Re: military strike possible?

["Meritt James" <meritt_james () bah com>]

Heard "Sink 'em all and let God sort 'em out on the bottom?"  How
selective was Dresden or Nagasiki?  When one of three is a threat, there
has been a displayed tendency to destroy all three and apologize
afterwards.

James McGee wrote:
> Number 1 rule in any kind of warfare;
>
> Know your enemy
>
> On the internet, with so many zombies already under control of script
> kiddies, and with no one doing anything about it, it would be nigh on
> impossible to know the enemy.
>
> Cheers
>
> JM
>
> -----Original Message-----
> From: John Canty [mailto:John.Canty () Vibro-Meter com]
> Sent: 30 October 2003 13:23
> To: gregh; Meritt James; security-basics () securityfocus com
> Subject: RE: military strike possible?
>
> After reading a few of these posts, I see a growing trend, that most of
> us in the IT industry are beginning to believe that some major
> catastrophe could easily happen without the apparent need for major
> resources. For the most part I agree with this line of thinking, but I
> feel that there are some major obstacles to over come first. I know most
> of anyone older than the age of 20 has probably built some form of
> explosive in their backyard, and if you haven't done so, you at least
> have seen it done. This brings up the point that these things are easy
> to build, and also drives the point home that they can also be built
> with relatively mundane chemicals. Combine something like this with a
> full-scale cyber attack, and you could have the beginnings of mayhem on
> your hands.
>
> It wasn't much more than 2 years ago that no one has ever thought of
> using 2 passenger aircraft as missiles to take out landmarks on the U.S.
> countryside in order to commit an act of war. It will also be two years
> from now that you, I, and many others will be able to look at some of
> these posts, and say "See, they told the future." No matter what you
> decide to come up with for a solution to a possible attack you must come
> to the realization that under no circumstance, no matter how much
> planning, and no matter how prepared we become that if an entity were to
> attack the U.S. again, we will be fighting a major battle. As even our
> government has said, 9-11 was a precursor to other events to come, and
> they even admit to its relatively quick execution from the planning
> stages. Some of you and, even myself, have seen the enemy as inferior,
> in mind and ability. After carefully analyzing my thinking, I have come
> to realize I was wrong.
>
> How can you put a damper on the enemy's plan, Sure you can secure your
> computers, this helps. You can put in place an emergency attack plan;
> this should help a little more. One thing many people fail to look, and
> that article touches on this a little bit, is the end user with the
> broadband connection. Maybe if we as a whole offered our users a written
> tutorial on why they should take steps to secure their home connection,
> and some free and easy to use programs for doing this, we might make a
> difference on the 'flash virus' and cyber terrorism front. It would be
> nice for one's employer to show a genuine concern for their employees
> and offer something like this through the HR department. This might also
> do the Identity theft victims a few favors too.
>
> To cut to the point, it seems as though these cyber terrorists are
> putting their stakes more on the end-user who doesn't know any better,
> and if while doing so they happen across the major company with an OC-3
> then that's just icing on the cake. So if anyone has seen good articles
> on how to secure your windows pc, and knows of any good, cheap or free
> programs for fire walling, anti-virus, anti-key logging, and/or major
> anomaly detection that the average end-user can get good use from, this
> might be a good forum for making them known.
>
> //John
> -----Original Message-----
> From: gregh [mailto:chows () ozemail com au]
> Sent: Tuesday, October 28, 2003 5:04 PM
> To: Meritt James; security-basics () securityfocus com
> Subject: Re: military strike possible?
>
> ----- Original Message -----
> From: "Meritt James" <meritt_james () bah com>
> To: <security-basics () securityfocus com>
> Sent: Wednesday, October 29, 2003 4:11 AM
> Subject: military strike possible?
>
> > Going from the premptive strike philosophy demonstrated in Mideastern
> > countries, what are your thoughts on a military strike against (as yet
> > unseen) "cyberterrorists" a'la
> > http://www.msnbc.com/news/985295.asp?0si=- if there were extranational
> > agents tampering with identified components of the infrastructure to
> > the extent that they were risking human life?
>
> I think it was two years ago that I posted to Bugtraq something much
> simpler
> and more devastating. I outlined how you could easily take out all
> non-military shielded infrastructure including people nearby and how it
> could all be linked to mobile phones and when the terrorist is flying
> out of
> USA, he just sends a group SMS to all those mobile numbers and that
> simultaneously sets off the attack. I even pointed out that to build
> these
> things, a person can walk down the street with every single part in
> plain
> sight and no-one would think anything about it as they are everyday
> parts.
> What was worse was that someone responded with a "how to put that idea
> together" and did an estimate that it would cost US$30 to build each of
> the
> items that would be used in the attack. All non-military shielded places
> with computers that are critical, power stations, emergency response
> agencies, national guard, telephones, you name it would all go down.
>
> Now you may be wondering what the use in that would be because though it
> would take some time, likely within 24 hours most would be fixed and
> within
> a week all would be fixed. The idea of war is misdirection. If you
> wanted to
> attack USA or direct people all over the place stretching resources PAST
> breaking point, you would do this and in the meantime do whatever it was
> you
> had in mind - eg a portable nuke to whatever target - which would be a
> heck
> of a lot more likely to succeed.
>
> Lastly, you may all be wondering what it has to do with cyber security.
> Well, I originally was thinking how easy it would be to take down a
> wi-fi
> network and then graduated to whatever else it would kill and kept
> going. I
> was at the "cyber security" stage at the time I posted that.
> Unfortunately
> the idea is an actual easy to make (for those with electronics ability)
> idea
> that doesn't require hijacking a plane and can cause more havoc and
> deaths
> than the TTT attacks did if done properly. Since I posted that, an
> actual
> use of the part of the idea has come out. The bombing of Bali's night
> club
> was caused by an SMS to a mobile phone (I am not saying they read my
> post
> and got the idea but that they did what I predicted COULD happen). Makes
> me
> wonder who may have built the actual device to cause this chaos (noting
> that
> you would have to have many, not one, to do major damage). One other
> thing -
> a strike at the right moment against the US NYSE would cause major chaos
> and
> require one device. The damage it would cause would snowball to include
> financial chaos. That would, in turn, do major damage to every Western
> economy at the very least.
>
> If you think any of that is just sci-fi at the very best, might I point
> out
> the similarities between the major power outages in certain cities
> across
> the world, all close to each other and how, though unrelated to the
> above
> more than likely, no-one has yet given a convincing explanation of them?
>
> Greg.
>
> ------------------------------------------------------------------------
> ---
> Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
> The Presidio integrates PGP data encryption and XML Web Services
> security to
> simplify the management and deployment of PGP and reduce overall PGP
> costs
> by up to 80%.
> FREE WHITEPAPER & 30 Day Trial -
> http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
>
> ------------------------------------------------------------------------
> ----
>
> ------------------------------------------------------------------------
> ---
> Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
> The Presidio integrates PGP data encryption and XML Web Services
> security to
> simplify the management and deployment of PGP and reduce overall PGP
> costs
> by up to 80%.
> FREE WHITEPAPER & 30 Day Trial -
> http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
>
> ------------------------------------------------------------------------
> ----

-- 
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566

---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------