Officials Warn: Cyber War On the US Has Begun 292
snydeq writes "Security pros and government officials warn of a possible cyber 9/11 involving banks, utilities, other companies, or the Internet, InfoWorld reports. 'A cyber war has been brewing for at least the past year, and although you might view this battle as governments going head to head in a shadow fight, security experts say the battleground is shifting from government entities to the private sector, to civilian targets that provide many essential services to U.S. citizens. The cyber war has seen various attacks around the world, with incidents such as Stuxnet, Flame, and Red October garnering attention. Some attacks have been against government systems, but increasingly likely to attack civilian entities. U.S. banks and utilities have already been hit.'"
"Cyber 9/11" (Score:5, Insightful)
Really? So we're going to see buildings destroyed, thousands murdered? The hyperbole is way out of hand on this one.
What a bunch of pansies! (Score:4, Insightful)
So, they put a bug in Russian oil pipeline controlling kit that blows up. They put a virus on Iranian nuclear power testing plants (could have blown up).
And everything was just "The Next Cyber War Could Be Deadly".
But now that the USA's banks are being attacked, "ITS THE NEXT 11/9!!!!!!!!!!"
Fucking drama queens.
Rights attack (Score:5, Insightful)
FUD to steal more of our rights away. "FOR YOUR PROTECTION, we need to monitor everything, sign on the dotted line and everything will be ok. You Can Trust US" MEH.
Anything to keep the masses fearful (Score:5, Insightful)
After all, what with fiscal responsibility looming, we need all the excuses we can get to keep the war funds flowing.
Bad news on the horizon. (Score:5, Insightful)
I hope I'm wrong, but having seen how people go apeshit with simple "point and click" technologies like guns.......let's see what happens when you get a bunch of old white guys with power trying to lock down things they *truly* don't understand.
Well now... (Score:3, Insightful)
Re:"Cyber 9/11" (Score:5, Insightful)
Well, how else are you going to convince people that they should be spending huge sums of taxpayer money to help private industry do the computer security work they should have already done at their own expense?
But yes, it cheapens the meaning of the real 9/11 when you use it to scare people into responding to non-lethal threats. Apparently, banks and utilities have already been hit, and nobody outside of those organizations even noticed. That tells you how much of a non-threat it is.
Re:"Cyber 9/11" (Score:5, Insightful)
Don't you see? If we don't get our pointless billions in wasted defense spending, everyone will die.
It has begun? (Score:5, Insightful)
What the heck is he smoking? China et al. have been attacking the US through computer systems for decades.
Re:Idiots (Score:5, Insightful)
This cyberwarfare has been going on for more than five years now. Do you know how many banks, medical facilities, etc. as well as research institutions have been hit by the Chinese? I won't say whom, but a major US aerospace research corporation has been undergoing an almost constant stream of attacks since 2005...
So has my ssh server. Except that has been going on for much longer.
And when I turn on logging in iptables I see a constant patter of attempts on common windows networking ports as well.
Is this is what constitutes an "attack" in these reports?
My guess is that with public news articles coming out daily and homeland security trying to convince every
little public utility of grave danger and stampede them to harden their system, that these script kiddie attempts, which are
almost universally unsuccessful, are exactly what is being touted as a cyber warfare attack.
Re:"Cyber 9/11" (Score:5, Insightful)
The problem is finding an area of the USA where a medium term power loss would not be business as usual, due to 3rd world infrastructure.
Hmm shutdown NYC's power, they'll collapse. Naah tried that short term back in the 00s and longer term last fall due to a mere rainstorm.
Hmm shutdown power in the south? Naah thats called a hurricane, they do that stuff couple times a year no problemo.
Hmm shutdown power in the west? Naah thats called a rolling california blackout, all part of a corrupt plan to increase prices and revenue. No problemo. Heck the crooks who run the place made more money, if anything thats encouraging them!
Hmm shutdown power in the midwest? Naah every time we get a wee windstorm or ice storm or blizzard or pretty much anything but still air, happens all the time. Oh yeah and the damn mississippi is either almost bone dry or flooding the land both causing power issues.
Is there anywhere left where power outages are unusual, maybe even dangerous?
Doesn't mean its not annoying, maybe even a little dangerous. In fact if there's even a hint that foreigners are behind it all, the biggest danger is attacking some other country. If saudi arabians fly jetliners into our skyscrapers we bomb afghanistan, so I assume if Venezuelans shut down the power in Florida for a little while we'd probably respond by bombing Iran.
Re:"Cyber 9/11" (Score:4, Insightful)
Buildings destroyed, probably not... Thousands murdered, perhaps. Why? Because many public utilities run on computers. You hack that system, you can do things like shut off electricity for an extended period of time and very few people have things like a backup generator. That guy with an oxygen pump? Dead. The diabetic who over time has their insulin harden into a jelly like substance because it's not cold? Dead. That hospital that didn't have a proper backup system for power? Many dead.
It's not exactly hard to murder people with a cyber attack, you won't see buildings destroyed like a normal attack though. Cyber attack, you could take out the financial market, which while not of upmost importance to most people these days, if you shut down VISA and Mastercard, there's a good chunk of people that won't have access to their money so getting food and water becomes a problem.
Now do I think this is going to happen soon? Nah... I'm not a doomsday theorist. Can it happen? Sure.
Pretty much every area of the USA is subject to disasters than can cause power interruptions, and already have measures in place to help those that can't survive for an extended period without power. Unless there is wide spread physical damage to repair, a cyber attack power outage will be relatively short lived.
I certainly think that 10's may die, maybe even 100's, but thousands? That seems unlikely. Even Hurricane Sandy's death toll in New York City was only 41
Uh huh (Score:3, Insightful)
Oh look another "war" without a clear enemy or end in sight...
One that is super simple to avoid you have to wonder why they keep leaving critical infrastructure online.
Re:"Cyber 9/11" (Score:5, Insightful)
That's a very bleak assessment of us :/
Not completely disagreeing with you, but people are capable of other courses of action in dire situations. I was in New York when the power outage happened in 2003 when a lot of the Northeast was completely dark except for a few lights being kept on by generators. This was only two years after 9/11 and the first thought on everyone's mind was terrorism, but no one panicked or rioted except for a few burglaries (those are always to be expected). People were being helped from the subways by fellow passengers, others took care of each other as best they can.
Even after the 2001 attacks, there were people helping out and staying calm (as best they can).
There are instances where people act like they've lost their minds during emergencies, but then they have already lost their minds by the time the rioting starts. The riot is just the symptom of that.
Governments declare war on the Internet (Score:4, Insightful)
9/11 comparisons and DoD goons routinely discussing threat from cyber war in terms of parity with nuclear weapons is quite amusing like comparing getting detention with being sent off to a Nazi concentration camp.
Asserting the age old problem of "espionage" is now "cyber" and dreaming up of doomsday scenarios which leave even braindead zombies asking the obvious question how hard is it really to keep "critical infustructure" off the Internet?
I have little doubt real intent of this media blitz and TLA warnings are to create an atmosphere conducive to tolerating government overreach. Overreach which cannot possibly work to accomplish better security for anyone.
If the government really cared about US infustructure being hacked via Internet they would find a legal framework making hacking against every government/public target without any restriction legal by US citizens with some rules against lame attacks (ddos) and intentional non-collateral damage.
Penalize agencies that get 0wn3d. Make it a huge game (with cash prizes) focus on educational resources to help and encourage hacking. Not only do you get better infustructure you get more knowledgable peeps.
Infoworld is full of $hit (Score:5, Insightful)
I'm a security professional. I work for one of the largest banks in the world, in a role directly involving online security.
Putting it succinctly, Infoworld is full of shit.
Yes, there have been attacks. There were also attacks last year. And the year before. And pretty much every year going back to the day somebody first connected a modem to the serial port of a computer with access to the bank's internal network. I have no doubt whatsoever there will be attacks this year, next year, and every year to come.
This is NOT "Cyber 9-11". Not even fucking CLOSE to it. People fucking DIED on 9-11, including two guys I was friends with in college and used to drink, play videogames, and trade warez with all the time. I think one of them might have even jumped, and had to spend ~40 terrifying seconds deciding whether he'd prefer to be killed instantly, or live an extra millisecond or two in searing pain after getting shredded by the steel and glass atrium feet first.
It sucks having to tell your boss that there's a distributed denial of service attack in progress, or someone might have compromised an application and harvested usernames or email addresses (but as of yet, no passwords). It doesn't even come CLOSE to sucking as badly as falling a thousand feet to your death, or getting liquefied and burned alive by 400 million tons of flaming concrete.
Picture sitting at your desk, sipping a latte, checking out the morning's posts on Slashdot, and having a 767 crash into your office at 500mph. A chunk of wing hurls across the floor, tears off your legs, and sends you flying into a column or something solid. You have about a quarter of a second to think, "WTF" before getting engulfed in a fireball and dying more slowly than you'd have otherwise rationally preferred. Now, in that context, try to think of ANY conceivable computer hacking attempt or attack that either keeps people from accessing their accounts or creates fraudulent line items for the forensic bookkeeping team to try and sort out that you'd EVER classify as being worthy of being used in the same sentence as "9-11". Go ahead, I *dare* you.
Re:"Cyber 9/11" (Score:4, Insightful)
I think it's more a case of it's appropriations time, and with the looming new fiscal cliff, budget talks, and taxes and cuts, well, departments are going to inflate their needs with hyperbole to indicate that cutting their budget is a bad idea.
Cut DoD? Cyberwarfare! We've got another 9/11!
Cut DHS? Cyber 9/11!
etc.