Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "CyberTerror", R. J. Pineiro

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKCBRTER.RVW 20050929 CyberTerror , R. J. Pineiro, 2003, 0-765-34304-5 %A R. J. Pineiro author@rjpineiro.com %C 175 Fifth Avenue, New York, NY 10010 %D
    Message 1 of 1 , Dec 27, 2005
      BKCBRTER.RVW 20050929

      "CyberTerror", R. J. Pineiro, 2003, 0-765-34304-5
      %A R. J. Pineiro author@...
      %C 175 Fifth Avenue, New York, NY 10010
      %D 2003
      %G 0-765-34304-5
      %I Tor Books/Tom Doherty Assoc.
      %O pnh@... www.tor.com
      %O http://www.amazon.com/exec/obidos/ASIN/0765343045/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/0765343045/robsladesin03-20
      %O Audience n- Tech 0 Writing 1 (see revfaq.htm for explanation)
      %P 493 p.
      %T "CyberTerror"

      Now, those who follow this series will know that, in my opinion, most
      of the hype over cyberterrorism is a) overblown, and b) looking at the
      wrong things anyway. However, this book goes beyond the norm. It
      reminds me of that old joke about the difference between a used car
      salesman and a computer salesman being that the used car salesman
      knows when he is lying to you.

      All right, let's look at what he got right. Yes, computers do control
      a lot of "infrastructure." Yes, the worst disasters are when there
      are multiple (and usually cascading) failures in both control and
      safety systems. Yes, developers, maintainers, and even service people
      do leave trapdoors in systems. And, yes again, if you were going to
      perform terrorist acts, it would be best to target a number of
      interrelated systems.

      Now, before we look at the technical problems, a few practical ones.
      The advantage of cyberterrorism is said to be that you can, from the
      comfort of your own (remote and safe) hacienda, blow up your enemy's
      city with a few keystrokes. The terrorists in this book must be
      pretty unskilled, because they seem to need money, traitors, advance
      information, bomb materials--in short, everything that any other
      terrorists need when they are doing noncyberterrorism. (The
      characters aren't terribly consistent: for example, we have one Middle
      Eastern terrorist who reverts to Hispanic at moments of stress.)

      As for the technology, it isn't good. We have the usual movie-
      script-oriented virtual reality interface, completely ignoring the
      realities of internal computer operations, and the fact that providing
      complicated forensic information via a simple graphical interface
      would be a very difficult task indeed. (Oh, and we also have the
      famous, mythical "digital-pulse-bomb-that-gets-from-the-computer-into-
      your-head-and-gives-you-a-stroke" program.) Pineiro contradicts
      himself, telling us that there is a virus, then that there is no
      evidence of a virus (the mythical "undetectable" virus: a virus
      *always* changes *something*), and then that there is a virus. (The
      author never defines what a virus is, which, given how much else he
      gets wrong, is probably a good thing. Supposedly a virus can be used
      as traceroute, a RAT, a trojan, or anything you want.) While it was a
      big deal fifteen years ago, a T1 carrier is hardly high-speed anymore,
      particularly between related companies. As a devotee of software
      forensics, I approve of the fact that characteristics of a computer
      system can be used to gain information about the user, but I hardly
      think it boils down to a choice of pink defensive software for girls
      and blue for boys.

      Pineiro does not seem to know the difference between computer hardware
      and computer software. (We have, of course, already seen that
      computer software can generate sufficient power to fry circuitry, and
      even people.) Programs (some of which can be as small as two bytes
      long) communicate via certain frequencies, like radio signals. When
      you stop the system clock, somehow memory locations begin to lose
      charge. (No, I don't think he is referring to the fact that DRAM
      needs to refresh every millisecond or so.) The author also doesn't
      seem to realize that, regardless of what language was used to write
      the original program, most software in production systems tends to be
      object code. (He also seems to think that you can stop the system
      clock and thus halt programs originally written in Ada, but leave
      programs originally written in C still running.)

      With their magical virtual reality interface, the blackhats never seem
      to need to know what system they are attacking. It's got some UNIX-
      like characteristics, but that blue screen just has to be Windows.
      Which is too bad, given that most embedded systems tend to be
      specialized hardware, and not subject to any off-the-shelf malware.
      (As of the mid-90s, most nuclear power plants still used PDPs, keeping
      at least one plant running turning out replacement parts for them.)

      Pineiro also displays his ignorance of artificial intelligence.
      Despite his "neural-like" type of expert system program that
      amalgamates all known AI techniques, a neural net is one approach to
      AI, while an expert system is quite a different one. Not all AI
      systems are capable of learning: in fact, it's quite a feat to put
      learning capability into a package. (And I love the "Turing Society":
      I'm sure that those in Turing's home country of Britain would be
      thrilled to have the US defence department deciding who can, and
      can't, mess around with their AI programs. The implication of the
      Society is rather Frankensteinish, although Hans Moravec, in "Robot:
      Mere Machine to Transcendent Mind" [cf.BKRBTMMT.RVW], would probably
      agree with the possibility of AI taking over, if not the necessity of
      inhibiting it.)

      Cyberterrorism is certainly possible, and a lot of systems should be
      protected more rigorously than they are at present. However, this
      book provides no feeling for the realities of cyberterrorism--or
      anything else, for that matter.

      copyright Robert M. Slade, 2005 BKCBRTER.RVW 20050929

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      It is interesting to note that before the advent of Microsoft
      Windows, `GPF' was better known for its usage in plumbing:
      Gallons Per Flush.
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.