FIDNET, Cyberwarfare, and Reality 54
Neutral: Foxxz writes "Shortly after the article ran on Slashdot about the FBI computer monitoring program called FIDNET, I wrote to my congressman. Finally I have received a response from him concerning FIDNET. Its not a very pretty picture for the internet; allowing email captures and the monitoring of remote logins. I took the time to type up the letter and post it. I hope to get the document scanned early this week." It's just a form letter, firmly in the middle of the road, but interesting anyway.
Pro: Effect sends this article from a legal publication. "The article is a little old, but a new example of how are tax dollars are spent is here. The rundown is on a new $1.5 billion dollar program to gauge the threat of cyberterrorism and looking for security breaches in critical networks like banks, telecoms and government nets. Any one else want the govenment poking their noses into their files looking for problems? Bear in mind that this is just a proposed start up cost, and the actual program will run much higher."
Anti: George Smith, of the Crypt Newsletter, has been debunking this for some years now. His articles include Electronic Pearl Harbor: A slogan for U.S. Info-warriors, An Electronic Pearl Harbor? Not Likely, a tale about how the FBI finds new computer threats (in April Fool's jokes about computer viruses), and a recent piece written for CyberWire Digest. Smith says, ""Clinton" [a fake virus] was an April Fool's joke published in a PC mag along with a number of similar tales, it was republished in an FBI paper on computer crime in 1996. While it's amusing that the FBI would be taken in by an April Fool's joke, it's rather confounding to realize that this was passed off as serious research. It's a great lesson in why it pays to be skeptical of our leaders when they talk of "cyberterror.""
Future: Johan writes "Jane's Intelligence Review is running an article about cyberwarfare for its next issue, which I'm editing at the moment. It has a number of broad assertions, including:
"For terrorists, CBRN/Cyber weapons provide the opportunity to cause death and disruption at unprecedented levels--resulting in thousands of casualties and billions of dollars in damages to critical infrastructure nodes."
"Acquiring a CBRN/Cyber capability requires extensive funding, an overt or covert acquisition capability, a technological research and development program to produce, weaponize and stockpile CBRN materiel (or the capability to purchase or steal ready-made weapons), and a level of technical expertise and logistical infrastructure that is appropriate to launch successful CBRN attacks..."
"Commercial-off-the-shelf (COTS) software products can easily be obtained to conduct cyberterrorism, making CB/Cyber attacks much more feasible to launch than heretofore..."
Although 'cyberwarfare' is a bit of a cliche, given the IT-related nature of many of your readers, I wondered if any of them would like to comment on this, ie, is all this stuff really so?"
The floor is open. -- michael
Not-so-Offtopic-New ways of lucre after the Y2K (Score:2)
Just Complete the form where's appropiate and send to your favourite agency.
TO: Security Agency Director
FROM: ___________________________
I need funding for a new project to prevent free world to be dominated by:
(mark with an X)
__Cyberterrorists
__Militias
__Drug Mafia
__Anarchists
__Leftists
__Child Abusers
__Porno Distributors
__MP3 Compression
The project consists in attack this evil organizations by
(mark only 3)
__Disabling the whole Internet
__Reading their e-mail
__suscribing them to the a USENET list
__Banning crypto software
__Filtering web content
__Analizing content of each net packet
__Playing Quake until late night
__Probing for security holes
__Analizing network routing
__Taking over IRC channels
__Spamming them
__Analizing ICQ message contents
__Attacking them with ICBM's
__Rising communication rates
__Invading underdeveloped countries
This resource intensive task can only be acomplished succesfully using high skilled
__Windows Users
__Aliens
__Cobol programmers
__NFL players
__Foreign soldiers
in cooperation with our group of expert
__gourmets
__C++ programmers
__Hollywood script writers
__Linux developers
__NSA Officials
__Bowling Team
The project will be directed by me and myself, and I will be the only person with entire knowledge of the entire secret operation.
Our operating office will be undercovered as a
__Pizza Hut Restaurant
__Software Development Company
__Gay Bar
__Open Source Software Project
The total funding requeriments, for a initial development of the project is
__$1.000
__$1.000.000
__$1.000.000.000
__other, please specify ($_____________)
due the need of high end equipment.
This equipment will be the core of the project and will consist in
(describe quantity)
__Sony Playstations
__Texas Instruments TI99
__Pamela Lee's Videos
__Calculators
__DVD Rentals from BlockBuster
__Complete Ricky Martin discography
__Windows Licences
__cans of Coca-Cola
Waiting for your positive response, yours:
______________
your signature
Re:FUDNET (Score:2)
Re:What about non-Americans? (Score:1)
Redmond for Montreal. I think it's a damn good trade."
Artie FM, have you ever considered running for public office?
"The number of suckers born each minute doubles every 18 months."
Duh! (Score:1)
The same argument might be made of efficient tax-fueled government projects.
Which one is more likely? ;-)
Privacy Statements (Score:1)
Other than that, there will be no stop to the privacy invading software that will be made in the future.
Were fucked.
Re:It's just a bunch of guys sitting in a boiler r (Score:1)
I expect better from Jane's... (Score:2)
Re:It's just a bunch of guys sitting in a boiler r (Score:2)
Bad Mojo
Re:It's just a bunch of guys sitting in a boiler r (Score:1)
You ppl definately under estimate the US Gov. Just think of how many US Armed Forces Personel get brainwashed for pride and being all you can be and college tuition. Knowing the little I do of history, never underestimate the Gov or any Gov and the lenths that they will go to, to get what they want. Look at the manhattn project many of those scientist had first hand expereince of what war could do and strong morals. However who can denie their passion to do what they want to the highest level ?
Re:It's just a bunch of guys sitting in a boiler r (Score:1)
Seemingly reasonable people can disagree on topics from Abortion, to Gun Control, to Capital Punishment. People can see things in totally different ways. I would never help take away privacy and freedom but if I won the lottery I'd donate tons of case to my political causes. There are other people who'd never donate a cent to the groups that support my side of certain political issues who'd think that they are helping keep the world safe by eliminating privacy.
A person can be brainwashed into thinking anything as long as you indoctrinate them for long enough or if you get to them when they are ripe.
LK
the evolution of a closed environment (Score:1)
I can't see anything quite so extreme, but I can see how standards and protocols might be manipulated in such a way that instead of promoting openness and access, networked systems come to emphasize restrictiveness, security, and control. It doesn't even have to be officially mandated.
The various Internet protocols as they exist are well-understood, well-documented, and open. As security becomes an ever-more-serious concern, especially amongst the biggest, most powerful buyers of networked technology (governments among them, but also business entities which depend on the net for one reason or another), might insist on, and specify that their correspondents use, products which are more "secure" - and more limiting and more controlled.
Imagine, say, an environment where interprocess (and by extension interhost) communication had to be done thru an API which permitted only certain operations subject to authorization (by who/whatever) - and the set of operations was strictly limited. Sort of a computer Newspeak, where it's not possible to do dangerous things because the environment offers no way to express them.
Re:Much Ado About The Naughties (Score:2)
Yeah, like: programming without a license becomes illegal? Ownership of hack(sic)ing tools becomes restricted ? (same way that guns have become)
There are times when it must be done, but messing with the powerful and (relatively) clueless might provoke the wrong sort of response these days.
Times gave too much credit (Score:1)
Other countries have more freedom how? (Score:1)
Oh, please. (Score:1)
Tangible vs. Intangible (Score:1)
Unlike a physical device (like a gun), there is no one thing that can be intercepted. Anyone can make more copies, and give them to their friends and associates. It costs next to nothing to do this. (That's why Microsoft hates pirated software -- people are realizing the real value of their product!)
Building a gun takes skill, time, and resources. There are choke points where things can be regulated.
On the other hand, if I kick my conspiracy-generator into high gear, I can see the government making everyone use a SunRay / Network Computer-type system hooked into a government server... No-one gets a compiler unless you have a license and your psych profile and biometrics are on file and up-to-date!
Boo! Did I scare you?
Other countries look silly? (Score:1)
Privacy? (Score:1)
I can have JUST as much privacy in Singapore as I can in America - it's all about how you do it.
All of what I said is assuming that the NSA doesn't use Quantum computers to crack 4096-bit keys in 5 minutes. That being the case, then yes, you are completely correct.
Re:Much Ado About The Naughties (Score:1)
Are you suggesting that it would lead to more privacy rights? People tend to see threats (especially threats to them directly) as people abusing the rights they already have. It would more likely lead to stronger restrictions on encyption and a larger intelligence force (because of course the intelligence community only looks for the "bad guys") to make it easier to find the perpetrators. It's a lot simpler to try to make it easy to find the perpetrators rather than hard to get into the system. Anyone who has tried to make a "secure system" knows that secure is a limit problem, there's always something missing. So it comes down to a "postive / negative" action question. Negative meaning that you try and prevent people from getting access to the system (which people can't see). Positive meaning that you "track down criminals and bring them to justice." Politicians usually choose the positive, visible action.
Much Ado About The Naughties (Score:1)
Given that, what are the implications for the citizens of the countries "defending" against cyberterrorism? Well, if you live in the EU, you probably will have about the same rights as before. With the exception of the UK.
But if you live in the US, you'll have even fewer rights. We're already the laughing stock of the free world - a country where our citizens have less privacy rights than anywhere in the European Union and yet go on and on and on about our tattered Constitution.
I wonder what would happen if some script kiddies just happened to hack all the members of congress and US Senators private medical and banking records? MAybe that would change something
Neither of those countries is "Western" (Score:1)
Re:Neither of those countries is "Western" (Score:1)
And I've seen some of the local films produced there in the Seattle International Film Fest, Women's International Film Fest, and Santa Barbara Film Fest. And corresponded with people who live there over the years. And followed the news from those countries for years.
Yeah, you're right, I must not know anything about privacy rights in India or Singapore. Or how being "high tech" doesn't mean you get privacy rights - if it did, we'd have better privacy rights in the US.
But we don't.
Re:What about non-Americans? (Score:2)
Cyberwars (Score:1)
Is this what we are looking at here. A way for the U.S. to do that. It looks to me as though they are looking at a way to intercept it and prevent it from happening. They sure are dumping a lot of money into this venture for just defense, but when doesn't the government over spend. I hope they don't make an army of cyber-soldiers.
This also seems pretty far reaching like they can check into really anything that anyone person is doing. That kinda scares me and I'm sure it scares others as well.
No More Secrecy.. (Score:1)
All that having been said, there is some hope i nthe form of a philosophical shift. More people are beginning to value communication.. and these people can not work in secret. Example: when you read a book by a really good author you think a little more like that author.. and if you understand this much is not a big jump to say "I want to have that kind of effect on other people." (See Churh of Virus, Meme's, etc.)
Hopefully, NSA style serecy will be unstable or self-destrctive because the more open ideologies will get to people first. Course it don't hurt to instill a dislike of the NSA, CIa, etc. in the younger generation of Technical people. It would be really nice if the Internet would give large numbers of kids access to these ideas sooner.
Jeff
BTW> It wouldn't hurt to pass a law making it illegal to hide abstract math or pure science from the public.
FUDNET (Score:2)
---
Equipment usable in a crime.. (Score:1)
Jane's Article Comments... (Score:2)
First, from the items quoted in the original
But this brings me to the point of this post, and that is that I don't think you can lump a CBRN attack in the same category as a "cyber" attack. An attack on an information technology infrastructure doesn't destroy lives similar to a chemical weapons attack.
Unfortunately, many of our elected and appointed officials apparently haven't gotten this point yet. It's this kind of correlation that can cause the loss of individual freedoms as officials expound on the threat of "cyber" attacks.
$.02 deposited.
It's just a bunch of guys sitting in a boiler room (Score:5)
It's a scary thing, but there are probably people working for these agencies that most of us could respect, or even admire under other circumstances. As much as the violation of privacy bothers me, I'm far more disturbed by the perversion of good, powerful brains. How do they convince intelligent geeks that, after all, the long-term assurance of privacy and personal liberties isn't that important. Is it money? Do they snag them early in college? What?
-konstant
Re:Jane's Article Comments... (Score:1)
Yes, cyberwar would target financail institutions, etc. but it could also very easily be used against the domestic populus. I realize that my examples are big What If's, but they are possible. Hacker stories in the 80's were all aobut this type of thing: For example, take Utilities. Power, water, gas. What would happen if they were shut down? Say that all the stoplights in the city went haywire. Accidents could occur. I live in Texas where you have stoplights on highways. The sun can be very bright, and the lights hard to see. What happens at the intersection of two fast roads, when both directions have a green light?
What if someone could abuse a cities Utilities to cuase a Riot? People and property would be injured. What if the cell networks and phone lines were taken off line at the same time? Emergency reponse by police and ambulances would be hampered. And if the Hospitals lost power? What about Airports? How many systems need to be compromised there before someone is hurt?
Re:Jane's Article Comments... (Score:1)
Widen your views... (Score:5)
Keep in mind that there is a wide variety of people in the world. All too often posts here end up with examples of US and THEM. In a post above, ponytails vs. the guy in ties. The tech students in school right now is a much more varied group of people than there was 10 or 20 years ago.
Asking a question like what self respecting geek would work for the FBI [slashdot.org] is the same as asking "who goes to work for the FBI in the first place?" or "How does the NSA get people?" The NSA is what, three, four times the size of the CIA?
I think that it may be as simple as service. How does the Military get bright intelligent minds when all they do is Destroy? People want to work on cool stuff. People want to serve. (BTW, my father was career army out of West Point. I am proud of that and support the Military) Nationalism and Patriotism are very strong principles.
The only way to prevent a situation like FIDNET is for another Organization to rise up and take its place. The solution may be sitting in the open source community, but if it is, it won't EVOLVE fast enough to fix this problem. Look at it like this. Hidden in the community is a football team, and the organization I talk about would be the coach, making sure everyone came to practice and showed up to games.
There is another issue that Cyberterrorism IS NOT the same as cracking. The tech is the same, but the purposes and final goals are not. The FBI/Government knows about Terrorism. We as a group are not prepared to deal with it. Your team may have a star Quarterback. But the coach has a whole team of Offensive and Defense Coordinators to figure out the game strategy. What happens if the Quarterback sets up a play that allows that lineman to come around the side and sack him? The QB's smart and fast. His runningbacks were all out in the open and hauling ass downfield. It's just that this one guy came around the side, and BOOM down he goes. What does setting up a secure linux/UNIX/NT server have to do with someone attacking the power grid? We're talking about security at a NATIONAL LEVEL much much more complex than making sure a ISP or a bank is secure.
I bet you that there are PLENTY of security guys who would be willing to work on the counter-terrorism aspect. Why? It's New. It's Different. No ones really done it before. It's very very serious. There is a very real possiblity of innocent people dying. Would you save a life if you could?
And right now the only place you can get access to it is through government work.
Our efforts would be best spent trying to raise public knowledge of what is occuring so that when somethign like FIDNET occurs, it has the correct set of powers so that it saves life and injury without giving up privacy.
Great just one more thing paying for... (Score:1)
...that I really really hate. I don't want to pay people to spy on us. Let banks do their own security. Feds, let us our lives, and leave us alone. We've done nothing wrong.
-- James
How? (Score:1)
> geeks that, after all, the long-term assurance > of privacy and personal liberties isn't that > important. Is it money? Do they snag them early > in college? What?
I dunno, maybe they arrest them for possession of electronic equipment that "could be used in a crime." Then lock them up and deny them a trial if they refuse.
numb
Orwellian (Score:1)
1984 +! 1999
Re:What about non-Americans? (Score:1)
As for you Canadians... we have your number. Because your info goes over our lines we've already know everything about your plan to conquer Seattle. We've decided to trade you Seattle and Redmond for Montreal. I think it's a damn good trade.
Electronic Perl Harbor? Some new script? (Score:2)
Brad Johnson
Advisory Editor
Re:It's just a bunch of guys sitting in a boiler r (Score:2)
I disagree with your assumption that the technical elite ("people who know what they're doing, i.e. some of us") by definition have a set of moral principles in opposition to the kind of creepy preemptive "counterterrorism" that the Feds are engaging in. As humans, we have a long history of putting our best minds to work on the most nefarious and wicked projects.
Hell, I wouldn't be suprised if some of the best and brightest were attracted to such programs because of the sense of power that must come with the job.
Recommended: A session with a net-sniffer (Score:3)
And if your job is to worry about security or criminality, it'll be shocking to you.
- Seth Finkelstein
interception capabilities 2000 (Score:1)
interception capabilities 2000 [mcmail.com]
Report to the Director General for Research of the European Parliament (Scientific and Technical Options Assessment programme office) on the development of surveillance technology and risk of abuse of economic information.
This study considers the state of the art in Communications intelligence (Comint) of automated processing for intelligence purposes of intercepted broadband multi-language leased or common carrier systems, and its applicability to Comint targeting and selection, including speech recognition.
. We gave away our privacy long ago the last hope of being annon in even a big city is perishing with the latest release of facial recognition software ... couple that with your DMV license photo and that's all it takes.
we should focus on low rent hacks
see also nyc camera project
What about non-Americans? (Score:1)
Re:Cyberwars (Score:1)
India and Pakistan were hacking one another's
web pages. (Don't let Jane's get wind of this
or they'll revise their death estimates up
a couple thousand)
You want real cyberwarfare, look back to the
Gulf War when some of our folks hacked into
the Iraqi Command and Control system and
caused havoc beyond that caused by the
bombs.
Re:What about non-Americans? (Score:1)
Re:Jane's Article Comments... (Score:1)
Re:What about non-Americans? (Score:1)
Look for guidence (Score:1)
Just my 2 cents worth..
//Mephistol