Did your computer slow down on the Internet yesterday, Daddy?
I always come across slow websites, kid. When I went to log onto the Department of Homeland Security’s website, my MSN browser sent me to Bing instead. Twice. The third time was OK, though.
And my computer crashes at least once a day. I can never tell if it’s North Korean cybermen, China or just me.
And everyone knows you just can’t call up reporters from the New York Times and say stupid mostly made-up shit to them and get it into print, right!?
Now, if you don’t have a sense of humor at the absurd nature of this, you’re going to hurt yourself jumping all over the story.
We just returned from an emergency meeting in Seoul at the Cyber Terror Response Center. Team leader Chang Seok-hwa briefed us that North Korea is stepping up its attacks, probably in advance of a massive physical attack that will roll across the DMZ. South Korea’s military is now implementing the first part of its plan to shut down the country’s major Internet pipelines in order to protect the country from North Korea’s cyber military might. More news as I get it.
Spoiler alert: The above clip is a ‘honeypot,’ installed by one of DD’s pals. Can you guess who it belongs to?
“Cyberattacks that have crippled the Web sites of several major American and South Korean government agencies since the July 4th holiday weekend appear to have been launched by a hostile group or government, [said] South Korea’s main government spy agency said on Wednesday,” reported the Times.
“The opposition Democratic Party accused the spy agency of spreading unsubstantiated rumors to whip up support for a new anti-terrorism bill that would give it more power.”
As usual, in cyberwar, a central plank of critical thinking goes missing. Extraordinary claims require extraordinary evidence and substantive argument in support. Or else they’re just more of the usual squawk about s— happening on the Net, the daily crap that everyone must deal with, regardless of who did it or point of origin.
You haff made [a website] run slow. Now I am here to upgrade you.
North Korean ‘cyberattack’ linked to an upgraded a newer version of the old MyDoom computer virus, which dates from 2004 or so.
List of sites ‘attacked’ in the cyberwar — here, at Panda.
List of sites to be attacked, extracted from new version of MyDoom virus — here.
In another manner of speaking, that’s close enough for government work. And it indicates that just about anyone, or any group, could have done this with relative ease, rewriting computer viruses to do your bidding being not much of a feat of arms. The really good news is that if it actually is a North Korean operation (and I have my doubts), then it is the very definition of pathetic. If it’s a usual hacker/virus-writer doing something NK sympathetic and wishing to show how the Great Satan can be struck, it’s also not much to get excited over.
Additionally, it’s worth noting that DD visits dhs.gov and voanews.gov regularly and wouldn’t have known there was a ‘cyberattack’ if the newsmedia hadn’t informed him. And that’s something a Fox News piece also reported: ” … [And] yet the Pentagon wasn’t informed about the attacks until Wednesday — by hearing about it from the media.”
This raises the philosophical question: What happens when you launch a cyberwar and can’t get the newsmedia to notice?
“DHS.gov is just one of the sites slowed down by last weekend’s attack from North Korea, or the MyDoom virus, or both, or possibly neither… ” reads a recent piece from Popular Science.
More DD quote:
“You think this is North Korea? That’s kinda pathetic on their part … They have nuclear weapons, and they choose to attack by making websites slower? If there hadn’t been news stories, would anyone have noticed? Probably not.”
If only we had that electromagnetic pulse bomb now we could use it to stop that cyberwar
“South Korean military officials are developing an electromagnetic pulse bomb designed to incapacitate electronic equipment, a source says,” informs UPI.
“Citing an unnamed military source, Chosun Ilbo reported Wednesday Seoul’s EMP bomb could be used to neutralize missile-guidance systems or other equipment within a 330-foot radius of its detonation …”
Remember, in this version of the electromagnetic pulse bomb story, it’s OUR weapon that’s about to reach maturation, not the terrorist dream (or North Korea or Iran’s) which will return the US, in one mighty blow, to the time of The Man Who Shot Liberty Valance.
“America’s Strategic Trap?” wonders a recent Chinese opinion piece, translated here. The article was in the context of the recent waterfall of news on cyberwar.
And it continues to show the Chinese have finally (it’s taken them some time) become wise to the practices of western journalists on the cybersecurity beat. The cardinal rule has been: Blame China for malicious Internet activity aimed at the US.
In Asia, they’ve now started to return the paranoia, delusions and hype.
And so it opines:
America’s control of the internet stretches far beyond most people’s imaginations. Once the internet war breaks out, the U.S. government will make use of its terrifying powers over internet technology. Therefore, the United States is tempting other countries to begin the internet arms race. Once begun, America will exert its own online prowess on other, weaker countries, dragging them down.
“Meanwhile, the United States wants to lure other countries into participating in an online ‘arms race,'” it concludes. “Acting as the ‘international police’ of cyber world, the U.S. could utilize certain clauses and excuses to infringe on the sovereignty of other countries or intervene in their domestic affairs.”
Technically, there’s so much badness floating about, it invites a rhetorical comparison with a sewer.
As a thought excercise, imagine you’ve been tossed into an ocean of raw sewage and been told that’s where you’re going to be doing business for the rest of your life.
Whoaa … who does that river of excrement belong to? Organized crime? Spammers from India? China? US cybermen? Do you even care about the distinctions?
It was yet again another example of the practice in which a journalist accepts uncritically anything he’s told by a small number of sources. Then the news agency runs with it because it sounds so cool and it’s a little short on Jacko pieces today.
In the late 1990s, a computer specialist from Israel’s Shin Bet internal security service hacked into the mainframe of the Pi Glilot fuel depot north of Tel Aviv.
It was meant to be a routine test of safeguards at the strategic site. But it also tipped off the Israelis to the potential such hi-tech infiltrations offered for real sabotage.
“Once inside the Pi Glilot system, we suddenly realized that, aside from accessing secret data, we could also set off deliberate explosions, just by programing a re-route of the pipelines,” said a veteran of the Shin Bet drill.
Of course, we’ve seen crapola about causing explosions remotely before.
“China could launch a devastating computer-run sabotage operation by attacking U.S. oil refineries, many of which are grouped closely together in areas of Texas, New Jersey and California.
“A [Chinese] computer attacker could penetrate the electronic ‘gate’ that controls refinery operations and cause fires or toxic chemical spills . . . “
This was back in 1999. It appeared in the Washington Times. And DD recapped it here on the old blog a couple years ago.
It wasn’t true then.
And common sense and a normal sense of skepticism would point you in the direction of it still not being so, for any number of reasons, like: the reporter was being lied to as part of an operation to make Iranians paranoid, relation of a story by a third party who was, in reality, recalling the equivalent of watercooler gossip and old wive’s tales, someone imagining grandiose things one can do with cyberwar because they’ve read it so many times elsewhere, etc…
The important truth test remains unfulfilled.
In national security affairs, extraordinary claims require extraordinary and substantive proof in support of them. Absent that, they’re just gossip. And ten or twenty or thirty people or sources repeating the same gossip does not automatically transform it into truth.
If you decide to discard such critical thinking, like the US, you get what later becomes obvious to all. You believe your own fairy tales, get yourself off to a disastrous war, receive years and years of rude and unpleasant shocks, and have your reputation trashed.
But DD digresses.
“To judge by my interaction with Israeli experts in various international forums, Israel can definitely be assumed to have advanced cyber-attack capabilities,” one person told Reuters. This was a fellow advertised as “director of the U.S. Cyber Consequences Unit, which advises various Washington agencies on cyber security.”
The US Cyberconsequences Unit is not a government agency. It is another of many small companies interesting in selling cyberwar and cybersecurity defense plans and consulting. It has one whole web page to mark its existence, not counting the contact form and confidentiality guarantee.
“Technolytics Institute, an American consultancy, last year rated Israel the sixth-biggest ‘cyber warfare threat,’ after China, Russia, Iran, France and ‘extremist/terrorist groups,” continues Reuters.
Like the forbidding US Cyberconsequences Unit, Technolytics is a small cybersecurity consulting shop, located in McMurray, PA. See a handful of press releases here.
At the end of the Reuters piece, the equivalent of the kook’s kitchen sink is tossed in, the electromagnetic pulse bomb.
“Jesus H. Christ!” DD hears you mutter.
DD covered this aspect of the EMP crazy story earlier this year. And that’s the part where the electromagnetic pulse bomb is a gadget of the US military. (One of the endlessly fine things about electromagnetic pulse crazy is that it works two ways. It can be the terrorist’s dream, capable of sending the country back to the time of The Man Who Shot Liberty Valance with one mighty blow. Or it can be our weapon, capable of taking down the electronic infrastructure of enemies without shedding blood and smashing things to bits like we usually do.)
The electromagnetic pulse bomb — our flavor — is best described as the weapon that is always said to be coming and coming, it’s almost here now, it’s here (!), wait — no it isn’t, and — finally, nope, still not here.
Sometimes, however, electromagnetic pulse bombs or things said to be EMP bombs are dimly seen or tested. That’s been covered, too. Think of them as regular bombs with fancy parts/rubbish added on — with the fancy stuff designed to do the electromagnetic part not working so well.
Sadly, the electromagnetic pulse bomb is NOT in the building, ladies and gentlemen. In a news article, however, it is an indication that a journalist is grasping at straws.
“State of War,” a 2006 book by New York Times reporter James Risen, recounted a short-lived plan by the CIA and its Israeli counterpart Mossad to fry the power lines of an Iranian nuclear facility using a smuggled electromagnetic-pulse (EMP) device.
And everyone knows you just can’t call up reporters from the New York Times and say stupid mostly made-up shit to them and get it into print, right!?
“A massive, nation-wide EMP attack on Iran could be effected by detonating a nuclear device at atmospheric height,” adds Reuters.
Yes, shooting an ICBM at Iran bolt-out-of-the-blue, whether it detonates on the ground or in the atmosphere, would really be a fantastic thing, marvelled at by all worldwide.
Update:
All our friends want the bomb that’s never quite here. According to the Korea Times:
“The South Korean military will have an electromagnetic pulse (EMP) bomb in five years that is capable of crippling an enemy’s command-and-control, communications and defense radar systems.
“The state-funded Agency for Defense Development (ADD) plans to complete the development of the bomb by 2014, agency officials said Tuesday.
“EMP offers a significant capability against electronic equipment susceptible to damage by transient power surges …”
“IT admins across the globe are letting out a collective groan after servers and PCs running McAfee VirusScan were brought down when the anti-virus program attacked their core system files,” reported el Reg.
“Details are still coming in, but forums here and here show that it’s affecting McAfee customers in Germany, Italy, and elsewhere. A UK-based Reg reader, who asked to remain anonymous because he was not authorized by his employer to speak to the press, said the glitch simultaneously leveled half of a customer’s 140 machines after they updated to the latest virus signature file.”
Anyone familiar with anti-virus warning screens and quarantining of files dubbed infected or malicious can imagine the hilarity hysteria that might result if the anti-virus program mistakenly targets the operating system.
DD covered the anti-virus industry model in yesterday’s post . It was called “Enumerating Badness,” the 24/7 process/arms race of cataloging all Internet Badness — viruses and malware — with the aim to detect and block. The nature of this solution guarantees regular and systematic failure as part of the overhead of conducting business on the Internet.
You see, the generation of malware is also guaranteed to be virtually infinite, and this creates the daily, sometimes hourly, need for continually updating your “Enumerative Badness” catalog, or anti-virus scanner. And with this there is always present a capacity for error, potentially massively distributed trouble, since anti-virus updating is, for most people and institutions, entirely automated.
And so it is unsurprising to see instances of worst-case potentials in reality, cases in which the computer is disabled by a mistake described in el Reg’s news piece.
Reading the story’s comments provides further opinion:
Epic FAIL… #
… was McAfee’s response — just take a look at user pk02137’s post at the McAfee support forums:
Pretty good story there; over 8,000 desktops and 150 servers. Ouch. These things do happen, but McAfee’s response could have had been better. Much better.
Cybersecurity – Diversity #
By Anonymous Coward Posted Saturday 4th July 2009 03:25 GMT
The are massive risks of catastrophic failure with any system monoculture. Those leading the cybersecurity initiatives recently announced by the US and UK governments are well advised to reflect on this.
A level of diversity in hardware/software platforms and security solutions must be encouraged and preserved. In a cyberwar, system diversity will limit the effects of friendly fire and vastly reduce the weak opponent’s chances of carrying out a “cyberspace spectacular.”
Today’s cant on cybersecurity is news on ‘Einstein,’ the security system to be installed on all government computers to protect them from cyberspies.
“It is supposed to detect known types of cyberattacks and immediately alert the cybersecurity center,” reports the Wall Street Journal. “The problem: Like its predecessor, it still can’t detect or block sophisticated attacks that weren’t previously known, said Stewart Baker, a former senior Homeland Security Department official. Homeland Security is the only department using it so far.”
“Homeland Security Department first developed Einstein in 2003, adapting technology from a Pentagon program that monitored military networks … ” informs the WSJ.
In another manner of speaking, it uses the anti-virus software model of ‘security.’
Entrenched and solidified over decades, anti-virus software detects only malware that has already been submitted in samples and examples to its developer. That is, it can’t detect the newest attacks until someone else — hopefully not you — has been snared by them.
Over years and years, it has ensured an arms race between virus-writers and software developers, a process that is now locked in stone.
Last week, for example, an advertisement with malicious code in it threw three viruses at DD’s PC. Software caught two and I was left to net the third, which I caught when it tried to alter the system. I threw the virus into a directory I keep for unidentified malware and suspicious programs. A few days later, when the a-v software updated for the third or fourth time after the incident, it was detected. So someone, not just me, had been exposed to it and taken the time to send a sample to the company. And there were, invariably, some people who were screwed over by it.
In essence, the Einstein software and plan for making government computers secure accumulates these ideas into one big ball. Let’s call it “The Theory of Stupidivity,” in honor of the Einstein software. Now don’t go off the rails here. The government isn’t the only guilty party. Almost everyone seems to practice most of the six dumbest ideas in computer security.
Notable among these flaws is the dumb idea Ranum called “Enumerating Badness.” It’s the definition of the anti-virus/anti-malware/anti-spyware industry.
Back in the good ol’ days when shit-happening wasn’t everywhere “security practitioners got into the habit of ‘Enumerating Badness’ — listing all the bad things that we know about. Once you list all the badness, then you can put things in place to detect it, or block it.”
“Why is ‘Enumerating Badness’ a dumb idea?” asks Ranum. “It’s a dumb idea because sometime around 1992 the amount of Badness in the Internet began to vastly outweigh the amount of Goodness.”
“Enumerating Badness” goes hand in hand with “Penetrate and Patch.”
“One clear symptom that you’ve got a case of ‘Penetrate and Patch’ is when you find that your system is always vulnerable to the ‘bug of the week,” writes Ranum. “It means that you’ve put yourself in a situation where every time the hackers invent a new weapon, it works against you. Doesn’t that sound dumb? Your software and systems should be secure by design and should have been designed with flaw-handling in mind.”
Doesn’t that sound like common news from the cybersecurity beat? Rhetorical question.
Practically speaking, there’s not much hope of ‘secure by design’ anymore. And the current news about the Einstein software only underlines it.
Let’s return to the WSJ article. “Homeland Security is the only department using it so far,” it says.
This is not necessarily a bad thing. There’s really not much point in being forced into being an early adopter when something isn’t an improvement on what one already has. And is unknown in its bugs and weaknesses, and maybe worse.
Good advice could be to be ‘last in line’ for Einstein, version whatever, until everyone else has it sorted out.
In from the “Don’t blame China” desk:
In view of the current serious situation in frequent leak of secret in the secret information system, Xia Yong, director of the State Bureau of Secrecy, said on the afternoon of 22 June: China plans to enhance the encryption measures of secret information system.
He said: These measures include …
Technology will be adopted in protecting secret information system. The revised draft (of the Secrecy Law) stipulates: Secret information system should be installed with encryption facilities and equipment in accordance with the state encryption standards. Planning, building, and operating of encryption facilities and equipment should be synchronized with the secret information system. Before being put into operation, secret information system should pass the inspection of secrecy administration department at or above the city level, which sets up the system. — Xinhua News Agency, June 22
Jack Goldsmith, a professor at Harvard Law School who was an assistant attorney general from 2003 to 2004, is writing a book on cyberwar, threatened a by-line on the op-ed pages of the NY Times yesterday. (Tip o’ the hat to bonze for pointing it out.)
Goldsmith, a lawyer from the Bush administration awarded a get-out-of-jail-free-card for his tell-all book on the ‘terror presidency’, joins other famous ex-government officials, who as soon as they’ve finished with their cash-ins, refashion themselves as seers of the techno-future and set about writing tomes which are part thriller, part warning, containing multitudes of allegedly new-fangled plots and actions against the country.
The most notable example is Richard A. Clarke. Clarke set to work writing security warnings/techno-thrillers. His first, “The Scorpion’s Gate,” was a success. The second novel, “Breakpoint,” on cyberterrorism, sank without much trace.
To paraphrase the opening line to the article referencing Clarke’s side career as a poor man’s Tom Clancy, for the purpose of stereotyping of the entire cohort: Is there no beginning to the talents of these men?
Continuing in the same vein:
However, it’s as silly to condemn the genre as it is to disrespect hotdogs as not proper food. Techno-thrillers have made up a necessary part of the book rack in supermarkets for the last few decades and many Americans probably wouldn’t buy anything with print in it if they didn’t see it near the checkout stand.
Goldsmith, probably now anathema to his old GOP cohorts, has newly discovered cybersecurity. For the Times, his opinion pieces furnishes the standard cliches and sincere hand-wringing concern on the menacing nature of it and what must be done. Just like the ten thousand or so before him over the last fifteen years.
In Goldsmith’s first graf, we get the blame China meme. Federal law now mandates it be inserted in every opinion piece on cyberwar.
OUR economy, energy supply, means of transportation and military defenses are dependent on vast, interconnected computer and telecommunications networks. These networks are poorly defended and vulnerable to theft, disruption or destruction by foreign states, criminal organizations, individual hackers and, potentially, terrorists. In the last few months it has been reported that Chinese network operations have found their way into American electricity grids, and computer spies have broken into the Pentagon’s Joint Strike Fighter project.
“The government should jump-start this [security] education by mandating minimum computer security standards and by requiring Internet service providers to deny or delay Internet access to computers that fall below these standards, or that are sending spam or suspicious multiple computer probes into the network,” he opines.
Good idea. Require licensing and vetting for everyone’s home and business desktop PC or refuse entry to the net. First step: Close down all the unregulated PC departments in consumer electronics stores like BestBuy. Second step: Decertify and refuse connection to all desktop and laptop PCs in use at public schools and at universities. Third step: Disallow all connection to the Internet by DSL, cable modem, wireless or dial-up from private residences, apartments and Internet cafes until all PCs are declared sanitized and impervious to penetration. Fourth: Raid and take out of business all big ISPs unable to guarantee their customers to be computer virus free. Last: Immediately put those damn kids always launching scripted UDP floods in jail.
Just pulling your leg. Tee-hee.
Hey, did you hear this new joke? I stole it from the GOP, sort of. What are the eight most dangerous and scary words you’ll hear from ex-officials put out to pasture: “I’m from Harvard and I’m here to help.”
Last week, DD wrote about Chinese journalists finally catching up with the practices of western cybersecurity beat reporters.
[This] year, for the first time, [DD began] to field questions from Chinese journalists, who are returning the favors long administered by their counterparts in the western English-speaking newsmedia. One could view it as a bit of tit-for-tat. That is, instead of wanting to talk about how their country is menacing US cyber-interests, paradoxically, they want to know about the US menacing the rest of the world’s cyber-interests.
“China has been the focal point of many U.S. cyber fears,” wrote a reporter at Federal Computer Week today. “We are concerned about our vulnerability to attacks — not only on government databases but also on our electrical grid and financial system — and many articles have highlighted the threat from China. Many Americans also fear that the government’s use of software created in China and other nations creates a risk … ”
“In that context, the article I came across in the English-language China Daily was an eye-opener. The title was ‘China at the mercy of global hackers.'”
The FCW reporter adds that a Chinese report opines: ” . . . President Barack Obama’s efforts to ‘find back doors into the digital fortresses of potential enemies’ could pose a risk.
“In other words, it sounds like China is afraid of the United States in about the same way the United States is afraid of China.”
From last week:
Chinese journalist: Will US wage cyber warfare against its enemies?
Excerpt from the mails: I read this article and was appalled by what [you have] implied. That being that China and Russia pose little threat and claims that they do are ‘sexed up.’
You can’t get away from it even when you try. There’s no running away from corporate pundits and their obsessions with cyberwar and cybersecurity.
They all copy from the same script, comprising an army of really concerned swell people marching in lockstep, repeating the same things over and over, all selflessly warning the nation, readers, politicians, anyone who will listen, about the dangers. Watch out for China! Russia, too! Estonia was defeated in the first cyberwar!
“Why has no one ever told us this?” I hear you ask. Well, no, if you’re reading this post DD knows you’re not asking.
“Cyber attacks on Estonia and Georgia by Russia in recent years forced government, banking, media and other Web sites offline,” Crovitz continued. “In the U.S., the public Web, air-traffic control systems and telecommunications services have all been attacked. Congressional offices have been told that China has broken into their computers. Both China and Russia were caught having infiltrated the U.S. electric-power grid, leaving behind software code to be used to disrupt the system. The risk of attacks to create massive power outages is so serious that the best option could be unplugging the U.S. power grid from the Internet.”
The only thing missing is the stuff about cyberwar maybe being as bad for the nation as limited nuclear war. But that was covered yesterday, anyway.
“If cyber war is a new form of war, wouldn’t most Americans adjust their expectations of reasonable privacy to permit the Pentagon to intrude to some degree on their communications, if this is necessary to prevent great harm and if rules protecting anonymity can be established?” it is asked.
Make the Pentagon the nexus through which all American fun and business on the Internet is conducted. That’d be great! Can’t see why anyone would argue with that.
“We’ll look back on the current era, with the military constrained from defending vital domestic interests … ”
“We’ve detected an anomaly. Our nation is under attack. How bad is it? Traffic’s off the chart! They’re pinging more targets! Isolate, prevent damage! Got ’em!” [Noble and uplifting music swells in background]
“We’ve detected an anomaly. Our nation is under attack.”
So goes a recent Lockheed Martin ad aimed at invading the taxpayer wallet over cybersecurity.
With production values straight from a summer blockbuster movie trailer, Lockheed Martin probably spent more on it than most Americans will get in value from their healthcare plans this year.
“We never forget who we’re working for,” the ad informs.
Your host saw it at lunchtime yesterday, run on CNN back to back with another ad from CPRights.Org on how, if the Obama administration gets its way, you’ll be denied healthcare by government bureaucrats. Like how DD could never get a scaly and disfiguring disease on his hands fixed because the insurance company wouldn’t cover the costs from the doctor …
That nation that knows its priorities can’t help but always be the world’s leader.
“Yes!” to the largest defense contractor in the world protecting us from anomalies in cyberspace!
“No!” to any healthcare plan offered by the government.
Yet another Lockheed Martin ad on cybersecurity, too long for TV. The star of the show — LM’s talking head, is preventing foreign countries and individuals from harming us — one virus, one worm, one stealthy cyber-weapon, at a time.
The daily dishwater on cyberwar, this time from the Times of London. “If you’re not worried, you have not been paying attention,” warns the writer.
“[Cyberwar] would be like being teleported back to the 1970s,” it is said. “Even a minor conflict could slow the global Internet to a crawl. So cyber-war is a bit like nuclear war, in that even a minor outbreak threatens everyone’s life and welfare.”
Is your life threatened when you cannot log on to Twitter? Well, OK, that’s a trick question. We already know that the upper class swells on CNN and in newspaper features sections wouldn’t be able to go on with life.
OK, ok, but you’d quickly starve during an all out cyberwar. That’s for sure. The local supermarket with all the fancy signs wouldn’t sell you food and it certainly wouldn’t give you a dollar off on all those things when you punch in your telephone number. And I bet your cable digital TV and phone wouldn’t work either, just like in that movie where Bruce Willis as John McClane battles the annoying cyberterrorist who used to work for the Pentagon.
That was a good movie. The annoying cyberterrorist had a really hot chick who could kickbox as his henchwoman.
Anyway, cyberwar will be so bad you’ll have to find your own corner market, one not connected to the Internet, for your fortified wines.
So, what to do when the nuclear apocalypsecyberwar begins?
“[One expert] recounts what one of the staff told him about how NATO would react to a [new] cyber-strike,” reports the Times. “Overwhelming response: a single, gigantic counterstrike that cripples the target and warns anyone else off launching a future cyber-war. He isn’t sure what it would look like, but the show of force he envisages is so severe that the only thing he can compare it to is a nuclear attack.”
Just for amusement, DD has hit the Wayback Machine and retrieved similar quotes from 2001, when another excitable fellow — an alleged cyberwar expert by the name of James Adams — was often in the news about total cyberwar.
“Y2K will illustrate what an attack could do… Anybody who says after January 1, 2000 that this [threat of cyber attack] is all just made up I think is an idiot.” From the University of Southern California’s Networker magazine, winter 98-99.
Pentagon hackers employed in Eligible Receiver “did more than the massed might of Saddam Hussein’s armies, than the Nazis in the Second World War.” — from Techweek, 1999.
“”One need only look at today’s headlines to recognize industry’s need for iDefense … iDefense draws upon an unparalleled understanding of the critical infrastructure and a keen awareness of the growing threats and vulnerabilities confronting industry to provide its clients a timely and truly unique service.” — from the PR Newswire, June 1999.
“Which brings us to the final rung on the escalatory ladder: the virtual equivalent of nuclear deployment. I offer as illustration Eligible Receiver.” From a speech, “The Future of War,” delivered at Wright-Patterson Air Force Base, June 2000.
“Consider the recent LoveLetter virus … The effect? The equivalent of a modest
war … No terrorist organization in history has ever achieved such damage with a single attack. Few small wars cost so much … The LoveLetter attack was indeed the first real taste of terrible things to come.” Also from “The Future of War.”
“Estimates of the cost of [the LoveLetter virus] to the United States range from $4 billion to $15 billion — or the equivalent, in conventional war terms, of the carpet-bombing of a small American city.” From Foreign Affairs magazine, May-June 2001.
