Truth About Computer Security Hysteria
Raid on E-tebbe, part 5Rob Rosenberger, Vmyths co-founder
Tuesday, 13 March 2001
LET ME REPEAT a paragraph from a previous newsletter:
iDefense wants you to think they monitor "escalating cyber attacks" in the Gaza region. In reality, they document a bunch of wannabees who lob ping packets at each other.
Our very first 'Virus Hysteria Alert' predicted new fearmongering about a "cyberwar." We PEGGED this one, folks. Read our alert at [link] and then check out [link] for ZDNN's current highlight. Don't say we didn't warn you...
The referenced 'Virus Hysteria Alert' noted "an iDefense 'intelligence services report' on the supposed conflict has remained unchanged (and incorrectly dated) since the first week of January... Look for an updated report to appear on iDefense's website."
Well, somebody at iDefense finally checked their calendar. A byte-for-byte comparison shows the report changed sometime between 19-25 February. They didn't add anything new to it, but they at least corrected the date on the title page.
iDefense founder James Adams enjoys a colorful history in Vmyths.com columns dating back to 1998. The beltway bandit firm he created wants you to think they monitor "escalating cyber attacks" in the Gaza region. In reality, they document a bunch of teenage hacker wannabees who lob ping packets at each other.
iDefense knows reporters have a fetish for juicy computer security stories, so they prostitute themselves in return for publicity. Or, to put it in culinary terms: they toss MSG into a bland dish.
My qualms about the report begin right on the title page. "All inquiries regarding information contained in this report can be directed to iDEFENSE Director of Corporate Communications Jerry Irvine at cell 703-622-3058 or email at email@example.com." In other words, call or write the PR wonk.
The report's executive summary insists "this activity [of cyber attacks] parallels the increase in tensions and violence on the ground" in the Gaza region. Humans die violently on both sides of the conflict, yet iDefense weeps because "pro-Palestinian attackers hit more than 166 web sites and pro-Israeli attackers struck more than 34 sites."
And get this: "targets are not limited to web sites. They also include real-time chat rooms and critical infrastructure such as domain name servers." Oh, the humanity.
The iDefense report warns of e-prisals if Washington retaliates for the deadly USS Cole bombing. Hoards of pimple farmers will wipe out the U.S. from the comfort of their parents' basements.
I said it before and I'll say it again. Put yourself in the shoes of a Palestinian or Israeli whose child died in street fighting. How would you feel if iDefense compared your loss to a bad AOL connection?
Contrast iDefense's assessment with that of MAGLAN Information Defense (a regular contributor to the "IWAR" discussion group for information warfare). "On early January 2001," wrote analyst Shai Blitzblau, "the cyber-conflict between Israel and Palestine ... apparently finished." MAGLAN hasn't re-assessed its opinion, either. "The mentioned conflict has nothing related with any type of 'xxxxx Terrorism' (Cyber Terrorism, Digital Terrorism etc.). [It] was and remains a low level mass hacking activity with few smart manoeuvres."
The iDefense report identifies real terrorists and includes genuine hate language in an obvious attempt to make the cyber-war seem dire. "One pro-Palestinian protester has called the current actions an 'e-jihad,' " they wailed. "The term 'cyber jihad' has also appeared on mainstream fundamentalist bulletin boards and email lists..." They also raised the specter of computer viruses:
iDEFENSE Intelligence Services has confirmed that a pro-Palestinian attack site is making available the LoveLetter, CIH and Melissa viruses, along with 12 Microsoft Word macro viruses, for use in attacks against Israelis. Visitors to the site are greeted with the message, "I swear that I will not use these programs on anyone but Jews and Israelis." This marks the first confirmed distribution of viruses for use in the current cyber conflict by either side.
The first confirmed distribution of viruses in a supposed cyber-war? Big deal. Two dozen "VX" (virus exchange) sites participate in their own Yahoo! webring for no political reasons whatsoever. You can also monitor the alt.comp.virus.source.code newsgroup if you wish.
What's that? You say you want the absolute newest viruses? Check out alt.comp.binaries — virus writers love to spread their works under the pretense of a celebrity photo. Again, no political motivations involved.
The iDefense report includes a dire warning of e-prisals if the U.S. should retaliate against a terrorist group for the USS Cole bombing. "Concentrated cyber attacks could begin within 24-48 hours of such an event. As in the current [Israeli-Palestinian cyber] conflict, these attacks will run the full range from denial of service attacks to defacements to malicious system penetrations."
To hear iDefense say it, governments must rethink the millennia-old policy of taking an eye for an eye — because hoards of pimple farmers can wipe out a distant sovereign nation from the comfort of their parents' basements. You better believe it when a hacker says "all your base are belong to us."
If your average 14yr-old terrorist can "set us up the bomb," then why haven't they done so already? What does a kid in the Gaza region stand to lose if he cyber-crippled America's military?
Of course, such fearmongering raises a philosophical question. If your average 14yr-old terrorist can "set us up the bomb," then why haven't they done so already? Seriously. What does a kid in the Gaza region stand to lose if he cyber-crippled America's military?
If the iDefense report proves anything, it proves these cyber-terrorists employ some of the best graphic artists on either side of the e-jihad. No doubt about it, folks: we're done for. You simply cannot imagine the destructive power of a cool-looking website banner.
Take the case of a "pro-Israeli actor" which calls itself the "Israeli Internet Underground." Did you know underground terrorists run highly visible websites? I'd link directly to the site for your amusement, except the underground lacks money to keep their domain running smoothly. (They probably spent too much on the graphic artist.)
Other "fighting factions" with splashy images include DevilSoul, Unity, and Xegypt. I'd offer more snapshots for your amusement, but why? Download the iDefense report for yourself and flip through it.
Remember what reporters say: "a better graphic makes a better hacker."
Terrorists without graphics seem to lack substance, too, yet the iDefense report still records their activities. Take "DigiBrain & haboshnik," for example. Their big claim to fame? "They" posted a message in October to say "we are working on a softwhear [sic] that will give you control on the hizzballa's ftp without a password." They even signed it "sincerly." Hey, who says you can't act civil during a war?
Mikael Bouzaglo, a graphic-impaired firefighter by trade, got his own section in the iDefense report as an actor (and I mean "actor" in more ways than one). But you gotta give this young man some credit for pulling off a unique stunt — he exploited Arab hackers to further his Israeli political ambitions. Sounds like prime political material to me!
The list of cyber-casualties continues to mount. As I said, the Israeli Internet Underground's domain went belly-up. So did Wizel.com (a pro-Israel hacker site). Almuhajiroun.com (a pro-Palestine hacker site) earned "martyr" status... Oh, the humanity.
Okay, I'll ask an obvious question. Why can't genius cyber-warriors keep their own websites up & running? Certainly these terrorists make enough babysitting money to pay their monthly domain fees, right? iDefense skirts the issue in their report.
Put yourself in the shoes of a Palestinian or Israeli whose child died in street fighting. How would you feel if iDefense compared your loss to a bad AOL connection?
What'd I tell you? All your base are belong to us. No doubt about it. Pardon me while I tremble in my mother's combat boots.
You know what amazes me? I can flood any site with ping packets by typing one well-known command on my Linux server. I can also launch a "Ping o' Death" from either of my laptops by typing one well-known command. So why doesn't iDefense describe Linux as an attack tool? Why don't they admit Windows is a virus? Why would they defame an anti-spam utility?
The answer to my questions comes easily enough: iDefense knows the press will fall for it. They always do. The media beats a path to their report because (a) it uses the right trigger words, (b) it offers the right pie charts, and (c) it reprints the right graphics. It all translates into free advertising for iDefense.
Or, to say it more accurately, the report translates into earned media exposure for a beltway bandit.
I'll leave you with a final thought. Let's suppose you hack into your enemy's web server in retaliation for a suicide bomb. You certainly showed them, didn't you?