Mike Lee, a fellow member of OSINT, and I have been discussing for a few days this worm and virus thing sparked by the Blaster and Sobig worms that have been going around recently.

The original article was posted here and copied here.

Mike Lee:

I failed to see that this particular item is in any manner relevant to your contention. This kid took a copy of the virus code, modified it slightly, and fed it back into the i-net. His (now unique) virus infected about 500,000 computers…a fraction of the machines infected by the original.

That said, I share your opinion that blaster was NOT an act of “terrorism”, what ever that term means.

HOWEVER, it is important to remember that “Al Qaeda” has motives that to some extent overlap some other, seemingly disparate, groups. Among them are various “environmental activist”, “animal rights”, Maoist groups. Among these groups are some folks who are more than adequate to do some very disruptive things in computer networks.

POINT BEING: This type of activity doesn’t have to originate with Islamist in order to serve their purposes: Resistance against the U.S. as a dominant world economic, political and military power.

Rizzn Do’Urden:

This isn’t conclusive, direct evidence that the original worm was written by a script kiddie or a eastern bloc hacker, but in my original email I said: “Chances are that the viruses and exploits in question were created by a virus writer in an eastern bloc country or a script kiddie in midwest America just like nearly every other virus written in recent memory.” So my point is simply thus: every time one of these comes out, there’s no reason to cry wolf, or terrorist. It simply ain’t so. There is nothing new under the sun.

To address your last point, apparently spammer’s goals dovetail into Al-Qaeda as well, under that broad definition. SoBIG was written apparently by a hacker who advocates spam, a hacker hired by a spam company, or a hacker who has it out for anti-spam companies.

There is and always has been anti-establismentarianists around. To throw all of them under the war on terrorism movement is irresponsible.

If they break the law, they are criminals. There’s no reason to put them in the cell next to John Walker-Lindhe.

Mike Lee:

A distinction without a difference. Admiral Halsey’s worst defeat — the one in which he lost the most ships — was not at the hands of the Japanese but rather a typhoon. That hardly leads to the conclusion that the typhoon was in cahoots with the Imperial Japanese Navy.

However, if you pierce the veil of the environmentalist, the animal rights activist, etc. you find profoundly “anti-government” blood flowing in their veins.

There are a variety of groups around the planet with “anti-U.S. government” axes to grind. Maoist, Communist, etc. And the Islamist increasingly find this common purpose with such groups. This is consistent with the Koran, incidentally.

Wittingly or not, they serve the purpose. How, exactly, would you paint such actors?

Rizzn Do’Urden:

I beg to differ though. There is a difference between a common criminal’s intent to rob a liquor store coinciding with Islamic terrorist’s intent to disrupt the flow of society and a militia’s intent to say destroy a government office in Oklahoma City coinciding with Islamic terrorist’s intent to destroy the infrastructure and create a general atmosphere of fear in the United States.

What we are talking about are young people and crackers here. These are the same people who have been exposing security flaws in computer systems for years and years before there ever was a perceived Islamic or any other terrorist threat.

First of all, the economic threat these types of cyber ‘attacks’ pose is way overblown by the media and the industry purely for insurance and ratings reasons. Take for instance, the damages claimed by Sun Microsystems in the case of Kevin Mitnick. Sun claimed that Kevin’s intrusion to their systems and downloading their software for their Solaris operating system cost their company $80 million. This was a very interesting claim that was rightly refuted by Mitnick’s attorney later on because as it turns out, the software was later released by Sun for free (open source) on certain platforms, and Mitnick never widely distributed the source or the compiled software (see http://www.wired.com/news/politics/0,1283,19820,00.html).

Understood, this is a separate type of intrusion, and one that has little to do with the release of virii, worms and spam. It is, however, an excellent example of how the technical industry in general will not hesitate to over-estimate their damages if it means they will grab some headlines.

Having established that, these types of cyber-crimes, while they are still illegal, are nowhere near the magnitude of destroying two 80 story towers in NYC or blowing up a federal building in OKC, or even robbing a convenience store down the street. They are simple crimes against property, and they have little to no effect on the economic infrastructure on this country. They should be prosecuted where the laws are applicable, but in my opinion should NOT be prosecuted or even painted as terrorist acts, as that is a gross misuse of the term, not to mention law enforcement time and energy.

It is even debatable whether or not worm and virus creators should be prosecuted at all. The system in which we function (the internet) is very self-regulating. Like I mentioned before, it wasn’t even a week before fixes came out, from a plethora of different companies across the industries. The effects of the virii and worms were minimized, and the only thing the FBI was able to do was say “Yay, we caught a guy who made a copy of the original.” They weren’t able to participate in damage control. They weren’t able to do anything substantial to minimized the effects of crime. It’s debatable if being arrested by the FBI for such a crime can be called a deterrent, as many of these fellows are able to get high-paying consultant jobs after their probation is over for their crimes.

All this stems from the message I tried to put out there again and again when I was a guest on the John Batchelor and Paul Alexander show, which is essentially this: The governments of the world have no idea how to deal with cyber crimes and they are ineffectual at best, and counter-productive at worst.

Having said all this, what we are both positing amounts to acrimonious agreement. I agree with you for in your statements of many other crimes and dissenting groups aims dovetailing with that of what is thought of as typical terrorism. I disagree, however, that cyber-terrorism, in most forms falls into this common goal. I would posit that it’s mostly people who don’t truly understand the ‘online world’ making these allegations or those with something to gain from grouping the two things together doing so.

Mike Lee:

You really don’t differ, you point out an esoteric distinction — a distinction which is utterly lost on the general public, which is completely sold on the notion that 9/11 was “terrorism”. The WTC/Pentagon attacks were not intended as “terrorism”, per se. They were, in fact, attacks by unconventional means on spe

cific targets. This is different from “terrorism”, which is intended to intimidate the populace into thinking that anyone, at any time, can be a target based on no particular criteria. An example would be the German missiles fired into England during WW-2.

Again, I completely agree that it’s all overblown, even though I had to spend an entire Saturday manually getting a virus out a couple of years ago after my wife opened an attachment!

But, again, it’s the public perception. Notice that after the “black out” recently the immediate public question: “Was it terrorism?”. Notice also that after the Islamist claimed responsibility for it, the feds got really, really busy trying to disprove that claim.

[You said, “The governments of the world have no idea how to deal with cyber crimes, and they are ineffectual at best, and counter-productive at worst.”] I agree completely. Government isn’t very good at much of anything except tormenting honest citizens. Gun control is a classic example, Amtrak is another. “Gun control” ensures that only criminals will have guns.

Amtrak could actually operate at less loss if they just simple put every passenger on an airliner and parked their trains.

We don’t really disagree on cyber-terrorism except this: public perception and reaction really determines most of the consequences. You correctly point out that little real economic damage is done, stated as a percentage of the whole.

The trouble is, government actually has a vested interest in encouraging and perpetuating this irrational fear: job security.

There are a few politicians I trust. Unfortunately, they’ve all been dead for many, many years.

/rizzn