9/11: Commemorations and Contemplations
September 11, 2002
University of Miami
Panel: Security after 9/11
[beginning of statement]
9/11 the cyberthreat.
Information warfare has several aspects: the techniques
miltary forces use against each other, the techniques
the miltary uses within itself to see through the fog
of battle, and techniques to disrupt the civilian infrastructure,
not least to disrupt the support structures required for war.
I'd like to talk about this last, and the vulnerability of our
civilian infrastructure. I'd like to talk about hackers, and
their both positive and negative roles in the cyberthreat.
Hackers find flaws in systems and consider how to exploit them.
Not all hacking is information technology related:
(1) At a recent cryptography conference the hacker prespective
was applied to lock smithing. The result is the discovery
of a simple method to quickly generate a master key
to a university. It might work here. It worked at the large
Californian university at which the conference was held.
(2) Hackers also exploit social engineering. Social engineering
is a polite word for lying. The tale of Mitnick, a hacker
famous for exploitng what was thought only to be an
on-paper vulnerability of the Internet, [hence he does not
lack technical competency] made more use of social
engineering then technical means.
Flying a fuel-laiden plane into a building is a quintessential act
of hacking. Hackers turn things on their sides.
I have a bank account with a four digit pin. For my security,
after three incorrect tries the account locks. But what if I use
the same pin on three different accounts? If I use the same
pin on 10,000 accounts (I would probably need to write a
computer virus to accomplish this) probability is on my side.
I will priobably gain access to one account.
This is how hackers think. But hackers do not wish to be jailed or
killed as part of the hack. They want to live and be free to
brag about how clever they are.
[The following paragraph was skipped in the panel presentation.]
Information War per see is perhaps more related to support
operations for terrorists and for large scale conflicts. The
actual terrorist act is on a time scale too short for the filtering
through minds of the results of an information disruption.
The act of terrorism must take place in such a short time scale
because it can usally be defeated if time permits.
On Nov 2, 1988 a computer virus released by a Cornell
graduate student, the Morris Worm, brought down the Internet.
The student, Robert Morris, is now a professor at Harvard.
[this is wrong, he is at MIT]
Although during those fifteen years, threats to the network's
integrity have not been addressed rationaly, other threats
have been forcefully dealt with through legislation.
The enactment of the Digital Millenium Copyright Act
(USC Title 17, Ch 12) makes it illegal to circumvent copy
protection used by entertainment DVD's.
Although we may be at risk, at least Micky Mouse is safe.
A generation skilled in the use of computers is coming.
If we are to be safe in our homes and property, then we
must be able to discern, judge and take action in full view of
cyberspace's evolving form.
In pursuit of security, beware legislation replacing a hacker's
compass pointing towards an inevitable future
with a blanket of stigma. Will it stymie our most talented
youth from delivering to us a world most suited
to our aspirations?
[end of statement]