Security

Extreme cybercrime: Preparing for the worst

Deb Shinder explains how cyberterrorists seek to disrupt critical systems and spread panic. What does this threat mean to IT pros and how can you train to counter cyberterrorism?

When I was actively working as a police officer on the streets, I tried hard to live by the old saying, "Hope for the best but prepare for the worst." In law enforcement, you deal with the dark side of humanity so often that it's easy to become jaded and cynical. The same thing is true, to an extent, in the field of computer and network security.

Last month, I wrote about how cybercrime has evolved over the years from a frivolous activity somewhat akin to that of graffiti artists, petty thieves, and minor trespassers to a much more serious business that can involve multimillion dollar profits. However, for the most extreme cybercriminals, it's even more serious than that. In fact, it can be a matter of life and death.

Understanding cyberterrorism

When we think of terrorism, most of us think first of terroristic acts motivated by political, religious and/or ethnic ideologies, especially since the events of September 11, 2001. There is, however, no universally agreed-upon definition of the word; it's generally recognized as the use of violence or the threat of violence that's perpetrated not only with the goal of hurting its direct victims, but also with the intent to terrorize (cause a state of fear in) others. In furtherance of this, the terroristic acts are usually not kept covert (although the preparation necessarily is), because the larger the audience, the more fear can be generated and spread.

Terrorists have used computers and the Internet to communicate with one another and coordinate their attacks for quite some time. Cyberterrorism, though, goes beyond using the technology incidentally to the crime, and makes the technology the actual weapon and/or target of the crime.

The objective of cyberterrorism

Cyberterrorists often use viruses, worms and other malware to accomplish their goals, but that doesn't mean every virus writer is a cyberterrorist. What distinguishes the cyberterrorist from a run-of-the-mill virus writer/distributor? The same elements that differentiate a "real world" terrorist from other mass murderers: the motivations, scope and intent of the act. Cyberterrorists employ some of the same tools as profit-motivated criminals and even casual crackers who launch malware attacks "just for fun," but the motivation and intent involve creating fear and panic in a large segment of the population - even if the scope of the actual attack is limited.

To better understand this, consider an example from the "real world." Richard Reid, the infamous "shoe bomber," in December 2001 attempted to detonate explosives he had hidden in his shoes. The attempt failed, but because of the resulting fear, almost ten years later, all airline passengers in the U.S. are still required to remove their shoes and put them through the x-ray scanners. Similarly, a cyber attack doesn't have to do great damage in order for cyberterrorism to accomplish its purpose, so long as it generates widespread fear. Of course, if it does some real damage, so much the better from the cyberterrorist's point of view.

Targets of terrorism

Terrorists, including cyberterrorists, tend to "think big." Because they want to spread fear among a large segment of the population, their acts need to be high profile. One way to do that is by targeting large events, critical systems that affect large numbers of people, or particularly newsworthy individuals. Attractive targets for cyberterrorists include:

  • Computers that control public utility systems such as the electrical grid or the water supply. By bringing down or taking control of such systems, they could cut off service to thousands of people, or even cause explosions that result in injuries or deaths. In the case of nuclear power plants, they could create even more panic by creating a meltdown that results in radiation leakage.
  • Computers used by healthcare professionals in the diagnosis and treatment of patients. Taking over these systems or causing them to fail at a critical time could have dire consequences, up to and including death, for patients who are given the wrong medications or the wrong doses, whose surgeries are disrupted, or who are misdiagnosed and thus given the wrong treatments.
  • Computers that control the transportation system. Our means of getting around today are mostly computer-controlled, from the cars on the streets to the train/subway/public transportation systems to jumbo jets in the skies. And it's not just the vehicles themselves; traffic control devices, air traffic control equipment and such are all computerized. By seizing control of those systems, a terrorist can bring travel to a half, disrupt the productivity of businesses, and even cause motor vehicle accidents that result in property damage, injuries and deaths.
  • Computers used by local, state and federal government agencies, especially in public safety and national defense. From local police departments to the U.S. military, computers are used to organize the functions of government personnel who are directly responsible for protecting the citizenry. By taking down or controlling these systems, terrorists can prevent police, firefighters, military personnel, etc. from doing their jobs, direct them to the wrong locations, send them on "wild goose chases," cause them to take the wrong (and possibly dangerous actions), etc.
  • Computers used by the news media to disseminate information. News agencies - including print reporters, TV and radio news crews and those who use online media -- all use computers in the process of getting the news out to the public. By taking over those systems, terrorists can keep the public in the dark about what's going on or even spread disinformation that could lead to public uprisings or panic in the streets.
  • Computers used for financial transactions. Today's banking, retail and business-to-business transactions are very computer-dependent. From the cashier at the big-box discount store who doesn't know how to make change without the instructions of the computer to the Federal Reserve banks maintaining accounts and payment services for other banks, everything is done electronically. By taking down or controlling those systems, terrorists could bring the entire economic infrastructure to a halt and induce mass hysteria among the population.
  • All electronic devices and components. The doomsday scenario of cyberterrorism is a massive electromagnetic pulse (EMP) that wipes out the circuits of most or all electronic devices. An EMP would simultaneously destroy all unshielded computers, telephone systems, TVs, radios, the electronic components in cars, washing machines, assembly lines, traffic lights, pretty much every machine or device that relies on electronic circuitry. This would have far-reaching catastrophic consequences and it's probable that a significant portion of the population would die from starvation and lack of potable drinking water.

What does it mean to the IT pro?

Protecting against cyberterrorism isn't just the job of the government. If you're responsible for the administration of a network -- whether it's a large enterprise network, a local government network, a small business network or even a home network -- you're on the front lines in the battle against cyberterrorism, whether you realize it or not. You might think that your network wouldn't be an attractive target to a terrorist because it doesn't control critical infrastructure, healthcare equipment/data, major financial transactions or other "important" tasks and information. But even if your network isn't the target, it can be used by cyberterrorists as a weapon.

Although cyberterrorists may strive to make the results of their acts of terrorism well publicized, they also take care to keep the physical origins of those attacks secret. Thus they prefer to seize control of intermediary systems (without the knowledge of the owners of those systems) to do their dirty work so it can't be easily traced back to them. Cyberterrorists can use standard malware distribution techniques (such as email attachments and "drive-by downloads" on websites) to install remote control software on computers and turn them into "zombies" that are part of a huge botnet. The "bot master" can then use these computers to launch DDoS attacks against those more critical targets.

The takeaway here for IT pros is that you need to protect your systems not only from being the target of a cyberterrorist attack, but also from being used to accomplish one. Awareness is the first step. If your network is not adequately secured, you're putting more than just your own systems/your own company at risk. If those systems are connected to the Internet, you have an obligation to take measures to prevent them from being used against others, just as someone who owns a gun has an obligation to keep it out of the hands of children or someone who owns a car has the legal obligation not allow an unlicensed person to drive it.

Steps you can take

The details of securing your systems are beyond the scope of this article, and differ depending on your particular configurations. They include the basics, such as a good multi-factor authentication system with policies requiring strong passwords that must be changed frequently and smart card/token or biometric systems; access controls; encryption technologies to protect data both in storage and in transit, continuous monitoring and reporting of security events; a comprehensive incident response plan; and so forth. Once your security mechanisms are in place, penetration testing is essential to spot the vulnerabilities in your protective mechanisms and plug them.

Education and training

Some are predicting that cyberterrorism expertise may be the key to a successful IT career in the coming years.

Many universities have training programs in counter-cyberterrorism for corporate and government personnel. Many of these programs are funded in full or in part by the federal government. If you work in an area where you're responsible for managing and monitoring systems that control critical infrastructure, the Cyberterrorism Defense Analysis Center (CDAC) offers free Department of Homeland Security (DHS) certified training programs for qualified personnel. You can find out more here: http://www.cyberterrorismcenter.org/

March 29-31, 2011, The Government Security Conference and Expo (GovSec) is being held in Washington, D.C. to help government and law enforcement officials prepare to defend against cyberterrorism.

June 27-29, 2011, IDGA (Institute of Defense and Government Advancement) Cyber Warfare Summit will be held in Washington, D.C. with the objective of "advancing the development of cyber operations."

About

Debra Littlejohn Shinder, MCSE, MVP is a technology consultant, trainer, and writer who has authored a number of books on computer operating systems, networking, and security. Deb is a tech editor, developmental editor, and contributor to over 20 add...

44 comments
ultrasawblade
ultrasawblade

I am tired of the use of the term "cyber" in reference to anything Internet related. It automatically brands the person using it as ignorant, or of a prior, out-of-touch generation.

VytautasB
VytautasB

I respectfully wish to disagree with your emphasis on the word "terrorism". There is very little evidence that "terrorists" are engaging in cyber attacks or cyber warfare. Terorists seem to be mostly using cyber space for recriutment and propaganda purposes. Your article would be perfect, just needs a few words changed to reflect that many of those cyber targets you list may also be targets of interest to the cyber super powers and not just "terrorists" of the Al Queda school. For example while there is no 100 per cent proof available analysis indicates that STUXNET was state a sponsored use of a cyber weapon. Developing and deliveriing STUXNET required a lot of technical skill (even skills of Intelligence services). Is there any evidence that shows that terrorists have high tech computing skills? Attacks disclosed last year on Google and other large corporations point to a particular state or states as being responsible. Again no mention of ''terrorists". This is an important point for if we don't understand who the "enemy" is we will never start getting a handle on solving the problems and addressing the concerns you so eloquently discuss in your article.

jkameleon
jkameleon

> political, religious and/or ethnic ideologies, There is no such thing as religious or ideological motive. There is always money and power, nothing else. Behind every man motivated by religion/ideology, there is an artful, well paid propagandist motivated by money. > There is, however, no universally agreed-upon definition of the word [terrorism] God forbid! Universally agreed-upon definition of terrorism would prevent treating everyone as a terrorist, which is the primary reason why the idiotery around terrorism was started in the first place. > its generally recognized as the use of violence or the threat of violence thats perpetrated not only with the goal of hurting its direct victims, but also with the intent to terrorize (cause a state of fear in) Yeah, that's the purpose of terrorism: To spread fear, hoping that people will sacrifice their liberty for the false sense of security. > Terrorists have used computers and the Internet to communicate with one another and coordinate their attacks for quite some time. [sarkasm on]Indeed. And terrorists also use air to propagate their terrorist messages in the form of accoustic waves which means that air has to be more tightly regulated.[sarkasm off] > What distinguishes the cyberterrorist from a run-of-the-mill virus writer/distributor? State sponsorship. Hint: Stuxnet. > Steps you can take The best way of defeating terrorism is a political initiative to get spies under control. In 1990, such initiative completely and immediately eliminated the "red" terrorist threat, which plagued Europe during the 1980s: http://en.wikisource.org/wiki/European_Parliament_resolution_on_Gladio I think something like this would snuff the global terrorism as well.

santeewelding
santeewelding

Are peeing on a dumb hydrant. Deb does not respond, no matter how well-formed, well-informed, or otherwise strong your arguments. Deb is top-down; one elevated hydrant. She pees on us. I can tell, from her articles in the past, and from her penultimate perambulations this time. For instance, the instance where she tells us about law enforcement being "responsible for protection of the citizenry". [i]Not[/i]. Period. For instance again, when she tells us about "panic in the streets" should news media, news gathering, news analysis, and news publication be compromised. "The street"? Who lives on the street? Do you guys live on the street? I don't live on the street. Deb did; hydrants, gun, and all. Now she doesn't. It all went to your head, Deb. I do not expect that you will respond to this, either.

Neon Samurai
Neon Samurai

This question always comes to mind when I read "cyberterrorism" and normally the "cyber" preface is the first sign that the speaker doesn't understand the topic or has an agenda. (I say usually, I'm not pointign this one at the author directly) My issue with "cyberterrorms" is that it seaks to elevate the criminal act. It romanticizes and sensationalizes the act. Be it by computer network or explosive charge; one is still causing a facility to explode. It's just plain old fashion "terrorism" that happens to invovle or target an information system. If we must specify "cyber-terrorism" will wel also maintain these destinctions? - plane-terrorism - street-terrorism - truck-terrorism - car-terrorism of course, if someone uses an eating utensize, we'll have to then specify fork-terrorism and forbid they target an eating utensile factory forcing us to now specify fork-factory-terrorism. I gotta stick with the experts like Mr Shneier on this topic. neither Crime or Terrorism need the "cyber" preface; it's still the same old thing migrating to the latest medium; nothing new here. Terrorism is enough of a threat. Putting "cyber" on the front just leverages people's fear of technolgy to make it sound more scary without adding any real value. The solution, of course, has also been suggested by experts like Mr Shneier; fix the f'ing technology. Stop accepting shoddy product QA just because it has blinky lights on the front. The problem is not that criminals attempt to breach information systems. The problem is that the continue to do so easily thanks to the crap craftsmanship our "most complicated solution fromt he lowest bidder" culture accepts.

robo_dev
robo_dev

There is cybercrime, there are cyberattacks, and there is cyberwar, but cyberterror is a concept that does not simply consume all these other concepts. Because an attacker breaks into a government site and steals a bunch of data, it's not really a 'terror' attack, nor would there be 'terror' if the computers at CNN were compromised. Even if, let's say, attackers totally hacked and shut down the whole IT infrastructure at the NY Times...would it prevent us from getting the news? No. And what if it was just an accident that caused the outage, like a burst water pipe in their data center....would we all be 'terrorized' by water pipes? An EMP pulse, seriously? There is really only one way to do that...a really huge nuclear blast. If the entire city is a smoking ruin and my skin is blistering from radiation, am I really going to be 'terrorized' by the fact that my iPhone no longer works? With respect to the transportation systems, let's not over-simplify things. My car's engine is computer-controlled, yet the risk of it's OS being controlled by some goat-herder in Hesbakistan is .0000000000001 percent. Air traffic control is dependent upon computers that are not connected to the Internet, and the primary functions are done using one person flying a plane talking to another person telling them where to go. If a bad-guy takes the ATC offline at an airport, the pilots are not just going to crash their planes, they switch to the ATC at another airport. Is a DDOS attack really a terror attack? Were there people running for their lives when Amazon got DDOSed? I think this article could be improved greatly by talking about how IT systems could be exploited in a actual terror attack, not just lumping all sorts of incidents under the fearful and overworn blanket of what we call 'terror'. There are things to be afraid of, to be sure, but there are few things computer-related that can cause actual terror. Part of the definition of 'Terrorism' are acts that incite great fear in the general population. Does it incite terror if a hacker gets into a bank or credit card processor? No. Are those hackers terrorists? Probably not. They are more likely some poor Russian teenagers looking to make some money to spend on alcohol and electronics. For example, how do actual terrorists communicate? Do they use encrypted email? Compromised web servers? Satellite or pre-paid phones? How could IT system exploits be used to help with an actual terror attack? For example, knocking out communications or video surveillance at a critical time? What controls and countermeasures are in place to prevent these actions from being effective?

ebishop
ebishop

What if a simple system was available that would absolutely protect any network-connected system from a toaster to a nuclear reactor? And what if this system would also end the need for anti-virus, anti-Spam, privacy protection and firewalls by making all communications safe and efficient? Would not the economic impact on the companies that sell such protection ???billions of dollars and thousands of jobs lost ??? be a reason to keep such a technology off the market? Is Cyber Security too big to fail?

Con_123456
Con_123456

The attack on November 9 could be accomplished with primitive tools. It was a sophisticated and carefully planned action with the following objectives: 1) To justify the war in Afghanistan (and then make it a heroin superpower # 1). 2) To justify the war in Iraq and get its oil wealth. 3) to justify a war against people like you and me. This war is roofed by USA PATRIOT ACT http://www.911research.wtc7.net/cache/post911/legislation/eff_usapatriotanalysis.html and Domestic Security Enhancement Act http://w2.eff.org/Censorship/Terrorism_militias/patriot-act-II-analysis.php . The same terrorists also form and support terrorist groups in other countries (such as Al Qaeda or Taliban), support drug cartels (to make even more money and induce conflicts and crime), introduce almost all wars in the world including the latest in the Northern Africa (to sell weapons, increase state dependency on them via increased debt and to prepare for new world order which will be single absolute government above all world), introduced economic crisis (to get you rid of our property), killed inconvenient people like JFK and did much more. I am pretty sure that the next major terrorist attack (whether cyber or other) will appear as soon as they will need to improve their control over us, start another war or something similar. Nobody has a chance to anticipate or any way to prevent the enemy has all the trumps.

Alpha_Dog
Alpha_Dog

First of all, I should point out that we are (among other things) an IP holding company. Our security is paramount within our offices and network, but if we lost everything our loss would be only slightly more than financial. There are other sectors where a loss would be much more critical, making them a prime target for cyber terrorism. The lessons we have learned apply though, and I hope these help some. The key to maintaining a secure infrastructure is to limit access, just like traditional physical security. Limit personnel, limit access, limit connections, limit time slots, limit ports, limit sources. Let's look at these: Limit personnel. The less people know about your system, architecture, and security, the better off you are. Security by obscurity is not a sole solution, but it's a good start. Always under staff secure projects, though in practice we have found that this takes care of itself. Few pass our background check for the secure side of the house. Limit access. The three element access control model works. The way we teach it is 1. something you have (a key), 2. something you know (a password), and 3. something you are (biometrics). Yes it's a pain, particularly if you use man traps between elements, but what is the alternative? Limit connections. Do you really need employees to telecommute working on a sensitive project? If not, kill outside access. Do employees need web access to maintain their crops in Farmville? If not, don't just block it, deny a viable route. Are all employees who should have access in one location? Make the resource available only on the local subnet an limit by MAC address. Limit time slots. Do employees need access to sensitive files at 2am? If not, Power down the server or block employee access if infrastructure need the resource (like a database for example). Block ports. This should be a well duh moment for any admin, but how many servers have ports open for web services or SNMP when they aren't using them because of legacy? Lock it down or loose it. Limit sources. We touched on this, but let's go further. Is there any reason an IP shouldn't be associated with a MAC address, system name, login, and password? Many of these can be spoofed, but to associate them all together is another layer of security. Better still, the user generally doesn't know their machine's MAC address or IP off the top of their head, though they might know their system name. Finally, just as physical security has roving guards, use packet inspection, intrusion detection, and physical sweeps on the secure network architecture. Yes, this is overkill for most civilian installations, but it works. Cyberterrorists have something else in common with a standard internet criminal... If it's too hard, they will go elsewhere.

santeewelding
santeewelding

Do you mean out of [i]your[/i] touch, as in, what they know is over your head?

robo_dev
robo_dev

While fear-mongering is a way to get the reader's attention, the premise of this article is a bit thin. When we speak of true 'terrorists', there are most likely only two things they may use technology for: communication and bomb-triggering. If there is one area where the US and other countries have spent a great deal of time, effort, and money, it is surveillance of communication. Bin Ladin, for example, does not use a telephone at all, since that would be a way to track him. I would also seriously doubt that he uses the Internet, either. Terrorist groups do not use the Internet to do Cyber-attacks, because this would lead to them getting caught. State-sponsored cyber-attacks, such as those from Iran or China are not terrorism, they are just attacks.

AnsuGisalas
AnsuGisalas

I'd say the most benign purpose is the one discernible from it's name. Enforcing the Law - or performing arbitrary actions of force, attempting to enforce something which may or may not have anything to do with a law. At best. Except for speed limit control. That's plain good.

Alpha_Dog
Alpha_Dog

...but i should have known when an article about preparation says that specific methodologies are "outside the scope of this article". Perhaps readers with opinions, knowledge and experience should write a better article?

jkameleon
jkameleon

"The details of securing your systems are beyond the scope of this article", she says. But what IS the scope of her article, then? Techrepublic is supposed to be a technical site, for shit's sake, a site devoted to technical details. The only possible thing beyond that scope can be a political twaddle of one sort or another.

bboyd
bboyd

"Cyber"ism is a nasty habit of the weak minded. They impart little additional information that would help solve the issue. edited for spelling.

Alpha_Dog
Alpha_Dog

The issue is with the over- and mis-use of buzzwords. The fact that "terrorism" makes local state and federal governments hide behind their wallets and the word "cyber" makes them dig deeper knowing beyond a shadow of a doubt that the issues are incomprehensible to mere mortals and costly to mitigate. In our information economy, such ignorant people should be on a street corner with a sign that says will work for food. On the other side, I respect those few elected officials and administrators who choose to inform themselves about IT issues. What makes an attack cyberterrorism instead of a simple case of online breaking and entering is the same criteria that marks the difference between a criminal act and terrorism... intent and scope. It boils down to this: Is the intent to break infrastructure to its own end or as part of a larger offensive, or is the intent to simply harass the owner of the resource. Consider these three actions: 1. Achmed Bin Whatchmacallit breaks the traffic lights and metro rail in Washington DC to slow our ability to respond to a larger attack. 2. A hacker named "L33tboy" uses a botnet to DDOS a website he feels has somehow done someone an injustice. 3. While poking around, 8 year old Johnny finds an open door and breaks a corporate site. While who should be punished and how is clear in context, consider the fact that it's easier to make an example of an 8 year old than find a hacker or gods forbid a dangerous terrorist. Why really solve a problem when you can look busy? If a real threat surfaces, just hide and later say that the results were unforeseeable. As a nation, we need to quit playing buzzword bingo and either do something constructive or move on to other issues like the economy. Whoops, that's another word that makes those folks run and hide like a groundhog that has seen his shadow. Now we have to wait 4 more years for economic spring. Sigh. The soapbox is up for grabs.

Neon Samurai
Neon Samurai

The "cyberwar" part is normally the use of information systems as part of a real military action. it's not "cyberwar" it's simply a supporting action as part of the greater tactical movement. It's Espianage at best; either information gathering or distraction causing in relation to the actual actions. It's not like exlpoiting an enemy's information systems happens in a total vacum as the sum total goal of the action.

Con_123456
Con_123456

It is obvious that you have a wide practical experience about securing corporate servers. Regarding other issues, I am recommending using encryption tools on all levels. HTTPS, VPN, TOR for secure communication over Internet. TrueCrypt to encrypt data on your medias (HD, DVD, flash). Other tools to encrypt e-mails (S/MIME) and all other data on the provider's storage or cloud.

ultrasawblade
ultrasawblade

Just saying that the term "cyber-anything" kinda sucks and is annoying. "Cyberterrorism defense specialist" doesn't conjure up to my mind someone that knows what they are talking about, but someone who has succumbed to marketing and appearance over knowledge.

jkameleon
jkameleon

Is that good enough? See my post below. The solution is not technical but political, but 100% effective. Get the spooks in line. As simple as that.

dogknees
dogknees

"they" break into the controls of the generators in a large dam and turn all the taps off. Dam fills up, dam overflows and collapses killing thousands? Or, "they" hack into the controls of a nuclear power plant, shut down all cooling pumps, systems overheat, plant goes up in a plume of nasty smoke,... The simple fact is that physical systems are controlled be electronic systems and a lot of those are on the 'net.

jkameleon
jkameleon

... pursuing their best interests. It's hard to say who exactly are they, but if you follow the money, you'll get close enough. It's not necessarily government. Usually it's para-government, informal structures close to government, big business and intelligence agencies. Not easy to spot, but they are always there. The weaker the democracy, the stronger they are. Forget the theories about Illuminati, Bilderbergers & stuff. If you picture these guys as Mafia, you'll be far closer to the truth. Once the gangsters gather enough money and bribe enough cops, judges, and politicians, they become wealty, influential, respected, and well connected businessmen.

Alpha_Dog
Alpha_Dog

...when we do it, it's not terrorism. We would have been labelled terrorists had the term existed in 1776. More to the point, Native Americans fought what they saw as invasion and injustice, but until recently who did history paint as being in the wrong?

dogknees
dogknees

>>IPtables, xray at airports, boarder checks A "firewall" in the context of an IT site is an electronic device and associated software. Stretching the definition to include these other devices just makes the word meaningless. Nor are people "transmissions". We don't have have that technology yet.

Alpha_Dog
Alpha_Dog

Any criminal, regardless of intent or support will evaluate the target in terms of risk vs. payoff. If they find a chink in the armor, they will exploit it. Imagine a secure network facility without access control on the doors... you can walk right in. Now imagine a government building with good physical security, but as far as a firewall, they have their pants around their knees. How are these any different? They aren't. Both are extreme versions of adapting to one threat in a multi-threat environment. To be effective, we have to use best practices in securing each in a way consistent with the value of what's inside. You are correct in your assumption about how people feel affecting their desire to do something about it. The problem is that this globe is not all one nation, and we have friends who have enemies. Someone somewhere is going to take exception to our associations because of a multigenerational grudge based on political spin and propaganda. Its us versus them because one or more parties want it to be. It's crap, but it's the world we live in... the only one we have. The opinions voiced are that of an old soldier who has fought in more conflicts than his nation acknowledges. A final piece of advice: When a politician declares war, it's final... we're gonna kill something. The question is what or whom, and did they have anything to do with the issue, or are they just some dumb schmuck who has also been told half truths by their government. The level of duplicity by the recent administration and those with the same surname before was orders of magnitude greater than what we experienced under Nixon, though I doubt history will be reported this way.

Neon Samurai
Neon Samurai

I don't think one can wage war against a concept even if politicians point the word at the favorite scary concept of the day. Terrorism is a concept. You can't wage war against it though you can wage war against criminals who use it as a tactic. How's the War on Poverty going? The "war on drugs" has been a stellar failure whos only affect has been to insure that profit margins remain high enough to justify the risk for traffickers. "war on XYZ" is another power tie wearing buzword used by politicians when trying to hurd the population.

Neon Samurai
Neon Samurai

This is the thing.. every other terrorist act falls under "terrorism" yet the moment it remotely involves a computer it's "cyber-terrorism" as if it's any different. We don't have to specify road terrorism or highway terrorism just because the point of entry was a roadway. IPtables, xray at airports, boarder checks, these are all firewalls. They are all filtering packages moving from one domain to another. We use xrays to filter out carried weapons. We use iptables or whatever to filter out undesirable network packets. We use documents and boarder checks to filter out undesirable travellers. You don't protect a boarder with IPtables or protect a computer network with xrays but in both cases, your protecting something by filtering incoming transmissions.

robo_dev
robo_dev

What we know of the command and control structure of al-Qaeda is that it is likely based in Pakistan, but operations are quite decentralized. There is evidence that many plots and attempted attacks are not centrally managed, but rather done completely within an individual 'cell' within a given country. What, if any is the 'CyberTerrorism' angle to all this? None. I would suspect that the IT capabilities of al Qaeda are limited, and that they would risk getting caught if they were to attempt to do some silly hack like trying to compromise a computer system that monitors the security of something. Terrorists use technology for communication, fund raising, and to a very limited extent for attacks (e.g. remote detonation). Does Bin Ladin even use a telephone? Of course not, he would have a red laser dot on his forehead before he could say hello.

dogknees
dogknees

Can Firewalls and Airport screening be seen as being contiguous? I agree that the effects are the same, but the means determine the method of defence and is therefore relevant when discussing how to defend against them. Though, I've always believed the only way to stop terrorism is to stop people anywhere feeling disenfranchised, marginalised or disaffected with life. The only way to do that is by education for ALL, and political and economic systems that provide security and recognition for all regardless of the circumstances of their birth. When GWB said we're having a war on terrorism (not terrorists) it seemed to me that this was the only solution. Funny how that's not what happened.

dogknees
dogknees

The point of term to me is that the means of access determine how we defend against it. You don't stop "cyber-terrorism" with XRay at airports, and you don't stop hijackers using firewalls.

Alpha_Dog
Alpha_Dog

...but why put cyber in front of anything? To be blunt in this day and age physical security is not the be all and end all that it was in the 60's and 70's. Electronic security is as important as physical, and must be rolled into one contiguous program to be effective. The term cyber- and physical- create barriers that cannot exist if we are to be serious about combating terrorism.

Neon Samurai
Neon Samurai

So, they happened to infiltrate the facility through a computer network before blowing it up.. big woop.. it's still just terrorism.. do the people cantaminated or drowned by the action care that part of it involved a computer.. does it make it more hip to be a victim because computers where involved? Why must we sensationalize the fact that poor facility administration and computers happened to be involved? And, doesn't it really say far more about the facility's security policies being that such a life threatening structure was connected to public accessible networks? I know power plants failing hot because someone "shut down all cooling pumps" instead of failing into a passive cooling state sure causes me some questions about the facility design and need for updating. This is the thing though.. I can't call it cyberterrorism just because part of the action invovled a computer to achieve physical outcomes.. it's still a physical outcome.. it's just old fashioned.. not as hip to say.. "terrorism". If they had fedex deliver an explosive charge in a box is it now mail terrorism.. maybe courier terrorism? Why do we feel the need to treat computer aided terrorism differently; make it something mystic and special? Run.. Be Afraid!.. it's not just that plane old terrorism your parents told you about.. it's "cyber" terrorism.. quick.. run for the hills.. the end is nigh!

jkameleon
jkameleon

Inveterate habits, not concepts. "Tradition" is might not be the best choice of word, but it's the best I could think of. English is my 3rd language, after all. > Tell me exactly how one is to determine what is traditional? What specific point in the past is to be chosen as the ideal to which we should aspire? Is it the oldest. always 100 years ago,... I don't care about ideals, they are meaningless. You should not reason and act according to things that should be, but things that are. When earthquake hits, Haitian tradition is to fight & loot, while Japanese tradition is to get organized & help each other. That's what they usually do, that's what I mean by "tradition". It doesn't matter how it was 100 years ago, it matters only how it is now. > Not, it's the point in time when the group to which the person belongs was the most powerful. The reality is that it's a weasel word that is used as a synonym for "I want things to go in my favour" when people don't want to be honest about their desires. Or, simply put, greed and a desire for power over others. . Marx put it like this: It is not the consciousness of men that determines their existence, but their social existence that determines their consciousness. IOW: Individual's ideological or religious convictions (real or fake, doesn't matter) depend on how he makes money.

AnsuGisalas
AnsuGisalas

ConcernsAboutFuture. Changes its name a lot, too. It's always working at twisting blogs or current events into fuel for its own cause. Posts a lot of propaganda videos too

dogknees
dogknees

>>What matters is tradition. Tradition is the meaningless concept. Tell me exactly how one is to determine what is traditional? What specific point in the past is to be chosen as the ideal to which we should aspire? Is it the oldest. always 100 years ago,... Not, it's the point in time when the group to which the person belongs was the most powerful. The reality is that it's a weasel word that is used as a synonym for "I want things to go in my favour" when people don't want to be honest about their desires. Or, simply put, greed and a desire for power over others.

dogknees
dogknees

What are you referring to?

Con_123456
Con_123456

Please consider how will you live in NWO. NWO is going to be an ultra-left establishment, like Communism or Nazism. With absolute control over ordinary people and no control of the ruling class. The most famous attempts to establish the New World Order were: The First and Second World War or the Bolshevik Revolution in Russia and other countries. It took tens of millions of human lives, suffering and other damages. So far. I suspect that the current war in North Africa is similarly initialized. Personally I hate any kind of totalitarian governance and wars. I would never promote anything like that. But this debate is not exactly related to the article. I realize that discussing different topics is not entirely fair to the great TechRepublic authors, so I will be careful not to happen in the future. Hereby I am ending my contribution to this thread. Should anyone wish to continue discussing with me, please contact me via private messages.

jkameleon
jkameleon

How exactly the next NWO is going to look like, depends on each and everyone of us. So stop worrying, and start creating it. > Seemingly different topics... Then and now it's all about profits, war, and screwing the people. That's the similarity I see. > I mean political correctness, the long march through the institutions, cultural pessimism, cultural marxism, affirmative action to thoughtless support for minorities, radical feminists and multiculturalism, uncontrolled immigration, etc. The long term goal of it is: to destroy the traditional Christian society completely and then build NWO on its ruins. Here's my 2 cents. * Culture, religion, and/or ideology have almost no impact on society. Basically, that's just a collection of flowery phrases spouted by hypocrites. What matters is tradition. * Political correctness was meant well, probably, a long time ago, but nowadays it's just annother method of quelling free speech, used to prevent people from speaking their mind. * Affirmative action is BAD. It's in direct contradiction with the equality before the law, a racism in disguise. * Multicultularism would be OK, if the cultures in question would themselves be multicultular, which they usually aren't. So, forget about it. It's utopian. * Forget about "the source" and conspiracy theories around it. There is no such thing as "the source", and there are no conspiracies. Nobody told robberbarons to be greedy, and nobody told politicians & TV talking heads to lie. There is no conspiracy behind it. It's their nature. > Sorry for bringing these social issues into technical discussion, but I am worried. It's OK, the article we are discussing isn't technical to begin with. It's just a propaganda piece.

AnsuGisalas
AnsuGisalas

"ConcernsAboutFuture" is the same person who posted neonazi agitprop a month ago, just so you know.

Con_123456
Con_123456

...in fact, the following movements seem to me to be funded from the same source, helping to enforce the same long-term goal. I mean political correctness, the long march through the institutions, cultural pessimism, cultural marxism, affirmative action to thoughtless support for minorities, radical feminists and multiculturalism, uncontrolled immigration, etc. The long term goal of it is: to destroy the traditional Christian society completely and then build NWO on its ruins. See http://www.sunray22b.net/long_march_through_the_insti.htm Sorry for bringing these social issues into technical discussion, but I am worried.