_________________________________________________________________ London, Tuesday, November 12, 2002 _________________________________________________________________
INFOCON News _________________________________________________________________ IWS - The Information Warfare Site http://www.iwar.org.uk _________________________________________________________________ --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- _________________________________________________________________ ---------------------------------------------------- [News Index] ---------------------------------------------------- [1] How al Qaeda put Internet to use [2] The Myth of Cyberterrorism [3] Cybersecurity bill to boost school budgets [4] Are Macs Virus-Proof? [5] British hacker "attacks US military" [6] Bush wants swift action on Homeland Security agency as lame-duck Congress meets [7] Security technologies could backfire against consumers [8] Mitre: Open-source code rife at DOD [9] Homeland Security CIO says branding new department is key [10] FBI names new IT executive [11] Still a disconnect at Interior [12] Copy protection on CDs is 'worthless' [13] (UK) Nationwide banks on biometrics [14] ICANN plays safe with new domain plans [15] Skills gap shrinks between public, private tech workers [16] Why MS 'Ruling' Is Dangerous [17] XML Zooms Onto Gov't Tech Agenda [18] 'Dirty bomb' fears spur a search for Soviet relics [19] Russian Officer Convicted Of Spying _________________________________________________________________ News _________________________________________________________________ (So much to AQ's cyber warfare capabilities: '... The Milestones of Holy War site signals much more modest cyber-skills. Al Qaeda operatives struggled with some of the same tech headaches as ordinary people: servers that crashed, outdated software and files that wouldn't open. Their Web venture followed a classic dot-com trajectory. It began with excitement, faced a cash crunch, had trouble with accountants and ultimately fizzled. ...' Nevertheless, it shows that the Internet can be used for C2 (even though the last thing I would do is to send out an encrypted message if I were a terrorist as it stands out from the masses of communications) and Influence Operations (propaganda). Also it might provide a good tool for 'pre-battlefield intelligence' (one has to note though that the information needed would usually also be available in physical form, i.e. the current drive to remove data from the Internet does not solve the problem as the information is usually available elsewhere, especially for someone committed to gather such data. WEN) [1] How al Qaeda put Internet to use >From Britain, Webmaster kept 'the brothers' abreast on terror By Andrew Higgins, Karby Leggett and Alan Cullison THE WALL STREET JOURNAL Nov. 11 - In February 2000, an Egyptian merchant here in Guangzhou, the commercial hub of southern China, asked a local Internet firm for help in setting up a Web site. After lengthy haggling over the fee, he paid $362 to register a domain name and rent space on a server. http://www.msnbc.com/news/833533.asp?cp1=1 ---------------------------------------------------- (A great FUD free article. I would also recommend to read Rick's article 'Shredding the Paper Tiger of Cyberterrorism; which is available @ http://online.securityfocus.com/columnists/111 WEN) '... Concern over cyberterrorism is particularly acute in Washington. As is often the case with a new threat, an entire industry has arisen to grapple with its ramifications--think tanks have launched new projects and issued white papers, experts have testified to its dangers before Congress, private companies have hastily deployed security consultants and software designed to protect public and private targets, and the media have trumpeted the threat with such front-page headlines ...' '... It's no surprise, then, that cyberterrorism now ranks alongside other weapons of mass destruction in the public consciousness. ...' '... There's just one problem: There is no such thing as cyberterrorism--no instance of anyone ever having been killed by a terrorist (or anyone else) using a computer. Nor is there compelling evidence that al Qaeda or any other terrorist organization has resorted to computers for any sort of serious destructive activity. What's more, outside of a Tom Clancy novel, computer security specialists believe it is virtually impossible to use the Internet to inflict death on a large scale, and many scoff at the notion that terrorists would bother trying. "I don't lie awake at night worrying about cyberattacks ruining my life," says Dorothy Denning, a computer science professor at Georgetown University and one of the country's foremost cybersecurity experts. "Not only does [cyberterrorism] not rank alongside chemical, biological, or nuclear weapons, but it is not anywhere near as serious as other potential physical threats like car bombs or suicide bombers. ..." (This is so true. A few years ago I attended a military workshop on strategy. I was the only civilian there and during one presentation we were shown close-up picture of civilian victims of a chemical weapon attack in Iraq and I have to say I will never forget those pictures. So for me it is not difficult to realize that the real threat comes from NBC weapon systems rather than cyber terrorism. WEN) [2] The Myth of Cyberterrorism There are many ways terrorists can kill you--computers aren't one of them. By Joshua Green Again and again since September 11, President Bush, Vice President Cheney, and senior administration officials have alerted the public not only to the dangers of chem ical, biological, and nuclear weapons but also to the further menace of cyberterrorism. "Terrorists can sit at one computer connected to one network and can create worldwide havoc," warned Homeland Security Director Tom Ridge in a representative observation last April. "[They] don't necessarily need a bomb or explosives to cripple a sector of the economy, or shut down a power grid." http://www.washingtonmonthly.com/features/2001/0211.green.html ---------------------------------------------------- [3] Cybersecurity bill to boost school budgets By Declan McCullagh Special to ZDNet News November 11, 2002, 4:31 AM PT American universities may receive a nearly $1 billion windfall next week, when Congress is expected to approve a massive new spending program for computer security. On Tuesday, the House is scheduled to vote on a bill that would spend approximately $900 million over the next five years to recruit graduate students and faculty members in computer security and create research centers at colleges and universities. The measure, which already has been approved by the Senate, also requires the National Institute of Standards and Technology (NIST) to create checklists for government agencies to help them with common computer security woes. Agencies are not required to abide by the checklist, but they must report whether it was followed. http://zdnet.com.com/2100-1105-965164.html ---------------------------------------------------- [4] Are Macs Virus-Proof? By Robyn Weisman www.NewsFactor.com, Part of the NewsFactor Network November 11, 2002 Historically, Mac OS users have had little to fear from the scourge of viruses plaguing their Windows counterparts. The operating system's "Classic" incarnation was practically impervious, Macworld editor Jason Snell told NewsFactor. But Apple's (Nasdaq: AAPL) new operating system, known as OS X , is based on the Unix platform, whose code base has been around for more than three decades. While Unix underpinnings have made Apple's OS more powerful and stable, they also have made it more susceptible to viruses and worms. http://www.osopinion.com/perl/story/19930.html ---------------------------------------------------- [5] British hacker "attacks US military" US federal authorities say they have cracked the case of a British hacker who broke into 100 unclassified American military networks in 12 months. Officials familiar with the investigation refuse to identify the hacker, who lives in England, but say he could be indicted within hours in federal courts in northern Virginia and New Jersey. The officials, who spoke on condition of anonymity, would not say whether the hacker was already in custody. But one said investigators considered the break-ins the work of a professional rather than a recreational hacker. http://www.express.co.uk/story.html?story=1&r=3119939816592186 http://www.ananova.com/news/story/sm_707566.html?menu= http://www.wired.com/news/politics/0,1283,56319,00.html ---------------------------------------------------- [6] Bush wants swift action on Homeland Security agency as lame-duck Congress meets By ALAN FRAM The Associated Press 11/12/02 1:12 AM WASHINGTON (AP) -- President Bush wants the lame-duck Congress to swiftly approve his plan for a new Homeland Security Department, even as it is clear that Democrats will control the Senate for a bit longer. With the House and Senate planning to start an abbreviated postelection session on Tuesday, lawmakers were expected to launch a push to end a Senate stalemate over the proposed agency. Bush has called creation of the department, part of his response to last year's terrorist attacks, the outgoing Congress' top priority. Lawmakers were expected to examine a tentative plan for resolving the impasse by giving unions a larger role in workplace changes than the administration initially proposed. It was drafted by White House and congressional Republican staff and offered to Senate aides in bargaining Sunday night. http://www.nj.com/newsflash/washington/index.ssf?/cgi-free/getstory_ssf. cgi?a0426_BC_Congress-LameDuck&&news&newsflash-washington ---------------------------------------------------- [7] Security technologies could backfire against consumers By Robert Lemos Staff Writer, CNET News.com November 7, 2002, 4:00 a.m. PT SAN FRANCISCO--At the USENIX Security Conference held here recently, Microsoft developers touted the company's upcoming Palladium architecture as technology that would enhance privacy, stymie piracy and increase a corporation's control over its computers. Others, however, see a more nefarious role for the security software. Instead of just keeping hackers out, critics say programs like Palladium could also block computer users from certain data. For example, the technology could be used as a policing mechanism that bars people from material stored on their own computers if they have not met licensing and other requirements. http://news.com.com/2009-1001-964628.html ---------------------------------------------------- [8] Mitre: Open-source code rife at DOD BY Dan Caterinicchia Nov. 11, 2002 The use of open-source software within the Defense Department continues to gain momentum, especially in the critical area of cybersecurity, despite the fact that DOD and industry leaders have raised numerous concerns about vulnerabilities associated with the technology. But what if open-source software applications and development were banned in DOD? A recent study conducted by Mitre Corp. for DOD posed that hypothetical question and found that without open-source software, DOD's cybersecurity capabilities would be crippled and other areas would be severely impacted. http://www.fcw.com/fcw/articles/2002/1111/pol-open-11-11-02.asp ---------------------------------------------------- [9] Homeland Security CIO says branding new department is key By Gretel Johnston November 5, 2002 6:59 am PT HERSHEY, PENNSYLVANIA -- U.S. government officials doing the leg work to establish the proposed Department of Homeland Security should think of their challenge the same way corporations approach mergers and acquisitions, the chief information officer for the Office of Homeland Security said at a meeting here of IT industry and federal IT professionals. "As quickly as possible the new organization has to brand itself and emerge as a single, stronger entity," Steve Cooper, senior director for information integration and CIO for the Office of Homeland Security said Monday during a panel discussion at the Industry Advisory Council's Executive Leadership Conference. http://www.infoworld.com/articles/hn/xml/02/11/05/021105hncooper.xml ---------------------------------------------------- [10] FBI names new IT executive By Wilson P. Dizard III GCN Staff FBI Director Robert S. Mueller III today named Charles S. Prouty to the post of executive assistant director of law enforcement services, a post in which he will oversee the bureau's Criminal Justice Information Service Division as well as training, laboratory, critical response and international operations. http://www.gcn.com/vol1_no1/daily-updates/20437-1.html ---------------------------------------------------- [11] Still a disconnect at Interior BY Megan Lisagor Nov. 11, 2002 About 6 percent of the Interior Department's computer systems remain disconnected from the Internet, 11 months after a federal judge ordered a departmentwide shutdown citing security concerns, according to a Nov. 1 Interior report. Most of the systems support the Bureau of Indian Affairs and the Office of the Special Trustee, agencies that rely on information technology to fulfill the department's trust fund duties. http://www.fcw.com/fcw/articles/2002/1111/web-interior-11-11-02.asp ---------------------------------------------------- [12] Copy protection on CDs is 'worthless' 19:00 06 November 02 Exclusive from New Scientist Print Edition The technology built into some CDs to stop people copying them is futile, according to a computer scientist who has put today's antipiracy systems under the microscope. He believes the continual software and hardware upgrades issued by the makers of computer CD drives and audio CD players render copy protection systems pointless in the long run. CD: the most copied medium John Halderman, a computer scientist from Princeton University in New Jersey, plans to show delegates at a digital copyright conference in Washington DC next week that the idea of CD copy-prevention is "fundamentally misguided". In 2001, Princeton University scientists debunked the technology the music industry planned to use to inaudibly watermark sound. Halderman is now doing a similar job on copy prevention systems. http://www.newscientist.com/news/news.jsp?id=ns99993020 ---------------------------------------------------- [13] Nationwide banks on biometrics By John Leyden Posted: 11/11/2002 at 18:58 GMT Nationwide, the UK's largest remaining building society, last week announced plans to roll out biometric signature capture and verification technology to all its branches in the UK. Work will begin on the installation during the first quarter of 2003. By embedding biometric signature data into electronic documents, Nationwide hopes to "remove paper from branches and eliminate filing and retrieval systems". A bold ambition, particularly in the banking sector where notarised paper receipts are very much the order of the day. http://www.theregister.co.uk/content/55/28037.html ---------------------------------------------------- [14] ICANN plays safe with new domain plans By ComputerWire Posted: 12/11/2002 at 08:05 GMT The Internet Corp for Assigned Names and Numbers is proposing that three new top-level domains be added to the internet, but plans currently under discussion call for a limited roll-out that would focus on niche markets. In a document published over the weekend, ICANN president Stuart Lynn asks for public input on recommendations that three "sponsored" TLDs be added to the internet, and that proposals be solicited from interested parties. A sponsored TLD is one with a narrowly defined registrant base, such as .pro or .aero, which target certified professionals and the aerospace industry respectively, as opposed to unsponsored TLDs, such as .com or .info, which are open to anybody. http://www.theregister.co.uk/content/6/28047.html ---------------------------------------------------- [15] Skills gap shrinks between public, private tech workers By Molly M. Peterson, National Journal's Technology Daily Efforts to boost information technology training for government employees have helped narrow the skills gap between public- and private-sector IT workers, according to a recent study by Brainbench, an online skills-testing firm. "Government IT workers are showing significant strengths in some important technology areas-especially the increasingly popular Unix [and] Linux arenas," said Mike Russiello, president and CEO of the Chantilly, Va.-based company. The study compared the scores of more than 4,000 government employees and more than 7,000 private-sector workers who took Brainbench's IT skills tests online. The study analyzed the workers' test scores in eight major areas and found that government workers' scores surpassed those of private sector workers in three categories. http://www.govexec.com/dailyfed/1102/111102td1.htm ---------------------------------------------------- [16] Why MS 'Ruling' Is Dangerous By Lauren Weinstein (a commentary) 02:00 AM Nov. 11, 2002 PT Has Judge Colleen Kollar-Kotelly helped set the stage for a computing disaster of unprecedented magnitude? She's not the only culprit involved, but her ruling affirming the Justice Department antitrust deal with Microsoft may have devastating results that we'll all come to regret. http://www.wired.com/news/politics/0,1283,56279,00.html ---------------------------------------------------- [17] XML Zooms Onto Gov't Tech Agenda By Lia Steakley | 02:00 AM Nov. 11, 2002 PT As improbable as it may seem, declining sales among U.S. automakers have clinched government support for XML standards. The American automotive slump continued in October as Ford (F), General Motors (GM) and DaimlerChrysler (DCX) all reported a 30 percent drop in sales. The federal government hopes to rescue carmakers and several other industries with the Enterprise Integration Act of 2002, signed into law last week. http://www.wired.com/news/politics/0,1283,56287,00.html ---------------------------------------------------- [18] 'Dirty bomb' fears spur a search for Soviet relics Joby Warrick The Washington Post Tuesday, November 12, 2002 Deadly cesium from farm tests still missing TBILISI, Georgia In the 1970s, scientists in the former Soviet Union developed scores of powerful radioactive devices and sent them to the countryside for a project known cryptically as Gamma Kolos. Its purpose was to expose plants to radiation and measure the effects. Some of tests were aimed at simulating farming conditions after a nuclear war. In rugged eastern Georgia, researchers bombarded wheat seed with radiation to see if the plants would grow better. http://www.iht.com/articles/76657.html ---------------------------------------------------- [19] Russian Officer Convicted Of Spying MOSCOW, Nov. 11, 2002 The court verdict says Sypachev was detained by the Federal Security Service arrested April 4 after placing an envelop containing the report in a secret location, Interfax reported. (AP) A Russian military officer was convicted of espionage on Monday, and a Russian news agency reported that he was charged after being detained while trying to pass classified information to American intelligence agents. In a closed trial, the Moscow district military court sentenced Col. Alexander Sypachev to eight years in a maximum-security labor camp and stripped him of his rank, the Russian military prosecutor's office said in a statement. http://www.cbsnews.com/stories/2002/11/11/world/main528921.shtml ---------------------------------------------------- _____________________________________________________________________ The source material may be copyrighted and all rights are retained by the original author/publisher. Copyright 2002, IWS - The Information Warfare Site _____________________________________________________________________ Wanja Eric Naef Webmaster & Principal Researcher IWS - The Information Warfare Site <http://www.iwar.org.uk> --------------------------------------------------------------------- To subscribe - send an email to "[EMAIL PROTECTED]" with "subscribe infocon" in the body To unsubscribe - send an email to "[EMAIL PROTECTED]" with "unsubscribe infocon" in the body --------------------------------------------------------------------- IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk