October 17, 2001

Cyber-terrorism and bio-terrorism: Save us from ourselves

Author: JT Smith

- by Jack Bryar -
- Open Source Business -

No one has been home this week. A British Linux company I planned to interview was closed down because of a bomb scare. The CEO of an advisory services company targeting Open Source companies was unavailable: He was at a meeting concerning new security
procedures being implemented in the office park where his company is
located.Everywhere I went last week, someone was on the lookout for imagined
security threats. A company where I work shut down its mailroom for a day last
week over Anthrax worries. Another firm closed down its network access
because the IT manager was no longer sure that the fortune the company had
invested in network security was sufficient to secure it from crackers and script
kiddies. The crimes of the al Qaeda may not take down the Western world's economy, but the vandalism and paranoia unleashed by the events of 9-11
might just do the job for them.

The Anthrax scare is a great study in mass paranoia. In Canada, a
Montreal suburb shut down its water treatment plant in panic. A tech worker at Volt Technical Services got
her five minutes of fame
when an imaginative email she created
about Halloween terrorism at the local mall spread across the Internet faster
than the Nimda virus.

Less imaginative people got their jollies by
sending their ex-girlfriends envelopes full of talcum powder or by calling in
phony bomb scares. A newspaper in Lithuania hit the panic button when
some psycho sent them an envelope full of baby powder. Bob Dylan's own
security people wouldn't
let him onstage earlier this week
because he allegedly didn't
have proper credentials and "didn't look right." Overnight quacks
sprung up peddling junk disguised as "bio-terrorism detection kits" or "gas
masks" to the public and government
. In less than 72 hours, police in the small town of
Seabrook, New Hampshire, responded to three separate reports involving "white
powder" in hotel bathrooms. A few miles away, a local woman called police about
a suspicious package. It came from a magazine sweepstakes company.
Undeterred by the the likelihood that no one in the Middle East has ever heard of
Nebraska, local officials in towns like North Platte and Scottsbluff
proudly reported to the Associated Press that they had put their plans in place
to ward off biological attacks by al Qaeda.

This stuff is all crazy, of course. For all the panic generated by
recent Anthrax cases, one person has died. By comparison the Center for
Disease control estimates that there will be 20,000 deaths this year from
the flu

Sadder still is the fact that the use of Anthrax in warfare, along
with other emerging terrors associated with bio-warfare and cyber-warfare,
have come from governmental agencies charged with defending their citizens.

Anthrax is a good example of a horrible consequences of a bad
military idea. While the British had long worried about the potential of
biological warfare, they were also the first to actually try it. During
World War II, the government dropped test Anthrax bombs on the Scottish
island of Gruinard. It quickly became obvious that such a weapon could kill
more citizens than soldiers. Spores persisted in the soil for more than
40 years, even after treating the island with thousands of gallons of
disinfectants. Despite this, the world's security agencies continued to experiment
with the bacteria.

In 1979, Biopreparat, the center of the Soviet Union's Anthrax
"defense" program, blew back on its own citizens. A technician forgot to replace
a clogged air filter at a plant in the city of Yekaterinburg. The
result was at least 105 deaths. It could have been worse. We learned
later that the Soviets had also been trying to develop weapons using far more
infectious agents including the Plague and Smallpox -- all in the name
of defending its people. Today, long after the Cold War ended, the
bureaucrats at Russia's State Research Center for Applied Microbiology continue to
store these substances at its facility in Obolensk.

The United States also got into the chemical and bio-weapons
business, until Richard Nixon stopped active development of biological weapons in
1972. Prior to that the United States and its allies experimented with nerve gas,
Anthrax and biological agents ranging from Salmonella to Claviceps Sclerotia, a wheat mold that packs a punch chemically related to LSD. The United States, too, stored substances long after the ban on further development.

On both sides of the Iron Curtain, various defense agencies trained
technicians from a variety of allies in Europe and the Middle East in
the finer points of chemical and biological warfare, including states that
occasionally changed allegiances, such as Iran, Iraq and Libya. There
have been widespread allegations that the British traded

in chemical weapons with Iraq until shortly before the Gulf War.

According to the Defense
, those experiments in biological warfare will cost the
United States over $4 billion dollars as the military experiments
with techniques
to overcome biological and chemical weapons
on a battlefield. No techniques are being planned that overcome white
powder in the mail.

Today, the United States seems determined to generate a new terror
for itself as it obsesses about another threat -- cyber-warfare. Richard A.
Clarke, the former anti-terrorism chief of the National Security Council has long worried about an
"electronic Pearl Harbor." Last year he attempted to enlist the likes of Bill Gates
to help America "defend its cyberspace."

To some, this worry seems overblown. After all, the 9-11 attacks
were extremely low-tech -- effectively, airborne truck bombs. In addition, the
enemy operates in a country that lacks electricity. Osama bin Laden's
network frequently communicates using homing pigeons. So where did the
American government's obsession with high tech warfare come from?

According to reports in the Montreal
and the Ottawa Citizen, it may be a reaction to the
government's own foray into electronic warfare. For the last several years,
defense agencies have been experimenting with what they call "computer network
exploitation." According to these reports, U.S. agencies have been
hacking into computers for years.

Colorado's Schriever Air Force Base has been a center of such
computer operations since 1994. Cyber-hacking by the military is not
exactly a secret. According
to Gen. Hugh Shelton
, the former chairman of the Joint Chiefs of
Staff, some hacking took place as part of the Kosovo campaign. According to
General Richard Myers, the U.S. Space Command has
been given responsibility
for the "Computer Network Defense
mission," which includes a hacker force known as Computer Network Attack. Defense
analysts claim that a skilled hacker force might be able to troll for
information on al Qaeda finances on overseas computers. According to the
Gazette, the NSA has been serving as a collection point for such evidence via
the "Special Collection Service."

Whatever the short-term merits of this activity, it has alerted
these agencies to America's own vulnerabilities. Freelance "cyber-security"
companies with Defense Department connections have added to the panic
as they have dramatized points of U.S. vulnerability. Tim Belcher of Riptech Corp. talked with the San Jose Mercury News about the degree to which he felt that U.S. power grids and water supplies were reachable by crackers, as did Stephen Northcutt of the SANS Institute, suggesting that international crackers could cause "a cascading failure of the [North American] electronic grid."

While the United States may lead the world in the technical skills needed to
disrupt the world's electronic nervous system, other countries are learning the
same skills. Reportedly, the Canadian military wants to set up its
own version of Computer Network Attack, targeting overseas communications
systems and developing computer viruses. A number of other allies are
interested in cooperating with the United States and acquiring the techniques of cyber-warfare. The potential for proliferation is extremely high, and widespread
dissemination of cyber-warfare techniques could generate precisely the danger that
Clarke and others have warned against.

Thomas Adams, a retired U.S. Army lieutenant colonel, and author of
"Radical Destabilizing Effects of New Technologies," has warned against
the unintended consequences of new biological and computer
technologies. He worries that the blowback from U.S. experiments in high-tech warfare
could be far worse that the bio-terrorism generated by 20th century
experiments in germ warfare. Is the United States developing a form of cyber-terrorism that will be far more destructive to itself than to any
potential adversary?

Click Here!