Subject: [Widdershins] Every Hacker an Army? - that would be a full time job...

[Metgod]

only thing I can think of about this article as a whole...

'conspiracy + government'

you know what is interesting though.. Homeland Security.. the same term Adolf Hitler used.

anyhow, this article is a bunch of bollocks.. or I think so

Met




The Threat of Cyberwar Looms Large. Our Best Homeland Defense May Be
Surprisingly Small.
Virtually Helpless
by Josh Martin
September 11 - 17, 2002

www.villagevoice.com

The next time this country is targeted by terrorists, the primary weapon
may be an object no bigger than your thumbnail: a computer chip.

Without bombs, bullets, or missileswithout even setting foot on U.S.
soilcyberterrorists could disable the nation's phone systems, plunge cities
into blackout, sever water supplies, scramble military communications,
steal classified files, clog emergency-response lines, cripple highways,
and ground planes. By commandeering vulnerable home PCs and using them to
bombard the servers that make modern life possible, they could shutter our
markets and take out key links like the Federal Reserve, which every day
transfers $2 trillion over the wires. With a few keystrokes, they could
wreak damage on a scale not easily imagined, and for pennies on the dollar.

The best intelligence suggests that the next major military strike by the
Bush administration, now drumming up support for an imminent war on Iraq,
will draw in response an equally intense virtual assault. A report by
Dartmouth College's Institute for Security Technology Studies examined
cyberwar overseaswith particular attention to the conflicts in Serbia and
the Middle Eastand concluded that virtual onslaughts "immediately accompany
physical attacks." By the logic of that analysis, if Bush moves on Saddam
Hussein after the midterm elections, we would see the first full-on blitz
before Christmas.

It's not as though the White House lacks all understanding of the danger.
Last week, Bush officials brought to the readjourning Congress a plan to
create a cabinet-level Department of Homeland Security. Lawmakers are
weighing the president's request to provide the agency with $38 billion
next year. But of that sum, only $364 millionless than 1 percent of the
total budgetwould go to shield the nation's most vulnerable front.

This low funding level reflects in part a faith in larger computer security
investments by the Defense Department ($10 billion and climbing fast) and
the private sector (especially banks, financial services, media, and other
technology-dependent industries).

The real problem, critics argue, is that the feds won't, or can't, deal
with America's agile, innovative, and occasionally criminal hackersthe
experts with the street experience and technical know-how to prevent a
catastrophe. Instead, most Homeland funds are going to what one cyberwar
expert calls "the usual suspects," the same big players who built our
now-endangered infrastructure: large, slow-moving defense contractors like
Northrop Grumman, Raytheon, and SAIC, mainline academic institutions, and
established think tanks like the Rand Corporation.

"The concept of 'homeland security' is essentially retarded," says Michael
Wilson, a former hacker and current partner in Decision Support Systems
Inc., a Reno, Nevada-based consultancy advising sovereign states,
companies, and the ultrarich about dealing with cyberwar. "The contracts
are going to the very people who got us into this mess to begin with. None
of them can tell you what the current cyber-threat is, and they don't know
what to defend with."

Too young, too radical, and too often freighted with checkered pasts,
hackers are a breed of cyberwarrior no government agency feels comfortable
with. Because so few among the hacker ranks would even pass the first level
of security clearance background checks, the feds are trying to manufacture
their own, through programs like the Cyber Corps. Set up by President
Clinton, it now trains students on six campuses in the defense of
government institutions. Similar efforts to develop in-house cyberwarriors
have been launched by the CIA, the FBI, and each branch of the nation's
armed forces. But all these efforts are falling short. The federal
government estimates it needs 100,000 computer security pros, up from the
37,000 thought necessary a year ago. Today, the entire Cyber Corps program
has just 66 students.

Recognizing the failings of a conservative approach, some major defense
contractors are in fact reaching out to "white-hat" hackers. "I don't deal
with folks who are dancing too close to the line," says Adelle McIlroy,
security practice lead with Internal Network Services, a spin-off from
Lucent Technologies. "I look for someone who has learned their skills in
the military. If they have a criminal history, I wouldn't hire them. I look
for the ones who are smarter than thieves but who are not thieves themselves."

McIlroy believes the system will have to change, embracing more hackers to
provide an effective defense. "Government agencies are going to have to
change how they think, to be more adaptive," she says.

This view is an exception to the rule. Consider the response of one
Raytheon spokesman: "There's no requirement to change. We believe we have
the people to make it work."

[continuing]

[Metgod]

Such breathtaking smugness, combined with the ease with which a cyberattack
can successfully be launched, should be giving New York City officials the
willies.

New York is the number one target of any retaliatory strike, because it
remains the pre-eminent symbol of America's economic and technological
might. From a cyberterrorist's perspective, it might not be an entirely
open citydemand for computer security is growing fastbut it is still all
too vulnerable. Every pipe out is potentially a crack for enemies to
exploit. With DSL and cable connections quickly growing more popular, New
York ranks among the top 25 cities in the nation for household Internet
access. The city's financial, media, and entertainment industries could not
exist without the servers and routers ordering the data, tracking and
transferring money, and connecting us with the world beyond. New York is
second only to Los Angeles in number of Web sites registered, and it has
almost twice as many high-speed links as any city on the planet.

It is all very impressive. Yet none of the systems upon which the city's
economic life depends could withstand the major denial-of-service attack
terrorists are now capable of delivering. "The odds of some kind of
cyberattack have gone from probability to a certainty," says Fred Rica, a
threat-assessment guru with PricewaterhouseCoopers, LLP.

The question is, what scope of attack should the city expect? Rica's
answer: Prepare for the worst.

Opening skirmishes have already taken place. "Banks and financial service
organizations are experiencing a lot of benign attacks on the parameters of
their systems," says Steve Buerle, security practice director with
ThruPoint, Inc., one of the country's leading cyber-detective agencies.

Indeed, while no overt cyberwar has been declared on the U.S., the
country's defenses are clearly being tested. According to officials at CERT
(the federally funded Computer Emergency Response Team, based at Carnegie
Mellon University), the number of "incidents"cases of malicious hackingis
growing rapidly. Between 1994 and 2001, the yearly number of virtual
break-ins at the country's defense agencies grew from 225 to 40,076.
Breaches at private companies and other government agencies grew at only a
slightly lower rate, increasing from 2340 to 52,658.

The Bush administration has made several attempts to set up meaningful
protection, such as the Federal Computer Incident Response Center and the
Cyber Warning and Information Network. But the very nature of cyberwarfare
puts large and complex organizationsprivate or publicat a disadvantage.

As a result, although most computer systems now in place in New York's
major private and public institutions have some form of protective
software, almost all of them are sitting ducks. Rica points out that part
of the reason for this is that as systems age, they become more vulnerable.
Moreover, even when new defensive software is available, companies and
agencies don't always have the money or the inclination to buy in.

Cheaper and faster are the hackers, people Michael Wilson says should be
deployed to defend the city and the nation at large. "We've been relying on
people in the spook establishment who have an arm's length of clearances
and are ostensibly squeaky clean, but it just doesn't work," he says. "For
you to be any good in this area, you have to have done moves on the street.
But that kind of person can't pass clearance tests."

Others agree. "We need to treat hackers today the way we treated German
rocket scientists after World War II," says John Arquilla, senior
consultant with the Rand Corporation. "Hackers can be cultivated rather
than punished. They are an underutilized resource."

Much of that resource waits untapped, right in the heart of Gotham. "New
York has the world's largest hacker community," says Wilson. Of the 1000
top hackers in the world, he believes 20 are to be found here in the city,
along with between 200 to 300 cyberwarriors known as "script kiddies."
Those numbers might sound small, but in cyberwarfare, every hacker is an army.


Commissioning a major defense contractor to craft a response to cyberwar is
like sending a tank to do the work of a scooter. "The U.S. defense
establishment is trying to instill a mindset that is inherently foreign to
the people they've selected to do the job," warns Wilson. "You need to
build a defensive organization that can react like a 14-year-old."

Indeed, organized military response has been shockingly poor, at best.
Despite the $1.6 billion the Pentagon spent on computer defenses last year,
the General Accounting Office recently blasted the DOD for having networks
"beset by vulnerabilities." When the Defense Department tested itself, it
held an exercise in which teams from the National Security Agency used
hacker programs to break into 36 Pentagon computer networks and nine city
power grids and 911 systems, all at once. According to one source close to
that exercise, Pentagon systems administrators were able to detect just two
of the mock attacks.

There have also been real incidents in which only a dose of perverse luck
prevented disaster. During the Gulf War, Dutch hackers stole information
about U.S. troop movements from Defense Department computers and tried to
sell it to the Iraqis, who thought it was a hoax and turned it down.

That case shows how hard it can be to predict who will try to break in. But
correctly identifying the attacker is as important as knowing what systems
are being bombed. In 1998, more than 500 Pentagon computer systems were
compromised in a series of attacks code-named "Solar Sunrise." The assault
was first thought to have originated in the United Arab Emirates but later
found to have been the work of a couple of California high school students
and their 17-year-old Israeli mentor.

Homeland Security will have to move quickly to distinguish a serious foe
from a juvenile pest. And it will need to make a realistic determination of
who is capable of launching an attack in the first place.

Bush administration efforts to show that Al Qaeda terror cells are planning
to launch cyberattacks against the U.S. may appeal to public imagination,
but there has been little indication that Osama bin Laden has the cadre of
geeks needed to launch such an operation.

Still, plenty of others have the resources to pull it off. Intelligence
agencies have identified 20 countries and two dozen terror rings that are
developing cyberwar technology. Among them, the U.S. ranks first in terms
of money being invested. The list of other players includes both friends
and enemies: China, Russia, France, Germany, Israel, Iran, Iraq, Libya,
Cuba, Britain, France, and North Korea. Groups known to employ cyberweapons
range from Hamas in the Middle East to Chiapas rebels in Mexico to the
Falun Gong in China. There are also well-financed private cyberarmies
mustering in Pakistan, India, and Germany.

In this form of warfare, both the generals and the soldiers are marked by
extreme youth. The jargon reflects this. In addition to being called script
kiddies, frontline attackers are known as "ankle biters" and "packet monkeys."

Some computer experts denigrate these more minor players. "They don't have
to be very intelligent," says John Hale, a computer science professor who
works with the Cyber Corps program at the University of Tulsa. "These
hackers use scripts other people write."

The hacker community has other weaknesses. Its members are often their own
worst enemy. "Hackers can expose and break into things, but they aren't
necessarily good at making something work," says McIlroy, of Internal
Network Services. "A person committing the crime of breaking in isn't
always expert in defending. Besides, the question isn't how to defend a
system, but how to make it unbreakable."

Though that question may have no answer, the strongest hope lies with
pulling in all available minds. Cyberwar is not a game for the
shortsighted. Some argue the long-term fallout from a potent assault would
be even more devastating than the virtual battle itself. John Adams, a
well-known defense expert and former Washington correspondent for the
London Sunday Times, recently wrote that cyberwar technology "is capable of
deciding the outcome of geopolitical crises without the firing of a single
weapon."

And just as the effects of an atom bomb linger for generations, so a
cyberwar could unleash a host of viruses, worms, and Trojan horses that
defy the best defense efforts long after the fighting has ended. Already,
there are some 30,000 hacker-oriented sites on the Internet, bringing the
tools needed to wage cyberwar within the reach of even the technologically
challenged. The array of weapons is vast and growing. According to ICSA
Labs, more than 50,000 computer viruses have been created, and up to 400
are active at any one time, with over 10 new ones released every day.

In the end, the Department of Homeland Security may fail in its mission
because it is reactive rather than proactive, seeking to influence events
from on high rather than from the ground level, where effective control can
determine the outcome of cyber-conflict. Left unprepared, New Yorkand the
countrycould find itself the victim not simply of a cyberattack, but of an
utter failure of governing elites to see the writing on the wall.