Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Crime Government The Internet

Starting an International Cybersecurity Conversation 51

crimeandpunishment writes "Every government in the world is dealing with cybercrime, but they're all doing it on their own. In the context of 'cyberwar' saber-rattling on all sides, getting governments to share information is a challenge. But an international security conference this week in Dallas is aimed at doing just that — even if only on an informal basis."
This discussion has been archived. No new comments can be posted.

Starting an International Cybersecurity Conversation

Comments Filter:
  • by Moraelin ( 679338 ) on Sunday May 02, 2010 @05:00PM (#32066752) Journal

    All the talk about "cyberwar" is good and fine, but in the end it seems to me like it's already had a name: "security". In the end, there's very little difference between hardening a machine so chinese government blackhats don't get in, and hardening it so script kiddie asshats don't get in. Unlinke SF movies, there is no way to just type "retrieve password" on some terminal with big letters and get in a system that had no unpatched vulnerabilities to start with.

    In the end, a buffer overflow is a buffer overflow, and an XSS exploit is still an XSS exploit, and files accessible by guessing the URL are still files accessible by guessing the URL. And so on. If that exploit is, well, actually exploited by a Russian government blackhat it's "cyberwar", if the exact same exploit is used by an asshat kiddie, it's just being pwned.

    And it seems to me like security experts were already going to conferences and otherwise communicating with each other. Exactly what's the loss if they don't explicitly represent some government?

  • Imaginary problem (Score:4, Insightful)

    by girlintraining ( 1395911 ) on Sunday May 02, 2010 @05:12PM (#32066810)

    Everybody's talking about cyberwarfare, but nobody's ever come up with an example of it. Identity theft? Viruses? malware? That's not war. War involves people being hurt -- and I mean really hurt. Not skimming a few extra bucks off the till or organized crime, which is the closest any of this has come so far.

    Has anyone managed to shut off the internet? Disable emergency services (911) across the country (or even a state)? Have planes fallen out of the sky, power gone out, hospital computers taken down, or any other act that can be directly attributed to a malignant entity (as opposed to mere human error)? No. And it's not likely to happen anytime soon either.

    It's just not cost effective to spend tens of thousands of dollars finding and exploiting security weaknesses in those systems when a 5 gallon tank of diesel, fertilizer, and a match can take out those same systems for a lot less cost. Cyberwarfare between countries isn't likely to happen until other, cheaper methods of warfare somehow become ineffective. At best, cyberwarfare would consist of espionage efforts and manipulating data to advance certain political goals -- and countering that threat is currently handled by the intelligence community.

    • Re:Imaginary problem (Score:5, Informative)

      by TubeSteak ( 669689 ) on Sunday May 02, 2010 @05:20PM (#32066858) Journal

      You didn't RTFA did you.

      Underscoring the threats: recent attacks on Google Inc. that caused the Internet search leader to move its search engine out of mainland China, and the revelation last year that spies hacked into the U.S. electric grid and left behind computer programs that would let them disrupt service.

      There's one concrete example of cyberwarfare.
      I'm not even going to bother with the rest of your post.
      There's just too much ignorance and "it hasn't happened yet, so it won't" thinking.

    • Re: (Score:2, Informative)

      by ehinojosa ( 220524 )

      You're wrong. See Russia's cyberwars on Estonia [wired.com] (2nd story) [bbc.co.uk] and Georgia [nytimes.com].

    • We're mostly talking about industrial espionage here. Companies often don't buy security just like people often don't buy health insurance. China's has set an example of government backed industrial espionage, which plays a big role in their growth. So governments see this as an opportunity to provide a service.

      In fact, the companies would probably learn they need good geeks eventually, unlike people and health care. Governments could help the most by explaining good people security, which I'm sure get

    • by Agarax ( 864558 )

      Cyberwarfare between countries isn't likely to happen until other, cheaper methods of warfare somehow become ineffective.

      And how is a $569K cruise missile to destroy a powerplant cheaper than having someone hack into their systems and leave a program behind to brick the whole thing on invasion night?

    • OK you want to know an example, how bout the constant attacks on DOD and DOE systems from china, that are not publicly published all the time. The US infrastructure is a huge vulnerability and if the right person(s) were hired to do the job we could be seeing a sever outage of gas, power, and yes even the internet itself in the US. Lets think now, most companies are moving to web-based apps as a way of providing more for less. Records are mostly stored on servers anymore and not so much in hardcopy form.
      • Re: (Score:3, Funny)

        by HungryHobo ( 1314109 )

        "how bout the constant attacks on DOD and DOE systems from china"

        How about the constant attacks on everywhere from everywhere all the time.

        "that they just might lose their minds if they lost it."

        So that's where the canibles in all the post apoc movies come from. They're teenagers who lost access to facebook!

        • Such valid points that do have a sense of humor. Still it does not negate the point I was making. As it just enforces it, now if you want to debate my point feel free but if your just trying to enforce it then I agree.
          • My point is that "cyberwar" ,while a silly made up word that I'm fully expecting to lead to as much stupidity in the next decade as the "war on drugs" has in the last, is nothing special.

            Defendin against *hackers working for your favorite hostile government* and defending against every other hacker, cracker, script kiddie or bot out there is pretty much the same.

            The internet is already the a bandlands filled with bandits armed with the digital equivilent of nuklear weapons yet it's puttered along for decade

            • I get too used to the spellcheck feature in firefox.
              And I'm far too used to typing nuklear rather than nuclear from visiting nuklearpower.com

  • This just totally feels like those fake conferences that were posted about recently, where people would book hotel/voucher packages online only to find out the conference itself did not even exist!

    Wouldn't that be sweet irony?

    • Re: (Score:2, Funny)

      If you had posted a link to your own double-blind fake conference on fake conferences that would be ironic genius.
  • by Arancaytar ( 966377 ) <arancaytar.ilyaran@gmail.com> on Sunday May 02, 2010 @05:53PM (#32067108) Homepage

    How long is it going to take till I can read a word starting with "cyber" without grinning? :D

    • When the cyber-retro movement takes hold and is used to sell big macs and office stationary and cordless drills... oh wait...
  • 1 - There are no real problems with information sharing if they really wanted to. The model for this that would allow control over what is shared has existed for years in the military. However...

    2 - The participants are hopefully aware that part of the job is protecting themselves against the others. What one nation labels "organised crime" is for another nation simply "economic espionage". For starters, I would love to be near US customs when all these delegates arrive and are temporarily relieved of t

  • I think it is the only real way to support some resemblance of good order in the Internet. I mean an international cooperation in prosecution of cyber-thieves, spammers, bot-net owners, virus writers, etc.

    The ideas from IT industry can be well used in this area. For example, outsourcing. Building vast camps in the North of Russia for cyber-crimianls, sort of the New Int'l Cyber-GULAG, but this time a human one. There a camp does not need an expensive fencing and guard-towers, as there is not way to walk out

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...