Officials Warn: Cyber War On the US Has Begun

snydeq writes "Security pros and government officials warn of a possible cyber 9/11 involving banks, utilities, other companies, or the Internet, InfoWorld reports. 'A cyber war has been brewing for at least the past year, and although you might view this battle as governments going head to head in a shadow fight, security experts say the battleground is shifting from government entities to the private sector, to civilian targets that provide many essential services to U.S. citizens. The cyber war has seen various attacks around the world, with incidents such as Stuxnet, Flame, and Red October garnering attention. Some attacks have been against government systems, but increasingly likely to attack civilian entities. U.S. banks and utilities have already been hit.'"

Re:"Cyber 9/11"

[NFN_NLN]

Really? So we're going to see buildings destroyed, thousands murdered? The hyperbole is way out of hand on this one.

It's all about strategically timed loss of service to exacerbate tensions:

- Disable electricity during a heat wave in Atlanta = Riot
- Disable communications right after a white police officer is acquitted of beating a black suspect in LA = Riot & Looting
- Disable banking/credit card during Black Friday = Riot, people already riot and trample each other in Walmart without a loss of service.

Basically the US is a powder keg... all it takes is a spark :)

Re:"Cyber 9/11"

[Anonymous Coward]

Buildings destroyed, probably not... Thousands murdered, perhaps. Why? Because many public utilities run on computers. You hack that system, you can do things like shut off electricity for an extended period of time and very few people have things like a backup generator. That guy with an oxygen pump? Dead. The diabetic who over time has their insulin harden into a jelly like substance because it's not cold? Dead. That hospital that didn't have a proper backup system for power? Many dead.

It's not exactly hard to murder people with a cyber attack, you won't see buildings destroyed like a normal attack though. Cyber attack, you could take out the financial market, which while not of upmost importance to most people these days, if you shut down VISA and Mastercard, there's a good chunk of people that won't have access to their money so getting food and water becomes a problem.

Now do I think this is going to happen soon? Nah... I'm not a doomsday theorist. Can it happen? Sure.

Re:"Cyber 9/11"

[jellomizer]

If you hack a bank that causes them to say stop funding a hospital due to a "Computer Error" and people die because the hospital didn't get the resources they needed in time. The hacker is no less evil then a guy who just pushed the button to hit a bomb.

They justify their consciousness because it is just cleaner and they don't have the see the full effect.

US Agencies warning about other US Agencies?

[Spectre]

They are mentioning StuxNet and the like as a threat example? So, the US is in danger of malware created by the US ... perhaps loosing viral code on the world wasn't a good idea.

"We're finding espionage, advanced persistent threats (APTs), and other malware sitting in networks, often for more than a year before it's ever detected," Martinez says.

Now, to "protect" ourselves from our government we need to do what ... turn over more information and control to the people that created the problem? Why would I want to give more power to people that have already proven they can't be trusted with it?

This sounds like nothing more than multi-faceted spin control and manipulation.

What I hear being said:
Look, we need a larger budget to monitor this situation.
And more power to get the information we need without the red tape of actually getting warrants.
For your protection against what we've done, you should just give us all your info, all the time.

Re:"Cyber 9/11"

[vlm]

They're talking about an attack on our civil rights, and they're almost certain to win, just like the bad guys won after 9/11.

Wait for the next innocent convenient disaster. Bank led by crooks and con men goes out of business? Oh you say one foreigner tried identity theft once back in '98? Well that cause and effect is obvious, we need to "temporarily" suspend the constitution until the threat is neutralized aka forever.

Linux/BSD ...kthxbye

[ilikenwf]

This wouldn't happen near as much if every corp, govt, person, and entity otherwise had a hardened multi-layer, stateful packet inspection firewall, with obscurity on the internal network, good policies, and Linux/BSD client machines. I blame Cisco and their crappy software on their great hardware, Microsoft for their substandard OS and applications, and Apple for their elitist "you can't touch this" attitude towards security on their OS.

Re:"Cyber 9/11"

[megamerican]

It'll be more like, if you don't give the government insane controls over the internet there will be 100 Chernobyl's in the United States. The legislation is already written. They just need the right opportunity (real of manufactured) to invoke fear and pass it without any congressman being able to read said legislation.

Don't forget the post-election attacks

[TwineLogic]

In fact, the November 15th United Airlines was a cyber attack. This was a retaliation for the severing of Russian civilian satellite control. In turn, that was a U.S. attack intended to silence Russian (RT.com) claims that the Petraeus scandal was the fall-out of a barely-discovered voting fraud "coup attempt," and that President Obama and Defense Secretary Panetta had fled the United States to Asia immediately after the coup was discovered.

Re:"Cyber 9/11"

[girlintraining]

Apparently, banks and utilities have already been hit, and nobody outside of those organizations even noticed. That tells you how much of a non-threat it is.

I can't reveal which financial institution I work for due to company policy regarding social networking, but I can say it is a major one in the United States. Nobody here noticed any "attacks" above and beyond the usual phishing and money laundering crap that comes through every day. Not a peep. Work proceeds as usual. I checked with a few of my friends who have contract gigs at Wall St., and at a nearby state university... none of them have reported anything unusual either.

I appreciate the sentiment, and truly do believe every organization could do to review and update their security and disaster recovery plans. I'm a professional in IT though, of course I'm going to say that; It's good business. However, implying that anything is happening on the networks I manage or that of many others in my profession that could equate to "the next 9/11" is complete hyperbole and, frankly, insulting.

arrogant bankers

[decora]

this is why the banks are a perfect hacker target. they are full of arrogant, ignorant people whose main judgment on whether something is important or not, is what their buddies think. since their buddies are all bankers, they kind of have a myopic view of the world.

i used to work at a 'financial institution', and let me tell you, its running everything from DOS to WinNT to WinXP ---- everyone brings their cellphones and USB sticks and plugs them into their computers to charge, everyone visits any website that pops into their mind without thinking about security. machines are running all kinds of versions of IE, sometimes back to 6.0, often unpatched.

nobody understands even the basic principles of computer security - and despite the banks strong profits, it refuses to invest anything in training anyone. the bank branches are full of minimum wage employees who have something like 90% turnover for a year, and they have access to all of the vital systems. the apps where you can deposit checks now on your phone have been sent out - again, little or no discussion of security issues.

you get more training working for a call center cube farm for $10/hour than you do when you work at a bank moving around millions of dollars of negotiable instruments.

the real thing going on here is that since the banks watched themselves all get bailed out in 2008, why should they bother? the government will come bail them out again if they get in trouble. if there is a huge breach, it wont matter. if someone tries to bring up a HIPPAA style law from bank records, the banks will simply buy off congress and stop it.