[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    RE: The Looong Reach of US Crypto-Export Controls
From:       "Stout, Bill" <bill.stout () hidata ! com>
Date:       1997-01-03 10:18:32
[Download RAW message or body]

On Friday, January 03, 1997 12:22 AM, Vin
McLellan[SMTP:relay1.shore.net@shore.net] wrote:
> 	I earlier posted a message which quoted a well-informed Netizen who
> claimed that the new US Federal ERA regs (which transfer control of many
> encryption exports from the U.S. Dept. of State to the U.S. Commerce Dept)
> now explicitly forbid the unlicensed export of software "designed or
> modified to protect against malicious computer damage, e.g., viruses"
> (c.3., below)
> 
> 	Tell the truth, I couldn't quite believe they had done it!  (A
> whole new _class_ of export controls?  Over very basic computer security
> tech, so vaguely described?  Tucked into into the fine print of a
> regulatory rewrite which the Administration has widely touted as a
> "compromise" with market-hungry US Industry and concerned compsec
> professionals!?!  And with the DC rumor mill full of claims that the
> heavy-handed ERA language reflected the FBI's ambitions for a domestic GAK
> bill, not the NSA/DoD's spooky Infowar concerns.)

In an infowar environment, where Army Generals state they worry 
about 'Getting their butts kicked by long-haired hackers' (Not exact 
quote), creating and sending computer viruses to disable a countries'
PCs, Servers, Routers, and other equipment is an important attack,
(against either state or industrial targets) and most useful these 
days in a U.S. defined non-'real' war LIC (Low Intensity Conflict) 
such as Honduras (anyone remember?), Ethiopia, Bosnia, and against a
U.S. Domestic group involved in an activity the Feds have proclaimed 
todays' Politically correct 'War' on (Drugs/Guns/Bombs/Encryption/
Domestic Violence/Wire fraud/[insert propaganda campain here]).

Any effort to innoculate foreign equipment would make infowar that
much more difficult.  

Creating a trojaned virus that internally launched SYN, POD (ping of 
death), boot sector corruption, and other system disabling or moral
degrading event is much more cost effective than launching one or more 
Multi-million dollar cruise missle per telephone closet.  Plus you 
can't just launch cruise missles during a LIC, plus the U.S. usually
ends up paying to rebuild what they blow up.

Rumours in the past accused our government of accidental release of
biological viruses to the public, and feds are now reviewing previously 
denied friendly troop exposure to Iraqi NBC
(Nuclear/Biological/Chemical) 
weapons and defoliant 'Agent orange' used in the Vietnam LIC.  

In order to prevent becoming a bystander casualty in some infowar 
action which is either announced on CNN or not, we need to do our
best to protect our own systems against not just lamer and elite hackers
who rarely do intentional damage, but against friendly accidents,
direct state attacks, mercenary (paid malicious hackers), and violent
activist groups (ACT-UP, Environmental, Marxist, Anti-Abortionists, 
Nazi, Radical Militia, the ATF/FBI/IRS-Secret Service, etc).

Sorry for the verbosity.

Bill

[prev in list] [next in list] [prev in thread] [next in thread]