United States Action

UnitedStatesAction
Yahoo Group

 

Back to US Action Home Page


 

 DEFENSE AGAINST CYBER-TERROR

What is Cyber-terrorism?

The FBI defines terrorism as the unlawful use of force or violence against persons or property to intimidate or coerce a government, the civilian population, or any segment thereof, in furtherance of political or social objectives. Cyber-terrorism could thus be defined as the use of computing resources to intimidate or coerce others. An example of cyber-terrorism could be hacking into a hospital computer system and changing someone's medicine prescription to a lethal dosage as an act of revenge. It sounds far fetched, but these things can and do happen.

 Specific Virus and Web
Protection Tools
Two Major Antivirus and Web Protection Tools

1. McAfee Tools and VirusScan

 

2. Symantec Tools and Norton AntiVirus

What is the Risk to the USA?

This web page provides information regarding importance of understanding the dangers of cyber-terrorism, and provide information that can aid in that understanding. Computing professionals all over the world need to be aware of possible areas of weakness to such terrorism, in order to better protect their computer systems and possibly help put an end to terrorist activity. An important part of any profession is promoting the good name of that profession, but cyber-terrorist continue to give the computing profession a bad reputation. Thus, it is important for computing professionals to understand cyber-terrorism for the benefit of themselves, their profession, and society as a whole.

Because cyber-terrorism is an increasing problem in our society, everyone needs to be aware of what it is and what damage it can to the USA's security.

How Can You Protect Yourself From Cyber-Terror?

there are no foolproof ways to protect a system. The completely secure system can never be accessed by anyone. Most of the militaries classified information is kept on machines with no outside connection, as a form of prevention of cyber terrorism. Apart from such isolation, the most common method of protection is encryption. The wide spread use of encryption is inhibited by the governments ban on its exportation, so intercontinental communication is left relatively insecure. The government has opposed the export of encryption in favor of a system where by the government can gain the key to an encrypted system after gaining a court order to do so. The director of the FBI's stance has been that the Internet was not intended to go unpoliced and that the police need to protect people's privacy and public-safety rights there. Encryption's draw back is that it does not protect the entire system, an attack designed to cripple the whole system, such as a virus, is unaffected by encryption.

Others promote the use of firewalls to screen all communications to a system, including e-mail messages, which may carry logic bombs. Firewall is a relatively generic term for methods of filtering access to a network. They may come in the form of a computer, router other communications device or in the form of a network configuration. Firewalls serve to define the services and access that are permitted to each user. One method is to screen user requests to check if they come from a previously defined domain or Internet Protocol (IP) address. Another method is to prohibit Telnet access into the system.

Here are few key things to remember to pretect yourself from cyber-terrorism:

  1. All accounts should have passwords and the passwords should be unusual, difficult to guess.
  2. Change the network configuration when defects become know.
  3. Check with venders for upgrades and patches.
  4. Audit systems and check logs to help in detecting and tracing an intruder.
  5. If you are ever unsure about the safety of a site, or receive suspicious email from an unkown address, don't access it. It could be trouble.

(Intro from Cyber-terrorism: http://www-cs.etsu.edu/gotterbarn/stdntppr/)


Additional Details
(to be updated as new information is available)

 
0000 trick (or !0000 trick) to confuse viruses/worms
A chain letter implores users to "trick" viruses with a specially constructed "!0000" or "0000" email contact. Three major variations of the chain letter already exist -- because non-experts modified the advice before forwarding it... [9/5/01]
"Here's a little trick you can use to stop the spread of pc viruses" - Not! The misguided email outlines an alleged trick to prevent mass-mailing email worms from sending from your computer. This seemingly easy tip involves adding the bogus contact "!0000" to the Windows Address Book. The premise is that when the virus tries to send itself out to everyone in the address book, the mail client will falter on the bogus address and the attempt to send will fail. Of course, this assumes the virus intends to do a "send all" from the mail client in the first place. Most of the modern day viruses prefer to randomly select individual addresses or supplement the addresses with those found cached on the system. In fact, most of the new viruses bypass the mail client altogether and use their own SMTP engine to send their viral email. In other words, the tip will only be effective in limited cases. What the tip can do effectively is lead to a false sense of security, and that can sometimes be worse than doing nothing at all.

Even more alarming, the original version of the !0000 tip further self-destructs as it supplements its instructions with the tip to use the email address "!0000@novirus.com" for the !0000 contact. The moment an email address is included with the contact, the entire tip fails under any scenario. The end result would be that a virus, doing a send all, would go out to every address in contacts with the exception of the !0000@novirus.com address which would be undeliverable. This also assumes that some equally enterprising soul doesn't purchase the domain name, novirus.com, and create an address of !0000@novirus.com. If that were to occur, they would begin receiving any email sent to that address. While this might seem risky (assuming it's a virus doing the sending) think of what happens when a corporate user "forgets" about the !0000 ruse and does a send all of company information to users he "believes" are within the corporation. The lucky bloke at !0000@novirus.com stands to receive alot of private and possibly confidential email from a variety of sources. Considering that digiforum.com already licenses the domain name novirus.com and considering that email sent to the !0000@novirus.com is not returned undeliverable, one can only assume someone is getting use of the mail sent there.

As usually happens with chain letters, many variants of this not-so-savvy tip are now circulating. Some enterprising user even tried to gain credibility for the !0000 tip by claiming it originated from an ex-FBI agent. Robert Hanssen is a former FBI agent. Would you trust him with your sensitive data?