Skip to comments.U.S. Fears Al Qaeda Cyber Attacks (A MUST-READ)
Posted on 06/26/2002 3:56:37 PM PDT by TimesinkEdited on 09/03/2002 4:50:41 AM PDT by Jim Robinson. [history]
Unsettling signs of al Qaeda's aims and skills in cyberspace have led some government experts to conclude that terrorists are at the threshhold of using the Internet as a direct instrument of bloodshed. The new threat bears little resemblance to familiar financial disruptions by hackers responsible for viruses and worms. It comes instead at the meeting points between computers and the physical structures they control.
(Excerpt) Read more at washingtonpost.com ...
Warning: It's VERY long.
I have a marketing idea for the credit card companies. Facilitate putting security on such systems by wrapping them in a plain old e-commerce web front end. Then allow operators to log in using their credit cards. Charge the card, say, a nickel for each access. This way, all access is tracked by the credit card infrastructure. For discussion.
Late last fall, Detective Chris Hsiung of the Mountain View, Calif., police department began investigating a suspicious pattern of surveillance against Silicon Valley computers. From the Middle East and South Asia, unknown browsers were exploring the digital systems used to manage Bay Area utilities and government offices. Hsiung, a specialist in high-technology crime, alerted the FBI's San Francisco computer intrusion squad.
Working with experts at the Lawrence Livermore National Laboratory, the FBI traced back trails of a broader reconnaissance. A forensic summary of the investigation, prepared in the Defense Department, said the bureau found "multiple casings of sites" nationwide. Routed through telecommunications switches in Saudi Arabia, Indonesia and Pakistan, the visitors studied emergency telephone systems, electrical generation and transmission, water storage and distribution, nuclear power plants and gas facilities. Uh-oh..
We keep reading about 'visitors' seen taking photos of water installations, etc. Yet nothing is do since they are on 'vacation'.
Time to shoot first and ask questions later.
Goes far beyond the article and what they refer the intruders having looked at.
Seems to me we have to take these devices off the Internet without further delay. Either that or use iron-clad authentication protocols.
The use of cryptographic certificates for control of devices would probably solve this problem at reasonable cost.
A long, drawn out guerrilla war where the attacks were targeted at the infrastructure of the culture would be much more effective even if they weren't "sexy" to potential recruits. Just slowly bleed the culture's economy to death- this so called 'death from a thousand cuts'. Some items I would try to accomplish if I were in their shoes:
These things and many more I would've expected the terrorists to do. Just general disruption of our way of life. It would be very costly monetarily- for the victim and would be generally low risks for the organization carrying these things out. I mean you could do a lot of damage to a smaller community by simply setting the local factory or mill on fire- putting a major employer out of action. There's no way a nation's security apparutus could successfully defend every single target in addition to guarding nuke plants, airports, water supplies etc etc. Maybe they are just stupid and stuck in a Middle Ages type mentality. But if you successfully attack and disrupt an enemies supply/support lines- you will eventually defeat him and I suppose I'm glad they have this mentality.
I have mine, but I won't provide my call sign as it's too easy to learn too much about me through this Federal License! I admit I haven't read this article yet, but I'm just as concerned today with the deliberate destabilization coming from within by our own elected politicians.
I watched the markets struggle valiantly today after watching PBS's Frontline program last week describe how Senators Dodd, Lieberman and Tauzin led the successful effort to override bill clinton's veto of letting auditors double as business consultants! Nothing being learned by the 1929 crash and now we have WORLDCOM!!!
This article is right, but our own liberally appointed judges for life are destabilizing our culture this very day! This nation and it's history is being thrown away, by it's own people! The militant few within are forcing us to waste our resources and compound the instability and are determined to bring it all down like the twin towers.
Here in CA they are doing it at the State and local levels as well! From within!!!
We better get a grip, here before it all shakes apart soon!
They certainly didn't include computer courses at their training camps in Afghanistan. That's not to say that we aren't vulnerable at these spots or that terrorists won't eventually develop the expertise to attack us using cyberwarfare.
But this enemy hasn't proven themselves to be terribly sophisticated yet. They are bold, and imaginative. They are cruel and evil. But brainiacs? I don't think so.
Most of the guys I work with are blissfully asleep at the wheel. Most laugh and make fun of anyone who speaks about the possible demise of our way of life.
It could happen that hams will be needed again. Especially those who read code.
I would hope that any really critical control networks were never connected to "the internet" in the first place! Sheesh. Would they actually put something like the control valves to a nuke plant or a dam on outside access where hackers could snoop in the first place? Not likely IMHO.
Think again. Most of the terrorists in the Al-Quaida leadership structure are from very wealthy, highly educated Saudi families. Mohammad Atta's father is a prominent surgeon. If you read the profiles of the 19 hijackers, many were from wealthy Saudi families.
An even scarier idea is the number of muslim "students" being taught in our Universities. These students are going from the college campuses straight into OUR hi-tech, pharmaceutical, government, bio-tech, and financial institutions to work. To think that they have not already infiltrated every level of our financial structure is pure folly. INS has not placed any checks and balances into the student visa's and we have paid, and will pay the price.
There is a significant prision population that has converted to the muslim religion. They are being trained to utilize computers and other hi-tech equipment, as a way to help them find work when they are released. We also have major corporations, including financial corporations using the educated prison population as cheap labor to process sensitive customer information.
Even the most recent attack we thwarted, an attack on ships near Gibralter, was a repeat of the Cole attack scenario. I'm still not convinced that these losers who are attacking us are the brightest bulbs.
My concern had been that just as after 9/11 many groups and individuals who had supported Jihad withdrew their support out of disgust- so did the opposite happen- young people and groups who might otherwise not have supported bin Laden would've suddenly seen him as having an effective strategy and a just cause. I find it plausible that many young Muslims who have hacker/advanced computer skills who had been planning to have a nice career in the industry might have gone off and donated their services to "The Foundation" and its cause. Think about all those Muslims in Germany in the universities who might have been radicalized by the events and got on a plane bound for Pakistan and other points of call in the Islamic world- just as we know that many in Britain and America went to Pakistan to try to physically fight the coalition.
I think al Qaeda probably had no shortage of volunteers after 9/11 who just might have the skills to pull something like this off. These messages recently, allegedly from al Qaeda, that state "We will attack them where they do not expect it" certainly raise a few questions. They could've just been blowing hot air but I've been puzzling on that particular wording ever since. Where would be the perfect target that we least expect?
I hope that it is as easy as you fear, because I don't have the slightest doubt that we're trying to put our folks into al-Qaida right now. No doubt whatsoever.
I can't think of a better way to defeat them than to infiltrate them.
Infiltrating has been the sticky point so far hasn't it? Hard for Joe Blow from Kansas to pass himself off as a Muslim dedicated to the jihad.
I sincerely hope that the Defense Language Institute is chock full of students learning Arabic right now (as well as Parsi or whatever else it is they speak). Had the chance to go to the DLI when I enlisted (after getting a good score on the DLAB test). Drill Seargent said I'd probably be learning Arabic (this was just before the Gulf War) and that dissuaded me from pursuing that particular avenue of training. I wish I had now, maybe I could be of some use.
I hope the CIA is on this thing. Surely, there has to be some hardball type Muslim out there that would be willing to take a lot of cash to crack the al Qaeda nut. I hope they find him because, as you say, a mole would be their undoing.
The problem with that is that morally, you don't want to commit an act of terrorism.
That's why they require you to do it, of course. They don't want Joe 6-Pack the ethical American CIA agent to infiltrate them, so they put the 'initiation' in to deter him by using his conscience against him.
So, if you grant the guy a pass to commit the required act, in hopes of a successful infiltration and averting much greater attacks in the future, the fact remains that your man committed an act of terror.
While this is an understandable neccesity under the circumstances, be prepared to be beaten with that fact once the information sees the light of day through a freedom of information release or from a lawyer or congressleaker privy to the information. Expect to see the antiwar, antiCIA, anti this or that folks use that one act against you, without regard to the big picture. Maybe they will associate an infiltrator's neccessary actions with big oil, the bilderbergers, or the Mickey Mouse Club. They will do so in vain at first, but over time people will come to be outraged at the smaller act, and ignore the terrible acts that were prevented because you had access to insider info.
What this is is a distraction from serious vulnerabilities like a bioweapon attack or a SAM attack on airliners.
My company manufactures control/telemetry equipment for municipal utilities, and we also author a great deal of firmware/software for this equipment. We have been very tuned into the security aspects of these control systems for years now. As you can imagine, we are focused upon this more now than ever.
Have suspicious arabs shown an interest in these systems? Yes. Homeland Security had heard of some inquiries, and they sent us a fax this past winter to be on guard. Also, our company was approached once. A few years ago, a saudi requested detailed information on our control system via email; and we responded with the standard brochures (nothing sensitive). Didn't think much about it at the time, and deleted the email long ago. Also, he didn't like my "foreign business policy"... foreigners pay in advance :-)
This summer, we also observed a man making inquiries to an internet programmers newsgroup targeted toward web server programmers/administrators on Windows platforms. All of his requests focused on finding ways to break into web servers such as Apache, IIS, and Netscape. It became very apparant when looking at all of his posts as a whole. We found that his ip address is in the united arab emirates, and then we notified the FBI with the info. (don't know if they pursued it further.)
Do I think they will hit our water and power supplies? Not really. I have yet to see them take any action which is not based upon killing a lot of people.
Shutting down computerized water pumping stations will not even run people out of water. First, most water systems have a large amount of pressurized storage (water up in the water towers). Second, every piece of industrial equipment that I have ever seen always has "manual" controls in addition to the computers. Could they poison a water supply? Does anyone know how much poison it would take to overcome the dillution of 10's of millions of gallons in a water system? Not likely to happen. Anthrax in the water? The chlorine would kill it. Worst case scenario with water: some people get sick, no deaths. Best case scenario: alqaeda gets shot by the neighbor who lives next to the water tower.
Dam control system disruptions? The filling/emptying of a dam is a VERY slow control processes. "Manual" override would be instituted far in advance of any repercussions.
Power? Power is a lot more vulnerable, because there is no "storage" within the system (as with water). Even a short disruption would be noticed. And power is everything. Actually the best way to shut down a water system is to shut down its power. And why attack the power grid control computers, when much more lasting damage can be done through a physical attack? (Look at what we did to the power system in Yugoslavia). However, although a power shutdown would be pretty darned inconvenient, I still don't see how it is going to kill Americans.
In summary... I don't see alqaeda pursuing this computer hacking angle, because it doesn't kill anybody. These guys are all about killing.
ps. This is just my educated opinion. I'm sure there are smart people who would disagree.... and sorry about the long post. Usually I specialize in short, smartass comments. :-)
This discussion probably doesn't belong on this thread, but it just cracks me up that people get so excited about some exterior threat and think it is so much more potent than the threat from within. It's all enemies of our Constitution, foreign AND DOMESTIC!!! Mc Carthy was more right than wrong. It's just that he had no class and was crass! Besides, people don't equate sudden death with the enemies of freedom from within. It's slow death instead.
Trite, but true... "Eternal vigilance is the price of freedom!" (still) This terror war is way worse than the cold war ever was!
Do you actually have a legitimate argument to make as to what's wrong with the article, or are you merely interested in tossing around empty insults?
Maybe not so uh-oh. Isn't the Net a two-way street? Can't we "study" all those systems in Saudi, Paki, and Axis of Evil countries pretty easily? What do you want to bet we already have?
A couple of years ago, World Net Daily reported on a group of hackers, Hong Kong Blonds, who had hacked into Beijing's computers and loused up the Red Army in some pretty interesting and effective ways. So it's being done. Author of articles on Hong Kong Blonds was Anthhony lo Biado (Portuguese name), if you want to look them up.
One little cyber attack, and the USA could retaliate in kind, blowing several nasty little countries off the map altogether. (If they're sophisticated enough to have vital services run by computers.)