cyber-"terrorism"?

alastair alastair at calliope.demon.co.uk
Wed, 18 Sep 2002 00:52:22 +0100 

On Tue, Sep 17, 2002 at 11:47:20PM +0100, iriXx wrote:
> 
> what i'm wondering is - is it *really* possible to make a concerted
> cyber-terrorist attack via the internet? or is this just rhetoric -
> would it actually be quite difficult to create more than just an
> annoying series of viruses like Klez - damaging, but not *that* level of
> damage... would cyber-terrorism be too 
> 
> a) dectectable, given the amount of effort it would take not only to
> create global DoS attacks but to cover their tracks... 
> 
> and b) difficult to organise given that an increasing majority of major
> internet servers run free / open source software on less vulnerable
> platforms?
> 
> or am i being naive?....

I'm afraid that I think you're being naive.

Firstly, for a), note that DoS attacks tend to be distributed now, DDoS.
It's proved fairly straightforward to take over client machines via
trojans with minimal effort. They tend to be programmed to
self-propagate with minimal effort and make tracing any original source
difficult or impossible (that is, unless a perpetrator gloats on an IRC
hacker channel ..). 

As for b), as I say above, DDoS don't need to hijack servers, just
clients. The client machines act as the 'zombie' and attack the server,
no owner intervention necessary (or noticed probably). The client
machines, 'zombies', could number thousands (perhaps millions? this is
almost a monoculture anyway).

Secondly, what makes you think a free (or 'open-source') OS is harder to
hijack?

Notice the 'bugtraq.c' SSL (mod_ssl/apache) worm doing the rounds at the
moment, attacking Linus/Apache/SSL systems. A large number of Linux
users (I hesitate to use the word 'system administrator') are as
clueless as their Windows equivalent.

Do you check the signature on the package you download and install? What
about scanning the source code for a trojan before compiling, installing
and loading? How do you know 'that' service you run isn't vulnerable? Do
you subscribe to 'bugtraq'? What about all the 'underground' 'black hat'
channels?


Lastly, the word 'terrorist' should be consigned to the dustbin I think.
It's been over-used so often, for so long, that it's lost any meaning it
might have had. 

I'm sure that the danger is over-played, but the threat exists.

Security is very hard, maybe getting harder.

Cheers,


-- 
Alastair
http://www.calliope.demon.co.uk
------------------------------------------------------------