Cyberterrorism - As Seen On TV

Tuesday, March 01, 2011

J. Oquendo

850c7a8a30fa40cf01a9db756b49155a

As of February 27th 2011, anonymous sources have stated that hundreds of thousands of attackers are now declaring simultaneous cyberwars.

According to anonymous sources in the security industry, the outlook is dismal yet if you subscribe to their Twitter feeds, blogs, company programs, the outlook for you will change. They can track these terrorist, they can protect you by tracking down these terrorists [1].

Yes, these anonymous security sources are 100% accurate in their statements and are not figments of any imagination. Sure they remain anonymous, but this is only to protect them from well, terrorists. It is not to protect them from becoming the laughing stock of serious security practitioners. (Honestly!)

Alright, since you smell the stench in the paragraph above, let us now look at the harsh reality of Al Qaeda and or "cyberterrorism" from "terrorist" groups. Besides, as the security world saw recently via HB Gary, you can't take tracking "anonymous cyberterrorists" seriously. [1]

Where should we begin to seriously pick apart the nonsensical theories put forth by individuals who are in the world of Slashdot: "anonymous cowards" [3]? What rhyme or reason should I use when reading garbage media such as "First Major Al-Qa'eda Malware Release Wrecks Havoc" [4], I mean seriously.

As either a security practioner, manager, evangelist, or whatever term I want to place into the sentence, the logic just doesn't hold true for a group like Al-Qaeda. This is not to say that a terrorist organization is not seeking out the mechanism to cause electronic mischief, this is simply to say, wake up and use your brains for a moment.

As I read the "Al-Qaeda Malware" shpeel, I couldn't help but wonder if the author has a grasp on security, reality and or both. In order to understand where I am coming from, here are some snippets from this (non)juicy article:

Therein lies the beauty and danger of the Internet and anonymity. LOIC (Low Orbit Ion Cannon) is readily available to anyone with a minute to spend on Google. "Reverse Engineered Anti-Virus Engines and Signatures..." wait... What are they really doing, trying to protect me?

Reverse engineering AV engines does absolutely nothing nor does reverse-engineered AV signatures. On the contrary, all they've done are opened up and AV engine and a signature.

It may have been more believable even coherent had the author stated: "based on reverse engineering of the attack and software used in the attack, researchers discovered ..." Which leads me to believe that neither the author nor the "anonymous coward" feeding him the shpeel has a clue.

Worry little though as this errata slash stupidity was further clarified by the following statement:

This is what rattles my cages a bit: "one unnamed security vendor executive stated..." We have already seen the damage from "one forensic executive" [5] where he "swore" that through his six degrees of separation theory, he could identify attackers only to have his world come crumbling down.

So here we are with another puppet being fed the "boogey cometh and his name is Al-Qaeda" lines. Bear in mind that although the Al-Qaeda Malware article was a joke, it wasn't even halfway funny.

In fact, it was downright scary as I could see media outlets picking up and running with the stupidity. It has happened before and will continue to happen especially when security professionals are quick to quip the terms cyber and terror in one breath.

To be accurate and fair in my statement, this has bit of naivete has happened before and it was costly to taxpayers. Twenty million dollars down the tube however, most taxpayers aren't even aware of the situation: How can security practitioners, politicians, even normal citizens continue to be so naive?

The fact is, cyberterrorism is such an overrated term with no definitive rhyme or reason and it seems that anyone who uses antivirus software nowadays can call themselves a security expert, spread a rumor, embed the term terrorism and cause more damage than some lowly terrorists. Many of whom have never even turned on a computer. It certainly is boggling.

In ending, as a security practitioner/professional, I will anonymously state for the record though, cyberterrorism is real and obviously only I can defend you using my patent pending "Information Defense 10 Times" technology(ID10T).

So act now! And as a bonus, if you're one of the first 100 individuals to e-mail me, I will also include an SSL certificate. With your own SSL certificate, you can ensure a high level encryption between your webservers and clients connecting to that webserver. [7]

[1] http://arstechnica.com/tech-policy/news/2011/02/anonymous-vs-hbgary-the-aftermath.ars

[2] http://reason.com/archives/2011/02/15/what-islamist-terrorist-threat

[3] http://en.wikipedia.org/wiki/Anonymous_Coward

[4] http://blogs.csoonline.com/1407/first_major_al_qaeda_malware_release_wrecks_havoc

[5] http://www.infowar-monitor.net/2011/02/updated-the-hb-gary-email-that-should-concern-us-all/

[6] http://www.nytimes.com/2011/02/20/us/politics/20data.html?_r=1

[7] http://iang.org/ssl/pki_considered_harmful.html#revenue
Possibly Related Articles:
5354
Network->General
terrorism LOIC National Security Cyber Warfare al-Qaeda Cyberterrorism
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.