Histon Encyclopedia
Cyber War (Part II)
Home | Our Products | Contact Us | Our Location | About Us

 

  In the United States there is a critical infrastructure.  This infrastructure includes electrical power, finance, telecommunications, health care, transportation, water (depending on how you get water), defense and the internet.  All of these are highly vulnerable to a cyber attack.  If any of these are attacked, it would be an emergency!  It might be an emergency in the case that if something complicated jammed up the virtual system, it could take months to fix!

But how can you protect (or be protected) from a cyber attack?  Especially if you dont know the capabilities of the enemy.  John Arquilla said, You cannot defend yourself unless you understand how the offense and defense works.  And in so doing, you learn to wage offensives. (Frontline Interview)

With everything that is vulnerable and could be attacked at the mainframe, many officials believe the attack could be launched from the internet and still reach into the systems that hold all of the information.  This worries official, because Al Qaedas computers showed information that they were hacking into our mainframe.  One target could be the electrical systems, leaving American cities in the dark, if attacked.

A hacker who spoke on terms of anonymity, said, You could take down significant pieces of it (the power grid) for lets say operationally useful periods of time.  Penetrating a SCADA system thats running a Microsoft operating system takes less than 2 minutes!

Joe Weiss, a control system engineer and executive consultant for KEMA Inc. reluctantly agreed that the power grid is vulnerable. And at the worst case scenario, it could be down for up to 6 months!

Many officials say cyber security needs to be a main priority.  Those people have had little success.

John Hamre, director of the Center for Strategic and International Studies, thinks cyber terrorism is a possibility. He says, But terrorists like Al Qaeda are after a shock effects.  It is very difficult to see the shock effect when you cant get $20s out of an ATM. (Frontline Interview)

Al Qaeda

(All responses are responded by Hacker, unless otherwise noted.)

What do we know about their capabilities?

Al Qaeda uses computers and information technology for a number of purposes.  We know they use them for communications.   Al Qaeda as a network known as ISI, or Inter Services Intelligence, which is Pakistani intelligence.  Pakistani intelligence then had groups of hackers which can hack into other groups accounts.  There are computers trying to track the movements though.  These computers have 2 terabytes of possible stored information.

Could you list an example of sophisticated cryptography using communication?

An example of Al Qaeda using sophisticated technical by means, could mean sending it in spam e-mail.  It might look like something bad and take you to a bad website, but it could be encoded with messages they (Al Qaeda) only understand.  By doing this there is no way to figure out what is going on or how to view the website (if you didnt know what you were looking at).  They could use a pornographic website for a cover.

So they were getting all communications via a pornographic website?

Yes.

How did they do that?

You can put anything up on a website.  Mostly they used Yahoo Groups to get information. They (on Yahoo Groups) can plan trips through Afghanistan and Pakistan easier that way.  Or they could use one time e-mails.

One time only e-mail addresses.  How does that work?

You set up an account on Hotmail, or another free service.  Then you just send/receive 1 message and never use the account again.  That way they (the US and other terrorist finder/fighters) cannot trace the traffic of the e-mails, and where they (Al Qaeda people) might be next.

So what does this translate to in a cyberspace method?

They can interpret UK and US cryptograms, and then un-decode them and read them.  They (Al Qaeda) becomes very, very high tech out of bin Ladens inner circle.  They can connect to independent groups of people for their advantage also.  Al Qaeda is a community, one that listens to important chatter and ignores the rest.

I dont think we should underestimate any adversary.  Especially one as sophisticated as Al Qaeda, Michael Skorch.

Microsoft

(All responses are responded by Hacker, unless otherwise noted.)

A problem Microsoft has is that it only internally solves problems, note externally and tracks them.  Anybody could break in and read a source code and no-one would ever know.  They also try to hide some of the problems, which wont make them go away, Hacker said before questions.

Microsoft says that security is its top priority now.  Is it true?

No, security isnt the top priority, but it is a concern, because even the US Government is telling Microsoft to up its security on programs.

Once you find the Microsoft systems vulnerabilities in your free time (and there are quite a few), imagine if 95% of the machine's in the marketplace ran on the same program/operating system.  They all have equal vulnerability.  With this you get a mono-culture. Everything is vulnerable!

But this is just the nature of the Beast, isnt it?  You cant create perfect software.

You cant create perfect software, but you can make more secure software.

But this is their business.  Theyre in trouble if theyre getting sued all the time.

No-one is suing them.  Theres no product liability in security.  If there was product liability in security as there is in any other product flaw, Microsoft wouldnt exist.

Continued on the next page.

Cyber War (Part III)