Security Basics mailing list archives
Re: military strike possible?
From: "Meritt James" <meritt_james () bah com>
Date: Thu, 30 Oct 2003 13:37:53 -0500
Heard "Sink 'em all and let God sort 'em out on the bottom?" How selective was Dresden or Nagasiki? When one of three is a threat, there has been a displayed tendency to destroy all three and apologize afterwards. James McGee wrote:
Number 1 rule in any kind of warfare; Know your enemy On the internet, with so many zombies already under control of script kiddies, and with no one doing anything about it, it would be nigh on impossible to know the enemy. Cheers JM -----Original Message----- From: John Canty [mailto:John.Canty () Vibro-Meter com] Sent: 30 October 2003 13:23 To: gregh; Meritt James; security-basics () securityfocus com Subject: RE: military strike possible? After reading a few of these posts, I see a growing trend, that most of us in the IT industry are beginning to believe that some major catastrophe could easily happen without the apparent need for major resources. For the most part I agree with this line of thinking, but I feel that there are some major obstacles to over come first. I know most of anyone older than the age of 20 has probably built some form of explosive in their backyard, and if you haven't done so, you at least have seen it done. This brings up the point that these things are easy to build, and also drives the point home that they can also be built with relatively mundane chemicals. Combine something like this with a full-scale cyber attack, and you could have the beginnings of mayhem on your hands. It wasn't much more than 2 years ago that no one has ever thought of using 2 passenger aircraft as missiles to take out landmarks on the U.S. countryside in order to commit an act of war. It will also be two years from now that you, I, and many others will be able to look at some of these posts, and say "See, they told the future." No matter what you decide to come up with for a solution to a possible attack you must come to the realization that under no circumstance, no matter how much planning, and no matter how prepared we become that if an entity were to attack the U.S. again, we will be fighting a major battle. As even our government has said, 9-11 was a precursor to other events to come, and they even admit to its relatively quick execution from the planning stages. Some of you and, even myself, have seen the enemy as inferior, in mind and ability. After carefully analyzing my thinking, I have come to realize I was wrong. How can you put a damper on the enemy's plan, Sure you can secure your computers, this helps. You can put in place an emergency attack plan; this should help a little more. One thing many people fail to look, and that article touches on this a little bit, is the end user with the broadband connection. Maybe if we as a whole offered our users a written tutorial on why they should take steps to secure their home connection, and some free and easy to use programs for doing this, we might make a difference on the 'flash virus' and cyber terrorism front. It would be nice for one's employer to show a genuine concern for their employees and offer something like this through the HR department. This might also do the Identity theft victims a few favors too. To cut to the point, it seems as though these cyber terrorists are putting their stakes more on the end-user who doesn't know any better, and if while doing so they happen across the major company with an OC-3 then that's just icing on the cake. So if anyone has seen good articles on how to secure your windows pc, and knows of any good, cheap or free programs for fire walling, anti-virus, anti-key logging, and/or major anomaly detection that the average end-user can get good use from, this might be a good forum for making them known. //John -----Original Message----- From: gregh [mailto:chows () ozemail com au] Sent: Tuesday, October 28, 2003 5:04 PM To: Meritt James; security-basics () securityfocus com Subject: Re: military strike possible? ----- Original Message ----- From: "Meritt James" <meritt_james () bah com> To: <security-basics () securityfocus com> Sent: Wednesday, October 29, 2003 4:11 AM Subject: military strike possible?Going from the premptive strike philosophy demonstrated in Mideastern countries, what are your thoughts on a military strike against (as yet unseen) "cyberterrorists" a'la http://www.msnbc.com/news/985295.asp?0si=- if there were extranational agents tampering with identified components of the infrastructure to the extent that they were risking human life?I think it was two years ago that I posted to Bugtraq something much simpler and more devastating. I outlined how you could easily take out all non-military shielded infrastructure including people nearby and how it could all be linked to mobile phones and when the terrorist is flying out of USA, he just sends a group SMS to all those mobile numbers and that simultaneously sets off the attack. I even pointed out that to build these things, a person can walk down the street with every single part in plain sight and no-one would think anything about it as they are everyday parts. What was worse was that someone responded with a "how to put that idea together" and did an estimate that it would cost US$30 to build each of the items that would be used in the attack. All non-military shielded places with computers that are critical, power stations, emergency response agencies, national guard, telephones, you name it would all go down. Now you may be wondering what the use in that would be because though it would take some time, likely within 24 hours most would be fixed and within a week all would be fixed. The idea of war is misdirection. If you wanted to attack USA or direct people all over the place stretching resources PAST breaking point, you would do this and in the meantime do whatever it was you had in mind - eg a portable nuke to whatever target - which would be a heck of a lot more likely to succeed. Lastly, you may all be wondering what it has to do with cyber security. Well, I originally was thinking how easy it would be to take down a wi-fi network and then graduated to whatever else it would kill and kept going. I was at the "cyber security" stage at the time I posted that. Unfortunately the idea is an actual easy to make (for those with electronics ability) idea that doesn't require hijacking a plane and can cause more havoc and deaths than the TTT attacks did if done properly. Since I posted that, an actual use of the part of the idea has come out. The bombing of Bali's night club was caused by an SMS to a mobile phone (I am not saying they read my post and got the idea but that they did what I predicted COULD happen). Makes me wonder who may have built the actual device to cause this chaos (noting that you would have to have many, not one, to do major damage). One other thing - a strike at the right moment against the US NYSE would cause major chaos and require one device. The damage it would cause would snowball to include financial chaos. That would, in turn, do major damage to every Western economy at the very least. If you think any of that is just sci-fi at the very best, might I point out the similarities between the major power outages in certain cities across the world, all close to each other and how, though unrelated to the above more than likely, no-one has yet given a convincing explanation of them? Greg. ------------------------------------------------------------------------ --- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ------------------------------------------------------------------------ ---- ------------------------------------------------------------------------ --- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ------------------------------------------------------------------------ ----
-- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566 --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
Current thread:
- RE: military strike possible? McGill, Lachlan (Nov 03)
- Counter measures (was military strike) J Kallberg (Nov 03)
- <Possible follow-ups>
- RE: military strike possible? Mickey S. Olsberg (Nov 03)
- Re: military strike possible? J Kallberg (Nov 03)
- Re: military strike possible? Meritt James (Nov 03)
- Re: military strike possible? Ansgar -59cobalt- Wiechers (Nov 04)
- Re: military strike possible? salgak (Nov 03)
- Re: military strike possible? Meritt James (Nov 03)
- Re: military strike possible? Jimi Thompson (Nov 03)
- Re: military strike possible? ~Kevin DavisĀ³ (Nov 03)
- Re: military strike possible? Gero Hesse (Nov 04)
- Re: military strike possible? Barry Fitzgerald (Nov 04)
- Re: military strike possible? Chris Boyd (Admin) (Nov 05)
- Re: military strike possible? J Kallberg (Nov 06)
- Re: military strike possible? Kelly Martin (Nov 05)
- Re: military strike possible? Anders Reed-Mohn (Nov 06)