Web sites that promote terrorism are here to stay, although governments and Internet companies will occasionally shut one down if it violates the law or a terms-of-service agreement.” Thus reads a grim observation in one of the essays included in ‘Issues in Terrorism and Homeland Security,' second edition (www.sagepublications.com).

Reminding that such a decision to shut down can only be reached after prolonged monitoring, the author Barbara Mantel underlines that monitoring the thousands of Web sites, discussion forums, chat rooms, blogs and other open sources of the Web requires trained personnel with expertise in the languages, cultures, belief systems, political grievances and organisational structures of the terrorist groups online.

She makes a case, therefore, for the pooling of scarce expertise required for such monitoring, and mentions as example Europol, the EU police agency, which began a programme in 2007 called Check the Web, encouraging member nations to share in monitoring and evaluating open sources on the Web that promote or support terrorism.

“The online portal allows member nations to post contact information for monitoring experts; links to Web sites they are monitoring; announcements by the terrorist organisations they are tracking; evaluations of the sites being monitored and additional information like the possibility of legal action against a Web site.”

Among the difficulties encountered by such an initiative are the divergent practices. The author notes, for instance, that some member states' police are unsure whether or not they need a court order to monitor and participate in a Web forum without identifying themselves; and that there is no agreement on the definition of a terrorist and what kinds of sites should be watched.

To those of us looking for reassurance that a truly destructive and frightening cyber attack is not too likely, the essay quotes the view of Irving Lachow, a senior research professor at the National Defense University in Washington, D.C. – that a cyberterrorism attack would need a multidisciplinary team of people whereas the capabilities of terrorists are very limited.

Critical facilities are very complicated and they have hundreds of systems, reasons Lachow. To blow up a power plant, for instance, a terrorist group would need an insider who knows which key computer systems are vulnerable, a team of experienced hackers to break into these systems, engineers who understand how the plant works so real damage can be done, a computer simulation lab to practise and lots of time, money and secrecy, reads the explanation. “At the end of day, it's a lot easier just to blow something up.”

Experts such as Steven Bucci, IBM's lead researcher for cyber security, have a different view, however. The most insidious threat, according to him, comes from criminal syndicates that control huge botnets: worldwide networks of unwitting personal computers used for denial-of-service attacks, email scams, and distributing malicious software. “The syndicates often rent their botnets to other criminals. Some analysts fear it's only a matter of time before a cash-rich terrorist group hires a botnet for its own use,” cautions Mantel.

Imperative study.

From reverse-engineering Japanese car phones

The Sony Walkman of 1979 had created the mobile consumer product category; and Samsung, though not the inventor of the mobile phone, was able to exploit the coolness of the mobile phones, writes Tony Michell in ‘Samsung Electronics' (www.wiley.com). What helped Samsung was its decision to transform itself into a consumer-oriented and digitally-convergent company, he observes. “Samsung's coolness factor got a big boost when one of its futuristic phones was featured in the second and third instalments of the sci-fi series The Matrix.”

This, as Michell points out, was a striking vindication of the decision not to abandon the consumer-electronics business in 1997-98, of CEO Yun Jong-yong's belief in the power of digital convergence, and of the CMO Eric Kim's ability to coordinate a global marketing campaign that raised the status of Samsung to prestige levels.

Looking back, the author traces how, in the digital contest in the 1990s, the Koreans and the Europeans diverged from the standard technology path, while the American network companies stuck to their direction, reluctant to abandon their investment in analogue phones. “European phone companies such as Nokia, Ericsson, and Siemens supported GSM (Global System for Mobile Communications) standards which were built round a form of digitalisation known as TDMA (Time Division Multiple Access); while Korea, almost alone, took a different technology known as CDMA (Code Division Multiple Access). Japan produced its own system, a variant of TDMA.”

CDMA, a government-led technology choice, meant that Korean domestic phones would not work anywhere else in the world, and thus protected Korean companies in the short-term in their domestic market, but also could have isolated them as a single global network grew by the end of the twentieth century, the author explains. “Japanese phone makers had the same protection/ isolation situation. In the end, the fact that CDMA was closer to the 3G (Third Generation) technology allowed the Koreans to make superior GSM phones to capture a sizeable slice of the global market.”

It should be of historical interest to read about the tortuous start of the story, when between 1983 and 1986 Samsung engineers struggled to reverse-engineer Japanese car phones. The results were so disappointing that there were doubts about continuing the programme, the author narrates. “But it was not in Samsung's DNA to give up, and Lee Ki-tae, the young head of wireless development, decided to risk buying 10 Motorola phones instead. After a long struggle, in 1988 a phone was launched which could be used in Korea…”

Engaging account of corporate challenges.

Security threats to wireless networks

First in the list of ‘security threats to wireless networks,' as Kumkum Garg documents in ‘Mobile Computing: Theory and practice' (www.pearsoned.co.in), is ‘accidental attack' owing to frequent failure of devices and components. Next is passive attack, where the goal of the intruder is only to monitor or get information that is being transmitted. “Attacks may include releasing message content or traffic characteristics. Since no data are altered, passive attacks are difficult to detect,” the author explains.

In contrast, ‘active attack,' involves modification of data or false data transmission, as in man-in-the-middle attack. Denial of service (DoS) is possible where there is either temporary prevention of communication facilities or disruption of the entire network, Garg cautions.

“This is done by flooding it with a large number of messages to degrade the performance of the system.”

Other threats listed in the book include unauthorised usage (which can be prevented through proper user authentication techniques); heterogeneity (because mobile nodes need to adjust to potentially different physical communication protocols as they move to different locations); and resource depletion/ exhaustion (for example, techniques such as public key cryptography cannot be used during normal operations due to limited processing power and battery life).

War driving/ walking, featured last in the list, may remind some of the popular war game of the 1980s called war-dialling, a technique for searching phone numbers with modems attached to them. Observes Garg that, as wireless LANs gain popularity, hackers can find them by just taking a notebook computer or pocket PC fitted with a wireless card and some detection software such as netstumbler, kismet, and airsnort. Or, just a smartphone.

Guidance for beginners.

>dmurali@thehindu.co.in

Tailpiece

“Our carbon footprint software creates such personalised visualisation that when the boss comes into the office…”

“The whole floor gets darkened?”

“Yes, and the walls and ceilings, too!”

Related Topics
comment COMMENT NOW