-Caveat Lector- http://www.securityfocus.com Cyber terror in the Air Ancestral voices are prophesizing infowar again, and netizens may be falling for it. By Kevin Poulsen June 30, 2001 11:00 PM PT According to a study released last week, seventy-five percent of Internet users around the world now believe in cyber terrorism-the theory that terrorists will soon inflict massive casualties on innocent lives by attacking corporate and governmental computer networks. Now, if only we could get the terrorists to buy it. The survey, conducted in 19 major cities around the world by Euro RSCG Worldwide, an advertising agency network, found that 45% of respondents agreed completely that "computer terrorism (against corporations and governments) will be a growing problem." And another 35% agreed somewhat. I have to admit, I have some doubts about the survey. The vague phrase "will be a growing problem" leaves a lot of wiggle room -- the problem certainly can't shrink much, hovering as it is at zero cyber terrorist incidents per year. And the study also found that netizens' greatest technology-related fear is "the fusion of humans and computers," with one-in-four worried that "computers will grow too powerful for people to control." If you do your polling at a Terminator film festival you'll come up with all sorts of screwy answers. But statistics aside, there's no doubt that cyber terror, and its nation-state equivalent, infowar, is in the zeitgeist. Witness the feverish, panting diatribes on the subject that have muscled into mainstream forums in the last two months. The influential journal Foreign Affairs lent space to a silly rant by iDefense's James Adams about hackers blacking out cities and killing emergency 911 systems "with a couple of keystrokes." His point, after a few mischaracterizations of recent events and liberal use of apocalyptic imagery, is that the U.S. Defense Department needs to be placed in charge of protecting all U.S. networks from cyber attack. Cooler heads might wonder if the Pentagon shouldn't get the hang of securing its own computers first. Meanwhile, no less an authority than The New Yorker assured us in May that "sophisticated terrorists... now have the ability to crash satellite systems, to wage economic warfare by unplugging the Federal Reserve system from Wall Street, even to disrupt the movements of ships at sea." Finally, the cyber terror hype reached breakfast tables around America with Andrea Stone's June 19th article in USA Today, titled 'Cyberspace: The next battlefield'. "[A]n adversary could use ... viruses to launch a digital blitzkrieg against the United States. It might send a worm to shut down the electric grid in Chicago and air-traffic-control operations in Atlanta, a logic bomb to open the floodgates of the Hoover Dam and a sniffer to gain access to the funds-transfer networks of the Federal Reserve," writes Stone. There is a virus at work here, but it's not the troublesome W32-ShutDownAllPowerInChicago.worm. It's a misinformation virus, and credulous publishers are playing the role of Microsoft Outlook. Part of the problem is that no one has a vested interest in debunking the myth of the information apocalypse. A little doom-saying doesn't hurt the computer security industry, the Defense Department could always use a little extra cash from Congress, hackers enjoy their image as dangerous terrorists whose very fingertips are deadly weapons, and journalists like writing things like "digital blitzkrieg" and "information apocalypse." Adding to the mess, some defense planners actually believe this stuff. Hidden behind language like "asymmetric warfare" is a textbook demonstration of fallacy from a Logic 101 course: 1. Computers can be disrupted by viruses. 2. The power grid is controlled by computers. 3. Therefore, terrorists and foreign governments can cause massive blackouts with viruses. National security planners see deadly logic bombs raining down on Chicago -- it works that way with real bombs, after all. This is high-level thinking. Really high, where the air is thin and the real nature of cyber attacks isn't visible. A more down to earth 'Electric Power Risk Assessment' conducted by the Clinton White House's National Security Telecommunications Advisory Committee in 1997 found that the power grid was indeed vulnerable to computer intruders. However, "Despite the growing concern about cyberspace attacks, the physical destruction of utility infrastructure elements is still the predominant threat to electric utilities," reads the report. To cause even a brief, regional blackout cyber terrorists would have to find a path to control networks that are usually isolated from the Internet. They would spend time conducting critical node analyses, learn to communicate with remote telemetry systems using proprietary, undocumented protocols, and all the while avoid detection for weeks, or even months, while building and maintaining their access. We'd live in a more peaceful world if terrorists spent their time hunched over PCs looking at hex dumps of SCADA traffic. Sadly, ten years after pundits first predicted an "Electronic Pearl Harbor," terrorists still aren't buying it. They refuse to give up violence in favor of computer hacking. Maybe they don't read USA Today. They still stubbornly swear by explosives. They continue to favor sneak attacks over the kind that can be picked up by intrusion detection systems. They go for the assaults that are effective even if the victims are doing everything right, instead of the kind that exploit buggy software and configuration errors. And they prefer loss of life over loss of electrical power. They probably don't believe in cyborgs either. ---------------- Kevin Poulsen is editorial director at SecurityFocus.com. He is based in Washington D.C. <A HREF="http://www.ctrl.org/">www.ctrl.org</A> DECLARATION & DISCLAIMER ========== CTRL is a discussion & informational exchange list. Proselytizing propagandic screeds are unwelcomed. Substance—not soap-boxing—please! These are sordid matters and 'conspiracy theory'—with its many half-truths, mis- directions and outright frauds—is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRLgives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://peach.ease.lsoft.com/archives/ctrl.html <A HREF="http://peach.ease.lsoft.com/archives/ctrl.html">Archives of [EMAIL PROTECTED]</A> http:[EMAIL PROTECTED]/ <A HREF="http:[EMAIL PROTECTED]/">ctrl</A> ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om