April 15, 2001-- Newsletter #126
Application Security Testing: An Integral Part of DevOps
Goodies to Go (tm)
April 15, 2001--Newsletter #126
This newsletter is part of the internet.com network.
Please visit http://www.htmlgoodies.com
Greetings, Weekend Silicon Warriors,
I am back from Florida after a much-needed week of rest. I spent some time at Florida State University and then at Destin Beach flying a kite. It was the most amount of fun I've ever had with a $4 toy. I've been spending the morning searching the Web for bigger and better kites. I think I've found a new hobby and I can be to the beaches in Mississippi in less than 90 minutes.
Did you hear...
Speaking of Hacking, it was reported by Moskovsky Komsomolets [http://www.mk.ru/], and later the Moscow Times, that officials at the U.S. embassy in Moscow attempted to pay a Russian hacker $10,000 and a Visa to enter the Russian Federal Security Service's (FSS) system in order to copy and alter files. The Hacker, known only as "Vers," turned the job down and later turned himself in. The FSS questioned Vers and later let him go since there were no laws against a spy turning himself in before any crimes were committed.
On another subject, but no less concerning, Kozmo.com has shut its doors putting 1100 persons out of work. In addition, the once untouchable Yahoo has laid off 420 in an effort to bring the bottom line into better focus.
Now onto today's subject...
I am writing this newsletter on the Saturday after the U.S. service personnel held in China arrived safely in Hawaii. After a two-day debriefing, the men and women of the U.S. spy plane will be given a 30-day leave and all will be forgotten, right?
I have often wondered, and have written about [http://www.htmlgoodies.com/letters/067.html], whether an act of Cyber-terrorism is possible. Moreover, if possible, could it actually be undertaken? I ask that because it is my opinion that it would take a large contingent of very motivated and very skilled people working together to produce a strike that would get the attention of the nation targeted.
Maybe now it's going to be attempted. Many Chinese sites are calling for hacks against the U.S. in retaliation for the death of a countryman in relation to the spy-plane incident. The biggest sites, "KillUSA" [http://killusa.abc.yesite.com/] and SOHU [http://www.sohu.com/] have started a "Hack the USA" movement pointing out vulnerable targets and offering information and help to get the job done.
This story has been in the news now for three days and I haven't found any stories of successful attacks, but that doesn't mean that it hasn't happened nor does it mean that it won't.
It's obvious the U.S. sees cyber-terrorism, as a real threat. President Bush has made a point of earmarking more money to combat it. And, as you read above, the U.S. itself actually sees hacking as a method of spying. If one sees a tool as something to use against an enemy, then wouldn't one see that same tool as a threat if used against him or herself personally? That makes sense to me.
What might make the U.S. see the Chinese Web sites as somewhat of a concern past a couple angry kids with a PC, is the fact that many experts see the U.S. as ready to be hacked. Michael Vatis, who was once the head of the U.S. cyber-police, sat on a four-person panel at the RSA Data Security Conference and basically proclaimed that U.S. systems are full of holes that cannot be repaired. The panel agreed that security not only depends on what you do but also on what anyone attached to you does and that makes for a very vulnerable system.
I don't doubt that this coming Monday, the U.S. tax deadline, that hackers will make an anti-tax, anti- government statement somewhere. It may not be the IRS page, but possibly a smaller tax bureau page somewhere in middle America. That will once again show that holes exist and that if a kid in his room can make a strike, what's to stop a nation from gathering a group of angry, brilliant people together and making an organized hack attack all in one fell swoop?
The problem is the organization of such an attack. The Chinese sites above might not constitute much of a threat because they are not overly organized. The sites are full of angry rhetoric and calls for action but no seemingly organized force or front that will all strike at once. Although a concern, the threats from these sites don't seem to measure up to a true threat of full-scale cyber- terrorism. From what I have read, there just isn't enough of a uniform plan or mission and I believe that will be what is needed if someone is to actually use hacking as a retaliation or terrorist threat in the same way another group would use a bomb.
I could conceive of one person hitting one target, but could that one hack be devastating? I don't think so, at least not to the point where the nation's head would turn. That would have to be one heck of a hack, harming extremely sensitive data that couldn't be quickly replaced and would have far-reaching effects.
Is there one hack hit that could do that? Some might argue with me, but I don't think so. For hacking to be seen as a true weapon, the hit would have to be large, encompassing multiple strikes. The closest I have seen to the situation I envision would be the Smurf attacks that shut down some of the major Internet sites and search engines.
I believe that hacking could actually be a viable weapon. If used correctly and in enough force, vulnerable systems could be hit and certain infrastructures brought to their knees. I just don't yet see the Chinese sites above as providing that strike, but I do believe its coming.
As it stands, I believe the tough talk on the sites mentioned above will produce a few hits that may or may not make the news but nothing of any real concern.
I'm waiting for, but not looking forward to, the one time that a nation is able to gather together some great computer minds and actually create a hacking force that will do enough damage that the attack will be considered terrorism. I believe it could be done.
On a lighter note, there is another story regarding China and the Internet that I found interesting while I was researching this piece. The site "Eruptor" [http://www.eruptor.com/] offers Palm Pets. Those are little animation that will play on your Palm Pilot. Their latest is an animation of president Bush picking his nose and dancing like a clown. You can see it at their Web site.
Over 80% of the downloads are coming from one country. You guessed it. China.
The White House has no comment.
That's that. Thank you for reading.
Joe Burns, Ph.D.
And Remember: There's a little town right near where I live named Ponchatoula. They proclaim to be the "Strawberry Capitol of the World". Louisiana is a big producer of strawberries. The plant grows so well here that my university actually has them planted around the buildings and many shops sell them as hanging baskets. In fact, many believe that Louisiana strawberries are the sweetest because of a unique mixture of sand and clay in our soil. While walking around the Ponchatoula Strawberry Festival eating some of the best strawberry shortcake ever created, I ran across this fact. The "straw" in strawberry has nothing to do with actual straw. The name came from the way the plant grows. It shoots off little runners that were once referred to as "strays". In fact, the original name of the plant was "strayberries". Over the years it just simply changed over to strawberries. Oh, and by the way, the strawberry is also the only berry that has its seeds on the outside of the plant. In addition, it's really good when fried in batter and dipped in chocolate.
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...