OT - Cybercops Unleashed - WHAT A COINCIDENCE! -greenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread
[Fair Use: For Educational/Research Purposes Only]
February 11, 2000
The wave of cyber-attacks on Yahoo! and a host of other major US websites was in its second day when Janet Reno came riding in on her white horse, promising us "protection" and vowing to get to the bottom of a disruption that horrified investors and roiled the markets. Her FBI henchmen were quick to offer their own "solution": "The key to this is prevention," said Ron Dick, chief of computer investigations and operations at the National Infrastructure Protection Center, the latest FBI "cyber-crime" boondoggle. But how? How will the cybercops "prevent" vandalism on the Internet?
THE LIES OF JANET RENO
The ominous answer: by installing a comprehensive surveillance system that will keep tabs on all Internet traffic. As Rep. Bob Barr put it in a letter to the cyber-bureaucracy, the federal government has been pushing for years "to force a surveillance-friendly architecture on the Internet." Back in 1994, when the Communications Assistance to Law Enforcement Act (CALEA) was passed, Attorney General Janet Reno solemnly assured us that it was merely an updating of existing wiretapping law, and did not represent an extension of government power on the Internet. But it hasn't worked out that way. CALEA was no sooner enacted then law enforcement officials began a concerted campaign to pressure the telecommunications industry to adopt monitoring capabilities that, as Barr put it, go "far beyond the status quo, CALEA's mandates, the intent of Congress, and the Fourth Amendment." The industry has been backed into a corner: telecommunications companies that refuse to go along with the new protocols can either comply or fight the government in court. Guess which alternative they are likely to take. . . .
WHAT A COINCIDENCE!
Gee, what a coincidence: the first cyber-attack, on the popular Yahoo! site, occurred on the very same day as news of President's Clinton's proposed budget increase for Internet monitoring, from $15 million to $240 million, hit the wires. The money is a subsidy to telephone companies, a reward for reconstructing their networks to make Internet snooping by the feds more practical.
Naturally, the government bureaucrats who would like nothing better than to get their hands on an uncontrolled frontier like the Internet have been busily denying that this was their intention. Their FidNet program, designed to monitor "suspicious activities" in cyberspace and crack down on "cyber-crime," was slated for $27 million and Reno declared that every penny was necessary in order to protect government sites from the teenage hackers who delight in defacing them. "As envisioned, FidNet is being designed to monitor federal executive branch computer networks," said Jon Jennings, acting assistant attorney general in a letter to Congressional skeptics, "not private networks or the Internet in general." But several prominent Republicans were not at all satisfied, and House Majority Leader Dick Armey asked the pertinent question in a brisk letter to Reno: "Are you willing now to state that neither Fidnet nor any similar administration program will ever be expanded to monitor private networks or the Internet in general?" Armey cited the FidNet plan submitted by administration officials, which called for "the creation of a three-pillar system of these netted and adaptive intrusion detection networks, covering critical government and (ultimately) private sector information systems." They denied it, and said this was only a "draft" document: now watch as they turn on a dime.
WHO WAS THAT MASKED HACKER?
In the wake of the current hysteria, with the attacks spreading to Australia, you can count on the feds to aggressively push their Orwellian schemes. And isn't it funny how no one is taking credit for these antics? As David L. Wilson points out in the San Jose Mercury News, "normally, members of the 'intruder community' would be basking in the glow of their exploits, boasting about their accomplishments while hiding their true identities behind clever pseudonyms, according to computer security experts?" So where are they? Where are the taunting email messages, the nihilistic manifestos, the triumphant regaling of the hackers' computer prowess in short, where is what might be called the nerdismo (the cyber-equivalent of machismo) of these mysterious super-hackers?
A FALSE LEAD
As of this writing, the only communication from anyone claiming to take responsibility for the attacks has been received by the folks at Attrition.org, according to Wired. According to the anonymous sender, the coordinated assaults were designed to attack the value of Internet stocks. But the email, which claims that "every site being attacked has at least one insider," is not all that credible, since no "insider" is required: the computer programs used to overwhelm targeted websites with dense "packets" of meaningless information are launched from outside the system; inside accomplices would be superfluous.
GOVERNMENT THE PROBLEM AND THE SOLUTION
Why the baffling silence? If this is not some pubescent cabal but instead a serious attack on e-commerce then we may never know who is responsible thanks to the US government, the same government that is now demanding the power to "fight back" against "cyber-crime." Federal restrictions on "encryption" software, which enables privacy on the Internet by authenticating the identity of the user, deprives the private sector of the ability to protect itself. Encryption would act like a cyber-prophylactic, shielding a promiscuous server that comes in contact with ten of thousands of users on a daily basis from contracting any unwanted viruses or other potentially deadly invaders from cyberspace. "But the United States," writes Wilson, "fearful that criminals would use encryption to hide their activities, has for years restricted the export of certain kinds of encryption, hindering the widespread use of authentication on the Internet."
AH, SWEET IRONY
Oh, the delicious irony of it all: a problem caused by government intrusion must now be "solved" with yet more government intervention only this time wider, deeper, and more threatening than the initial incursion.
The technology of the "stealth" tactics used by the mysterious disruptors is interesting. "Stealth programs" known as "daemons" are sent to remote computers, where they hibernate for months until, one day, the disruptor sends a command that activates them and unleashes a wave of cyber-terror that seems to come out of nowhere. These stealth programs are no doubt sitting in some poor sucker's server, completely unknown to the administrators, waiting to for the command to go forth and wreak havoc. Wilson quotes Gene Spafford, a top computer security expert, as saying that since the machines hosting the stealth attack programs were never cleaned or even audited by the owner-administrators, the chances of tracing the culprits are minimal. "They've broken into a number of machines and planted the software, which hasn't been spotted in all the time it's been sitting there,'' said Spafford, "That implies that these intermediary machines are not well administered, and they probably don't have any auditing or security. In that case, tracing is going to be really difficult, if it's possible at all.''
CYBER-CAPITALISTS ON THE DOLE
In other words, big ISP administrators and other high-flying cyber-millionaires simply neglected the obvious security problems inherent in e-commerce, and instead went right ahead and took the entrepreneurial risk making billions in the process. It's the New Cyber-Capitalism, the entrepreneurial engine that is supposedly driving our frenetically growing economy: these guys are supposed to be "libertarians," remember, who don't like government regulation and periodically inveigh against Internet taxation. But just watch them jump at the opportunity to be on the receiving end of a few government subsidies. They'll gladly take $240 million is for "rewiring" phone systems to give the feds instant access to your email. Ominously, half of that money will come from the Defense Department to implement its own eavesdropping system in the interests of "national security." (But don't worry: after all, what could the War Party possibly want with email addressed to a site such as Antiwar.com?)
SUBSIDIES IN CYBERSPACE
Aside from the $240 million subsidy to the phone companies, there is the little matter of $11.4 million to "hire data forensics examiners to retrieve and enhance examinations of computer evidence" and an additional $100 million for "automated data processing and telecommunications and technical investigative equipment" up from $50 million, and certain to increase exponentially. What this means is that the laborious, uncertain, and costly process of tracing the perpetrators of this crime made difficult if not impossible by negligent private sector managers will become a function of government. In return for this massive subsidy, and for being relieved of the responsibility for auditing and cleaning out their own systems, the big computer companies will roll over and facilitate the Clintonian takeover of the Internet. Oh, those "free market" capitalist entrepreneurs they'll do it every time!
A REAL SERVICE
Also included in the President's cyber-budget is $300 million for "counter-terrorism." Will the feds launch their own cyber-attacks on "terrorist" websites? How about a preemptive strike at those graspy porno sites that won't let you leave? Now that would be a lot more useful than pinging Osama bin Laden's home page.
A SPECIAL ANTIPATHY
In spite of Gore's apocryphal claim that he invented it, this administration has a special antipathy for the Internet. For it was cyber-journalist Matt Drudge who first exposed the moral corruption of Clinton and his cronies and released the story on the Internet that led to Monicagate and the impeachment crisis. At every opportunity, the Clintonians have moved to close down the wild cyber-frontier and place it firmly under their control. Just look at the aggressive way they have tried to usurp power and assert their right of eminent domain: they want to make encryption illegal, and give government access to private email and usenet postings. Angling for a law that would force ISPs to keep activity logs that would be open to government inspectors and regulators, this administration is especially eager that new telecommunications and Internet protocols are developed in such a way as to facilitate government access. In the world of cyber-Orwellian future, all software authors must be licensed before their code can be placed on the net, and all source code will be filed with government agencies. This administration, in alliance with its corporate and judicial flunkies, has used trade laws governing exports, "national security" scares, and even copyright law to fence in and patrol the wide open spaces of the Internet.
CLINTON MAKES HIS MOVE
The attacks on Yahoo!, e-Bay, and others have really emboldened them. As I write this column, the breaking news that President Clinton will meet with computer executives and assembled experts "in part to talk about the attacks" comes as no surprise. As if to confirm the conclusion of this column before it is even written, the Associated Press is reporting that "President Clinton will meet with the nation's top computer security experts and technology executives in part to talk about the attacks. The White House said the meeting had originally been organized on the heels of the president's budget proposal for $2.03 billion to protect the country's most important computer systems from cyberattacks." What timing.
CYBERSLEUTHS ON THE PROWL
Federal "cybersleuths," we are told, have practically written off ever finding the culprits, but don't worry, there's "a silver lining" to all this, the AP story informs us. In the words of John Bentigoglio, counsel to the deputy attorney general: "At least there's massive awareness of this now." Yeah, just like the phony terrorist scare that sent the nation scampering behind locked doors for the holiday season, in a paranoid response to the "terrorist attack" that never came. Naturally, government "anti-terrorist" agencies took full credit for averting imminent disaster, but this was never very convincing. In the case of "cyber-terrorism" they can now point to an actual incident one that will probably remain shrouded in mystery as to the identity and motives of the perpetrator(s).
MISS MARPLE SMELLS A RAT
However, if I can play Miss Marple here, there is one aspect of this case that seems oddly indicative of the direction any investigation should be going, and that is the curious fact that out of all the many computer systems on which these stealth "denial of service" programs might reside, undetected hundreds and perhaps thousands so far no government computers appear to have been colonized by these "daemon" critters. Why is that? As we have seen, the government has a lot of insecure computers on the net. Why didn't these hackers target at least one of them, if only to make the government look foolish? What kind of hackers are these?
A GOOD QUESTION
We may never know the answer to that question, but ask yourself this: who benefits? The government and the big corporations or do I repeat myself? As mega-mergers cartelize the media, and Janet Reno moves in on the Internet, the question of who are the mystery hackers takes on an ominous urgency. In the context of this administration's well-known disregard for even the most basic liberties, and an established record of thuggish tactics employed against its enemies unequaled since the days of Richard Nixon, the question naturally arises: was this the cyberspace equivalent of the Reichstag fire? Considered in the context of Reno's record, as well as Clinton's character the former complicit in the mass murder at Waco, and the other a post-modern Caligula the question is less outrageous than it sounds.
-- snooze button (firstname.lastname@example.org), February 12, 2000
Not surprised to read this thread... my wife work at Livermore National Labs several years past and told me about some programs being developed about Daemons, guardian angels and satan devloped to disrupt or retrieve on certain command words... but I still think y2k is involved here and the government can use this as an excuse to regain what reliability they think they have.
The money Clinton is stealing from our nation, the cops for the web, and Reno crowd make it fairly simple to understand that it is not a simple case of outside cyber-terrorism...it is still power and wealth and evil that is apparently the prime reason for this move by the elite. We know that they already have filled the position of the president... and now we are seeing the fortifying of their infrastructure to usher in the new order!
These websites will be under more attacks now that we are drawing to conclusions that are truthful and as long as there are websites like these, there will be conspiracy by the government (elite) to exterminate and disrupt.
-- SB Ryan G III (email@example.com), February 12, 2000.
Install a firewall and watch how many attempts at your machine come at you while on this forum.
There's a free one at http://www.zonelabs.com/ It's an open beta still being tweaked but works OK. It's simplistic compared to full- fledged firewall, easy install. Be sure to read all the FAQ before installing.
-- mush (firstname.lastname@example.org), February 12, 2000.
RE the above lies and misdirection is not new. I saw someone on another forum put it simply: "Polislick 101 - Say you're not going to do something, do it anyway and call it something else."
This was instituted about 15 minutes into the 2nd Congress. What can we do about it? Stay alert, educate yourself and communicate.
-- mush (email@example.com), February 12, 2000.
Interesting related articles on this thread at the GICC site.
"Attack programs have been found on some government computers, although investigators could not say whether any government computers were used in this week's attacks."
-- Chris (firstname.lastname@example.org), February 13, 2000.