[Infowarrior] - When Hippies Turn to Cyber Terror
Richard Forno
rforno at infowarrior.org
Tue Aug 15 23:10:46 EDT 2006
When Hippies Turn to Cyber Terror
http://blog.wired.com/27BStroke6/index.blog?entry_id=1539952
Last February the Department of Homeland Security oversaw a large-scale
international cyber terror simulation involving 115 public and private
organizations in the U.S., Canada, Britain, Australia, and New Zealand, all
testing their ability to coordinate with one another and respond to
computer-driven attacks. It was called Cyber Storm.
Nobody's said much about the results, or the details of the exercise
scenario. But a newly-published DHS PowerPoint presentation on the exercise
reveals that the real terrorist threat in cyber space isn't from obvious
suspects like al Qaida types or Connecticut voters; it's from
anti-globalization radicals and peace activists.
The attack scenario detailed in the presentation is a meticulously plotted
parade of cyber horribles led by a "well financed" band of leftist radicals
who object to U.S. imperialism, aided by sympathetic independent actors.
At the top of the pyramid is the Worldwide Anti-Globalization Alliance,
which sets things off by calling for cyber sit-ins and denial-of-service
attacks against U.S. interests. WAGA's radical arm, the villainous Black
Hood Society, ratchets up the tension on day one by probing SCADA
computerized control systems and military networks, eventually (spoiler
warning) claiming responsibility for a commuter rail outage and the heat
going out in government buildings.
The Black Hoods are a faction of Freedom Not Bombs, whose name is
suspiciously similar to the real Food Not Bombs, which provides vegan meals
to the homeless.
Another allied lefty-group called the Peoples Pact joins in, crashing
portions of the power grid. Things get confusing when the "Tricky Trio,"
three evil hax0rs who are 50 percent more devious than the Deceptive Duo,
hacks the FAA, issues false Amber Alerts, and manipulates the communications
system of the U.S. Northern Command.
Then someone posts the No-Fly List to a public website (third act shocker:
it's all nuns and Massachusetts Democrats), and opportunistic cyber thieves
raid a medical database looking for identity theft targets. Logic bombs
explode, wireless communications devices are corrupted, DNS caches are
poisoned.
And on it goes, with over 800 scenario "injects" over four action-packed
days.
Apparently, no computers were harmed in the making of Cyber Storm. "There
were no actual attacks on live networks, no Red Team," the presentation
notes. "Players reacted to situation and incident reports according to their
regular/normal SOPs." So it was more of a paper exercise. A referee points
at someone and yells, "You! Your website is defaced. What do you do?" -- and
the organization responds accordingly.
According to the presentation, there were over 300 players in the war game,
generating more than 21,000 e-mail messages. Among the commonsense lessons
learned: "Communication paths, methods, means and protocols must be
solidified in advance of crisis/incident response" and "Cooperation must
include ability to link into or share info in all streams: e.g., Cyber,
Physical, (Law Enforcement), Intelligence."
The scenario is nicely laid out, and perhaps technically plausible -- some
of the incidents are ripped from the headlines, kind of. And I'm frankly
glad to see al Qaida wasn't behind it all, since it seems unlikely that real
terrorist groups will ever move to computer attacks, while physical
destruction and murder is easier and more terror-producing.
But does the administration really see the far left as potential cyber
terrorists ready to take down the power grid and air traffic control
systems? This might explain why the U.S. keeps getting caught spying on
peaceful war-protestors.
Marked "For Official Use Only," the PowerPoint deck became public when
government transparency purist John Young posted it on his website,
Cryptome, this week. I couldn't open it, but I located what appears to be
the original on the website of the New York branch of the ISSA, a security
organization, from a briefing given them last June 21.
More information about the Infowarrior
mailing list