just think about what you're saying. It's too late, [your family member is dead], get freaking over it. I'm not trying to justify any policies, etc. I'm just pointing out that terrorism is real. I'm sorry that it's an inconvenient fact, but the truth is the truth.
Wolf, Wolf, not Chicken Little (Score:5, Insightful)
Cindy Sheehan was really effective against Bush for a while because she's a strong family-protection figure who made it clear that Bush had endangered her family rather than protecting it. And Katrina was even more effective, because it demonstrated that Bush wasn't decisive, or strong, or competent, when faced with an actual threat that he couldn't control but could have responded to. Osama bin Laden was just fine - if you're crying Wolf Wolf and a real Wolf shows up on occasion, that demonstrates that your strong leadership is needed just like you said.
Re:TERRORISM IS FUD PERIOD (Score:-1, Insightful)
Try telling that to the families of the 2000+ people that died on 9/11/01.
http://www.alcoholalert.com/drunk-driving-statist
Thats tens of thousands deaths every year. Do you think that would justify orwellian laws for drivers?
Homeland Security Knows Nothing (Score:3, Insightful)
I attended a cyber security thing once put on by these guys. It was completely worthless. When I say completely worthless I'm talking screendoor on a submarine worthless.
A scenario: "Half of your computers on the network are infected by a virus, it is tying up your internet bandwidth trying to spread itself, what do you do? what...do...you...do?"
Ok, for 1 if you're worth a damn you don't open port 25 outbound to client PCs anyway and proxy most internet traffic. The only outbound ports are for legacy systems with dedicated IPs. Second, say you do notice your bandwidth is consumed by something. Sniff the port, and close the firewall rule for said traffic until you have the info to take further action. Implicit deny anyone?
Their scenario was geared toward the morons of the IT industry who might truly be perplexed by such a situation, but I found it laughable.
That wasn't the totally useless part. The exercise as it was to be performed: IT provides the info on systems we are running and possible vulnerabilities. They come up with semi-plausable scenarios to exploit them. But in this event the EOC is fake-active and public safety officials are in a paper simulation of cyber attacks going on in their network. Notably, the analog radio system at the core is not mentioned.
For every problem the solution would be to call IT. IT isn't even part of the exercise. Our fire chief who knows fire and fire personnel management inside and out, doesn't know the difference between PCL6 and PostScript. Nor would anyone in their right mind ask him to write an ACL for cisco equipment much less give him enable priviledges. Not that he would ask for them, he knows better. He knows that if you have a leaky pipe you call a plumber, not an ambulance.
So the point of the whole exercise it to blow taxpayer money, ensure that public safety knows the numbers of appropriate IT personnel, possibly expose idiotic IT practices, and give public safety guys a little more FUD stress they could do without.
Have they even simulated what would happen if a local ISP had a truck full of manure driven into it. That could easily take out half a city's internet and probably a few people downstream in a single point of failure. Would it effect first responders? Not at all. They have radios.
I can't imagine many scenarios where cyber terrorism would be life threatening. Possibly have an economic impact, but I bet it would pale in comparison to phishing scams which they can't even police now.
Re:TERRORISM IS FUD PERIOD (Score:5, Insightful)
I'm not saying we shouldn't combat the terrorists, but I'm saying we should remember than their main weapon against us is fear. Contrast that against, say, the Soviets, whose main weapon against us was hydrogen bombs. I'll take the terrorists any day.
Re:How likely was 9/11 until it happened (Score:5, Insightful)
After reading your comment I found that I totally agree with you. He's not fearmongering but the article sure is!
I didn't see a single quote in that article with reference to terrorism. The quotes from those interviewed refered to criminal activities, but the terms "terrorism" and "cyber-terrorism" were thrown in by the jornalist. Why? Does it matter if they're "terrorists" or not? I couldn't care less - the potential consequences are what matters.
The only reason why the reporter uses the word "Terrorist" is because it gets far more attention than the pre 9/11 "Hacker".
My summary and then $.02.... (Score:2, Insightful)
Some number of people say "political fearmongering". But most of them don't provide evidence to the contrary.
Some number of people say "absolutely real". Many of them express similarly unfounded views to the 'political fearmongering' crowd.
Some number of people say "there might be something here, but some of the scenarios are pushing it."
A few people cite personal knowledge/experience with respect to what could be done.
Now here's my $.02.
1. First we get into the discussion that's been around the block about whether or not any specific vulnerabilities on any specific system should be revealed. If you take the side of "no, keep it secret", you're back to the "do I trust this poster?" But some feasible/credible scenarios/examples have been posted, enough to counter the "reject out of hand" responses.
2. That being said, I have heard credible people talk about these kinds of scenarios (particularly with respect to the power grid) for at least 8 years. So I -explicitly reject- those who think this is an out-of-the-blue kind of thing. (I can't say if part of the motivation were political. What I can say is "this is not new...")
3. Certainly -some- computer viruses have the capability to do lots of malicious things to arbitrary computers. If these were targeted to specific machines with specific vulnerabilities (e.g. the LA Freeway signs or the traffic light control system for Manhattan traffic signals), it's easy to see the substantial consequences.
4. If I knew of specific efforts by either good guys or bad guys to do these kinds of things, I -sure as hell- wouldn't be posting here. That being said, I suspect I know people (who I'd consider 'good guys') who are both planning and prototyping 'offensive e-warfare', as well as 'defensive e-warfare'.
5. So my bottom line: Current systems, and not just Windows PCs, probably have substantial unacceptable vulnerabilities. I don't think someone can implement the "WarGames" (movie) scenario, but I do think that the ability to do things like mess with traffic signals or the power grid switching system is real.
The analogy with Y2K is only partly appropriate. There we -knew- when the bad thing could happen, and there was a concerted, very tightly focused effort to prevent it. But some of the scenarios that could have happened with unpatched Y2K software were very well documented and very real.
So as a community we need to consider these kinds of threats, not in the sense of 'fearmongering', but in the sense of "what should be we be doing to (a) prevent, (b) detect, (c) mitigate these kinds of attacks.
dave
Re:TERRORISM IS FUD PERIOD (Score:2, Insightful)
Those rights you think you have are an illusion I'm afraid.
They became nonviable the day some guy called Muhammad said "Now go kill all the infedels".
You see, there are entire nations that are teaching their subjects right from childhood that the west is evil and needs to be cleansed in the name of Allah. These people are setting up little cells in your country right now pretty much just biding time. Go ask at your local mosque how long they think it will be until your wife/partner will be wearing a burqa.
Iran, for example, is now run by a man who claims his role is to quicken the arrival of the muslim messiah, an event which according to the Quaran can only come to pass by means of greatly increased chaos in the world.
Yes people use terrorism to push their own agendas. Yes America is rife with corruption and far from perfect. Yes freedom is important and people must be wary of attempts to subjigate it. But to pretend that people would be better off without any terrorism safeguards is utterly irresponsible beyond stupidity.
Re:It's FUD (Score:2, Insightful)
If you're trying to kill people, computers are currently not the way to do it. Most critical systems are airwalled, and for the ones that aren't, you'll still have to hack nearly blind through a totally unfamiliar system.
It's easy to inconvenience people with cyberattacks, but that's not really terrorism, is it?
Re:Very Real Indeed! (Score:5, Insightful)
Instead they have what they consider a growing problem with domestic terrorists. That's right, their own citizens taking terrorist actions against their government. Except we in America don't consider it terrorism because we don't like the Communist totalitarian rulers of China. So you tell me which is preferable, being hated by extremist members of other countries, or being hated by the general population of your own country. Take your time, I'll wait.
It's an election year (Score:3, Insightful)
Time to terrorize the public again.
Re:TERRORISM IS FUD PERIOD (Score:5, Insightful)
"Really?"
"See any tigers around?"
Re:TERRORISM IS FUD PERIOD (Score:5, Insightful)
The fear of terrorism is real!
The importance given to terrorism and the weight of that fear are unreal (even surreal).
Nobody denies that terrorism exists or that it has affected the lives of several people.
Then again, lightning bolts are real too and they have affected the lives of several people.
Still, governments are hardly curtailing people's liberty to go out on a storm or forcing then to wear a chain-mail suit when doing so.
Yet some people are willing to accept and even agree that, to protect themselfs from terrorism, more and more power should be delivered in the hands of some while at the same time making those that get that power less and less accountable.
How did we, as members of "democratic" societies, managed to get even the twisted caricature of democracy that we have instead of police states if beyond me.
Re:My question... (Score:2, Insightful)
yeah thought so.
Re:TERRORISM IS FUD PERIOD (Score:1, Insightful)
Of course, during the cold war, the Soviet Union was a major counter-example so we didn't do the things they did ("papers please"). Contrast civil liberties under Reagan to what has been lost in just the last 5 years.
Living during the cold war, Americans had more rights, and the threat was being nuked. Today, rights are disappearing at an alarming rate, and there are more countries than ever with nuclear capabilities, including "terrorist" ones like Pakistan. Additionally there is no threat of mutually-assured destruction to prevent an independent group from nuking us, if they can ever get their hands on an actual WMD.
I'll take the Soviets + Civil Rights any day.