Interhack Founder talks to WBNS-10TV about Terrorism

September 19, 2001---Roger McCoy talks to Matt Curtin about terrorism in the US, some of the fallout, and what it means for folks trying to do business online.

Vigilante Attacks

Reports have surfaced of US-based crackers attacking sites of foreign governments believed to sponsor terrorist activity.

These attacks are regrettable because they tend to inflame an already intese situation. Furthermore, these attacks are likely to have unintended side-effects in terms of the stability or usability of the US information infrastructure.

National Information Protection Center (NIPC, pronounced "NIP-see") reiterated on September 14, 2001 that such activity is a violation of US Federal law, and is punishable as a felony, carrying a possible five year prison sentence.

Perpetration of many classes of these attacks will require the unwitting cooperation of many sites around the Internet, perhaps based in both the US and abroad. System administrators should beware that attacks against their systems might well be for the purpose of gaining another "zombie" node from which to attack potential targets.

Restrictions on Privacy-Enhancing Technology

As part of the response to terrorist activity, law enforcement officials have predictably asked for expansion of their powers and limits on the ability to deploy and to use strong cryptography.

It's noteworthy that building systems with the capability for third-party audit and inspection carries with it a significant price. Systems built to be broken by government agencies can be broken by anyone with the resources.

Lowering domestic privacy does not lead to greater safety and security; it makes the infrastructure vulnerable to a wider variety of attackers, likely including the very terrorists whose activity started the cycle.

People are pressed "to do something" in a time of crisis. If protection of the infrastructure is the goal, it must be made more secure, not less.