Officials Warn: Cyber War On the US Has Begun 292
snydeq writes "Security pros and government officials warn of a possible cyber 9/11 involving banks, utilities, other companies, or the Internet, InfoWorld reports. 'A cyber war has been brewing for at least the past year, and although you might view this battle as governments going head to head in a shadow fight, security experts say the battleground is shifting from government entities to the private sector, to civilian targets that provide many essential services to U.S. citizens. The cyber war has seen various attacks around the world, with incidents such as Stuxnet, Flame, and Red October garnering attention. Some attacks have been against government systems, but increasingly likely to attack civilian entities. U.S. banks and utilities have already been hit.'"
"Cyber 9/11" (Score:5, Insightful)
Really? So we're going to see buildings destroyed, thousands murdered? The hyperbole is way out of hand on this one.
Re:"Cyber 9/11" (Score:5, Funny)
Don't you get man?!
The porn! They're going to be deleting all of our precious, precious porno!
It'll be like back in the dark ages again with cave drawings and domestic animals.
Game over man, GAME OVER!
Re: (Score:2)
MY porn is in the cloud, and everybody knows, its pointless to attack a cloud.
Re: (Score:2)
Re: (Score:2)
What if it turns to be only "partly cloudy"? Is your data corrupted or does it turn to softcore porn?
How about overcast? All your pr0n turns to goatse.cx
Re:"Cyber 9/11" (Score:5, Funny)
Re: (Score:3)
You don't need reams of paper. Just do about 50 pages, and repeatedly flip through those 50.
Re: (Score:2)
Moan while wanking.
Re: (Score:2)
Fuck... domestic animals.
Re: (Score:2)
Re:"Cyber 9/11" (Score:5, Insightful)
Well, how else are you going to convince people that they should be spending huge sums of taxpayer money to help private industry do the computer security work they should have already done at their own expense?
But yes, it cheapens the meaning of the real 9/11 when you use it to scare people into responding to non-lethal threats. Apparently, banks and utilities have already been hit, and nobody outside of those organizations even noticed. That tells you how much of a non-threat it is.
Re:"Cyber 9/11" (Score:5, Interesting)
Apparently, banks and utilities have already been hit, and nobody outside of those organizations even noticed. That tells you how much of a non-threat it is.
I can't reveal which financial institution I work for due to company policy regarding social networking, but I can say it is a major one in the United States. Nobody here noticed any "attacks" above and beyond the usual phishing and money laundering crap that comes through every day. Not a peep. Work proceeds as usual. I checked with a few of my friends who have contract gigs at Wall St., and at a nearby state university... none of them have reported anything unusual either.
I appreciate the sentiment, and truly do believe every organization could do to review and update their security and disaster recovery plans. I'm a professional in IT though, of course I'm going to say that; It's good business. However, implying that anything is happening on the networks I manage or that of many others in my profession that could equate to "the next 9/11" is complete hyperbole and, frankly, insulting.
Re:"Cyber 9/11" (Score:4, Insightful)
I think it's more a case of it's appropriations time, and with the looming new fiscal cliff, budget talks, and taxes and cuts, well, departments are going to inflate their needs with hyperbole to indicate that cutting their budget is a bad idea.
Cut DoD? Cyberwarfare! We've got another 9/11!
Cut DHS? Cyber 9/11!
etc.
Re: (Score:2)
Yeah, the headline is kind of weird. It sounds like it goes like this:
> Oh, we detect cyber warfare! (a term we invented so I don't have to understand the difference between information and people/materials).
> More and more computers are attacked! (because we attack other nations and stifle their industry for our own security and economical interests).
> More attacks mean we need to be better prepared to attack more! (because we are not smart enough to make attacks pointless, and don't understand th
Re: (Score:2, Funny)
...says an Iranian teenager, sitting in a Tehran cafe, posting as girlintraining, as logged in through an ssh tunnel to her employer's office.
"muhahaha!" says the Iranian. Posting submit, only slowed temporarily by the captcha: iRonY.
Re: (Score:2)
Re:arrogant bankers (Score:5, Informative)
this is why the banks are a perfect hacker target. they are full of arrogant, ignorant people whose main judgment on whether something is important or not, is what their buddies think. since their buddies are all bankers, they kind of have a myopic view of the world.
I assure you, the people who do IT here know exactly what they're doing. You're talking to one of them right now. Besides a corporate culture and management that supports and leverages their IT resources, the lawyers and reams of federal laws governing the business simply won't allow what you're proposing to happen here or at any other major financial institution in this country. Again, I cannot comment directly on specific business practices, nor can I act as a spokesperson for the business I work for, but as an IT professional, I would stake my reputation on the security here being sufficient to prevent the kind of damage discussed in the article. Is it perfect security? Of course not. It is sufficient security.
i used to work at a 'financial institution', and let me tell you, its running everything from DOS to WinNT to WinXP ---- everyone brings their cellphones and USB sticks and plugs them into their computers to charge, everyone visits any website that pops into their mind without thinking about security. machines are running all kinds of versions of IE, sometimes back to 6.0, often unpatched.
You should call the government then and step forward to collect your million dollar whistleblower bonus then. Cell phones aren't connected to the network, and as to anything being plugged in via USB... I happen to know for a fact that any unrecognized devices that are connected to any workstation generates a security alert in realtime. The offender usually has a visit by security accompanied by his/her manager in a matter of minutes. And speaking as someone who works in software packaging and deployment, There is no "all kinds" of anything on the network. As soon as a new version is approved for use (the approval process is extensive, I admit) , it is deployed to all workstations as quickly as labor resources can handle it. There is no "IE6" running anywhere in production here.
everyone visits any website that pops into their mind without thinking about security.
Which is why there are numerous proxies and realtime scanners. I'm sorry if you've been living under a rock these past eight years or so, but google "Intrusion Detection System" sometime. Internet access is something any office worker demands, and worker morale is very negatively affected if it's unavailable. This is a happy medium for most corporations. You're right that an airgapped network would be "more secure" but then so would unplugging the computer and locking it in the closet. I work with security reality, not the security fantasy you're laboring under.
nobody understands even the basic principles of computer security - and despite the banks strong profits,
"Nobody" is standing right in front of you telling you that we not only understand them, we exceed them by leaps and bounds. And in a recent article [wsj.com], those "strong profits" only came about in the last few months. In Fantasy Security, a large business with over 130,000 workstations spread across over 5,000 retail locations can simply push a button and revamp their security because the money is now available, but in Realworld Security, the budget is approved in January, and the plans are made the year before. Everything we're doing now is based on last year's "profits". And by profits, I mean... in the red. Something about a subprime mortgage crisis we're just getting over, I suppose.
the bank branches are full of minimum wage employees who have something like 90% turnover for a year,
Dude, lay off the cheap $3 crack. It's
Re:"Cyber 9/11" (Score:4, Informative)
Re: (Score:2)
Funny. I thought that *was* the real meaning of 9/11. It didn't take any longer than 10/11 for that to hold.
Re:"Cyber 9/11" (Score:5, Interesting)
Really? So we're going to see buildings destroyed, thousands murdered? The hyperbole is way out of hand on this one.
It's all about strategically timed loss of service to exacerbate tensions:
- Disable electricity during a heat wave in Atlanta = Riot
- Disable communications right after a white police officer is acquitted of beating a black suspect in LA = Riot & Looting
- Disable banking/credit card during Black Friday = Riot, people already riot and trample each other in Walmart without a loss of service.
Basically the US is a powder keg... all it takes is a spark :)
Re: (Score:2)
Re:"Cyber 9/11" (Score:5, Insightful)
That's a very bleak assessment of us :/
Not completely disagreeing with you, but people are capable of other courses of action in dire situations. I was in New York when the power outage happened in 2003 when a lot of the Northeast was completely dark except for a few lights being kept on by generators. This was only two years after 9/11 and the first thought on everyone's mind was terrorism, but no one panicked or rioted except for a few burglaries (those are always to be expected). People were being helped from the subways by fellow passengers, others took care of each other as best they can.
Even after the 2001 attacks, there were people helping out and staying calm (as best they can).
There are instances where people act like they've lost their minds during emergencies, but then they have already lost their minds by the time the rioting starts. The riot is just the symptom of that.
Re: (Score:2)
It's all about strategically timed loss of service to exacerbate tensions.
How would people know to riot if the power is out and they can't access twitter or facebook? When the power goes out, people are more likely to sit and play cards with their family, or go outside and start talking to the next door neighbors they've never met.
If you want to get people worked up, selectively turn people's power back on, turning them against each other. See The Monsters Are Due On Maple Street [wikipedia.org]
Re: (Score:2)
If you want to get people worked up, selectively turn people's power back on, turning them against each other. See The Monsters Are Due On Maple Street [wikipedia.org]
You clearly weren't in the NYC metro area after Superstorm Sandy hit.
Re: (Score:3, Interesting)
Buildings destroyed, probably not... Thousands murdered, perhaps. Why? Because many public utilities run on computers. You hack that system, you can do things like shut off electricity for an extended period of time and very few people have things like a backup generator. That guy with an oxygen pump? Dead. The diabetic who over time has their insulin harden into a jelly like substance because it's not cold? Dead. That hospital that didn't have a proper backup system for power? Many dead.
It's not exactly ha
Re:"Cyber 9/11" (Score:5, Insightful)
The problem is finding an area of the USA where a medium term power loss would not be business as usual, due to 3rd world infrastructure.
Hmm shutdown NYC's power, they'll collapse. Naah tried that short term back in the 00s and longer term last fall due to a mere rainstorm.
Hmm shutdown power in the south? Naah thats called a hurricane, they do that stuff couple times a year no problemo.
Hmm shutdown power in the west? Naah thats called a rolling california blackout, all part of a corrupt plan to increase prices and revenue. No problemo. Heck the crooks who run the place made more money, if anything thats encouraging them!
Hmm shutdown power in the midwest? Naah every time we get a wee windstorm or ice storm or blizzard or pretty much anything but still air, happens all the time. Oh yeah and the damn mississippi is either almost bone dry or flooding the land both causing power issues.
Is there anywhere left where power outages are unusual, maybe even dangerous?
Doesn't mean its not annoying, maybe even a little dangerous. In fact if there's even a hint that foreigners are behind it all, the biggest danger is attacking some other country. If saudi arabians fly jetliners into our skyscrapers we bomb afghanistan, so I assume if Venezuelans shut down the power in Florida for a little while we'd probably respond by bombing Iran.
Re: (Score:2)
The problem is finding an area of the USA where a medium term power loss would not be business as usual, due to 3rd world infrastructure.
You have obviously not lived somewhere that truly has third world infrastructure. Try running water for an hour or two a day, tops. And sometimes going weeks without any running water at all. Or having the power go out a half a dozen times a day, for anywhere from 1 minute to 3 or 4 hours. And that's without any severe or unusual weather. That is standard operating procedure.
Re: (Score:2)
No power could be ugly (Score:2)
Re: (Score:2)
IIRC Germany also declared war to the US.
Re:"Cyber 9/11" (Score:4, Insightful)
Buildings destroyed, probably not... Thousands murdered, perhaps. Why? Because many public utilities run on computers. You hack that system, you can do things like shut off electricity for an extended period of time and very few people have things like a backup generator. That guy with an oxygen pump? Dead. The diabetic who over time has their insulin harden into a jelly like substance because it's not cold? Dead. That hospital that didn't have a proper backup system for power? Many dead.
It's not exactly hard to murder people with a cyber attack, you won't see buildings destroyed like a normal attack though. Cyber attack, you could take out the financial market, which while not of upmost importance to most people these days, if you shut down VISA and Mastercard, there's a good chunk of people that won't have access to their money so getting food and water becomes a problem.
Now do I think this is going to happen soon? Nah... I'm not a doomsday theorist. Can it happen? Sure.
Pretty much every area of the USA is subject to disasters than can cause power interruptions, and already have measures in place to help those that can't survive for an extended period without power. Unless there is wide spread physical damage to repair, a cyber attack power outage will be relatively short lived.
I certainly think that 10's may die, maybe even 100's, but thousands? That seems unlikely. Even Hurricane Sandy's death toll in New York City was only 41
Re: (Score:2)
Katrina caused 1833 deaths. Of course, Katrina was a bit more severe than Sandy, which most of us down N'Awlins way wouldn't even have considered evacuating for....
Re: (Score:2)
Yes you might be able to cause a few deaths by killing all power. You could cause a few more by setting all intersections to ALL Ways Green.
But so what? People will quickly figure it out, cities will simply unplug the stop-lights reverting every intersection into take-your-turn.
You can't do any significant damage to a country, and render them in-capable of responding in kind, or with tomahawk missiles.
This is fear-mongering, plain and simple.
Re: (Score:2)
What about if you erased every US citizen's bank account? Or you decided that those cooling stuff in nuclear plants are to be stopped immediately (probably harder)?
Let's admit that a heck of a lot of things are run by computer these days. A LOT of stuff.
Re: (Score:2)
What about if you erased every US citizen's bank account?
Two words:
Backup Tapes
Re:"Cyber 9/11" (Score:5, Insightful)
Don't you see? If we don't get our pointless billions in wasted defense spending, everyone will die.
Re:"Cyber 9/11" (Score:4, Interesting)
It'll be more like, if you don't give the government insane controls over the internet there will be 100 Chernobyl's in the United States. The legislation is already written. They just need the right opportunity (real of manufactured) to invoke fear and pass it without any congressman being able to read said legislation.
Re: (Score:2, Interesting)
If you hack a bank that causes them to say stop funding a hospital due to a "Computer Error" and people die because the hospital didn't get the resources they needed in time. The hacker is no less evil then a guy who just pushed the button to hit a bomb.
They justify their consciousness because it is just cleaner and they don't have the see the full effect.
Re: (Score:2)
If a hospital can't keep the necessary supplies in inventory to operate should a "computer error" happen and can't be resolved immediately, they shouldn't be a hospital.
No major business is going to operate on a "just in time" basis for financing. They are all going to carry lines of credit or other equivalent with their major suppliers. They are going to have 15-, 30-, 60-, 90-day terms or whatnot for invoicing.
Re: (Score:2)
If you hack a bank that causes them to say stop funding a hospital due to a "Computer Error" and people die because the hospital didn't get the resources they needed in time. The hacker is no less evil then a guy who just pushed the button to hit a bomb.
They justify their consciousness because it is just cleaner and they don't have the see the full effect.
Yeah, it would be the fault of the finance people at the bank that didn't have a manual process in place to secure operational funding.
Re: (Score:2)
Hospitals have ways to deal with this. There are, after all, power outages and disasters frequent enough to cause them to plan ahead, and they can run for over a month with zero funding, and several months once the government steps in.
Re: (Score:3)
Well, if you can sabotage PLCs in a power plant and cause it to blow up, maybe.
Re:"Cyber 9/11" (Score:5, Interesting)
They're talking about an attack on our civil rights, and they're almost certain to win, just like the bad guys won after 9/11.
Wait for the next innocent convenient disaster. Bank led by crooks and con men goes out of business? Oh you say one foreigner tried identity theft once back in '98? Well that cause and effect is obvious, we need to "temporarily" suspend the constitution until the threat is neutralized aka forever.
Re:"Cyber 9/11" (Score:4, Funny)
Personally I like "The Cyber Extinction". It just sounds awesome!
Re:"Cyber 9/11" (Score:4, Funny)
Re: (Score:3)
But Hyperbole is like the best thing EVER
Re: (Score:2, Funny)
Wait until you try Cyberhyperbole!
Re: (Score:2)
Really? So we're going to see buildings destroyed, thousands murdered? The hyperbole is way out of hand on this one.
I think they mean they are going to use the situation to take away more of our freedoms, just like they did after the 9-11 event.
Re: (Score:2)
Re: (Score:2)
The first 10 minutes of this video (05:00 to ~10:00 to be exact) gives a pretty good explanation of "cyber" as used here, I think..
Re: (Score:2)
The first 10 minutes of this video [youtube.com] (05:00 to ~10:00 to be exact) gives a pretty good explanation of "cyber" as used here, I think.. // sorry for double post - closing " missing in first :(
flyncarnak (Score:2)
I can see a future where government regulated software on everyones machine DDOSs Chinese and Russian targets in retaliation while their utilities, banks and institutions networks are raided, backdoored and looted.
Who says the morons in Washington didn't gain anything from ANONYMOUS?
In a perfect world the attacks would be made on spammers and phishers and their ilk.
What a bunch of pansies! (Score:4, Insightful)
So, they put a bug in Russian oil pipeline controlling kit that blows up. They put a virus on Iranian nuclear power testing plants (could have blown up).
And everything was just "The Next Cyber War Could Be Deadly".
But now that the USA's banks are being attacked, "ITS THE NEXT 11/9!!!!!!!!!!"
Fucking drama queens.
Rights attack (Score:5, Insightful)
FUD to steal more of our rights away. "FOR YOUR PROTECTION, we need to monitor everything, sign on the dotted line and everything will be ok. You Can Trust US" MEH.
Anything to keep the masses fearful (Score:5, Insightful)
After all, what with fiscal responsibility looming, we need all the excuses we can get to keep the war funds flowing.
Re: (Score:2)
As long as Democrats are opposed to any entitlement cuts and Republicans to any tax increases or defense cuts there is no imminent danger of fiscal responsibility. I prefer a different conspiracy theory. Since exaggerating the danger of physical terrorist attacks worked so well in limiting out physical privacy rights (see TSA, PATRIOT act etc) similar process will work in relieving us of our online privacy as well.
Re: (Score:2)
Note that if the DoD budget were zeroed, we'd still have a deficit.
Note, likewise, that if either Medicare or SSA were zeroed, we'd still have a deficit.
Tax increases? 30% across the board, and we'd still have a deficit. Tweak that so the "rich" pay more? Probably still a deficit, though if you could couple that with a Congress that wouldn't
9/11 times... (Score:3, Funny)
Spottswoode: From what I.N.T.E.L.L.I.G.N.C.E has gathered, it would be 9/11 times 100.
Gary Johnston: 9/11 times a hundred? Jesus, that's...
Spottswoode: Yes, 91,100.
Bad news on the horizon. (Score:5, Insightful)
I hope I'm wrong, but having seen how people go apeshit with simple "point and click" technologies like guns.......let's see what happens when you get a bunch of old white guys with power trying to lock down things they *truly* don't understand.
Re: (Score:3)
Worse, the wall protecting Wall Street from the consequences of it's crimes is showing cracks. A new scary foreign bad guy must be invented fast!
Well now... (Score:3, Insightful)
Re: (Score:3)
TheDailyWTF is chock-full of stories about massive security holes in company networks, and the persecution/prosecution of anyone who tries to point them out and get them fixed.
There I fixed that for you.
Our little green friend (Score:4, Funny)
It has begun? (Score:5, Insightful)
What the heck is he smoking? China et al. have been attacking the US through computer systems for decades.
Re: (Score:2)
US Agencies warning about other US Agencies? (Score:5, Interesting)
They are mentioning StuxNet and the like as a threat example? So, the US is in danger of malware created by the US ... perhaps loosing viral code on the world wasn't a good idea.
Now, to "protect" ourselves from our government we need to do what ... turn over more information and control to the people that created the problem? Why would I want to give more power to people that have already proven they can't be trusted with it?
This sounds like nothing more than multi-faceted spin control and manipulation.
What I hear being said:
Look, we need a larger budget to monitor this situation.
And more power to get the information we need without the red tape of actually getting warrants.
For your protection against what we've done, you should just give us all your info, all the time.
Re: (Score:3)
well... at least its not for the children this time....
Re: (Score:2)
Re:US Agencies warning about other US Agencies? (Score:5, Informative)
This massive new expenditure of money is not primarily devoted to defending against cyber-aggressors. The US itself is the world's leading cyber-aggressor. A major purpose of this expansion is to strengthen the US's ability to destroy other nations with cyber-attacks. Indeed, even the Post report notes that a major component of this new expansion is to "conduct offensive computer operations against foreign adversaries".
As Wired's Ryan Singel wrote: "[McConnell is] talking about changing the internet to make everything anyone does on the net traceable and geo-located so the National Security Agency can pinpoint users and their computers for retaliation."
Don't forget that McConnell is the chode who got the telecoms retroactively immunized for their participation in the illegal NSA domestic spying program.
I can see big business saying to the feds (Score:3)
Oh! Noz! We need help to keep away the bad hackerz! (terrorists)
We need money to rebuild our infrastructure and a special prosecutor to chase the bad terrorists.
(even though they have been wandering around for the last 40 years with their pants down)
Wrong date/place (Score:3)
Instead of cyber-pearlharbour or cyber-9/11, the right expression should be cyber-normandy. So far the main cyber attacking force comes from US in a lot of fronts, stuxnet/flame (is a nice point to show destructive weapons to scare population without naming that you are the one creating/using them), massive spying on private communications from all the world is being done by US agencies, and intrusive legal initatives are pushed to all governments of the world (SOPA/PIPA/derivates like Spain's Sinde/etc). So far has been a war against freedom, and some of the forces "attacking" US seem to be trying (in a good or bad way) to not lose that freedom.
Is a war of US against the World, and they put the world in front to make you believe that they are the victims.
Re: (Score:2)
FTFA: "From Inquirer Wire Services" (Score:2)
Seriously? why not just use an article from Fox news and be done with it? Banks get hit by attacks constantly. This is not news.
Gross mismanagement, corruption and negligence of companies which spend millions of tax dollars and fail to secure basic computing resources (like encrypted laptops)? Now that's something to call attention to.
Re: (Score:2)
Linux/BSD ...kthxbye (Score:2, Interesting)
Re: (Score:2)
Well, that's the free market in action. It doesn't optimize for the best results, it optimizes for profit, which may or may not produce a good result as a side effect.
It was more profitable for companies to ignore security issues.
It's not a War (Score:2)
The government has simply decided to call it a War because with the wars on "drugs" and "terror" winding down, they need a new bogeyman to make everyone afraid of so they can get the next big round of taxpayer-funded defense grants.
Hacking has been going on since the birth of the Internet, and it will keep going on until global warming turns the Earth into a smoldering cinder.
Uh huh (Score:3, Insightful)
Oh look another "war" without a clear enemy or end in sight...
One that is super simple to avoid you have to wonder why they keep leaving critical infrastructure online.
Shouldn't that be Cyber 00001001/00001011 ? (Score:2)
BITS we'll be blown to, all of us, after all.
SCADA vulnerabilities are quite real (Score:3)
Well... (Score:2)
Not a "War," a Money Grab (Score:2)
The government and/or the powers that be have simply decided to call it a War because with the wars on "drugs" and "terror" winding down, they need a new bogeyman to make everyone afraid of so they can get the next big round of taxpayer-funded defense grants.
Hacking has been going on since the birth of the Internet, and it will keep going on until global warming turns the Earth into a smoldering cinder.
Nothing To See Here (Score:3)
All in all, this is sounding like just another scare tactic to maintain a perpetual state of war, keeping the public paranoid and distrusting of anyone except our "benevolent leaders" who pretend to be looking after our best interests.
Don't forget the post-election attacks (Score:2, Interesting)
Governments declare war on the Internet (Score:4, Insightful)
9/11 comparisons and DoD goons routinely discussing threat from cyber war in terms of parity with nuclear weapons is quite amusing like comparing getting detention with being sent off to a Nazi concentration camp.
Asserting the age old problem of "espionage" is now "cyber" and dreaming up of doomsday scenarios which leave even braindead zombies asking the obvious question how hard is it really to keep "critical infustructure" off the Internet?
I have little doubt real intent of this media blitz and TLA warnings are to create an atmosphere conducive to tolerating government overreach. Overreach which cannot possibly work to accomplish better security for anyone.
If the government really cared about US infustructure being hacked via Internet they would find a legal framework making hacking against every government/public target without any restriction legal by US citizens with some rules against lame attacks (ddos) and intentional non-collateral damage.
Penalize agencies that get 0wn3d. Make it a huge game (with cash prizes) focus on educational resources to help and encourage hacking. Not only do you get better infustructure you get more knowledgable peeps.
Re: (Score:2)
I think that people focus too much on "critical" systems and cyber->physical attacks, and not enough on the value of privately held information. My personal information (photographs, writings, etc) are quite valuable to me. The loss of my personal copies of my financial and legal information would cost me a large amount of time to recover. The loss of my purchased media and software would represent a significant financial loss. I take normal steps to protect my information, but I'm sure it is not safe
Infoworld is full of $hit (Score:5, Insightful)
I'm a security professional. I work for one of the largest banks in the world, in a role directly involving online security.
Putting it succinctly, Infoworld is full of shit.
Yes, there have been attacks. There were also attacks last year. And the year before. And pretty much every year going back to the day somebody first connected a modem to the serial port of a computer with access to the bank's internal network. I have no doubt whatsoever there will be attacks this year, next year, and every year to come.
This is NOT "Cyber 9-11". Not even fucking CLOSE to it. People fucking DIED on 9-11, including two guys I was friends with in college and used to drink, play videogames, and trade warez with all the time. I think one of them might have even jumped, and had to spend ~40 terrifying seconds deciding whether he'd prefer to be killed instantly, or live an extra millisecond or two in searing pain after getting shredded by the steel and glass atrium feet first.
It sucks having to tell your boss that there's a distributed denial of service attack in progress, or someone might have compromised an application and harvested usernames or email addresses (but as of yet, no passwords). It doesn't even come CLOSE to sucking as badly as falling a thousand feet to your death, or getting liquefied and burned alive by 400 million tons of flaming concrete.
Picture sitting at your desk, sipping a latte, checking out the morning's posts on Slashdot, and having a 767 crash into your office at 500mph. A chunk of wing hurls across the floor, tears off your legs, and sends you flying into a column or something solid. You have about a quarter of a second to think, "WTF" before getting engulfed in a fireball and dying more slowly than you'd have otherwise rationally preferred. Now, in that context, try to think of ANY conceivable computer hacking attempt or attack that either keeps people from accessing their accounts or creates fraudulent line items for the forensic bookkeeping team to try and sort out that you'd EVER classify as being worthy of being used in the same sentence as "9-11". Go ahead, I *dare* you.
The world vs US (Score:3)
"We need resources because the war is against us". In real terms, is US the one that is attacking all the others, putting things like they are the victims is intentionally deceptive. The cyberweapons named in the summary (flame/stuxnet) were done and used by US and allies. There are other kinds of cyberattacks going on, like surveillance on everyone [slashdot.org] no matter of country, and pushing laws limiting other countries population (like SOPA, PIPA or derivatives like spain's Sinde law). The motto of this one should be "the war against freedom"
The main attackers so far mostly are people, not countries, that right or wrong say that fight for their (or our) freedom, and odds are badly against them (unless you are anonymous, you will probably get caught despite international laws, no matter where you are). Is a war, and we all are in the hopeless side of it.
Re: (Score:2)
You could live in a oppresive regime without being the target... for a time. Being free mean being able to do the good things, the bad, and the gray ones, without looking over your shoulder because what you did could be seen in another way by someone else. Internet is becoming a mined field, where a private joke [boingboing.net] could mean being deported, where warning people that have insecure sites could put you in jail, where sharing your daughter fotos with your family could have very bad consequences, or giving less f [techdirt.com]
*shrugs* (Score:2)
During the fall of any great civilization, they tend to burn down the libraries. And what is the Internet, but the largest library on Earth? And who wishes to burn it down, but armed forces?
I imagine the Library of Alexandria faced a similar problem.
Oh noes! (Score:2)
Its world cyber war 1, but instead of a dictator intent on conquering the world, like a real war, its a bunch of script kiddys thinking they are clever
everyone be afraid....be very afraid
Surprised?! (Score:2)
Gee, let's take EVERYTHING and connect it all on a giant, publicly accessible, open network that spans the entire world using a protocol suite designed in the 70's with no security in mind.
After that let's stack most everything on top of a protocol intended to serve up static text with some images and links to other text files thrown in. And then shoehorn it into becoming an application delivery platform. And pile kludges 10 layers deep to make it sort of usable.
Seriously, if you run critical infrastructu
Internet designed with no security in mind? (Score:2)
I don't think so, Microsoft was selling Windows NT as the Internet platform for commerce, since at least 1995
Re: (Score:2)
Judging by your lengthy UID I assume you haven't been in IT very long, you're trolling or trying to be funny....
TCP/IP has been with us since the late 1970's. Was the primary protocol in use on the Internet from the early 1980's on. Windows NT has also been the least secure enterprise OS in existence. It took a decade for Windows Security to be considered anything but laughable. Now it's just mildly amusing.
Get off my lawn.
Cyber bullshit War on the US has Begun (Score:3)
"Given the malicious actors that are out there and the development of the technology, in my mind, there's little doubt that some adversary is going to attempt a significant cyberattack on the United States at some point"
Only if you persist in running your infrastructure on that back-doored OS and connected directly to the Internet
Re:Idiots (Score:5, Insightful)
This cyberwarfare has been going on for more than five years now. Do you know how many banks, medical facilities, etc. as well as research institutions have been hit by the Chinese? I won't say whom, but a major US aerospace research corporation has been undergoing an almost constant stream of attacks since 2005...
So has my ssh server. Except that has been going on for much longer.
And when I turn on logging in iptables I see a constant patter of attempts on common windows networking ports as well.
Is this is what constitutes an "attack" in these reports?
My guess is that with public news articles coming out daily and homeland security trying to convince every
little public utility of grave danger and stampede them to harden their system, that these script kiddie attempts, which are
almost universally unsuccessful, are exactly what is being touted as a cyber warfare attack.
Re: (Score:2)
Yeah. It sounds like we've been at war since the mid-90s.
Re: (Score:2)
Re: (Score:2)
Great strategy. Its kept Israel out of so many wars.....
Oh, wait...
Re: (Score:2)
You mean, nine million one hundred and ten thousand? good lord.