Officials Warn: Cyber War On the US Has Begun 292
snydeq writes "Security pros and government officials warn of a possible cyber 9/11 involving banks, utilities, other companies, or the Internet, InfoWorld reports. 'A cyber war has been brewing for at least the past year, and although you might view this battle as governments going head to head in a shadow fight, security experts say the battleground is shifting from government entities to the private sector, to civilian targets that provide many essential services to U.S. citizens. The cyber war has seen various attacks around the world, with incidents such as Stuxnet, Flame, and Red October garnering attention. Some attacks have been against government systems, but increasingly likely to attack civilian entities. U.S. banks and utilities have already been hit.'"
Re:US Agencies warning about other US Agencies? (Score:5, Informative)
This massive new expenditure of money is not primarily devoted to defending against cyber-aggressors. The US itself is the world's leading cyber-aggressor. A major purpose of this expansion is to strengthen the US's ability to destroy other nations with cyber-attacks. Indeed, even the Post report notes that a major component of this new expansion is to "conduct offensive computer operations against foreign adversaries".
As Wired's Ryan Singel wrote: "[McConnell is] talking about changing the internet to make everything anyone does on the net traceable and geo-located so the National Security Agency can pinpoint users and their computers for retaliation."
Don't forget that McConnell is the chode who got the telecoms retroactively immunized for their participation in the illegal NSA domestic spying program.
Re:"Cyber 9/11" (Score:4, Informative)
Re:arrogant bankers (Score:5, Informative)
this is why the banks are a perfect hacker target. they are full of arrogant, ignorant people whose main judgment on whether something is important or not, is what their buddies think. since their buddies are all bankers, they kind of have a myopic view of the world.
I assure you, the people who do IT here know exactly what they're doing. You're talking to one of them right now. Besides a corporate culture and management that supports and leverages their IT resources, the lawyers and reams of federal laws governing the business simply won't allow what you're proposing to happen here or at any other major financial institution in this country. Again, I cannot comment directly on specific business practices, nor can I act as a spokesperson for the business I work for, but as an IT professional, I would stake my reputation on the security here being sufficient to prevent the kind of damage discussed in the article. Is it perfect security? Of course not. It is sufficient security.
i used to work at a 'financial institution', and let me tell you, its running everything from DOS to WinNT to WinXP ---- everyone brings their cellphones and USB sticks and plugs them into their computers to charge, everyone visits any website that pops into their mind without thinking about security. machines are running all kinds of versions of IE, sometimes back to 6.0, often unpatched.
You should call the government then and step forward to collect your million dollar whistleblower bonus then. Cell phones aren't connected to the network, and as to anything being plugged in via USB... I happen to know for a fact that any unrecognized devices that are connected to any workstation generates a security alert in realtime. The offender usually has a visit by security accompanied by his/her manager in a matter of minutes. And speaking as someone who works in software packaging and deployment, There is no "all kinds" of anything on the network. As soon as a new version is approved for use (the approval process is extensive, I admit) , it is deployed to all workstations as quickly as labor resources can handle it. There is no "IE6" running anywhere in production here.
everyone visits any website that pops into their mind without thinking about security.
Which is why there are numerous proxies and realtime scanners. I'm sorry if you've been living under a rock these past eight years or so, but google "Intrusion Detection System" sometime. Internet access is something any office worker demands, and worker morale is very negatively affected if it's unavailable. This is a happy medium for most corporations. You're right that an airgapped network would be "more secure" but then so would unplugging the computer and locking it in the closet. I work with security reality, not the security fantasy you're laboring under.
nobody understands even the basic principles of computer security - and despite the banks strong profits,
"Nobody" is standing right in front of you telling you that we not only understand them, we exceed them by leaps and bounds. And in a recent article [wsj.com], those "strong profits" only came about in the last few months. In Fantasy Security, a large business with over 130,000 workstations spread across over 5,000 retail locations can simply push a button and revamp their security because the money is now available, but in Realworld Security, the budget is approved in January, and the plans are made the year before. Everything we're doing now is based on last year's "profits". And by profits, I mean... in the red. Something about a subprime mortgage crisis we're just getting over, I suppose.
the bank branches are full of minimum wage employees who have something like 90% turnover for a year,
Dude, lay off the cheap $3 crack. It's