The Threat of Cyberwar Looms Large. Our Best Homeland Defense May Be Surprisingly Small.
Virtually Helpless
by Josh Martin
September 11 - 17, 2002
The next time this country is targeted by terrorists, the primary weapon may be an object no bigger than your thumbnail: a computer chip.
Without bombs, bullets, or missiles—without even setting foot on U.S. soil— cyberterrorists could disable the nation's phone systems, plunge cities into blackout, sever water supplies, scramble military communications, steal classified files, clog emergency-response lines, cripple highways, and ground planes. By commandeering vulnerable home PCs and using them to bombard the servers that make modern life possible, they could shutter our markets and take out key links like the Federal Reserve, which every day transfers $2 trillion over the wires. With a few keystrokes, they could wreak damage on a scale not easily imagined, and for pennies on the dollar.
[This is becoming standard FUD seen in more and more articles post 9-11. Despite there being little to no evidence of the ability to carry out such attacks on a wide scale, it is reported as fact. A few disparate incidents in the past, often mis-reported themselves, has lead to these conclusions.]
The best intelligence suggests that the next major military strike by the Bush administration, now drumming up support for an imminent war on Iraq, will draw in response an equally intense virtual assault. A report by Dartmouth College's Institute for Security Technology Studies examined cyberwar overseas—with particular attention to the conflicts in Serbia and the Middle East—and concluded that virtual onslaughts "immediately accompany physical attacks." By the logic of that analysis, if Bush moves on Saddam Hussein after the midterm elections, we would see the first full-on blitz before Christmas.
[Dartmouth, where Michael Vatis was appointed said this? Shock and awe! These are people who get funding and make money to talk about and plan for such attacks, no matter how unfeasable they are. Looking back, did Bush or Iraq wage any form of "cyber war" against the other side? No. The war was carried out with standard military tactics. The web site defacements were typical and mostly unrelated to the war.]
"The concept of 'homeland security' is essentially retarded," says Michael Wilson, a former hacker and current partner in Decision Support Systems Inc., a Reno, Nevada-based consultancy advising sovereign states, companies, and the ultrarich about dealing with cyberwar. "The contracts are going to the very people who got us into this mess to begin with. None of them can tell you what the current cyber-threat is, and they don't know what to defend with."
[At least the journalist quoted one person that is dead on accurate. This piece was almost worth being published for this quote alone.]
Too young, too radical, and too often freighted with checkered pasts, hackers are a breed of cyberwarrior no government agency feels comfortable with. Because so few among the hacker ranks would even pass the first level of security clearance background checks, the feds are trying to manufacture their own, through programs like the Cyber Corps.
[Typical rhetoric about hackers and what they are or are not. Some day it may be more well known exactly how many of these hackers got older and began working in all areas of the industry, many with full clearance.]
It is all very impressive. Yet none of the systems upon which the city's economic life depends could withstand the major denial-of-service attack terrorists are now capable of delivering. "The odds of some kind of cyberattack have gone from probability to a certainty," says Fred Rica, a threat-assessment guru with PricewaterhouseCoopers, LLP.
[Duh? No system can withstand a well executed Denial of Service attack. It is the byproduct of the technology we use, that it is easier to destroy/hinder than build/protect. The amount of bandwidth and protective devices needed to truly stop a DoS attack are incredible, and most companies/agencies simply do not have the budget to do it. Don't mind the fact that Rica gets paid to provide his opinion on such threats, no matter how obvious they may be. FUD is a vehicle for a paycheck.]
That case shows how hard it can be to predict who will try to break in. But correctly identifying the attacker is as important as knowing what systems are being bombed. In 1998, more than 500 Pentagon computer systems were compromised in a series of attacks code-named "Solar Sunrise." The assault was first thought to have originated in the United Arab Emirates but later found to have been the work of a couple of California high school students and their 17- year-old Israeli mentor.
[And this is how fiction becomes reality. Slowly skewing events, twisting their words, summarizing. According to this, two 17 year old students from California hacked 500 Pentagon computers at the behest of an "Israeli Mentor". The story isn't that simple, but slowly becoming that way.]
Bush administration efforts to show that Al Qaeda terror cells are planning to launch cyberattacks against the U.S. may appeal to public imagination, but there has been little indication that Osama bin Laden has the cadre of geeks needed to launch such an operation.
[Yet you say otherwise in the same article.]
Still, plenty of others have the resources to pull it off. Intelligence agencies have identified 20 countries and two dozen terror rings that are developing cyberwar technology. Among them, the U.S. ranks first in terms of money being invested. The list of other players includes both friends and enemies: China, Russia, France, Germany, Israel, Iran, Iraq, Libya, Cuba, Britain, France, and North Korea. Groups known to employ cyberweapons range from Hamas in the Middle East to Chiapas rebels in Mexico to the Falun Gong in China. There are also well-financed private cyberarmies mustering in Pakistan, India, and Germany.
In this form of warfare, both the generals and the soldiers are marked by extreme youth. The jargon reflects this. In addition to being called script kiddies, frontline attackers are known as "ankle biters" and "packet monkeys."
[This is a clever paragraph and one that is completely unfounded in context. What exactly is "cyberwar technology"? Calling these 'cyber warriors' ankle biters and packet monkeys leads one to believe that any dork on IRC with the most simple of Denial of Service utilities is now elevated to "cyber warrior" status.]