Stupidity: A Real Cyberthreat.
[subject change since this is a change of subject, was Re: The Backhoe: A Real Cyberthreat?] The biggest threat to Cyber security is stupidity, followed only by indifference. Period. There. Someone was bound to say it, so I said it first. Now, in an attempt to get my NANOG Header to Content size ratio to 1, I'll rant on a little for your entertainment, enjoyment, annoyance, or hatred. :-) Terrorists want to kill people. Did anyone die when those two fibers were cut? Did it cripple the US Economy? Did it close the stock markets? When the markets opened the next day, did stock prices fall across the board for weeks and months on end? Not exactly. Will people put bumper stickers on their cars that say Remember 1/9? or Remember Buckeye and Reno Junction No. Not one person will do that. [most] Religious extremists tend to site religious verses saying things along the lines of it being acceptable to kill those who do not belive or who oppose their religion. [just like Christianity during the crusades] I'm pretty sure there's nothing in the Koran that says anything about taking away their internet and cell phones, and knocking out their power. [so they can live like we do] This is something that the DHS knows, but doesn't want to admit too loudly. Why? Because it's easy to say We're doing more to prevent cyber attacks. See? We took away the fiber maps! We accomplished something! This is bound to help out! [now give us more money so we can afford to do more things like that] They say that, to throw us [the public, and Congress that pays for their department to exist] a bone every now and again. It's nearly impossible for them to say you're safer today than you were yesterday! Well, they could say it, but it would be laughed at by the majority of the population. [more so than they are now] How are they supposed to calm people's fears? With a statement like: See? You aren't being attacked by terrorists today! We must be doing our job! The graphic in the Wired story from FortiusOne showing fiber optic backbones and how they clump also shows just how many other fiber routes exist. It also shows where terrorists should go looking for fiber to cut. Look at THAT map. Go look for, and follow the signs. Failing that, make a few phone calls, and have the stuff marked so it can be found to cut it. It's really that easy. But why even do that? We already cut enough of it without any help from terrorists. Just in case no one was paying attention, the score is: Lack of information + guy on backhoe = 675,000 cuts per year: Terrorists = ZERO. It's up to carriers to either diversify or feel the wrath of the backhoe. Fortunately [for carriers that have an outage] and unfortunately [for long term reliability], the general population is forgiving and forgetful enough that when outages do occur and their life is back to 'normal' they just don't care enough to want to pay higher prices for that extra infrastructure. The part that wasn't mentioned, is something I'm most interested in. How much did the outage cost Sprint? And is it worthwhile for them to use install or lease different fiber routes to prevent that type of revenue loss in the future? [My guess would be No] Marketing will make up for lost customers, and trying to convince people to forget that it ever happened, and rate increases and/or insurance will make up for any lost revenue. -Jerry
Re: Stupidity: A Real Cyberthreat.
On 1/19/06, Jerry Pasker [EMAIL PROTECTED] wrote: Terrorists want to kill people. Did anyone die when those two fibers were cut? Did it cripple the US Economy? Did it close the stock markets? When the markets opened the next day, did stock prices fall across the board for weeks and months on end? Not exactly. Will people put bumper stickers on their cars that say Remember 1/9? or Remember Buckeye and Reno Junction No. Not one person will do that. You are oversimplifying things here Why was the World Trade Center chosen (twice) to attack it is an economic target. All wars are economic, including drug wars and terror wars... what was the COST of 9/11??? A hell of a lot: http://www.ccc.nps.navy.mil/si/aug02/homeland.asp that? We already cut enough of it without any help from terrorists. Just in case no one was paying attention, the score is: Lack of information + guy on backhoe = 675,000 cuts per year: Terrorists = ZERO. Consider the economic impact of cutting a significant portion of the cross-country fiber capacity in such a way that it is very difficult and time-consuming to repair (let's say, shaped-charges along the two fiber routes every 1 mile or so for 50 miles, in remote terrain), in combination with ambush and execution of the work crews sent out to repair the damage, in combination with a similar types of attacks on major cable landing points in the US. And while you are at it, a truck bomb at 8:30 am Monday morning outside Wall Street. What about an attack that specifically targetted SFTI? http://sfti.siac.com/ How much more critical does this get when you consider that NYSE is going to all-electronic trading in the near future? The IRA carried out very effective economic bombing campaigns in London... is Al-Queda (or a hostile foreign government, say Syria) any less-capable?
Re: Stupidity: A Real Cyberthreat.
The purpose of terrorism is to create widespread _terror_ (the hint is in the word). On Thu, 19 Jan 2006 12:00:28 -0700 A Satisfied Mind [EMAIL PROTECTED] wrote: On 1/19/06, Jerry Pasker [EMAIL PROTECTED] wrote: You are oversimplifying things here Why was the World Trade Center chosen (twice) to attack it is an economic target. All wars are economic, including drug wars and terror wars... what was the COST of 9/11??? A hell of a lot: http://www.ccc.nps.navy.mil/si/aug02/homeland.asp Was the terror caused by 9/11 because of the economic impact, or because 3000 innocent people died in such a terrible and unexpected manner ? If the goal was lets get those Amercians and the grand financial institutions, Fort Knox might have been a better target for the terrorists. I strongly recommend reading the book I quote below, which deals exactly with this topic. -- Sheep are slow and tasty, and therefore must remain constantly alert. - Bruce Schneier, Beyond Fear
Re: Stupidity: A Real Cyberthreat.
On 1/19/06, Mark Smith [EMAIL PROTECTED] wrote: The purpose of terrorism is to create widespread _terror_ (the hint is in the word). And what is terror? Warfare What is War? (from Von Clausewitz's Om Kriege) War is fighting and operates in a peculiar element -- danger. But war is served by many activities quite different from it, all of which concern the maintenance of the fighting forces. These preparatory activities are excluded from the narrower meaning of the art of war -- the actual conduct of war, because they are concerned only with the creation, training, and maintenance of the fighting forces. The theory of war proper, on the other hand, is concerned with the use of these means, once they have been developed, for the purposes of the war. How do we defeat our enemy? (again, Von Clausewitz) - The acts we consider most important for the defeat of the enemy are . . --- Destruction of his army, if it is at all significant --- Seizure of his capital if it is not only the center of administration but also that of social, professional, and political activity --- Delivery of an effective blow against his principal ally if that ally is more powerful than he. I'd say economic attacks fall under #2. I'd further venture that if 9/11 happened in say, Tonopah, NV, there would not have been $XXX B damage as a result of direct and indirect costs... and further, there would have been (far) less of an uproar and DHS-type activity increase. What is worse for destruction of the US? Crippling the economy or killing +/-3000 people? Was WW2 Germany defeated economically or head-to-head, mano-y-mano in Europe? Was the Confederacy defeated by systematically winning most land-enagements? I submit that: * there is a significant reason that WTC was targeted twice * this is not the first or last time economics means have been employed in terror campaigns * every war ever, since the beginning of time, is was and will be rooted in economics, and all other reasons given for war are BS. * economic targets (supplies, infrastructure, shipping terminals, communications, railroads) do far more to defeat an enemy than killing some civilians... as a terrorist, great, an added bonus, you got so infidels too!!! I suspect that various entities will shortly start bitching about operational content here, so... Operations related, I think it *is* important to know, and conduct war-games (you *.gov types) which include multi-vector attacks, in which terrorists think and operate a coordinated manner that say, a few Special Forces A-teams would, if they were given the same mission... inflict as much economic and political damage as possible with 40 people and a million dollar budget. I think this definitely includes having access to the positions of these communications lines. I think that public access to the locations of these communications lines would have the end result of a far more fault-resilient infrastructure.
Re: Stupidity: A Real Cyberthreat.
On Thu, 19 Jan 2006 14:17:35 -0700 A Satisfied Mind [EMAIL PROTECTED] wrote: On 1/19/06, Mark Smith [EMAIL PROTECTED] wrote: The purpose of terrorism is to create widespread _terror_ (the hint is in the word). And what is terror? Warfare War is certainly terrible, although it isn't necessarily terrifying if you aren't there : http://dictionary.cambridge.org/define.asp?key=82098dict=CALD 1 [C or U] (violent action which causes) extreme fear: They fled from the city in terror. There was sheer/abject terror in her eyes when he came back into the room. Lots of people have a terror of spiders. What he said struck terror in my heart (= made me very frightened). The separatists started a campaign of terror (= violent action causing fear) to get independence. Heights have/hold no terrors for me (= do not frighten me). This is so way off topic for nanog that I'm going to stop here. -- Sheep are slow and tasty, and therefore must remain constantly alert. - Bruce Schneier, Beyond Fear
Re: Stupidity: A Real Cyberthreat.
First of all: the IRA carried out very successful systems attacks on the City of London, and also on major transport systems - motorway viaducts, railway stations and signalling centers, airport terminals - both in kinetic (real, actual bombs) and nonkinetic (hoax calls) modes. All of these were practically speaking pre-Internet. All right, this is NANOG. Yes, some of you were chatting over the thing about who you wanted to fuck at Berkeley in 1973. For economically and practically real-existing purposes in the UK, 1996 was pre-Internet. I'm sorry, I'm not in the master race. The IRA 1990s London offensive was intended specifically to inflict economic costs and political disruption without serious casualties, as the IRA was in negotiations with government at the time. After John Major kicked over the negotiations in order that the DUP would keep his government in power, they wanted to put a fire to his balls without appearing uncivilised enough to cause a hate-wave among the public. Hence the sysdisrupts. One thing they did not do was attack telecommunication targets. I still have no idea why. In the UK they are normally quite obvious. Beware..
