Experts: Cyber-crime bigger threat than cyber-terror

View Poll Results: Who would you vote off the island?

Voters
38. You may not vote on this poll
  • Negative

    1 2.63%
  • MsMittens

    4 10.53%
  • HTRegz

    4 10.53%
  • Thehorse13

    1 2.63%
  • zencoder

    3 7.89%
  • Ennis

    2 5.26%
  • Terr

    14 36.84%
  • Spyder32

    9 23.68%
Page 1 of 3 123 LastLast
Results 1 to 10 of 25

Thread: Experts: Cyber-crime bigger threat than cyber-terror

  1. #1
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324

    Experts: Cyber-crime bigger threat than cyber-terror

    You know it's a slow news day when CNN has this as their lead/top story for the day (!!). That said, I also think there is an issue with too much FUDing going on. A lot of "fluff" is put out on the next great worm. While it's important for admins and others to be aware of the dangers, I don't think having people on perpetual super paranoia mode is beneficial either. That's when mistakes and little "witch hunts" occur.

    Maybe it's just me.

    So what does everyone else think?

    Source: CNN

    As David Perry left a cyber-security conference in Luxembourg in 2004, an airport terminal handling international flights was in chaos.

    A network worm known as Sasser was scorching the world's computer systems and had knocked out the airport's reservation desk, stranding delegates in the terminal.

    In a fable for the information age, conference attendees, among them some of the world's foremost computer security experts, flipped open their laptops and reopened the terminal in a matter of minutes.

    The paradox of the Internet -- a computer network originally designed to survive nuclear attack succumbing to spam, viruses and other malicious code written by teenagers -- riles computer security experts.

    "We actually have people abandoning using their computers because it's just too much trouble," said Perry, global director of education for international computer security company Trend Micro.

    "If that's the case, if it's too much trouble to use the system, then certain changes need to be made."

    Following the September 11 attacks, fears that terrorists would open a new front in cyberspace spurred Congress to appropriate billions of dollars to improve the security of the nation's electronic infrastructure. The government accelerated a process already under way to defend the most critical systems from attack -- sometimes physically disengaging them from the outside world, computer experts say.

    In contrast, commercial and private computer networks are increasingly vulnerable.

    Fundamental reforms are under way to secure the Internet, not necessarily from terrorist attack but from disruptive programs and e-mails that are crippling the system. A new generation of hardware, built directly into the Internet's backbone itself, can stop viruses and malicious software in its tracks.

    "The terror we're facing is the terror of spam, the terror of spyware, the terror of network worms, but nothing associated with a nation-state," Perry said.

    "Although I am sure terrorists and secret agents use computers and computer hacking tools for purposes of espionage and sabotage, I don't think cyber-terrorism is quite the threat that we imagine it's going to be."

    Although the threat of cyber-terrorism exists, the greatest risk to Internet communication, commerce and security is from cyber-crime motivated by profit, Perry said.

    The Software Engineering Institute, a federally funded research center at Carnegie Mellon University in Pittsburgh, Pennsylvania, reports that electronic assaults are growing more sophisticated -- and lucrative.

    Attacks have evolved from cracking passwords into vast coordinated attacks from thousands of hijacked computers for blackmail and theft.

    "Attacks against Internet-connected systems have become so commonplace that reports of the number of incidents provide little information [about] the scope and impact of attacks," reported the institute's CERT Coordination Center last year.

    The center stopped tracking such incidents in 2004 after the number rose from 3,734 in 1998 to 137,529 in 2003. CERT stands for Computer Emergency Readiness Team.

    Yet those figures account for only the attacks that are reported.

    "Many companies still seem unwilling to report e-crime for fear of damaging their reputation," Larry Johnson, special agent with the Criminal Investigative Division of the U.S. Secret Service, was quoted as saying in the report.

    "The technology and resources are there to effectively fight this. We just need to work smarter to do this," Johnson said.

    Seventy percent of organizations surveyed by CSO magazine, a publication for security executives, reported at least one crime or attack during 2003.

    Respondents estimated the damage at about $666 million, the magazine said. Forty-three percent of the organizations reported they had more intrusions in 2003 than during the previous year.
    'Like testing doorknobs'

    "There are so many machines connected to the Internet, you will see ... attempts to sweep a whole range of Internet addresses looking for hosts that have weaknesses," said John Curran, chief technology officer of ServerVault, a firm offering secure computer services. "It's like testing doorknobs."

    Most programs are not inherently destructive. They are just poorly written code designed to spread without erasing data or crashing computers. But their voracious infection rate overwhelms computer networks.

    Today's computer plagues spread virtually instantaneously.

    In 2003, the fastest computer worm in history -- the Sapphire Worm, or Slammer -- broke out.

    Within 10 minutes of the first infection, Slammer had reached 90 percent of the world's vulnerable hosts, doubling in size every 8.5 seconds, according to computer scientists at CAIDA, the Cooperative Association for Internet Data Analysis, and other research groups.

    It caused network failures, canceled airline flights, interrupted elections, and crashed ATMs. And it could have been much worse.

    "It is important to realize that if the worm had carried a malicious payload, had attacked a more widespread vulnerability, or had targeted a more popular service, the effects would likely have been far more severe," the researchers reported.

    "There is no conceivable way for system administrators to respond to threats of this speed."

    So, security experts are designing automated defenses.

    The anti-virus software, routinely updated by companies' programmers, is being replaced by dedicated hardware that regularly scans networks for hostile programs and unusual traffic patterns signaling an attack.

    Internet service providers, the main conduits for Internet traffic, are cooperating with customers to detect and prevent the spread of network worms.

    "The threats out there are all manageable," Curran said. "We don't have a silver bullet against any of them, but there is nothing that can't be overcome with good practices."
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  2. #2
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    I think 'cyber-terror' is still a real threat, 'cyber-crime' however is far more prevalent and currently affects more people.

    Any 2 bit doofus can get a computer and stalk, commit fraud, be a 1337 hax0r, etc.
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Cyber-terrorism is a little different from "real" terrorism...

    Real terrorism affects peoples lives by ending them. Cyber-terrorism affects lives by making them difficult to conduct normal activity..... That's a pretty big difference.....

    Until you can create, (as a cyber-terrorist), a nuclear powerplant meltdown or something similar that threatens my life there isn't much creedence in cyber-terrorism.

    So, you might be able to shut down my power... I have a generator.... You shut down my phone.. I have two.... one cellular and one hard wired... Yawn.... etc. etc. etc.....

    Unless you can _physically_ threaten my life you are only an annoyance.... Nothing more....

    Er... bring it on? I can survive without my high speed internet access.... Though some might disagree...
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #4
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177

    It's not "cyber-terrorism"!!!

    Main Entry: ter·ror·ism
    Pronunciation: 'ter-&r-"i-z&m
    Function: noun
    : the systematic use of terror especially as a means of coercion
    - ter·ror·ist /-&r-ist/ adjective or noun
    - ter·ror·is·tic /"ter-&r-'is-tik/ adjective

    Slammer was 'systematic'? The thing doubled in size ever 8.5 seconds...how could that be considered systematic? For Coercion, I'll skip all the pasting nonsense and just say that the essence is to force some change, action, or decision. What the hell is the nitwit who wrote Slammer trying to make everyone do? Make M$ write better code? Maybe, but I doubt it...that's a case of cutting off the nose to spite the face. No, it's not Cyber-Terrorism, if anything, it's Cyber-Disorderly-Conduct, or "Cyber-'shouting-fire-in-a-crowded-theater'" or even "Cyber-False-Bomb-Threats".

    Goddamn the media...ever since the September 11th attacks, anything with a hint of 'unacceptable behavior' get's the almighty T label to generate more hype, and the blogger's of the world just eat that **** up. *sigh*

    "We actually have people abandoning using their computers because it's just too much trouble," said Perry, global director of education for international computer security company Trend Micro.
    This is a *BAD* thing? I know many, many people who use the internet and email, and VERY FEW of them are trully qualified to do so in an informed, openly aware fashion.

    "The terror we're facing is the terror of spam, the terror of spyware, the terror of network worms, but nothing associated with a nation-state," Perry said.
    "Although I am sure terrorists and secret agents use computers and computer hacking tools for purposes of espionage and sabotage, I don't think cyber-terrorism is quite the threat that we imagine it's going to be."
    OMG! I'm gonna pee myself! The Terror Of Spam! No, no! I can see it now!!! Usama's next attack is a planned global crashing of email clients by overwhelming them with spam during the next Steam release of a HL2 patch! AAaaiiggghh! The humanity! The agony!

    Get a damned grip, people. This **** may be alikened to rocket science, but that's no reason to act like the alt.conspiracy.black-helicopters-are-watching-you newsgroup!

    Somone tattoo "FUD SPEWER" on this guy Perry's forehead and file him with the loon's in the tinfoil hat's. Sell crazy somewhere else man...we're full up here!
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  5. #5
    Banned
    Join Date
    Sep 2004
    Posts
    145
    Well... I couldn't surivive without my access, but hell.... I can log in from my phone.


    I agree with Tiger on this, cyber-terrorism is just not a real threat. Although it probably is possible to start a meltdown or something, or crash the stock market, it only works until someone notices and turns off the computer, or cuts outside access.

  6. #6
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    And to make it official...

    Even though I voted this way "Cyber-Terrorism is a bunch of malarky", I am not 100% behind that statement. There ARE threats (obviously, or none of us would be here at AO.) But this is just BULLS***!
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  7. #7
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    We all managed very well without computers and not that long ago either. Infact when I was doing up my house, back a few years ago, I could be in and out of a builders merchant in 10 mins. Now they all have computerised systems It takes upto 45 mins to complete a purchase.

    So called cyber-terrorists could take the web down, I doubt it would affect many people that badly.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  8. #8
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    I find it funny that security minded people are disreguarding the implausible. While it may or may not have happened to date, that does not mean it won't. If a vulnerability exists, then there is the possibility that someone may find it and take advantage of it to do actual harm.

    The definition of cyberterrorism that I work with is:
    “Cyberterrorism is the premeditated, politically motivated attack against information, computer systems, computer programs, and data which result in violence against noncombatant targets by sub national groups or clandestine agents.”

    This isn't outside the realm of possibility. Most of the scenarios provided to date rely on massive failure in the humans involved (such as the airport scenario), but given the issues that happen without terrorist aid there is a small possibility that it could actually happen.


    Another interesting definition of cyberterrorism is"
    "Cyberterrorism can be defined as the use of information technology by terrorist groups and individuals to further their agenda. This can include use of information technology to organize and execute attacks against networks, computer systems and telecommunications infrastructures, or for exchanging information or making threats electronically. Examples are hacking into computer systems, introducing viruses to vulnerable networks, web site defacing, denial-of-service attacks, or terroristic threats made via electronic communication. "

    This can be found at - http://www.ncsl.org/programs/lis/CIP/cyberterrorism.htm

    They lump alot of standard computer crime activities in with what they are doing to fight terrorism.

    I think the distinction that the government and other entities are making between cybercrime and cyberterrorism is the one thing that influences most of the legal proceedings in our country...the intent behind the actions.

    Kind of "If it's done to make your own country more money, it's economic espionage...if it's done for your political views then it's terrorism."

    I don't believe most of the fud scenarios will ever pan out, but I do believe there is a small chance that one could or that something we haven't thought of may happen.
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

  9. #9
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255

    Re: It's not "cyber-terrorism"!!!

    Cyberterrorism is a real threat. Just because nobody has done it on a large scale to date doesn't mean it isn't a threat. Look at 9/11, flying planes into buildings wasn't exactly a tactic employed by many prior or since, but it was obviously a threat.

    Originally posted here by zencoder
    This is a *BAD* thing? I know many, many people who use the internet and email, and VERY FEW of them are trully qualified to do so in an informed, openly aware fashion.
    The same thing is true of people and voting. If being informed and openly aware of how to do things was a requirement for doing them, most people wouldn't have more than a Television in their homes, let alone computers for every person in the house.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  10. #10
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    Originally posted here by jinxy

    So called cyber-terrorists could take the web down, I doubt it would affect many people that badly.
    It could affect a great many businesses and those who do business with them. People who work in online entertainment wouldn't be able to give their services such as online games, radio, movies, etc. People would have to go to understaffed counters to make orders for the things they need which would cost them time and give the businesses involved problems.
    Businesses who rely on it for inter office communication, administration, e-business, etc could be crippled. All the people who work for .coms could easily have their company go under if they aren't making money and don't have insurance (most companies don't have that type of insurance or it's not offered to them).

    Then that goes down the line...what do all the people at the amazon.com shipping stations do if there are no orders or money coming in? What about the people that make the products or drive them to the warehouse? If nothings getting sold then they have no business either.

    Some countries wouldn't have many issues, others could have some serious problems when the companies are hit and the affects spread out like waves from a pebble tossed in a pond..
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •