The One Sided Cyber War 215
Curseyoukhan writes with a skeptical perspective on the U.S. Cyberwar posturing. From the article: "The first shot was probably the release of Stuxnet sometime during or before 2009. Even though no one has officially claimed responsibility everyone knows who was behind it. Stuxnet hit with a bang and did a whole lot of damage to Iran's uranium-enrichment capabilities. We followed up Stuxnet with Flame — the Ebola virus of spyware. What did the Iranians fire back with? A series of massive, on-going and ineffective DDoS attacks on American banks. This is a disproportionate response but not in the way military experts usually mean that phrase. It's the equivalent of someone stealing your car and you throwing an ever-increasing number of eggs at his house in response. It's fascinating that Iran continues to do nothing more despite the fact that U.S. critical infrastructure currently has the defensive posture of a dog waiting for a belly rub. Keep that in mind the next time you hear that a 'cyber Pearl Harbor' is imminent."
not really (Score:5, Insightful)
It's fascinating that Iran continues to do nothing more despite the fact that U.S. critical infrastructure currently has the defensive posture of a dog waiting for a belly rub.
It's not surprising actually.....because attacking that infrastructure is not as easy as it sounds. It's not like any script-kiddie can pick up the stuxnet script and modify it to attack their local cell-phone tower.
Re:not really (Score:5, Interesting)
Plus it's stupid to claim that Iran is doing nothing; it seems that way when you box yourself into just "cyber-warfare". IRan responds with what they have, which is a robust intelligence community based on personal relationships, used to destablize places like Iraq and the Levant. They use their ties in the Shia community to make Iraq difficult for the US, whcih is what they did for the past 10 years or so we were there. They also run advanced missiles to Hamas and let them fire them off, missiles with enough range to directly threaten Israeli population centers. They run training exercises in the Strait of Hormuz designed to make it known how they can mine the whole thing and close it off, and it sends oil prices through the roof.
Cyber-warfare is a meaningless term, because cyber-weapons are just one type of weapon, and one that Iran is not as sophisticated at. But they are sophisticated with other weapons, and they use them extensively.
Re:not really (Score:4, Interesting)
It's not like any script-kiddie can pick up the stuxnet script and modify it to attack their local cell-phone tower.
Umm.. actually that has already happened. Flame and Stuxnet are cousins of which Shamoon is a derivative.
"Specifically, Kaspersky believes it's the doing of script kiddies. Shamoon, like Flame, reportedly collects data on any machine it infects, then proceeds to erase the disk. "
http://gizmodo.com/5935647/is-a-script-kiddie-flame-copycat-out-to-destroy-the-worlds-power-plants [gizmodo.com]
Re: (Score:3)
You appear to have missed a rather key quote:
But the Wiper file in Shamoon doesn't share the same code as the one in Flame, which is why experts suspect a copycat is at work.
Containing a file with the same name as another virus barely even counts as a "copycat" in my opinion, especially given the extremely generic nature of the name and operation (in this case wiping the disc clean to erase evidence of the virus, an operation that dates back at least a decade among malware). The two viruses don't even do the same thing.
Re:not really (Score:5, Insightful)
And...
If Iran did too good of a job in a counter attack, do you think the US would keep the confrontation just "cyber", or would it escalate? That's another of their considerations.
Re:not really (Score:5, Interesting)
That's my thoughts. It's like the schoolyard bully taunting the nerd just the nerd will take a swing at him. That way, he can pound the nerd into the ground and then claim "well, he started it!"
Re: (Score:2)
More like the captain of the football team [nato.int] keeping a wary eye on the strange loner [wikipedia.org] in a trench coat [wikipedia.org] that seems to keep stirring up trouble [bloomberg.com], hangs out with bad people [cfr.org], spends a lot of time in a private workshop [telegraph.co.uk], and muttering under his breath "someday you'll all be sorry."
It is pitiful that you are trying to paint Iran as an innocent victim. Most Gulf countries live in fear of Iran and its ambition of hegemony, and it drives large arms purchases.
Re: (Score:2)
Ok, how's this then. The nerd, in turn, picks on the kid with a lisp. Doesn't really make the bully any better.
Re:not really (Score:4, Interesting)
Most Gulf countries live in fear of Iran and its ambition of hegemony, and it drives large arms purchases.
Yeah, right. You are being played like a fiddle.
At the present time, Iran is no threat to anyone. Iran runs a very distant 5th in arms expenditures in the region, at less than 1/2 of Israel, Turkey, and the UAE, at less than 1/6th of Saudi Arabia (and a little over 1% of what the US spends). Iran is surrounded by nations armed to the teeth, a lot of it American weaponry.
When a 90-lb. weakling is subjected to such irrational fear-mongering by multiple 800 lb. gorillas and on 80,000 lb. godzilla monster at the same time, it is no wonder they are leaving the nuclear option open. How can they dare do otherwise?
Re: (Score:2)
"pick up the gun" [youtube.com]
Re: (Score:2)
Which reminds me of another thing Hicks said, sorry for making it a second post:
"First of all, this needs to be said. There never was a war. How can you say that Bill? Well... a war is when TWO armies are fighting." ( http://www.youtube.com/watch?v=u4CQ_1GWn4w [youtube.com] )
I guess some things still haven't changed. Well, "nerds", this is actually happening on your turf, collectively you're the 800 pound gorilla in this one :P Make something of it, and by that I mean maybe educate the general public about what is going
No Jews were pushed into the sea (Score:3, Insightful)
...but Iran has had the dick of the west up their ass since 1953. Who has Iran attacked?
You call them "murderous assholes," yet the US is responsible for FAR more murder.
IOW: fuck off you cowardly apologist for the empire.
Preemptive warfare... (Score:5, Interesting)
If the "nerd" wants to push the Jews into the sea, I'm fine with being the bully. We should bully such murderous assholes more.
Don't the Iranians have a right to the opinion that Israel shouldn't be a state?
I'm not saying we have to agree with them, I'm not saying the US shouldn't help out Israel, if attacked...
But this is preemptive warfare.
Where does it end?
These hacks only postpone their nuclear program, and cause a lot of animosity...
The only option for true peace in the region is negations, all out war could stop a nuclear program, but it certainly wouldn't bring peace.
Re: (Score:2)
Stuxnet was possible because Iran was using outside (German) technology for their nuclear program which they developed with the assistance of the Russians, so I'm pretty sure they're open to outside help. Based on the results, though, I wouldn't blame them for being a little leery.
Re: (Score:3)
Every single one of them is exposed to attack by anyone that takes the time to fill a backpack with home-made Thermite and a safety flare
Alright wise guy, let's see you deliver a backpack of thermite via TCP/IP.
Our Foreign Policy (Score:2, Interesting)
...is the equivalent of the biggest kid on the block pushing everyone on the playground over in the mud, then claiming to be the victim if they throw a clod of mud back at him. Wait, that was in the summary...
Re: (Score:2)
Soon their own totalitarianism will be the only one left.
The reason a "cyber Pearl Harbor" isn't imminent (Score:5, Insightful)
In the real Pearl Harbor, people died. Unless and until the people talking about "cyberwar" demonstrate that they're defending us against the same kind of lethal threats, there isn't a legitimate comparison.
At worst, there may be property damage. But the simple fact is that the threats presented by enemies of the United States today are not even close to being the same level of threat presented by the Germans and Japanese and Russians of the past, where if we screwed up it was quite possible that the United States wouldn't exist anymore.
So why do they continue to invoke this stuff? To scare people into putting their organization on the US DoD gravy train.
Re: (Score:3, Insightful)
So why do they continue to invoke this stuff? To scare people into putting their organization on the US DoD gravy train.
Or maybe because the professianls who do this for a living know something you don't. Imagine for a second that someone shuts down our power grid, something that is easy to do and has been demonstrated in Project Aurora. Without power, the internet is down. Without the internet, the economy grinds to a halt. No ships coming into port, no planes flying, no gasoline being delivered, no power in hospitals, no 911 calls, no critical infratructure working at all. This is the cyber 9/11 people like us (I work in t
Re:The reason a "cyber Pearl Harbor" isn't imminen (Score:5, Interesting)
My brother works for a very large electricity plant and he says that the only computer controlled anything is the monitoring systems. The action of turing on/off turbines is manual. I know this isn't true of the whole electrical grid but I'm sure there are considerations made when hooking up computers to critical systems like those ones.
Re:The reason a "cyber Pearl Harbor" isn't imminen (Score:4, Interesting)
*This is a Mitsubishi article, but it does a good job of explaining. I am not affiliated with Mitsubishi.
Re:The reason a "cyber Pearl Harbor" isn't imminen (Score:5, Insightful)
Oh not you again! Does your fallacious "intelligence" position grant you highlevel access to sources such as the telegraph and wall street journal?
Look, if you've hooked up your command/control infrastructure to the Internet, all the DHS in the world is not going to save you. Stuxnet like viruses? Sure. Maybe. Unpreventable, by anything beyond quality engaged PHYSICAL security.
As for impact, if you recall, 10 years ago, power was down for up to 3 days across the NE. This was caused by something far less insidious and delibrate than a cyber attack. It's impact beyond the first grid affected was also completely mitigable and took several MANUAL command/control failures to become as pervasive as it did.
http://en.wikipedia.org/wiki/Northeast_blackout_of_2003 [wikipedia.org]
Re: (Score:2)
Re: (Score:2)
Indeed, here is something further to consider.
While chicken littles are running around screaming about some ghost in the machine, we ignore the real issue:
Our own energy security!!!!
What happens if this week the power goes out for 3 days in the middle of winter because of our doing (and not some imaginary systemic viral infection)? Will your gas furnace turn on? Outside my house right now its -27C with further windchill.
Re:The reason a "cyber Pearl Harbor" isn't imminen (Score:5, Insightful)
That's all made up scaremongering to gather $$ and enforce central authority. I work on the "other side" no, not the black hat side, I mean the infrastructure provider side. Seriously claiming that our main site backup generator which doesn't have a networked SCADA interface will magically fail? And all our POPs which have gens that barely have electronic engine computers on the diesels will be magically reprogrammed? My cousin maintains large fixed diesel gens for hospitals, you're going to reprogram his ratchet set so he can't turn bolts? Without the internet no planes fly? LOL
A grid hit would look EXACTLY like the great NYC power outage about a decade ago. In fact, seeing as no newsies really looked into it to the depth necessary, it could very well have been an external hit to send a message.
A REAL hit wouldn't look like Jericho or a survivalist fanfic, it would look like an economic hit. If every centrifugal pump VFD at the local plant instantly reversed so they get to buy new ones, that doesn't mean we're going back to worldwide feudalism, it merely means bankruptcy for one plant. Actually it would look a heck of a lot like a major aerospace jetliner manufacturer having to ground an entire worldwide fleet leading to all kinds of economic effects.
Re: (Score:2)
Your controllers don't need to be an actual computer terminal to be given bad chips that were bad from manufacture to installation and operation. We, have blown up stuff indirectly like this before by paying off the manufacturers of said products.
The end result is were you going to buy your micro-controllers? I don't see nuke plants spending money for their own in house ones. They probably use stuff off the market.
Oh what else happens when someone drops some in a bin who appears to have legit clearance and
Re:The reason a "cyber Pearl Harbor" isn't imminen (Score:5, Insightful)
Really? Someone shuts down the power grid and the entire world grinds to a halt? Maybe we should train someone who knows how to, well, turn the power grid back on?
I understand that the grid is a complex legacy systerm that isn't well understood. It's not clear, for example, how to cold-start the nationwide power grid if some catastrophe shut it all down, nor is it clear how long it would take to do so. But assuming that the economy comes to a catastrophic halt is simply fear-mongering. Every few years, winter storms shut down the Eastern seaboard for days with no lasting effects. The World Trade Center attacks shut down most of the financial industry for a week, and had severe repercussions on it for weeks thereafter; but we survived. The Sept 11, 2001 attacks shut down air traffic completely for a week - and yet, the world didn't stop.
Taking down the electrical grid would be more comprehensively catastrophic than the Sept 11 attacks, but it would still be no more than a minor blip on the Human History chart. A week later, it would be back up and running and those cunningly flexible and adaptable human beings would still be infesting this planet.
Please, for the sake of the United States and the world, get out of government service and take your paranoia with you.
Re: (Score:2)
"I understand that the grid is a complex legacy systerm that isn't well understood."
Well, I think the "grid" is better understood than may be obvious. If the national grid goes down, each local utility will disconnect from the grid, then bring their own lines up section-by-section. They are well practiced due to ice storms, hurricanes, etc. Reconnecting all the local utility grids to the "national grid" would be a new experience, however.
Re: (Score:2)
Yes, you are correct. But I can't say if most of those grids have ever had a black start event in a long time. I've been in the distribution side of the power industry, not the transmission side, so I defer to your greater subject knowledge.
Re: (Score:2)
Re: (Score:3)
Someone has been watching Revolution....
Re: (Score:2)
Re:The reason a "cyber Pearl Harbor" isn't imminen (Score:5, Insightful)
Secret evidence is indistinguishable from fabricated evidence. Maybe the professionals who do this for a living are a bunch of frauds collecting fat paychecks for nothing. I have as much proof of my assertion as you have of yours.
Re: (Score:2)
Re: (Score:3, Interesting)
So why do they continue to invoke this stuff? To scare people into putting their organization on the US DoD gravy train.
Or maybe because the professianls who do this for a living know something you don't. Imagine for a second that someone shuts down our power grid, something that is easy to do and has been demonstrated in Project Aurora. Without power, the internet is down. Without the internet, the economy grinds to a halt. No ships coming into port, no planes flying, no gasoline being delivered, no power in hospitals, no 911 calls, no critical infratructure working at all. This is the cyber 9/11 people like us (I work in the intelligence community) are worrying about.
Or maybe the professionals (security "consultants", sales, and everyone else in line to make a friggin buck) just wants to hammer home that the sky is falling to keep the good times rolling. And yes, that means you too, Mr I work in the intelligence community. Is the state of "cyber" security in the various critical infrastructures weak? Absolutely and they need to be improved upon. I too work "in the field" and am very familiar with the state of security for several organizations in a specific critical
Re: (Score:2)
Other than people on life support, exactly who would be killed, rather than severely inconvenienced? Serious question. I'm totally ready to admit it if you come up with something convincing which I had not thought of.
Even people on life support might not be killed if the hospitals have generators that runs on petrol (gasoline) for emergencies. Admittedly there may be problems with further petrol deliveries, but local supplies might be sufficient to ride out the worst of the crisis.
I'm willing to admit that
Re: (Score:2)
Re: (Score:3)
Or maybe because the professianls who do this for a living know something you don't.
That's not likely. A lot of people on Slashdot do this for a living, too.
I will fully admit there are people who know more about security than I do, but when people say, "trust me, it's going to be scary if you don't give me control, and you can't understand why," well you better explain it to me in clear terms if you want that much control. Remember they were asking for an internet 'kill switch.'
Also, are you talking about Operation Aurora that Google was the center of? That definitely did NOT show it
Re: (Score:2)
Re: (Score:2)
I don't hope for it to happen, but I've got to agree that people would finally take security a little bit more seriously if it did happen. A little bit.
Re: (Score:2)
And then you will get the internet-TSA next.
I'd prefer the nothing happens at all option...
Re: (Score:2)
This much ought to be painfully clear, yet government-and-industry keeps drumming the "imminent grave danger" drum like they were sitting on Iraqian WMDs or something.
Which ought to give rise to the next question: Why?
Well, we already know the answer for that, and we coulda seen it coming decades away. Back when it was coined the "military-industrial complex", these days it has a large sideshow in transport security, and the next wave of innovation is in cyber.
There's a few problems with this, of course. Th
Re: (Score:2)
Re: (Score:2, Insightful)
Re: (Score:2)
If electricity in a city went out for a week there would be riots and looting.
Clearly you don't live in New York, where you were proven wrong less than 3 months ago.
Re:The reason a "cyber Pearl Harbor" isn't imminen (Score:5, Funny)
Re:The reason a "cyber Pearl Harbor" isn't imminen (Score:4, Funny)
Do you know of any way I could get hold of these people? I would really like to assist them in achieving their goal. :)
Re: (Score:2)
Re: (Score:2)
For a moment I thought they would cut off my MTV reality shows.
Re: (Score:2)
In the real Pearl Harbor, people died. Unless and until the people talking about "cyberwar" demonstrate that they're defending us against the same kind of lethal threats, there isn't a legitimate comparison.
I completely agree that the "Cyberwar" term is hyped up and thrown around too much. But an attack on critical infrastructure like Water and Energy systems through SCADA attacks could easily result in the loss of lives. Just as an example, how many people depend on life support systems that require energy in hospitals?
Re: (Score:2)
Just as an example, how many people depend on life support systems that require energy in hospitals?
That's why pretty much all hospitals have generators. They know how to deal with power outages and water issues.
just wait until the hack on the "Smart Grid" (Score:2)
which has as many holes as Swiss cheese. that would be a natural for the Talibani, Islam's TEA Party, because we'd all be back to 700 AD in a flash.
Re: (Score:2)
> At worst, there may be property damage. But the simple fact is
> that the threats presented by enemies of the United States
> today are not even close to being the same level of threat
> presented by the Germans and Japanese and Russians of the
> past, where if we screwed up it was quite possible that the
> United States wouldn't exist anymore.
Even the total loss of hawaii and all other US assetts in southeast Asia would not threaten the existance of the US, its not clear that such a threat h
Re: (Score:2)
So why do they continue to invoke this stuff?
Probably because it is simple to remember like "Remember The Alamo!" even more than a century after it happened and many don't know it was all about.
Actually for me I have continual cyber war problems from sales and marketeers constantly trying to hack my computer. When I first fired up Zone Alarm, I saw all kinds of penetration attempts, a friend said those are from companies wanting to gather information to profile what kinds of products to sell. Then there is mischief like the Sony rootkit. God only kn
Re:The reason a "cyber Pearl Harbor" isn't imminen (Score:5, Interesting)
Actually, depending on what kind of damage they can do to utilities and SCADA systems, people could very well die.
Re: (Score:2, Interesting)
I've written a paper on this nearly a decade back. Let me tell you how to do it:
You attack the water system in rural regions. Twofold
1) you increase fluoride injector pumps to toxic levels. Most systems should have emergency shutdowns to prevent this, but you can. This is just gravy and not relevant, unless the shutdown actually stops water distribution. And even then it probably impacts the 'wrong' region.
2) You throttle some of the control points on and off as fast as possible to increase stress on t
Re: (Score:3)
No, think back a few years to the massive blackout in the Eastern part of the US. That was an accident, but that's the kind of thing a well-run attack on SCADA could do. Then if you want to kill people, as part of the attack, attack hospital utility systems. You know, like the stuff that brings the backup generators online when the mains fail. There are all sorts of regulations about keeping patient data safe, but it wouldn't surprise me if the utility systems are just as secure as a lot of the rest of
Possible (Score:2)
And I'm pretty sure they have non-internet connected systems in place
I believe Stuxnet was not delivered over the internet as well. You can target non-internet connected devices with a bit of social engineering or espionage.
Regardless, taking out critical infrastructure through cyberwar could lead to large amounts of deaths.
Re:The reason a "cyber Pearl Harbor" isn't imminen (Score:5, Interesting)
Traffic light and elevators come to mind ...
No way. Both traffic lights and elevators have low level hardware interlocks that prevent them from going into an unsafe mode. Even if you have access to the control systems, the most you could do is stop the elevators, or put the lights into 4-way blinking red mode. To make the lights go into something dangerous, like 4-way green, you would need to conduct physical sabotage with a crowbar and a soldering iron. It would be easier to just buy a gun and shoot people as they drive by.
Re: (Score:3)
Those two events are not mutually exclusive. Cause the lights to go 4-way red, have people waiting at intersection and start teeing off. Since everyone has come to a halt, people will try to race away but can't because everyone else is trying to race away.
Fish in a barrel and all that.
Re: (Score:2)
Point being, there's no way for the Iranians (or some other Evil Empire) to pull off that kind of attack from the safety of a computer console halfway around the world.
Re:The reason a "cyber Pearl Harbor" isn't imminen (Score:5, Funny)
There's a documentary about this you should see called "Live Free or Die Hard." It's even got the guy from the Mac commercials in it, so you know they're computer experts.
Re: (Score:2)
Re: (Score:2)
People in Siberia without expected power... yes deaths. One of the biggest explosions recorded by seismographs of the century, Damaged property, costing money in a communist regime, yep people did not get their bread.
The CIA are assholes.
Re: (Score:2)
I will quickly counter my own argument by saying maybe this contributed to the downfall of that communist regime and had a net benefit. But thats one of those simulation things, we just don't know for sure (TM) if we had to do this.
compulsory princess bride ref (Score:3)
"everyone knows who was behind it"
That word you keep using "knows", does not mean what you think it does.
Re: (Score:2)
Its like the difference between a civil and criminal case. We know based upon a preponderance of the evidence. We may not be able to prove a case beyond a reasonable doubt.
Since this isn't an actual court case, the level of proof isn't so much an issue. If I don't trust our government, I don't have to justify that to anyone else other then myself. I can vote them out of office based on whatever evidence I like.
Re: (Score:2)
"everyone knows who was behind it"
That word you keep using "knows", does not mean what you think it does.
They were implying that everyone "knows" that Stuxnet was a cooperation between USA and Israel.
Re: (Score:2)
"President Obama has claimed Stuxnet as our own."
(when / where ?)
Re: (Score:2)
What was widely reported is NYT reporting on others' speculation. Any references to Obama actually admitting it?
They should retaliate by posting movies and music (Score:5, Funny)
They should threaten to make available copies of movies and music online for free.
Re: (Score:3)
I don't think they want the Media Industry Controlled States of America to nuke them. I don't blame them on that count.
Re: (Score:2)
So is /. a propoganda pulpit (Score:2)
For the next god damn excuse to have a pointless war?
Don't get me wrong war is a great training ground for the stupid.
But we really don't want to escalate into total war with Iran over this bullshit. It'll be really bad for business.
Re: (Score:2, Interesting)
What are you talking about? What exactly are you imagining? A war on the scale of WW2? Total war? Please.
To quote von Clausewitz, "War is diplomacy by other means." By that definition, we're already at war. Iran and the US have different interests. Iran wants to become the regional hegemon of the Middle East, and the US does not want anyone being the regional hegemon. Iran has made it clear their intent to press ahead, and talking about it won't help either side come to a conclusion. So Iran has ch
Re: (Score:2)
You make a good point. I figured we could just let Iran do whatever the fuck it wants and have a justified gentleman's war later. Rather then one about who gets to control power and territory half way around the globe from us.
I don't advocate pissing of already angry and oppressed people with further offensive action. I see the news articles like this as propaganda because its justification for our leaders actions without the clear consent of the majority of people. It is also an excuse to get that clear ma
Re: (Score:2)
It also justifies Iran's leaders action so they can have even more control and make it harder for upstanding Iranians to reform from within. As I understand it Iran's president is in a rock and a hard place and must toe the party line or loose his power, this doesn't help make him think about other things like womans rights. Right now he could care less probably because he's got to deal with the evil west in the conservatives eyes.
Re: (Score:2)
Iran wants to become the regional hegemon of the Middle East, and the US does not want a regional country being the regional hegemon of the Middle East.
TFTY
Re: (Score:2)
It'll be really bad for business.
Ferengi Rule of Acquisition #34: War is good for business.
Maybe (Score:2)
Re: (Score:2, Interesting)
Or maybe it is one-sided because they found ours but we can't find theirs?
I would guess the only way they (Iran) could produce something equivalent to Stuxnet is by contracting it out to Russia or China. Would they actually do that?
And if they DID, could they successfully deploy it?
And if they could deploy it, could the manage and control it properly?
I don't know, that's why I'm asking. I would GUESS the answer isn't "no" but rather "no probably not" to all three questions.
Totally misleading (Score:3, Interesting)
All the sources and analysis on Stuxnet said it entered through a weakness in Windows (written by Microsoft, an American company) and targeted specific elements of control software written by Siemens (a German company, and thus an American ally). Stuxnet was highly sophisticated and highly targeted, and likely because those writing it had access to the design flaws and knew what to target.
None of the US or Israeli infrastructure is on software written by Iran, so the access they would have to the design of software that runs things they can target is extremely limited. I would imagine in cyber-warfare it's much like normal warfare; intelligence is key when targeting your weapon. Iran likely does not have the intelligence (meaning information, not mental capability) to target us, so they're using DDoS attacks which are somewhat untargeted. So, to expand on the car analogy, this is like someone stealing your car, and since you don't know how to pick a lock, don't know how to break the alarm, and don't know how to hot wire the ignition, all you know is where they live, so you protest by throwing eggs at them.
Iran isn't suicidal (Score:2)
Escalating cyberwar to the point of doing serious damage to the USA would invite a stepped up response (probably to actual bombs and missiles warfare) that they couldn't afford. So poke us. Just hard enough to make us notice. But not so hard that we would be justified in a military response.
This is why I don't have a major problem with them having a few nukes. They'd be crazy to use them for anything other then a last resort in self defense. Iran is, after all, surrounded by 'enemy' Arab states. It is a de
Holy shit... (Score:5, Interesting)
This is so incredibly wrong that it's astounding to me. A whole series of declarative statements that show a total lack of knowledge, and a total lack of understanding of the background material as well. Let's count them:
"The first shot was probably the release of Stuxnet sometime during or before 2009."
No. Cyber warfare did not start with Stuxnet...and common sense bears that out. Nobody can mount a successful and incredibly complex offensive the first time they field troops on the battlefield. Chinese thought leadership on cyber warfare goes back to the early 90s, when they seized upon it as an avenue to even the odds after witnessing our performance during Desert Storm...which, quite simply, made them wet themselves with shock at how effective we were at kinetic warfare.
"Even though no one has officially claimed responsibility everyone knows who was behind it."
Um, Obama took responsibility for it. At least read the headlines of what you're talking about? He was even called out for doing so, by others.
"Stuxnet hit with a bang and did a whole lot of damage to Iran's uranium-enrichment capabilities."
AWESOME! You FINALLY said something that was factually accurate! Too bad it took three sentences to get there.
"We followed up Stuxnet with Flame — the Ebola virus of spyware."
Uh, nope. Flame/Duqu, by all assessments, was actually a predecessor to Stuxnet, and I don't get the "Ebola" reference, since it's a data stealer and not designed to brick systems.
"What did the Iranians fire back with? A series of massive, on-going and ineffective DDoS attacks on American banks."
Okay, so first off, this is not the first thing...or the only thing...the Iranians have done. They've been in the cyber business a long, long time and are viewed as one of the big three actors in offensive cyber operations. Second of all, the attacks were not at all "ineffective"; ask any Bank of America customer who uses online banking. The site was down for weeks nonstop. And the banks have gone to the NSA asking for help in fending off the attacks as well.
"It's fascinating that Iran continues to do nothing more despite the fact that U.S. critical infrastructure currently has the defensive posture of a dog waiting for a belly rub."
See again, under Iranian cyber operations and how the banks fared during the DDoS attacks. Also keep in mind that the financial industry is at the top of industry sectors, when ranked in terms of cyber security maturity.
NOW, let me add the total way in which the OP ignores anything related to Russia or China, using only his incredibly faulty understanding of one country to justify his assessment of an entire form of warfare. Forget Red October (Russia, still in play but being shut down), forget Ghost Net (China), forget Aurora (also China), right? Forget what the Russians did in Georgia and Estonia. Forget North Korean actions against South Korea. Yeah...wow, good analysis dude. I bet Fox News would love you.
Re: (Score:2)
I like your snarky attitude. I deserve nothing less.
I am grateful to you for pointing out the things I screwed up on and will go correct them.
A) make it clear that I am referring to the first US cyber war -- not cyber war overall. B) I totally screwed up on the Flame/Stuxnet timing. C) Obama! My own friggin' fault for going for a very minor sarcasm when I should have double checked.
The Iranians being ranked among the big three when it comes to cy
Iran doesn't allow computers or internet (Score:4, Funny)
Muhammad said young men might use them to look at women's ankles. So their hackers are a little behind the curve compared to the non-Muslim-nutball world.
I don't get the assumption here... (Score:2)
Re: (Score:2)
Iran hasn't attacked anyone for hundreds of years.
Yes they have [wikipedia.org]. Now, granted, their attack was a counterattack against the Iraqis.
This has long been US/Israeli military doctrine (Score:2)
Taking the initiative (i.e., firing the first shot to surprise the enemy) and applying overwhelmingly dominant force have long been core tenets of US and Israeli military doctrine. It's not as if they've any reason to be humble about it.
I'm just surprised that Israel hasn't yet bombed the research facilities and turned Iran into a radioactive wasteland, ala Ian McDonald's "The Dervish House." [amazon.com]. Send a loud message to all Muslims that only friends of the West can be trusted with nuclear energy.
The Cyber Pearl Harbor already happened! (Score:3)
The Cyber Pearl Harbor already happened. (Man, I hate that term.)
And to keep up the analogy, this time The U.S. was the aggressors and the Iranians were the ones with their pants down and all their eggs in one basket.
FUD alert!!! (Score:3)
I found this from the article typical; "It's fascinating that Iran continues to do nothing more despite the fact that U.S. critical infrastructure currently has the defensive posture of a dog waiting for a belly rub. Keep that in mind the next time you hear that a 'cyber Pearl Harbor' is imminent."
Rubbish! Will not happen. Thinking... the Iranians aren't stupid? Just a guess but if you are being attacked by the most powerful empire the Earth has ever seen, it's something you just put up with. DOSS attacks in retaliation for the most technical cyberattack yet goes to show they know what they're up against. Everyone in the West seems to think that Iran will bring the 'cyber Pearl Harbour' while AT THE SAME FRICKIN' TIME describing the Stuxnet attack and others which, especially considering these attacks hit a NUCLEAR station, is itself a Pearl Harbour moment. Just not in the US. The fact is US policy is to attack Iran, presumably to trick it into an offensive action and providing a window for the US to attack the oil rich nation (brinkmanship gentlemen). The US has already murdered Iranian scientists, bombed Iranian citizens, and flown spy-drones over Iran. All flat out war-crimes.
Reading US fears of Iranian threats is flippin' hilarious.
Re: (Score:2)
I could be crazy but I reckon Irans oil has been desired by the West for decades. And it's important to China, Russia, etc. You have a glut pal? Well good for you. What's that costing us per gallon? Glut you say? What? Sorry, I can't hear you through my tin foil hat.
Why would Iran attack us now? (Score:2)
Say you're Mr. Ahmadinejad and your hackers report that they have access to all kinds of critical systems in the US and Israel. The US takes down your nuclear facility with a computer virus. Do you:
A) Take down US systems in retaliation, causing damage but revealing your enemy's weakness such that they have a chance to fix it.
B) Do nothing. Keep the fact that "all U.S. bases are belongink to Iran" a secret so that if the US ever does attack militarily you can deal them a serious blow at a more opportune ti
Re: (Score:2)
well, since some of the systems claimed are incapable of being "cyber hacked" whatever the fuck that means it's likely that there's some cyber contractors who just find this a very fine way to pump money out of american government.
anyhow.. their own citizens would never know of such happening so they don't give a fuck about doing it. all the iranians have time for caring about is how to keep local dissidents in check, because their biggest fear is that people go over the top and get fed up with the current
Re:I have a theory (Score:5, Insightful)
Re:I have a theory (Score:5, Insightful)
Re: (Score:3, Insightful)
And other countries realize that. They saw what happened with 9/11, and don't want a repeat.
You mean attacking Iraq for absolutely no relevant reason with the 9/11 attacks? I don't see how that could have set an example to other countries.
Re: (Score:2)
"Until then, it's lies."
Until then, it's predictions of risks."
FTFY.
Re: (Score:2)
It's not even really interesting that Iran lacks the ability to do anything to retaliate because of the fact that U.S. critical infrastructure isn't really online enough to be at risk.
Touche.
Yet.
20 years ago, how much of our banking was online? 10 years ago, how much of our social lives were online?
I don't think that we're at war, but it might be a good idea to get our default security up to par before putting a substantial part of our critical and / or physical infrastructure online. That way, when we are at war, we won't get our infrastructure seriously affected at an inopportune time.
Re: (Score:3)
Aren't you mixing up your history books a bit?
For Reichskristallnacht (or Reichsprogromnacht) the pretense used was the shooting of a member of the German embassy in Paris by a local Jew.
The building you might remember is probably the Reichstag (in Berlin) which wasn't bombed but burned (5 years before Reichsprogromnacht) and the alleged arsonist's connections to left parties were used as pretext to repeal several citicen rights, pursue left parties and thereby ensure the victory of NSDAP at the next electi