The Dirty Dozen: The 12 Security Lapses That Make Your .Com, .Org, or .Net an Unwitting Collaborator with Cyberterrorists
The World Changed on September 11, 2001
What changed on 9/11 was the realization that we can be attacked right here at home. And with that realization came once again the subject of infowar and its partner in crime cyberterrorism. You've heard the news, read the articles, and seen the movieand it goes something like this:
It's June, the children are out of school, and as highways and airports fill with vacationers, rolling power outages hit sections of Los Angeles, Chicago, Washington, and New York. An airliner is mysteriously knocked off the flight control system and crashes in Kansas.
Parts of the 911 service in Washington fail. Supervisors at the Department of Defense discover that their email and telephone services are disrupted. Officers aboard a U.S. Navy cruiser find that their computer systems have been attacked.
As incidents mount, the stock market drops precipitously, and panic surges through the population.
Is this "electronic Pearl Harbor" myth or reality?
Much of the scenario aboveexcept for the plane, stock market crash, and panicactually occurred in 1997, when 35 hackers hired by the National Security Agency launched simulated attacks on the U.S. electronic infrastructure.
The exercise, called "Eligible Receiver," achieved "root level" access in 36 of the Department of Defense's 40,000 networks. The simulated attack also "turned off" sections of the U.S. power grid; "shut down" parts of the 911 network in Washington, D.C., and other cities; and gained access to systems aboard a Navy cruiser at sea. The results of the exercise confirmed that in a software-driven world, an enemy need not invade the territoryor the air above the territoryof a country to control or damage that country's resources.