[Previous] [Next] [Index]
[Thread]
Re: what are realistic threats
>Mike Muuss <mike@arl.mil> says:
> > This sort of attack is not as difficult as you might think. It is not
> > especially more difficult than conducting a wiretap on an analog line.
>That seems pretty hard to me. Any idea how often they're done by non-
>governmental people? [... since we know we can trust the government to
>behave.]
Never underestimate the amount of trouble a disaffected person from inside
your organisation can cause. Mental illness can affect anyone and sometimes
the results can be most unpleasant.
One case I was involved in involved an ex-employee using a machine without
permission after being explicitly barred from use after a prolonged period of
abuse. He used the machine in connection with a convoluted scheme
involving elements of extortion and fraud, and when discovered attempted
to sue various parties.
Although the person concerned did not make a sophisticated attack (borrowed
password) he did have access to plenty of tools which would make such an
attack for him had he known what they were. Were a computer scientist with
reasonable skill to attempt sabotage I have no doubt that most TCP/IP
based systems could be blown open.
It is not a question of the amount of money at stake, the real danger
comes from people who do not have monetary motivation, the terrorist
and the like. Contrary to what you read in the press your average terrorist
is not a fearless fighter against injustice but an inadequate ego attempting
to gain a feeling of power by engaging in murder. Reading Phrack and various
agit prop magazines has an erie feeling of sameness. I read an eco-terror
magaizine the other day with a column entitled `arnie the arsonist'.
If a system is popular some squirt will try to sabotage it, we don't want
people doing the equivalent of PC viruses on us.
Phill.
Follow-Ups:
References: