Cyber-Terrorism & Security New Definitions For New Realities. Dan Verton Vice President & Executive Editor. www.itsecuritymagazine.com. FISSEA March 2005. This Is A Controversial Topic.
Vice President & Executive Editor
Richard Clarke Testifying at 9/11 Commission Hearing, 3/24/04
5,800 registered hospitals
300 maritime ports
3,000 govt. facilities
2,800 power plants
26,000 FDIC institutions
150,000 miles transmission lines
66,000 chemical plants
130 overlapping grid controllers
300,000 production sites
120,000 miles of major rails
2 billion miles of cable
2 million miles of pipelines
1,600 municipal wastewater facilities
Directorate for Inter-Services Intelligence
Hackers for Hire,
Disgruntled InsidersDefining The FutureThreat = Intent + Capability
On 8th of March F-Secure got a report of a network trojan known as "Slacke"
Report came from Russia
The trojan was written by a Kuwait hacker group Q8SEE
The worm downloaded additional code from a website
The website was WWW.LUVZ.ST
.ST is the domain of São Tomé and Príncipe
São Tomé and Príncipe is small island nation off Atlantic coast of Africa
The .ST domain rights were sold to a company operating in Stockholm, Sweden
According their WHOIS, Luvz.st was registered to: Administrative Contact Information Company Name: JordanChat Contact Name: TeRrOr Address: Irbid , 00962 , irbid , IR , JO Expire date: 29 Oct, 2003
CHAT.CNN.COM > #Noticias in Mexico
(inside or outside??)
An intellectual of sorts, highly educated, conservative in his politics, painfully introverted, somewhat arrogant and kind of a geek.
Expert programmer who preferred communicating with associates through e-mail rather than in person.
Hacked his employer's computer system without permission to show management that there were serious security gaps that needed to be fixed.
Introverted: A common characteristic of IT specialists, which can pose a significant management challenge.
Frustrated: Family or social problems may be compounded by negative attitudes toward authority.
Computer-dependent: Such individuals often prefer online activity to direct social interaction.
Ethical flexibility: Dangerous insiders view malicious actions as justified, given their circumstances.
Entitlement: Feelings of being “special” employees—for example, the only ones with the necessary training. Being overworked with no rewards can lead to a desire for revenge.
Reduced loyalty: Some insiders identify with the IT/programming profession and not with the organization that employs them.
Lack of empathy: The impersonal nature of cyberspace leads to a lack of regard for the impact of the perpetrators’ actions on others.
Security is about a lot of things, not only bits & bytes