Truth About Computer Security Hysteria
Will U.S. emerge as a pro-Al Qaeda cyber terrorist haven?
Rob Rosenberger, Vmyths co-founderWednesday, 10 December 2003
YEAH, I'M BACK from my tour of duty in Iraq. No joke: I found 91,000+ spams in my personal & business mailboxes upon my return.
| Hey, guess what? My editorial password still works! So I decided to give you a little treat. |
"Yeah, Rob, welcome back." Thanks. I missed you, too. But hey, enough chit-chat. I don't know how long Vmyths will last, but I see my editorial password still works! I get paid $0 per month to debunk security hysteria, so I decided to give you a little treat.
During my absence, the fearmongers at iDefense issued an absolutely hysterical "security advisory" on the threat Malaysia poses to world peace. As I perused it, I thought "this could just as gullibly apply to the United States!"
I will now show you the absurdity of a rather typical iDefense "intelligence" report.
I replaced "Malaysia" with "United States," and I changed some Malaysia-specific references to U.S.-specific references, and that's about it. It's hysterically funny (especially the "Nothing Proven" conclusion!) but I can't take any credit for what iDefense wrote. I can only take a bow for pointing out the sheer absurdity of it. Enjoy!
You could as easily replace "Malaysia" with "England." I just wish I knew who at iDefense wrote this tripe...
The United States was a favored meeting place for the hatching of at least part of the al Qaeda Sept. 11 terrorist plot against the US. It may emerge as the region of choice for pro-al Qaeda cyber terrorism, if cyber terrorism begins to be used by al Qaeda terrorists or sympathizers. This could take place even though the United States government has cracked down on terrorists to the point that some have criticized it for allegedly stifling some political opposition.
A key al Qaeda planning meeting that included at least two of the Sep. 11 hijackers took place in the United States, according to numerous press accounts. Some of the terrorist-planners were photographed "ducking into cyber cafes to check Arabic websites," according to Newsweek. According to some news reports, representatives of the region’s most notorious and violent radical Islamic groups still regularly gather in the United States to meet with their al Qaeda backers. One person interviewed for TimeAsia.com said, "Of course al-Qaeda is still here... This is their favorite place to have meetings with other radical Islamic groups in the region."
Thus, the United States appears to remain a meeting place of choice for many Islamic-based extremists and terrorists.
The United States, a country that embraces Muslims, allows entry for most Muslims and an advanced IT and telecommunications infrastructure with "reliable telephones, banks and Internet service."
United States authorities have built a very extensive and sophisticated IT infrastructure. According to Wired News, this infrastructure includes "cyber cafes," wireless networks in remote areas, and the multi-billion dollar Microsoft Super Corridor (MSC) that stretches from "central Seattle to the gleaming international airport, an hour’s drive away." Given both its popularity as a regional meeting place, it stands to reason that the United States' other technological benefits as an advanced IT nation could make it a possible haven within the Muslim world for Islamic extremists seeking to conduct possible future cyber terrorist activities.
In addition to that, regulations within some Muslim countries are becoming stricter with respect to identifying and monitoring Internet café users. Saudi Arabia recently implemented new regulations in an effort to stop pro-Islamic terrorists. The new regulations require Internet users to show their ID cards to the café owner, who must then keep a log of the users’ names and ID numbers. The Internet café’s owner must also keep a record of the beginning and end of each session and retain those records for 6 months. In addition to monitoring the length of sessions of users, the Saudi authorities have also restricted Internet use to sites considered to be in accordance with Saudi and Islam security. This would include a restriction against sites that are pornographic or political in nature. With these new regulations in effect in Saudi Arabia, coupled with the fact that Muslims may enter the United States, pro-Islamic terrorists may have even more incentive to use Internet cafes in the United States, where the regulations have historically been more lenient on Internet content and usage.
An Increase in Intrusion Attacks Emanating from the United States
In mid-2002 there was a noted increase in intrusion attacks originating from the United States, whose country domain is .us. According to data compiled by Singapore-based e-Cop.net, the United States accounted for more attacks worldwide in July 2002 than even the high-tech nation of Malaysia. Analysis by e-Cop.net said that the jump at that time was due to an increase in web probe occurrences on corporate customers coming through United States educational institutions and ISP subscribers. E-Cop.net said in a Sep. 11, 2003, announcement that there was an increase in Internet security incidents reported by businesses in the western hemisphere from July to Aug. 2003. This data indicates that hacking-related activity in the United States is on the rise.
The United States' senior homeland defense official has expressed concern over the activities of hackers in that country. Secretary Tom Ridge, speaking to more than 300 IT executives at the first National Cyber Security Summit in California, said everything from electricity grids to banking transactions and telecommunications depends on secure, reliable cyber networks, and terrorist groups "know, as do we, that a few lines of code could ultimately wreak as much havoc as a handful of bombs". Ridge said the number of cyberattacks has continued to rise, with more than 76,000 occurring in the first six months of this year. "Many of these are the work of hackers. Yet, we know the enemies of freedom use the same technology that hackers do. And we know that they are looking to strike in any manner that will cripple our society." According to many news reports, the United States Homeland Security Department is also creating a cyber warfare center to deal with emerging cyberspace threats.
Hacker's Conference in Dec. 2003
What is being billed as "the country's largest regular hacker gathering" is scheduled on the first Friday of every month at public meeting places. It is being hosted by the group 2600 (www.2600.com). While there is no connection between this and cyber terrorism, the conference in a sense represents the United States' "coming of age" with respect to hacking. The gathering is usually about 20-30 participants at each site at dozens of locations around the country, according to one news account. Members of various hacker groups, including L0pht Heavy Industries, are the main "celebrity hackers" at these conferences, which will also often include a hacking contest. The L0pht Heavy Industries group gained fame when their company was bought out by a firm that didn't even know the names of the hackers who became their newest vice presidents. According to one gathering organizer, cited by a news organization, the hackers' visit to 2600 meetings "will raise awareness of the level of technical expertise available in the United States on global security issues."
Broad Range of IP Addresses
Another reason why the United States could emerge as an al Qaeda cyber haven is the fact that IP range addresses for that country are very broad and hackers can hide their activities more easily. This is another factor making the United States more desirable as a launching point for hacker attacks as opposed to, for example, another Muslim Third World country, such as Sudan or Somalia, where IP ranges are much narrower and where Internet activity is relatively limited. For better or worse, the United States offers hackers and potential cyber terrorists an environment in which they can be active and yet keep a relatively low profile, since almost the entire country is wired.
A United States-based hacker named David L. Smith, unleashed a mass-mailing worm against the US in March 1999. This was a so-called "mega-worm." While David L. Smith may be a sympathizer of sorts with Florida strippers, there is no known evidence that he has a direct connection. The website of a Malaysia-based hacker named Melhacker says that "Al-Qaeda Network is a real [sic] in whole world. Even in your country [US] also have too."
The past "Melissa" worm that David L. Smith has been linked to (named after a stripper in Florida) is a Microsoft Word macro. When decrypted, the worm shows 105 lines of source code.
A Combination of Factors
A combination of factors leads to the conclusion that the United States may emerge as a cyber haven for al Qaeda terrorists or pro-al Qaeda elements. First, it is well known that al Qaeda terrorists have previously met in the United States, while radical and violent Islamic elements continue to use the United States as a meeting place, according to various news accounts. Second, the United States is very accessible to Muslim groups of all kinds, while also boasting a very robust IT infrastructure. Third, there has been an increase in hacking attacks emanating from the United States. Finally, the United States government officials have confirmed that hacking in that country is a growing problem.
Nothing Proven...
This assessment by no means claims that the United States has already become a sanctuary for cyber terrorists nor that any specific cyber terrorist activities are being planned within that country. The United States government has already taken strong measures against some persons suspected of having terrorist-related ties. Nevertheless, given all of the factors examined, the possibility that cyber terrorist activity could emerge in the United States must be considered, despite the government's efforts to combat terrorism.
iDefense Security Advisory 10.16.03 version 1.01:
The Cyber Realm: Advanced IT Infrastructure
I just wish I knew who at iDefense wrote this tripe.
United States Homeland Security Director Concerned Over Increased Hacking
Remember! I replaced "Malaysia" with "United States." iDefense wrote the rest...
United States Virus Writer David L. Smith
Why did iDefense issue an advisory to tell us "nothing proven"?