US Unable To Win a Cyber War 327
An anonymous reader writes "The inability to deflect even a simulated cyber attack or mitigate its effects shown in an exercise that took place some six days ago at Washington's Mandarin Oriental Hotel doesn't bode well for the US. Mike McConnell, the former Director of National Intelligence, said to the US Senate Commerce, Science, and Transportation Committee yesterday that if the US got involved in a cyber war at this moment, they would surely lose. 'We're the most vulnerable. We're the most connected. We have the most to lose,' he stated. Three years ago, McConnell referred to cybersecurity as the 'soft underbelly of this country' and it's clear that he thinks things haven't changed much since then."
Stupidity of leadership... (Score:5, Informative)
If you watched the broadcast of this exercise on CNN, you heard many people arguing for things that the government just can't do such as ordering telcos to disable all smartphones, suspending rights, and even nationalizing the power companies.
They spent so much time being told by the simulated AG what they couldn't do, they didn't have time left to discuss what they could do.
Bunch of BS (Score:4, Informative)
Re:Stupidity of leadership... (Score:3, Informative)
Except it probably won't be as simple as lots of evil malicious traffic originating from... say... the hypothetical Peoples Republic of Anich.
And then you can just block all of Anich and you won't be under attack any more.
The traffic of such a cyberattack could conceivably originate from all over the world, including from your own country - originating from compromised personal computers with fast broadband connections. Or even from the very modems or Internet sharing devices that connect their homes to the Internet.
All you'd have to do, from that point on, is to have some way to send command and control traffic to the botnet inside the borders of the country you're trying to attack. And even that traffic could conceivably be hosted by some country neutral in the conflict.
Re:Why is infrastructure connected? (Score:5, Informative)
In this simulations, they weren't. The public cell phone network had a widespread trojan, which went on to attack the public Internet. With phones and data down, they weren't able to respond to simple bomb attacks on a few power locations, and the power grid collapsed.
The threat to the power grid wasn't that that it was cyber attacked, but that a conventional attack was much more powerful when there was no way to direct the repair people. With no way to direct truck drivers or send orders, there was no way to get gas to critical things like hospital and police to run generators.
The team lost the wargame, and was punished by having to be interviewed by Wolf Blitzer.
Re:Stupidity of leadership... (Score:4, Informative)
read:
http://webtorque.org/wp-content/uploads/malware_biz.pdf [webtorque.org]
The organised malware business is already leagues ahead of anything script kiddies use.
it's embraced outsourcing.
The people writing viruses these days are professionals.
They're not doing it for the lulz like when we were kids, it's cold hard business.
They teenagers who used to write viruses which turned your mouse into a penis have grown up and now they're not going to do anything unless there's cash in it for them.
The rootkits that are out there are already more advanced than the rootkit detectors and even the best AV programs have perhaps a 20% hit rate. (not miss rate)
They already have countermeasures ready for security measures that we haven't even deployed yet
Re:SysAdmins in Cyberwarfare put on black hats. (Score:3, Informative)
Have you heard of Infragard [infragard.net]?
Re:Stupidity of leadership... (Score:4, Informative)
An honest loss? (Score:3, Informative)
The military has conducted dishonest wargames [armytimes.com] before, gaming the rules to prevent the Red team from achieving a politically distasteful victory. Perhaps the parties involved can learn from their loss instead of pretending it didn't happen. Of course, if the Red Team was supposed to win, in order to bolster budget requests and score political points, we're back to meaningless pantomimes.
Re:cyberwar = bullshit (Score:4, Informative)
dont buy this cyberwar bullshit. they are just using it as an excuse to justify internet control schemes they want to bring upon you americans. remember how terrorism was used to bring liberties-infringing 'security' measures in all aspects of life. its the same shit, repeating itself.
do NOT buy it.
From an article about the "mock cyber attack": [net-security.org]
"...A bevy of former top US officials were given various roles to play:
The entire scenario was thought up by Michael Hayden, the former CIA Director, and the faux attack began with malware masquerading as a free March Madness application for smartphones...."
Not only the same shit, but the same shit doled out by the same people.