REVIEW: "CyberTerror", R. J. Pineiro
- BKCBRTER.RVW 20050929
"CyberTerror", R. J. Pineiro, 2003, 0-765-34304-5
%A R. J. Pineiro author@...
%C 175 Fifth Avenue, New York, NY 10010
%I Tor Books/Tom Doherty Assoc.
%O pnh@... www.tor.com
%O Audience n- Tech 0 Writing 1 (see revfaq.htm for explanation)
%P 493 p.
Now, those who follow this series will know that, in my opinion, most
of the hype over cyberterrorism is a) overblown, and b) looking at the
wrong things anyway. However, this book goes beyond the norm. It
reminds me of that old joke about the difference between a used car
salesman and a computer salesman being that the used car salesman
knows when he is lying to you.
All right, let's look at what he got right. Yes, computers do control
a lot of "infrastructure." Yes, the worst disasters are when there
are multiple (and usually cascading) failures in both control and
safety systems. Yes, developers, maintainers, and even service people
do leave trapdoors in systems. And, yes again, if you were going to
perform terrorist acts, it would be best to target a number of
Now, before we look at the technical problems, a few practical ones.
The advantage of cyberterrorism is said to be that you can, from the
comfort of your own (remote and safe) hacienda, blow up your enemy's
city with a few keystrokes. The terrorists in this book must be
pretty unskilled, because they seem to need money, traitors, advance
information, bomb materials--in short, everything that any other
terrorists need when they are doing noncyberterrorism. (The
characters aren't terribly consistent: for example, we have one Middle
Eastern terrorist who reverts to Hispanic at moments of stress.)
As for the technology, it isn't good. We have the usual movie-
script-oriented virtual reality interface, completely ignoring the
realities of internal computer operations, and the fact that providing
complicated forensic information via a simple graphical interface
would be a very difficult task indeed. (Oh, and we also have the
famous, mythical "digital-pulse-bomb-that-gets-from-the-computer-into-
your-head-and-gives-you-a-stroke" program.) Pineiro contradicts
himself, telling us that there is a virus, then that there is no
evidence of a virus (the mythical "undetectable" virus: a virus
*always* changes *something*), and then that there is a virus. (The
author never defines what a virus is, which, given how much else he
gets wrong, is probably a good thing. Supposedly a virus can be used
as traceroute, a RAT, a trojan, or anything you want.) While it was a
big deal fifteen years ago, a T1 carrier is hardly high-speed anymore,
particularly between related companies. As a devotee of software
forensics, I approve of the fact that characteristics of a computer
system can be used to gain information about the user, but I hardly
think it boils down to a choice of pink defensive software for girls
and blue for boys.
Pineiro does not seem to know the difference between computer hardware
and computer software. (We have, of course, already seen that
computer software can generate sufficient power to fry circuitry, and
even people.) Programs (some of which can be as small as two bytes
long) communicate via certain frequencies, like radio signals. When
you stop the system clock, somehow memory locations begin to lose
charge. (No, I don't think he is referring to the fact that DRAM
needs to refresh every millisecond or so.) The author also doesn't
seem to realize that, regardless of what language was used to write
the original program, most software in production systems tends to be
object code. (He also seems to think that you can stop the system
clock and thus halt programs originally written in Ada, but leave
programs originally written in C still running.)
With their magical virtual reality interface, the blackhats never seem
to need to know what system they are attacking. It's got some UNIX-
like characteristics, but that blue screen just has to be Windows.
Which is too bad, given that most embedded systems tend to be
specialized hardware, and not subject to any off-the-shelf malware.
(As of the mid-90s, most nuclear power plants still used PDPs, keeping
at least one plant running turning out replacement parts for them.)
Pineiro also displays his ignorance of artificial intelligence.
Despite his "neural-like" type of expert system program that
amalgamates all known AI techniques, a neural net is one approach to
AI, while an expert system is quite a different one. Not all AI
systems are capable of learning: in fact, it's quite a feat to put
learning capability into a package. (And I love the "Turing Society":
I'm sure that those in Turing's home country of Britain would be
thrilled to have the US defence department deciding who can, and
can't, mess around with their AI programs. The implication of the
Society is rather Frankensteinish, although Hans Moravec, in "Robot:
Mere Machine to Transcendent Mind" [cf.BKRBTMMT.RVW], would probably
agree with the possibility of AI taking over, if not the necessity of
Cyberterrorism is certainly possible, and a lot of systems should be
protected more rigorously than they are at present. However, this
book provides no feeling for the realities of cyberterrorism--or
anything else, for that matter.
copyright Robert M. Slade, 2005 BKCBRTER.RVW 20050929
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... slade@... rslade@...
It is interesting to note that before the advent of Microsoft
Windows, `GPF' was better known for its usage in plumbing:
Gallons Per Flush.
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade