Posted on 06/26/2002 3:56:37 PM PDT by Timesink
Edited on 09/03/2002 4:50:41 AM PDT by Jim Robinson. [history]
What this is is a distraction from serious vulnerabilities like a bioweapon attack or a SAM attack on airliners.
My company manufactures control/telemetry equipment for municipal utilities, and we also author a great deal of firmware/software for this equipment. We have been very tuned into the security aspects of these control systems for years now. As you can imagine, we are focused upon this more now than ever.
Have suspicious arabs shown an interest in these systems? Yes. Homeland Security had heard of some inquiries, and they sent us a fax this past winter to be on guard. Also, our company was approached once. A few years ago, a saudi requested detailed information on our control system via email; and we responded with the standard brochures (nothing sensitive). Didn't think much about it at the time, and deleted the email long ago. Also, he didn't like my "foreign business policy"... foreigners pay in advance :-)
This summer, we also observed a man making inquiries to an internet programmers newsgroup targeted toward web server programmers/administrators on Windows platforms. All of his requests focused on finding ways to break into web servers such as Apache, IIS, and Netscape. It became very apparant when looking at all of his posts as a whole. We found that his ip address is in the united arab emirates, and then we notified the FBI with the info. (don't know if they pursued it further.)
Do I think they will hit our water and power supplies? Not really. I have yet to see them take any action which is not based upon killing a lot of people.
Shutting down computerized water pumping stations will not even run people out of water. First, most water systems have a large amount of pressurized storage (water up in the water towers). Second, every piece of industrial equipment that I have ever seen always has "manual" controls in addition to the computers. Could they poison a water supply? Does anyone know how much poison it would take to overcome the dillution of 10's of millions of gallons in a water system? Not likely to happen. Anthrax in the water? The chlorine would kill it. Worst case scenario with water: some people get sick, no deaths. Best case scenario: alqaeda gets shot by the neighbor who lives next to the water tower.
Dam control system disruptions? The filling/emptying of a dam is a VERY slow control processes. "Manual" override would be instituted far in advance of any repercussions.
Power? Power is a lot more vulnerable, because there is no "storage" within the system (as with water). Even a short disruption would be noticed. And power is everything. Actually the best way to shut down a water system is to shut down its power. And why attack the power grid control computers, when much more lasting damage can be done through a physical attack? (Look at what we did to the power system in Yugoslavia). However, although a power shutdown would be pretty darned inconvenient, I still don't see how it is going to kill Americans.
In summary... I don't see alqaeda pursuing this computer hacking angle, because it doesn't kill anybody. These guys are all about killing.
ps. This is just my educated opinion. I'm sure there are smart people who would disagree.... and sorry about the long post. Usually I specialize in short, smartass comments. :-)
This discussion probably doesn't belong on this thread, but it just cracks me up that people get so excited about some exterior threat and think it is so much more potent than the threat from within. It's all enemies of our Constitution, foreign AND DOMESTIC!!! Mc Carthy was more right than wrong. It's just that he had no class and was crass! Besides, people don't equate sudden death with the enemies of freedom from within. It's slow death instead.
Trite, but true... "Eternal vigilance is the price of freedom!" (still) This terror war is way worse than the cold war ever was!
Do you actually have a legitimate argument to make as to what's wrong with the article, or are you merely interested in tossing around empty insults?
Maybe not so uh-oh. Isn't the Net a two-way street? Can't we "study" all those systems in Saudi, Paki, and Axis of Evil countries pretty easily? What do you want to bet we already have?
A couple of years ago, World Net Daily reported on a group of hackers, Hong Kong Blonds, who had hacked into Beijing's computers and loused up the Red Army in some pretty interesting and effective ways. So it's being done. Author of articles on Hong Kong Blonds was Anthhony lo Biado (Portuguese name), if you want to look them up.
One little cyber attack, and the USA could retaliate in kind, blowing several nasty little countries off the map altogether. (If they're sophisticated enough to have vital services run by computers.)
Mayhem and murder, they think, are. They are wrong about that, but that's what they think.
I've been thinking the same thing for a while. We've really made things easy for the terrorists and we don't seem to be in any great hurry to fix it. Scary.
Nah. Just install a microscopic ID chip in everyones hand. Much more efficient.
"Sources said the government did not learn crucial details about September's Nimda worm... until the stricken companies began firing their security executives."
Do you know what this refers to? What crucial details could they possibly be talking about?
I think they're just talking about the plain knowledge that the worm existed, and how to patch their computers to block it. If you go back a couple paragraphs, you'll see the writer's talking about the problems the government is having getting the private networks interconnected with the government's computers to get around to patching their systems, leaving them very vulnerable, and thus leaving the government vulnerable, since they rely on those private companies for many vital communications.
I don't recall there being anything particularly special about the NIMDA worm itself, other than its extreme annoyance factor. But then, I use a Mac and don't have to keep up with such things. *grin*
No, I don't think that's what they meant.
The existence and virulence of the worm were known very quickly; within just a few hours of Nimda's release, Atty. Gen. Ashcroft was on television to say that the government knew of no connection with 9/11.
The various antivirus companies and security experts analyzed the workings of Nimda extensively and publicized their findings. Microsoft put out a patch for IIS.
None of these things would have been facts that the government did not learn "until the stricken companies began firing their security executives."
Maybe this is just reporter's nonsense, I don't know. Were any security executives fired as a result of Nimda? If so, why?
I have to admit, I have no idea as to the answers to your questions. I suppose you could go to that online chat the reporter is holding later today (I think I posted it somewhere around response 2 or 3 in this thread), or just drop him an email and ask: gellmanb@washpost.com.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.