Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security The Internet

Is the Cyberterror Threat Credible? 301

Scott Pinzon writes "Is the idea that cyber terrorists might take down US networks or utilities realistic, or over-hyped? One of the authors of the Patriot Act and several Black Hat 2005 speakers debated the issue informally at WatchGuard's "Security and Beer Roundtable." Participants include Dan Kaminsky, Johnny "Google Hacker" Long, Tim Mullen, Sensepost penetration testers, a guy from Microsoft's ISA team, and others."
This discussion has been archived. No new comments can be posted.

Is the Cyberterror Threat Credible?

Comments Filter:
  • by ReformedExCon ( 897248 ) <reformed.excon@gmail.com> on Tuesday December 06, 2005 @09:41PM (#14199243)
    Who cares if the power company's website is defaced or their web server brought down? That won't lead to the lights going out.

    The question is not whether the threat from cyberterrorism (what a stupid term) is credible, but who in their right mind sees it necessary to put critical systems online?

    If you want to take out half the internet, you don't need hackers. A backhoe works just fine. So why in the world would anyone put such important things on a network that is easily disabled?
    • you mean like online banking and bill paying and mortgage applications? naw, we'd never put those on the net ;)
    • Agreed (Score:5, Interesting)

      by lheal ( 86013 ) <{moc.oohay} {ta} {9991laehl}> on Tuesday December 06, 2005 @09:51PM (#14199286) Journal
      Cyberterrorism is a stupid word.

      But beyond that, there are easier targets.

      Railroads carry tanks full of lovely chemicals like SO4 and HCl. For commercial efficiency, they often put all the tank cars together. For historical reasons, the railroads, state highways, and interstates often run close together and intersect. Not far from where I am now is an intersection of two interstate highways, two state highways, two US routes, and a railroad.

      Take out the tank cars and drive away in any direction.
      • Re:Agreed (Score:5, Interesting)

        by BoneFlower ( 107640 ) <anniethebruce@gma[ ]com ['il.' in gap]> on Tuesday December 06, 2005 @10:27PM (#14199442) Journal
        About a year and a half ago, a tanker truck exploded on a bridge in Bridgeport CT on the I-95.

        The bridge was out of action completely for about a week. It didn't collapse, but the damage was severe enough to basically destroy it. The northbound lanes were out of action for another week after that. And this was with an extremely huge effort to get it running again, they expected even temporary repairs to take about a month. I don't think they've gotten it properly replaced even now.

        The shit really hit the fan when this happened. That stretch of I-95 was(and still is) undergoing heavy construction as it was, so it was backed up already. Traffic got really screwed up, there were lots of detours onto the 15 and the local roads. Commercial traffic was even sent on the 15, that NEVER happens, it is normalyl outright banned.

        This was a single, smallish tanker truck that got winged by a passenger car. Early morning too, so traffic was light. A deliberate attack using a larger truck during rush hour... I don't want to imagine. Dozens(for this bridge, potentially hundereds with the right bridge) would be killed and there would be serious economic disruption. That bridge is probably one of the most important in Fairfield County, especially the coastal region.

        They did have some antiterrorist type people on scene... it was obviously an accident, but they went there to get a better idea of just what would happen if terrorists did go after a major bridge and how to best recover quickly. Good thing they got a demonstration like that without the death toll an actual attack would have caused.
      • Re:Agreed (Score:4, Insightful)

        by rolfwind ( 528248 ) on Wednesday December 07, 2005 @12:55AM (#14200029)
        Cyberterrorism is a stupid word.


        The combination is quite deliberate to spread FUD.

        If you ever watch the news on TV, they constantly want to portray the Internet as this newfangled thing (still) that vague and murky and might bite you at any second. I think that's simply out of touch for most people (actually I think the TV industry is just jealous) but the FUD must play well with some of them because the mechanics of it isn't so easy to grasp as say any other appliance, like a blender or how TV generally works.

        Combined with the vogue word of this decade, terrorism, voila: a whole new genre for the powers that be to terrorize, er, I mean inform others with propaganda.

        It's the same old shit (SOS) put in a new dress.
      • More precisely, there are more "terrorfull" targets.

        I'm not sure that if my e-mail stopped working or I couldn't connect to the Internet, I'd be terrorized. Annoyed, yes. On the other hand, railroad cars blowing up in my neighborhood would make me terrorized.
    • Suppose the critical system is on an "isolated" network but someone can plug a laptop into it. That's how a worm got into ATMs.

      Suppose a clueless customer requires "remote administration" for their SCADA equipment. Suppose a clueless vendor sells "efficient distributed management! Troubleshoot power line problems from home!". Either way you've got a vulnerable tunnel from the wild Internet to a critical system.

      >who in their right mind sees it necessary to put critical systems online?

      In another generation
    • by Mawbid ( 3993 ) on Tuesday December 06, 2005 @10:12PM (#14199384)
      Are critical systems on the internet?

      If I'm reading this correctly, yes.

      Mullen: I once had grid resources through a Web application anonymously for a power company. Grid resource control, OK? SQL injection, hit that through an anonymous connection and I had grid resources for the State.

      The fact that an idea is really dumb doesn't mean it's never been implemented.

    • The question is not whether the threat from cyberterrorism (what a stupid term) is credible, but who in their right mind sees it necessary to put critical systems online?

      Who says it's more secure to have them off the internet? I'd say dial-in access to them is even less secure,just because then people won't plan for daily intrusions.

      The question you should be asking, is whether it is necessary to make these critical systems remotely operable.

      If so, what can be done to secure them?

      If not, disconnect them fr

    • who in their right mind sees it necessary to put critical systems online?

      The internet itself is considered a critical system. As valuable (perhaps more) as the telephone and electricity utilities.

      What is concerning to many is another Morris internet worm or a similar crash of the internet. Take the recent cisco bugs - these make up a significant portion of internet routing capability. Should someone succeed in developing a cisco worm that infects even 5% of the cisco routers (specifically the "big
    • I can think of a number of critical non-critical systems that probably now or soon will be on the net:
      1. Credit card verification terminals & networks -- sorry, we can't accept credit cards today
      2. Check scanners -- sorry, we can't accept checks today either
      3. ATMs -- cash only. Oh, you can't get any cash???
      4. Customer service (VOIP to offshore call centers) -- Just call customer services to report the problem....

      Oh and then there the airlines (no flights today because the screens are down), factories (no p

    • Yes they are on the internet kind of. They are on SCADA networks that are connected to corporate networks (through a firewall) so that the bean counters can maximize productivity...... General configurations include data stores with linkages through the firewalls, vendors that require some type of access to the SCADA systems and servers to perform maintenance and patching, and online help systems on the SCADA systems that use web based help systems (located on critical systems) that can call out to vendors
    • but who in their right mind sees it necessary to put critical systems online?

      One of main things a control system in a chemical plant is used for (besides controlling) is data collection. In many or perhaps most cases, the corporate LAN is hooked somehow to the LAN with the DCS (distributed contol system) to give pointy-haired bosses sitting around the world access to this data. Also, the corporate LAN is hooked to the outside world to provide employees with internet access.

      Normally this is all put togeth
    • Keep in mind that a cyberterror attack does not have do be something that is big and splashly to be effective.

      Terrorists are political animals first and foremost. They attempt to disrupt the exisiting political order in order to substutite their own.

      This means that they don't really have do something major in terms of deaths or physical destruction. All terrs have to do is disrupt. All they have to do is create enough chaos to force society to give in.

      How about the economic impact of shutting down th

    • The question is not whether the threat from cyberterrorism (what a stupid term) is credible, but who in their right mind sees it necessary to put critical systems online? ... So why in the world would anyone put such important things on a network that is easily disabled?

      You assume everybody implementing network security it competent.

      Not so [theregister.co.uk].
  • by dbIII ( 701233 ) on Tuesday December 06, 2005 @09:44PM (#14199256)
    No - robots with bombs are in short supply so there is no threat from cyberterrorism.

    Criminals that use computers for fraud and other crimes should be described by a less stupid and emotive term than cyberterrorism.

  • like '%Cyber%' (Score:5, Insightful)

    by NineNine ( 235196 ) on Tuesday December 06, 2005 @09:47PM (#14199268)
    Personally, I don't feel in any way threatened by any word, phrase, or sentence with the prefix "cyber" in it. Cyber*, to me, means a way for non-geeks to explain something that they don't in any way understand.
    • Re:like '%Cyber%' (Score:3, Insightful)

      by Wisgary ( 799898 )
      What about Cyber-sex?
    • Well for me, any word that has 'cyber' in it momentarily loses the suffix, as the horrid word 'cyber' highlights itself in sympathetic response to deeply-laid engrams from over-exposure to a certain usage of it, the verb form, meaning: "To pretend that some fat 40-year old guy is a hot cum-crazy teen slut that wants to have sex with you". I cannot hear the word or any larger word that contains it without briefly shuddering in disgust.
  • Cyber? (Score:3, Insightful)

    by ScaryFroMan ( 901163 ) <scaryfroman@hotmail. c o m> on Tuesday December 06, 2005 @09:48PM (#14199271)
    Frankly, I think most terror threats aren't credible. My philosophy is that in most cases, if you're on the ball enough to understand a threat, it's not threatening. The real terrorism are the attacks (cyber and...um...Analog?) that come from behind.
  • by Anonymous Coward on Tuesday December 06, 2005 @09:49PM (#14199277)
    The Bush administration has been warning of a digital Pearl Harbor [cnn.com] for years.

    However, their desire to collect and to centralize information on government computers for 'homeland security' purposes makes such a threat more dangerous, not less dangerous.

    If their proposals for government-accessible backdoors [wikipedia.org] for all encryption were actually to become reality, then a single successful hacker could compromise millions of secure computers and documents in a single attack.

    The best solution is to go back to the policies of Clinton's presidency. Let us, the people, take care of our own security without government intrusion, as is our natural right and privilege.
    • by Ph33r th3 g(O)at ( 592622 ) on Tuesday December 06, 2005 @09:58PM (#14199319)
      The best solution is to go back to the policies of Clinton's presidency. Let us, the people, take care of our own security without government intrusion, as is our natural right and privilege.

      I'm not sure that's really what you want. IIRC, the attempts to make key escrow mandatory with Clipper were on Clinton's watch. The sooner we quit believing that one party or another is interested in freedom, the sooner we have a chance to preserve the dwindling amount of it we have left.

      • IIRC, the attempts to make key escrow mandatory with Clipper were on Clinton's watch. The sooner we quit believing that one party or another is interested in freedom, the sooner we have a chance to preserve the dwindling amount of it we have left.

        The last comment is right on, and in fact the Clipper project illustrates quite well that neither party can be trusted. The Clipper chip was actually a Bush I administration project -- initiated and developed before Clinton came into office. It was pretty much

      • The sooner we quit believing that one party or another is interested in freedom, the sooner we have a chance to preserve the dwindling amount of it we have left.

        I agree in principle - but it's also kind of unproductive to take the 'long view' and always claim precedent for everything bad going on right now. We don't have time machines, we can't change history- you have to focus on the present and the people who are perpetrating bad things right now. As far as two party politics go, if the elected officia
    • ...to happen due to "cyber attacks" from "cyber terrorists". It's going to happen instead because the USA has abdicated control over its own technology destiny to foreign governments (e.g. China for hardware, India for software and tech support, etc.)
    • The Bush administration has been warning of a digital Pearl Harbor for years.

      You mean Richard Clark, appointed by Clinton, as mentioned in the article you link to?

      The best solution is to go back to the policies of Clinton's presidency. Let us, the people, take care of our own security without government intrusion, as is our natural right and privilege.

      Hm.
    • Comment removed based on user account deletion
    • The Bush administration has been warning of a digital Pearl Harbor [cnn.com] for years.

      Pikers and latecomers.

      The DOD has been warning of such things for decades

      Back in the 60's, when the DOD's ARPAnet project was started, one of the design goals was that the network should have sufficient redundancy and intelligence so that when an enemy knocked out lines or relays, the software would just silently route around the break and keep the communication going.

      This has been one of the more difficult things to impl
  • Hah!y (Score:3, Insightful)

    by flamesrock ( 802165 ) on Tuesday December 06, 2005 @09:51PM (#14199285)
    We live in a culture of fear.


    First it's anthrax (anyone remember that?)

    Then it's suitcase nukes..

    Then it's bird flu..

    Suddenly terrorists are going break into our computers?!


    All of these are existant 'problems' blown WAY out of proportion. I'm counting the days before termites are found in the whitehouse, thus becoming the next terrorist threat.
  • Oh boy (Score:4, Insightful)

    by QuantumG ( 50515 ) <qg@biodome.org> on Tuesday December 06, 2005 @09:53PM (#14199295) Homepage Journal
    The broader question: is the treat of terrorism credible? Considering that politicians made up the whole concept of "the terror network" from disinformation planted in european newspapers and then failed to listen to the CIA when they told them the Soviet Union was not funding terrorist groups and in-fact it was the CIA that was planting the propaganda, how can we possibly believe that terrorism is capable of any more than the few isolated incidents that have befallen the world in the last dozen years? We're talking about a total number of deaths less than a year of ordinary people driving cars on the national highways. The chances of becoming a victim of terrorism are less than the chances of being hit by falling space debris.
    • Re:Oh boy (Score:3, Insightful)

      by patio11 ( 857072 )
      The chances of becoming a victim of terrorism are less than the chances of being hit by falling space debris.
      Falling space debris doesn't kill 5 Israeli civilians and several dozen Iraqis on a quiet week, and several hundred to thousands on a bad day. Falling space debris also isn't actively trying to fall more frequently and harder.

      how can we possibly believe that terrorism is capable of any more than the few isolated incidents that have befallen the world in the last dozen years?
      Terrorism has been

      • Maybe you missed the part about there not being some global conspiracy behind these things. You can't say these incidents are not isolated just because there's been a lot of them. Terrorist attacks are just as isolated as street crime. There isn't some evil figure lurking in the shadows organising the city's criminals to strategically mug people and there isn't some evil figure lurking in the shadows organising the world's terrorists. Neither Osama bin Laden, the current leaders of Palestine or the USSR
        • Like street criminals, terrorists are often affiliated with organizations. There is a Mafia, there is a Crips, there is an IRA, there is an Al Qaeda.

          Duh.
        • ..... What they're not killing people for is some overreaching global war of terrorism.....

          The goal of the Muslim fanatics is to subject everyone to their perception of their religion and its laws. Anyone who is not of their persuasion is an infidel, who must be either made to obey or be eliminated. There may not be a single person or organiziation that drives this goal, but there is this common religious Muslim philosophy. The Jews and their protectors are seen as the number one enemy. This sentiment was s
    • by clark625 ( 308380 ) <clark625 AT yahoo DOT com> on Tuesday December 06, 2005 @10:29PM (#14199452) Homepage
      Yes, I know that deaths due to terrorism is low statistically-speaking. Honestly, it's not something that I spend awake nights worried about. Overall, I'm probably a lot like you in feelings about the terrorist threat. Statistically speaking, it's so far into the noise that maybe it should be ignored.

      The problem with this way of thinking, though, is that most ordinary people believe that terrorism is not an act of God, and that it is, in some way, a preventable issue. When it comes to auto accidents, ordinary folks want to put controls on those items that can lower the risk of death (preventing DUIs, speed limits, mandatory seat belt laws, etc). It's the same with other deadly issues--like how people want McD's to have healthy choices on their menus because heart disease is so prevalent (now, whether people make good choices is another issue...). Or smoking--how much energy/money has been spent on getting people to stop?

      People can accept deaths. It's a normal fact of life, and it sucks when it hits close to home. It sucks even more when those deaths could have been prevented with simple measures. If a party got out of control and a guy that was totally blitzed got behind the wheel and kills your wife/husband/mom/sis/friend/etc, you'd be pretty darned pissed and that incident would leave a hole inside you that might not ever heal completely. That's reality. Also, you, being a responsible citizen and registered voter, would be so upset and hurt that you just might demand more steps be taken to prevent others from feeling how you do. So, you call your local politian.

      Economically speaking, no deaths are without consequenses. If it's preventable, then it can be calculated how much the solution would cost and how many deaths it would prevent. Those "non-dead" people earn incomes and pay taxes. If those expected taxes are greater than the proposed solution, then we have a winner. Of course, not all decisions are made based on pure economics. Many people are simply willing to pay higher taxes in favor of more safety, just because we like not having to go to our loved one's funerals.

      I do understand what you're saying, and the rational part of my brain agrees. The part that hates going to funerals, though, tells me that if a death can be prevented, maybe we should go out of our way a bit to prevent it.

      • Economically speaking, no deaths are without consequenses. If it's preventable, then it can be calculated how much the solution would cost and how many deaths it would prevent. Those "non-dead" people earn incomes and pay taxes. If those expected taxes are greater than the proposed solution, then we have a winner. Of course, not all decisions are made based on pure economics. Many people are simply willing to pay higher taxes in favor of more safety, just because we like not having to go to our loved one's

      • by shmlco ( 594907 ) on Wednesday December 07, 2005 @04:01AM (#14200567) Homepage
        "People can accept deaths. ...could have been prevented with simple measures."

        I disagree with that statement. How many times has the "If but one death could be prevented..." mantra been passed around? Too many people expect EVERYTHING to be risk free, and often propose and avdvocate extreme measures to gain that certainty. No matter how absurd the measure might be for the majority of the people. And if CHILDREN are involved? Oh my god.

        Look at all the handwaving currently going on regarding video game violence, dispite the fact that teen violence levels are at the lowest they've been in decades. But no, SOMETHING caused Columbine, and that something must be eliminated.

        And if it can't be eliminated one way, they'll try another. A "defective" product? Sue the company. An unforeseen drug interaction? It's class action time. Some kid jumps off a bridge because a character in a game did so? Obviously, it's time to ban all games.

        We demand perfection, every time, all the time. And if it's not perfect, then someone, obviously, is to blame.

    • Re:Oh boy (Score:3, Insightful)

      by gobbo ( 567674 )
      how can we possibly believe that terrorism is capable of any more than the few isolated incidents that have befallen the world in the last dozen years?

      You know, I was a pretty ordinary nerdy teenager, but I hung out with some less savoury characters. We wreaked some pretty fine havoc from a vandalism point of view. Their ideas, of course! ;-)

      All the while, I was thinking, "what if we decided to do this somewhere serious?" There were traffic light boxes to mess up, power stations, train controllers, high-

  • by Karl Cocknozzle ( 514413 ) <kcocknozzleNO@SPAMhotmail.com> on Tuesday December 06, 2005 @09:54PM (#14199297) Homepage
    Maybe. But probably not. If terrorists use a computer to do something that kills people, its regular terrorism. If somebody screws with my computer, that person is not a "cyber-terrorist," he is just a regular criminal (and also, likely, a douchebag.)

    So maybe what I mean is... no, it isn't remotely credible.
  • Realistic, I'd say. (Score:3, Informative)

    by alphafoo ( 319930 ) <loren@boxbe.com> on Tuesday December 06, 2005 @09:54PM (#14199300) Homepage
    I don't know about a cyberterrorist, per se, but there sure are a lot of compromised machines out there. Anyone remember the article that quoted an estimated 200,000 zombies added every day?

    Alan Cox said it best in this interview http://www.oreillynet.com/pub/a/network/2005/09/12 /alan-cox.html [oreillynet.com]:
    "We are still in a world where an attack like the slammer worm combined with a PC BIOS eraser or disk locking tool could wipe out half the PCs exposed to the internet in a few hours."
    • I thought most infectious code was finantially motivated these days, open mail relays for spammers and the like. In this case, it would seem silly to kill thier infected hosts off. Though, somebody was motivated enough, im sure it could be done.
  • One phrase (Score:3, Insightful)

    by Billosaur ( 927319 ) * <wgrother AT optonline DOT net> on Tuesday December 06, 2005 @09:54PM (#14199301) Journal
    Y2K - Nuff said.
    • We lost heat due to Y2K. Our fuel supplier's software upgrade didn't import their old schedule correctly, so we ran out. It was the third week in January and it was 6 degrees outside.

      The machines didn't go silent on Jan 1st, but lots of people had upgradeitis and it cost billions.
  • If your power grid can be operated online, then of course there's a threat that this can be used by malicious people. If the risk outweights the benefits, then don't put it online. Maybe they should just have read "Building Secure Linux Servers" (O'Reilly), instead of passing the patriot act (that is used for different purposes now, btw). That law isn't going to decrease the risk.
  • The Nightmare worm (Score:5, Interesting)

    by 3ryon ( 415000 ) on Tuesday December 06, 2005 @10:18PM (#14199402)
    I don't know if it will happen from what we think of as terrorists, but I'll go on record saying that we'll eventually have a Nightmare worm.

    It could have already happened, but perhaps the worm writers had a conscious. There will be a worm that 0-day exploit that compromises a common MS Windows service and isn't so polite as SQL-Slammer. Slammer infected almost every vulnerable host in the world within 10 minutes [mit.edu]. I would call Slammer a 'polite' worm as it did no harm other than flooding networks.

    It's certainly possible to write an impolite worm. One that doesn't just spread itself, but after 20 minutes of attempting to spread itself decides to stop all of your services and then wipe the data off your hard drive. If a computer isn't directly affected, it will probably be affected downstream by the network traffic or reliance on Windows network services. Those that managed to survive may have a hard time finding other surviving resources.

    Hopefully the business world has backups, but can you imagine the global disaster that would follow? In 30 minutes almost every computer in the world is down. Airlines will be grounded, you may lose electricity, you might not be able to order a mocha frappancino(tm) at your favorite fourbucks.

    (Not to be judgemental, but in today's world if it doesn't target Windows it's not the Nightmare worm)
    • by dhasenan ( 758719 ) on Tuesday December 06, 2005 @10:24PM (#14199428)
      And have it flash the BIOS with 0's as its first action, then force reboot after spreading. That's data loss and hardware loss. Unless we start hot-swapping motherboards.
      • ..."Internet Explorer" by thy name.

        What other application could update itself weekly and be so intergrated with the OS that a complete removal would render the OS inoperable. Makes that Win32 virus that associated EXEs with itself look like child's play.

        Hot-Swapping motherboards??? ROTFL. ROTFL!
    • (Not to be judgemental, but in today's world if it doesn't target Windows it's not the Nightmare worm)

      So you wouldn't consider a worm that took out say... all the Cisco routers running the Internet a nightmare worm?
    • Hopefully the business world has backups, but can you imagine the global disaster that would follow? In 30 minutes almost every computer in the world is down. Airlines will be grounded, you may lose electricity, you might not be able to order a mocha frappancino(tm) at your favorite fourbucks.

      You're making a couple of assumptions there - 1) that the virus/worm would work on *most* computer operating systems, not just Windows; 2) that *most* critical systems run on Windows. Not 100 yards from where I'm s

  • Right now terrorist groups around the world have a lot of cash, a lot of weapons, and a lot of their members in prisons or in hiding. Governments around the world are mastering a new sort of doublespeak where they deny that they are locking terrorists, their supporters, and any innocents who end up in the line of fire; the most successful terrorists these days are in cities that slack off for a little while (The London Bombings), Palestinians bombing Israelis, and every suicidal wack-job that can afford bus
  • Slashdot effect... (Score:4, Insightful)

    by ktakki ( 64573 ) on Tuesday December 06, 2005 @10:27PM (#14199438) Homepage Journal

    Mullen: But I think this is important -- is the United States communication infrastructure a critical part of a terrorist attack? Not because of taking it out, but because of keeping it up. Right? You know what happened to the CNN Web site on 9/11?

    Harrison: It was like Slashdot hooked to it.


    I was working at home on 9/11, and yes: CNN was down until they put up a no-graphics static page. Slashdot was up and running just fine.

    Anent to the article, I think the so-called cyberterror threat is not so much Al Qaeda as it is Eastern European organized crime, and the threat is more centered towards e-commerce (Amazon, eBay, gambling sites) than public infrastructure.

    Al Qaeda wants to perform acts that make people afraid to go to work, not acts that keep them from bidding on Beanie Babies or playing Texas Hold-em. DDos-ing Amazon or Partypoker.com isn't the sort of deadly blow against the infidels that gets them out of bed in the morning. Yuri and Vladimir, on the other hand...

    But the real "cyberterror" threat is the potential US Government overreaction towards any potential threat, real or imagined. Since the early '90s, the government has viewed the Internet as something big, scary, and untamed. COPA, DMCA, you name it, they'll regulate it. Even now, look at the way the Federal Election Commission has been eyeballing political blogs: free speech or political contributions?

    If there's a threat, it'll be from Capitol Hill or 1600 Pennsylvania Avenue, not some cave on the Afghani-Pakistani border.

    k.

    • If Tyranny and Oppression come to this land, it will be in the
      guise of fighting a foreign enemy.
      - James Madison

    • I was working at home on 9/11, and yes: CNN was down until they put up a no-graphics static page. Slashdot was up and running just fine.

      Slashdot traffic ranking: 800 [alexa.com]
      CNN traffic ranking: 24 [alexa.com]

      During a big news event slashdot's traffic might quadruple, but CNN's would be off the chart. CNN could slashdot slashdot (and most other sites).

      Of the top ten google searches on 9/11 the only one that beat World Trade Center was CNN. 6000 users per minute were using google to find CNN.
      Effects of 9/11 on Google [firstmonday.org]
      • by ktakki ( 64573 )

        I really wasn't trying to compare Slashdot's and CNN's network infrastructure. I was just trying to make a simple observation. It's obvious that CNN had at least an order of magnitude more HTTP requests than Slashdot did on that day. Same with bbc.co.uk and msnbc.com on 9/11/2001.

        But you have to consider that in 2001 Slashdot's network infrastructure was smaller than that of CNN, the BBC, or MSNBC. And it handled its request load better than the aforementioned web sites.

        I'm just sayin'.

        k.

  • so then the authorities cannot properly communicate!
  • I've seen lots about not probable or not possible but lets look at it this way, how big is the internet? next question how many possible methods of terrorism can exist? some I can think of are; air traffic control (die hard style); automated flood gate control (I've seen HPsUX computers that do this); what about the manipulation of satellites; and affecting train routes, collisions and subway disasters?

    If you really think about it anything technological that requires a computer is at risk to "cyber"terroris
  • W00tkits of Mass Destruction (WMDs) are all over the place, man.

  • As a security researcher, I can say without hesitation: of course the threat is credible. The vulnerabilities are here, each day a dozen of them are discovered in major applications [1]. And competent security researchers exist around the world (e.g. 75% of windows vulnerabilities are discovered by external independant researchers [2]).

    Now the only reason why cyber terrorism is not more frequent and more harmful (it is almost inexistent but it *does* exist) is the relatively few number of black hats (ba

    • [cyber terrorism] is almost inexistent but it *does* exist

      I would like to make sure everyone understands my point: what I meant is that as of today "cyber terrorists" (I hate this term) pose a threat that is much less important than, say, the whole bunch of script kiddies present on the Internet (I am not even sure if we can call this "terrorism"). But the fact is that given their number and their imagination, terrorists have probably already started to play with some scenarios of Internet attacks (e.

  • "Hey, what does this link - AH!!!! THE GOA***!!! MY EYES!!!!"

    If that's not TERROR, I don't know what it is.
  • So will I (Score:2, Interesting)

    by js92647 ( 917218 )
    That's another word for the filter, "Cyberterrorism."

    I wonder how this stuff makes news anyway. Soon we'll have these pompeous dicks addressing games like WoW as "Cyber-cocaine," attempting to make it sound as if its addictive as the drug itself. Honestly who the hell comes up with these crappy titles? I mean, these are the same assholes who pulled that "Y2K" scam on everyone, people no different from making "Y2K compliant" appliances, and now, here we are again except we jumped from an alphanumeric word
  • SCADA and digital control systems of critical infrastructure such as power (electrical grid), oil and gas distribution, water, sewer, telecommunications and most manufacturing processes are connected through firewalls to corporate LANs so that the metrics of the SCADA network can be monitored. Other routes to the SCADA systems exist so that the hardware/software vendors of the control system can perform patches and maintenance. Help systems on many SCADA networks use web based help which is vulnerable to cl
  • A simple question: (Score:3, Insightful)

    by JPriest ( 547211 ) on Wednesday December 07, 2005 @09:54AM (#14201981) Homepage
    "Hi I am Joe user and I want to protect myself and my computer on the internet so my system is not used to DDoS critical infastructure. Where can I find a simple easy to understand guide to walk me through securing my Windows box and helping me avoid getting a virus or worm"

    Requirements:
    1. It must be easy for them to understand.
    2. It must be something they will follow (lots of pictures), and not a white paper.
    3. It must be colorful
    4. It must have a goal of educating the user and not taking their money.
    5. I prefer it be securemypc.com rather than joe.blog.com/files/02/05/security101.htm

    I have seen guides with this in mind but they are mostly all crap. The task is not hard and I see people clearly explain it over and over to people on web boards but I have yet to see a _good_ website where I can just say to them "go here http:"

    Certianly if people can spend billions of dollars and have hundreds of orginizations to clean up the damage these systems cause than someone can write a simple to follow guide for the end users that do care...right?

White dwarf seeks red giant for binary relationship.

Working...