Re: Cyber terrorism is 'fantasy'

[InfoSec News <isn () c4i org>]

Forwarded from: Gary Warner <gar () askgar com>

The thing about viruses, is that so far we have not encountered a
talented rapid-spread-virus author who wished to "destroy the world".  
I mean, Code Red was not nice, and Nimda was not nice, but imagine how
much less nice they would have been if they launched their attack, and
then formatted your C:\ drive!  Could they have done that?  
Certainly!  Why did they not do that?  Because their purpose was not
to "destroy the world".  How many "end-users" in your own
organizations have triggered one of the recent mail-all-my-contacts
type Outlook viruses?  How many would be up the Proverbial Creek sans
Paddle if the virus had decided to delete their "My Documents"
directory?  or all their directories?  or look for all mapped network
drives and delete all files?

The fact that this has not happened is one of the greatest blessings
we have received, and yet, it has also lulled us into a false sense of
security.  Upper Management reads about the Love Bug virus, looks
around, and notices the world has not ended.  They then conclude that
the world will not end in the future.  Code Red?  No problem.  Our
servers survived.  Good, we don't have to worry about tightening our
security I guess.

My greatest fear is that someone with malicious intent *IS* behind
these viruses, and that they have thus far been demonstrating their
ability to create a high spread virus to prove their skills to someone
who may wish to pay them to "destroy the world".  What I was thinking
when I watched the Code Red spread was "what a great way to make a
list of drones/zombies!"  Launch my attack, and then start monitoring
on a Class B network for boxes that begin attacking me back.  Sense I
know the method I used to spread my virus, I now have a list of boxes
that can be instantly "owned" with a far more devastating payroll any
time in the near future. How many machines was that?  200,000?  
300,000? 500,000?  What company, domain, or network could you NOT DOS
with 100,000 zombies in your control?

I know, I know, I am painting dark fantasies.  But I consider the line
in my job description that says "and other responsibilities determined
to benefit the corporation" to mean "assume a position of total
paranoia and prepare us for the worst".

Just my 2 cents worth,

_-_
gar



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.