Posts tagged “Cyberterrorism”

“Cyber Jihadist” Trial

The trial of a man accused of “virtual jihad” is about to start in Germany, reports The case will focus on whether the (re) posting of audio and video files on the Internet along with the occasion appeal for jihad constitutes “attempting to recruit members” for terrorist organizations.

“It’s an important trial because it will shed light on whether what happens in closed chat groups on the Internet falls under freedom of expression or whether you can penalize it if there’s proof of planned attacks,” said Carstensen.[press spokesman for Germany’s criminal investigators’ union (BdK) ]

Network or Nodes?

Canadian media coverage has focused on the recent arrests of seventeen Canadians suspected of planning to detonate bombs in Ontario. In addition to the predictable sensationalist, wildy speculative coverage, which truly was awful, reports of Canada’s electronic surveillance capabilities are emerging.

Police credited Internet surveillance with playing a key role in the recent arrests while simultaneously claiming that the technical sophistication of terrorists requires better technology and less restrictions on wiretaps. In conjunction with electronic eavesdropping, Canadian authorities have been moving away from collecting evidence to use in criminal cases and have been engaging in the “disrupting” suspected groups.

However, the RCMP admit that they have never “sought greater authority to conduct monitoring and surveillance” because in Canada, law enforcement only needs Ministerial approval to engage in wholesale surveillance — not specific calls or emails but broad wholesale monitoring.

The arrests come at a time when Canad’s “Anti-Terrorism Act” is set to be renewed by Parliament. Despite the fact that many of the new powers granted law enforcement were never used law enforcement and major news media in Canada want the Act renewed.

As Gwynne Dyer points out in one of the few dissenting articles in this country the rationale behind the need for these increased powers is fundamentally flawed. The case for increased surveillance powers to protect Canadians is based on the presumption of an international terrorist network when in fact the threat is from small, isolated nodes:

Any terrorist attack on Canada is bound to be homegrown, because there is no shadowy but powerful network of international Islamist terrorists waging a war against the West. There are isolated small groups of extremists who blow things up once in a while. There are Web sites and other media through which they can exchange ideas and techniques, but there is no headquarters, no chain of command, no organization that can be defeated, dismantled, and destroyed…

The contrast between the received wisdom—that the world, or at least the West, is engaged in a titanic, unending struggle against a terrorist organisation of global reach—and the not very impressive reality is so great that most people in the West believe the official narrative rather than the evidence of their own eyes. There must be a major terrorist threat; otherwise, the government is wrong or lying, the intelligence agencies are wrong or self-serving, the media are fools or cowards, and the invasion of Iraq had nothing to do with fighting terrorism.

The expansion of increased surveillance technology and powers while decreasing the amount of oversight is a threat to the civil liberties and privacy of Canadians. The fact that fear is exploited to push these powers through is deplorable.


AP reports:

The government concluded its “Cyber Storm” wargame Friday, its biggest-ever exercise to test how it would respond to devastating attacks over the Internet from anti-globalization activists, underground hackers and bloggers.

mock cyberterrorism = “no impact on the real Internet”. :)

Oh, and the Internet “survived”.

Hacking Ghost Stories

There have been a variety of reports lately on “Titan Rain”, an apparent cracker attack on US military computers that may have originated in China. The story orginally surfaced in the Washinton Post which reported that “Web sites in China” (1) were being used attack “hundreds of unclassified networks” run by the DoD and the US Government. Complete with the usual whispers and officials refusing to comment the articles notes that China may only be the last traceable hop and that only “low risk” computers were compromised.

TIME Magazine (pdf , local archive) then picks up the story and focuses on Shawn Carpenter, a mid-level analyst at Sandia National Laboratories, who claims to have counter-cracked the attackers and pinpointed their location to three routers in China’s Guangdong province. TIME then states the following:

TIME has obtained documents showing that since 2003, the hackers, eager to access American knowhow, have compromised secure networks ranging from the Redstone Arsenal military base to NASA to the World Bank. In one case, the hackers stole flight-planning software from the Army.

It is unclear if “the hackers” are the same alleged Chinese hackers or if this is just a summary of the many attacks on DoD and US Government systems that Lt. Col. Mike VanPutte, vice director of operations of the Joint Task Force for Global Network Operations under the U.S. Strategic Command, attributes to the increased used of downloadable attack tools, which presumably, there are security patches for. In effect, there are increased attacks (i.e. scans or attempts to use known exploits) against Internet-connected, low risk, computers.

This story is eerily familiar.

Moonlight Maze is a continuing story that surfaced in July 1999 about a secret cyber-war aimed at the Pentagon and possibly conducted by the Russians or Chinese. It first appeared in the London Sunday Times in an article by James Adams. The story relied on unnamed sources and claimed that “some of the nation’s most sensitive military secrets, including weapons guidance systems and naval intelligence codes” had been stolen. However, a story in Federal Computer Week refuted these claims by citing yet more unnamed DOD and pentagon officials as calling recent media coverage of Moonlight Maze “a combination of outright fabrications, distortions and incorrect quotations,” and that military secrets had not been compromised.

The Moonlight Maze story re-surfaced after the Sept 11 attacks. USA Today ran a story about Moonlight Maze but in this version the theft of secret data “may be the work of terrorists” or someone working with terrorists.

Titan Rain and Moonlight Maze are amazingly similar ghost stories. In effect, the same story had been told and re-told, with substituted attackers, since at least 1999. I call FUD.

(1) Websites? Hmm… thats some badass HTML :)

Cyberterrorism re-surfacing?

Back in 2002, I wrote that the discourse surrounding �cyberterrorism is dominated by sensationalist and alarmist analysis based on selective interpretation of partial facts and speculation by unnamed officials and experts. Demonstrating a stunning lack of vision, the alarmist conclusions drawn by such study are buoyed by fantastic, ill-conceived scenarios that defy the circumstances and bounds of reality.� Despite some studies to the contrary, it appears that little has changed.
More… »

Air Traffic Control and Cyberterrorism

airtraffic-small.gif On June 3 2004 the air traffic control system in the UK shut down for one hour (7am -8am) causing flights to be delayed, cancelled and grounded. The Flight Data Processing System was being tested (testing on a live, critical infrastructure system?) in preparation for an upgrade when errors were detected. It was decided that a reboot (always the best option?) was the appropriate solution. Service was eventually restored. A similar incident recently occurred in Texas, USA.

These events will no doubt make their way into “security” literature with the addition of “what if” scenarios in which the disruption was cause by hackers or cyberterrorists rather than the unappealing reality of bugs, glitches and upgrades.
More… »