Home page logo
/

basics logo Security Basics mailing list archives

Re: military strike possible?
From: "Meritt James" <meritt_james () bah com>
Date: Thu, 30 Oct 2003 13:37:53 -0500

Heard "Sink 'em all and let God sort 'em out on the bottom?"  How
selective was Dresden or Nagasiki?  When one of three is a threat, there
has been a displayed tendency to destroy all three and apologize
afterwards.

James McGee wrote:

Number 1 rule in any kind of warfare;

Know your enemy

On the internet, with so many zombies already under control of script
kiddies, and with no one doing anything about it, it would be nigh on
impossible to know the enemy.

Cheers

JM

-----Original Message-----
From: John Canty [mailto:John.Canty () Vibro-Meter com]
Sent: 30 October 2003 13:23
To: gregh; Meritt James; security-basics () securityfocus com
Subject: RE: military strike possible?

After reading a few of these posts, I see a growing trend, that most of
us in the IT industry are beginning to believe that some major
catastrophe could easily happen without the apparent need for major
resources. For the most part I agree with this line of thinking, but I
feel that there are some major obstacles to over come first. I know most
of anyone older than the age of 20 has probably built some form of
explosive in their backyard, and if you haven't done so, you at least
have seen it done. This brings up the point that these things are easy
to build, and also drives the point home that they can also be built
with relatively mundane chemicals. Combine something like this with a
full-scale cyber attack, and you could have the beginnings of mayhem on
your hands.

It wasn't much more than 2 years ago that no one has ever thought of
using 2 passenger aircraft as missiles to take out landmarks on the U.S.
countryside in order to commit an act of war. It will also be two years
from now that you, I, and many others will be able to look at some of
these posts, and say "See, they told the future." No matter what you
decide to come up with for a solution to a possible attack you must come
to the realization that under no circumstance, no matter how much
planning, and no matter how prepared we become that if an entity were to
attack the U.S. again, we will be fighting a major battle. As even our
government has said, 9-11 was a precursor to other events to come, and
they even admit to its relatively quick execution from the planning
stages. Some of you and, even myself, have seen the enemy as inferior,
in mind and ability. After carefully analyzing my thinking, I have come
to realize I was wrong.

How can you put a damper on the enemy's plan, Sure you can secure your
computers, this helps. You can put in place an emergency attack plan;
this should help a little more. One thing many people fail to look, and
that article touches on this a little bit, is the end user with the
broadband connection. Maybe if we as a whole offered our users a written
tutorial on why they should take steps to secure their home connection,
and some free and easy to use programs for doing this, we might make a
difference on the 'flash virus' and cyber terrorism front. It would be
nice for one's employer to show a genuine concern for their employees
and offer something like this through the HR department. This might also
do the Identity theft victims a few favors too.

To cut to the point, it seems as though these cyber terrorists are
putting their stakes more on the end-user who doesn't know any better,
and if while doing so they happen across the major company with an OC-3
then that's just icing on the cake. So if anyone has seen good articles
on how to secure your windows pc, and knows of any good, cheap or free
programs for fire walling, anti-virus, anti-key logging, and/or major
anomaly detection that the average end-user can get good use from, this
might be a good forum for making them known.

//John
-----Original Message-----
From: gregh [mailto:chows () ozemail com au]
Sent: Tuesday, October 28, 2003 5:04 PM
To: Meritt James; security-basics () securityfocus com
Subject: Re: military strike possible?

----- Original Message -----
From: "Meritt James" <meritt_james () bah com>
To: <security-basics () securityfocus com>
Sent: Wednesday, October 29, 2003 4:11 AM
Subject: military strike possible?


Going from the premptive strike philosophy demonstrated in Mideastern
countries, what are your thoughts on a military strike against (as yet
unseen) "cyberterrorists" a'la
http://www.msnbc.com/news/985295.asp?0si=- if there were extranational
agents tampering with identified components of the infrastructure to
the extent that they were risking human life?


I think it was two years ago that I posted to Bugtraq something much
simpler
and more devastating. I outlined how you could easily take out all
non-military shielded infrastructure including people nearby and how it
could all be linked to mobile phones and when the terrorist is flying
out of
USA, he just sends a group SMS to all those mobile numbers and that
simultaneously sets off the attack. I even pointed out that to build
these
things, a person can walk down the street with every single part in
plain
sight and no-one would think anything about it as they are everyday
parts.
What was worse was that someone responded with a "how to put that idea
together" and did an estimate that it would cost US$30 to build each of
the
items that would be used in the attack. All non-military shielded places
with computers that are critical, power stations, emergency response
agencies, national guard, telephones, you name it would all go down.

Now you may be wondering what the use in that would be because though it
would take some time, likely within 24 hours most would be fixed and
within
a week all would be fixed. The idea of war is misdirection. If you
wanted to
attack USA or direct people all over the place stretching resources PAST
breaking point, you would do this and in the meantime do whatever it was
you
had in mind - eg a portable nuke to whatever target - which would be a
heck
of a lot more likely to succeed.

Lastly, you may all be wondering what it has to do with cyber security.
Well, I originally was thinking how easy it would be to take down a
wi-fi
network and then graduated to whatever else it would kill and kept
going. I
was at the "cyber security" stage at the time I posted that.
Unfortunately
the idea is an actual easy to make (for those with electronics ability)
idea
that doesn't require hijacking a plane and can cause more havoc and
deaths
than the TTT attacks did if done properly. Since I posted that, an
actual
use of the part of the idea has come out. The bombing of Bali's night
club
was caused by an SMS to a mobile phone (I am not saying they read my
post
and got the idea but that they did what I predicted COULD happen). Makes
me
wonder who may have built the actual device to cause this chaos (noting
that
you would have to have many, not one, to do major damage). One other
thing -
a strike at the right moment against the US NYSE would cause major chaos
and
require one device. The damage it would cause would snowball to include
financial chaos. That would, in turn, do major damage to every Western
economy at the very least.

If you think any of that is just sci-fi at the very best, might I point
out
the similarities between the major power outages in certain cities
across
the world, all close to each other and how, though unrelated to the
above
more than likely, no-one has yet given a convincing explanation of them?

Greg.

------------------------------------------------------------------------
---
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services
security to
simplify the management and deployment of PGP and reduce overall PGP
costs
by up to 80%.
FREE WHITEPAPER & 30 Day Trial -
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027

------------------------------------------------------------------------
----

------------------------------------------------------------------------
---
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services
security to
simplify the management and deployment of PGP and reduce overall PGP
costs
by up to 80%.
FREE WHITEPAPER & 30 Day Trial -
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027

------------------------------------------------------------------------
----

-- 
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566

---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]