Forgot your password?
typodupeerror
Encryption The Military Government Security IT

Separating Cyber-Warfare Fact From Fantasy 111

Posted by timothy
from the joshua-called-me dept.
smellsofbikes writes "This week's New Yorker magazine has an investigative essay by Seymour Hersh about the US and its part in cyber-warfare that makes for interesting reading. Hersh talks about the financial incentives behind many of the people currently pushing for increased US spending on supposed solutions to network vulnerabilities and the fine and largely ignored distinction between espionage and warfare. Two quotes in particular stood out: one interviewee said, 'Current Chinese officials have told me that [they're] not going to attack Wall street, because [they] basically own it,' and Whitfield Diffie, on encryption, 'I'm not convinced that lack of encryption is the primary problem [of vulnerability to network attack]. The problem with the Internet is that it's meant for communication among non-friends.' The article also has some interesting details on the Chinese disassembly and reverse-engineering of a Lockheed P-3 Orion filled with espionage and eavesdropping hardware that was forced to land in China after a midair collision."
This discussion has been archived. No new comments can be posted.

Separating Cyber-Warfare Fact From Fantasy

Comments Filter:
  • Surely they're not trying to suggest that my l33tness *doesn't* make me more attractive to women?

  • by HungryHobo (1314109) on Friday October 29, 2010 @08:16AM (#34061172)

    Audit your code.
    Don't try to tac security on at the end, build it in from the start.
    Don't assume that the other security layers will hold so yours isn't important.(when i was working in a large tech company this was the most common problem, everyone thought the security above or bellow their own applications or systems was secure enough that they didn't have to worry too much about it themselves)
    Make sure your coders know enough about the various types of attack that they know what they've got to defend against.

    use Default Deny not Default Permit.
    don't try to Enumerate Badness. it doesn't work.
    Don't rely on Penetrate and Patch . it works badly.
    Don't expect average users to get educated about security, they only care about security enough to not get fired, they will also pick awful passwords 99% of the time and will use Pass1234 if asked for uppercase,lowercase and numbers.
    patch your systems.

    Fire anyone who writes the domain admin password on a postit and sticks it to their monitor.

    • by BLKMGK (34057)

      Oh come on, everyone knows that a security review of code is just the last speed bump to getting a program out the door! Usually done right after most of the contributing programmers have been moved on to other programs. Doing security from the beginning would be more expensive for heaven's sake! /sarcasm

    • Re: (Score:2, Interesting)

      by Pink_Ranger (1024741)
      *Default Deny
      *don't enumerate badness
      *forget about user education

      This sounds really familiar. Are you the author of this article [ranum.com]?
      • by hitmark (640295)

        Or perhaps someone that have memorized it. And yes, i noticed the same familiarity when reading the list.

        There are some parts of the article i agree with (the "default permit" issue for one) but others, dunno.

      • no, just a fan, there's one or two points in there I don't totally agree with but for the most part it makes good arguments.

    • by sakdoctor (1087155) on Friday October 29, 2010 @09:29AM (#34061644) Homepage

      Security is best outsourced entirely to a company with a metal effect logo and lots of padlocks on their website.
      The most important aspect of security is the visualisation shown to the end user.
      All workstations should be protected by at least a green spinning cube.
      Voice recognition or hand print scanners are the way forward.
      Light your server room from above very slow spinning fan blades.
      Factor in around one henchman in black, per 100 servers.
      Have web access to all critical systems. input[type="password"]{ font-size:1000%; }
      Have a physical self-destruct (as in a bomb), to destroy all your unencrypted data, if you simply get overwhelmed by Russian hackers in quasi-futuristic clothing.

      • by shugah (881805)
        Employ a 12 year old to penetration test your security. Type really fast
      • It's important to protect your access terminals considering that it consists entirely on a keyboard with a perfectly aligned square buttons devoid of characters identifications on them and a monochrome green screen with "PASSWORD:" displayed on them along with a blinking cursor in 4 inch tall font.
  • Not to sound like my tinfoil hat has gotten too tight, but really is this warfare? So our grid goes down. Does this mean we can't live? Does it stop us from growing crops, transporting them on trucks, and buying them in markets? Don't we have the resources to build other technologies to provide our food and shelter? If the Chinese crippled us via Cyber Warfare, they would lose all of their economic power. We buy more of their junk than anyone else. If China used this as a method of physically taking over t
    • Not to sound like my tinfoil hat has gotten too tight, but really is this warfare? So our grid goes down. Does this mean we can't live?

      Nobody said we couldn't live like it as the mid 1800's. But considering how much of our lives depend on electricity it's not something to brush off. How many people do you know own wood stoves (or fire wood for that matter) in case they lost power for weeks in the winter?

      • And how likely is that?
        Really.

        Worst case scenario is someone might disrupt things for a few hours or a day or so while the local admins sort things out though the fact that hackers don't seem to have ever managed that yet makes me sceptical even of that.
        That might be enough to give one side an advantage in some kind of military conflict but is fairly useless on it's own.

        • But... there's a still that small chance! Therefore, technology is bad and we should get rid of those newfangled computer things!

        • I was thinking more on the lines of causing equipment to malfunction and break rather than a network error. But it's not really my area of expertise. You'd think there would be backups. I'm thinking back to the 2003 northeast blackout [wikipedia.org]
          • by peragrin (659227)

            Most safeties are hard set. There are fuses that trip to protect equipment from actual damage.

            The 2003 blackout lasted for hours. Once the grid shut down most of the work was isolating the bad sector and restarting the systems. It does take a little while to restart a generator. Hackers might be able to target one or two nodes but to infect 10000 from various manufactures over a 20 year period is a different story.

            Sticker does prove it is possible but actual damage was limited. However with stuxnet now out

    • Re:Warfare? (Score:4, Insightful)

      by HungryHobo (1314109) on Friday October 29, 2010 @08:21AM (#34061202)

      China is just the current bogeyman.
      there's no shortage of attacks from hackers anywhere, but I'm told china used to be a good place to bounce attacks through and there probably is a certain amount of corporate espionage.

    • Re:Warfare? (Score:5, Interesting)

      by advocate_one (662832) on Friday October 29, 2010 @08:28AM (#34061242)

      Not to sound like my tinfoil hat has gotten too tight, but really is this warfare? So our grid goes down. Does this mean we can't live?

      You've already had examples of how things break down when the power goes out during the previous major blackouts... imagine it being nationwide and more than 48 hours in duration... you cannot cope with that... people WILL be fighting for food and water...

      There were fights in supermarkets in Gloucestershire over bread and water when the floods hit in 2007...

      They were minutes away from having to order the evacuation of most of the county if the flood defences had failed to protect the major electricity substation supplying a large part of the county including the city of Gloucester... the main water treatment plant was taken out by the floods and we were having to use water trucked in and distributed via water bowsers for several weeks until the plant was repaired and the water mains had been flushed out and treated

      • by caluml (551744)

        if the flood defences had failed to protect the major electricity substation supplying a large part of the county including the city of Gloucester

        ... if the flood defences had failed to protect the major electricity substation supplying a large part of the county including the UK Government's listening HQ, GCHQ....

        FTFY

        • ... if the flood defences had failed to protect the major electricity substation supplying a large part of the county including the UK Government's listening HQ, GCHQ

          GCHQ has it's own independent backup supply... you don't think they'd have built it without one now?

      • by ledow (319597)

        Any civilization is only three meals away from revolution.

      • When the remnants of Hurricane Ike came though our area, we lost power for about two weeks. A pretty large area including rural and urban areas were out. Most of the rural areas were on wells. Well pumps don't work without electricity. There were no fights. There were no hoarders or scalpers. (Well... Generators did disappear quickly) We had no perishable food for a couple of weeks, but we survived without cannibalism.

        There was less civil unrest than your standard UK Soccer/Football match.
      • Re:Warfare? (Score:5, Insightful)

        by mcgrew (92797) * on Friday October 29, 2010 @10:27AM (#34062232) Homepage Journal

        Wow. I thought the US was supposed to be "cowboy country" and so violent. When Two tornados tore through my town [slashdot.org] the power was out citywide overnight, and took a week to get back online in many neighborhoods (including mine). Nobody rioted, despite stores being closed for several days (and many stores for a month, as the buildings were badly damaged). I ran out of cat food, one open store that was without electricity was using an old-fashioned credit card reader that relied on carbon paper.

        Hell, as chronicled in the linked journal, damaged bars were open the next day, with folks drinking by candle light.

        They didn't even riot during Katrina.

        • by evilviper (135110)

          Being "cowboy country" helps, rather than hurts, in a disaster. I'm not going of on a guns make us safer diatribe, but rather, if you recognize the world around you is dangerous, you prepare for it.

          What kills people isn't harsh weather, but UNCHARACTERISTIC weather. Eg. Blizzards in a normally mild climate. Heat waves in colder areas, etc. Hell, people gathering together on the beach to go watch the hurricane barreling down on them.

          City dwellers in particular are most often guilty of having no margin o

        • by elrous0 (869638) *

          Yeah, but could you have lived like that for months (or even years), without any outside assistance?

          • by mcgrew (92797) *

            Since they came in March, well, maybe. A disaster that came in November and lasted months probably would bring chaos.

      • by The Dodger (10689)

        > There were fights in supermarkets in Gloucestershire over bread and water when the floods hit in 2007...

        Let's be fair, they don't really need an excuse to fight in Gloucestershire.

    • Re:Warfare? (Score:5, Insightful)

      by chrb (1083577) on Friday October 29, 2010 @08:31AM (#34061260)

      The article quotes Richard Clarke on a hypothetical Chinese cyber attack:

      Within a quarter of an hour, 157 major metropolitan areas have been thrown into knots by a nationwide power blackout hitting during rush hour. Poison gas clouds are wafting toward Wilmington and Houston. Refineries are burning up oil supplies in several cities. Subways have crashed in New York, Oakland, Washington, and Los Angeles. . . . Aircraft are literally falling out of the sky as a result of midair collisions across the country. . . . Several thousand Americans have already died.

      Firstly, China isn't going to attack the U.S. - going to war with one of your largest trading partners and a nuclear armed state would be stupid. But if China were to wage war on the U.S. then the deaths of a few thousand people and the associated chaos would be chickenfeed compared to the effects of nukes raining down on American cities. I wonder whether this kind of alarmism is meant purely to scare people into accepting increased defence spending, or whether the people at the top honestly believe what they are saying?

      • I agree here - I think the Chinese are more trying to settle on economic dominance rather than military. They're not invading, they're trying to buy. Unfortunately, they're in a precarious position - they loaned us all this money and really can't do a whole lot if we decide to default.
        • it's a little more complex than just deciding to default but yes, as a general rule trying to kill your debtors isn't a good idea.
          Also china has it's own debt, who owns that?

          • by maxume (22995)

            If China has a big debt, don't you think they would try to use their hundreds of billions of dollars to pay it off?

            Their net position is a lot more important than the details of whether they have used debt to finance this or that, and their net positions is that of lender.

            • Re: (Score:3, Interesting)

              by jgtg32a (1173373)
              I can't explain it very well, but the reason China buys so much debt is because it is part of their currency control. Basically by buying debt that temporarily removes their currency from the market, which allows them to print a lot of money but avoid that pesky inflation business. I think that's about right.
              • You are confusing external debt with public debt. It looks like China's government has a huge public debt, that is owned by chineese people. Also, China is a huge external credor, that means, chineese people (including governemnt) owns way more debt of foreign people (again, including governemnt), than foreign people owns chineese debt.

                A government may issue public debt to remove money from the market and contain inflation. By the way, they only do that if they are serious about fighting inflation, what Cin

        • Re: (Score:3, Interesting)

          by MaWeiTao (908546)

          China is looking for dominance on every level. I'm convinced they want to be the next superpower. Certainly, focusing on economic might is at the forefront. China isn't shoveling an ever increasing amount of money into military spending for fun. In pretty much every area you can think of technology, space, banking or infrastructure they're heavily invested. If they were interested in only economic might they would be taking Japan's approach, but obviously that's not their intent.

          China is likely not intendin

        • by Amanieu (1699220)
          The only problem with defaulting your loan is that you'll have a hard time finding people willing to lend you money in the future.
      • by gtall (79522)

        It isn't the U.S. under threat, it is Taiwan. China wants to be in the position to dissuade the U.S. from coming to Taiwan's defense when China finally loses her mind and invades. It doesn't need to attack the U.S. to do this, just nibble a bit at the edges.

        • by MaWeiTao (908546)

          China will never invade Taiwan. China has far too much to gain from Taiwan economically. And, not only that, the current administration of Taiwan has gotten quite friendly with China. Many Taiwanese are more pragmatic and value the money they can make in China more highly than national pride.

          The only way China would invade Taiwan is if their economy collapsed, or at least they faced a serious economic downturn which is bound to happen. But by then they may be close enough that a military invasion wont be ne

          • by TheEyes (1686556)

            China will never invade Taiwan. China has far too much to gain from Taiwan economically. And, not only that, the current administration of Taiwan has gotten quite friendly with China. Many Taiwanese are more pragmatic and value the money they can make in China more highly than national pride.

            The only way China would invade Taiwan is if their economy collapsed, or at least they faced a serious economic downturn which is bound to happen. But by then they may be close enough that a military invasion wont be necessary. And anyway, China has bigger fish to fry.

            The reason China will eventually invade Taiwan is to distract the populace from its inherently corrupt one-party rule, similar to the way the US invaded Iraq to distract from Bush's falling approval ratings. As the middle class in China grows, there will be more interest in being able to affect changes in government, which the Communist Party will try to divert into nationalistic pride when it invades one or many of its neighbors over some overblown, imagined, or manufactured sleight.

          • by gtall (79522)

            I do not believe your reasoning. I think, with a government that has no legitimacy (neither elected nor ordained from the Heavens...and corrupt to boot), the alleged leaders of The Party will sooner or later get their tail caught in crack. Maybe it will be the economy, maybe it will be some military adventure their Asean neighbors are beginning to ally against; the possibilities are endless when your government has no legitimate way of changing to adjust to the Proles. When that happens, Taiwan is as good a

      • Re:Warfare? (Score:5, Informative)

        by grcumb (781340) on Friday October 29, 2010 @09:04AM (#34061482) Homepage Journal

        I wonder whether this kind of alarmism is meant purely to scare people into accepting increased defence spending, or whether the people at the top honestly believe what they are saying?

        If you read TFA all the way through, Hersh is clearly making the case that the entire body of 'cyberwar' rhetoric is little more than a power (and budget) grab. One of the more interesting quotes comes from a security analyst who says most of the electronic espionage we see these days comes from allied countries, and it's mostly economic in nature.

      • I saw that Bruce Willis movie ... it wasn't that good. It was all based on a '97 speculative tech article that was based on a speculative post coldwar war game exercise that might as well have included zombies in its ridiculousness. They had to come up with something since they no longer had a red bogeyman that could do an unknown number of things to the west ... well, until we saw that all they had hiding behind their huge iron wall was a tiny limp dick.

        That's not to say we're not vulnerable to things like

      • by BLKMGK (34057)

        Are you seriously attributing sanity to the Chinese? Suppose we didn't know who did it?

      • by Petskull (650178)
        While I agree with most of your post, keep in mind Richard A. Clarke [wikipedia.org] was the National Coordinator for Security and the chief counter-terrorism adviser on the National Security Council for something like 30 years. He may know a little bit about what he's talking about.

        By the way, he wrote a really good book called Against All Enemies [amazon.com], a good look at his perspective during the rise of al Qaeda. A thoroughly interesting read.
        • by _Sprocket_ (42527)

          While I agree with most of your post, keep in mind Richard A. Clarke [wikipedia.org] was the National Coordinator for Security and the chief counter-terrorism adviser on the National Security Council for something like 30 years. He may know a little bit about what he's talking about.

          But does that make him qualified to understand information security issues? I've seen an unsettling increase in physical security specialists taking on information security roles and being rather clueless about it. While the general mindset isn't entirely inappropriate, there is a tendency to try and force physical security solutions and views on an environment that does not operate under the same rules and restrictions. Granted - my viewpoint isn't anywhere near the level of the world view that Clarke o

      • Re: (Score:3, Interesting)

        by Zerth (26112)

        Seriously, a couple thousand dead from this is zilch. You want real scary? Use that "technological prowess" to screw up food transport from rural areas to cities for a month. Or just use the trillion dollars we owe them to corner the agricultural futures market for a month.

        Something like 200 million Americans live in cities and after a month of no or little supply most would either be dead or cannibals.

        That's scary.

        • Yeah, real scary. Also: outlandish. Prices would rise, I guess, and the US diet would get more monotonous -- probably still a lot healthier, though. I doubt a whole lot of people would starve apart from those who you let starve, with or without such a crisis.

    • Distribution of food is partially handled by networked systems. I work as a buyer in a grocery store, we send our orders over the internet to Connecticut, they are checked there and sent to Georgia. Our point of sale systems are Windows terminals with a Linux back-end to manage the database. Credit card, debit card and EBT transactions are handled over the internet. But possible and plausible are not synonyms.

    • by maxume (22995)

      That's actually what the article is about.

    • by BLKMGK (34057)

      Actually it could get pretty bad.

      http://en.wikipedia.org/wiki/Black_start [wikipedia.org]

      Almost all of our power stations apparently rely on outside power to start and have contracts with other power plants to supply this cold start power. There's a power plant in Palestine that is actually a pretty good study in this since obviously resources to keep that plant running are pretty restricted. I read about a black start for that plant done after an air strike damaged it that was done by basically finding as many car batteri

      • What adversaries? Who would have anything to gain from starting a war with the US? People might hate you (and the Europeans, for that matter) for all kinds of reason, but they don't have anything to gain from violence. You expect fundamentalist terrorists to conduct a large scale cyber attack? Or is there any other actor out there irrational enough to attack the US against their own interest? I don't think even Kim Jong Il has it in him. Why are so many Americans constantly obsessed with warfare? It's like

        • by BLKMGK (34057)

          Why would this need to be large scale? Plenty of folks would have something to gain by chaos and apparently many could care less. This need not be a nation state it could be anyone who's malicious. Shipped any toner cartridges lately?

          In any case I think it's pretty obvious that someone screwing with infrastructure could do some nasty damage with little risk to themselves. You can moan about how no one would do that but I think that's foolish. It only takes one asshat with enough skill to make a mess. Better

    • by elrous0 (869638) *

      Considering how much the population has grown since the 19th century (thanks in no small part to petrochemicals, electricity, and other technological improvements), it would seem that not ALL of us could live.

  • I didn't read the whole thing but the first 10 paragraphs or so strike me as nothing but a bunch of half-informed fear mongering from a journalist who doesn't know what they are talking about.

    • by grcumb (781340) on Friday October 29, 2010 @08:45AM (#34061350) Homepage Journal

      I didn't read the whole thing but the first 10 paragraphs or so strike me as nothing but a bunch of half-informed fear mongering from a journalist who doesn't know what they are talking about.

      If you only read the first 10 paragraphs, then you haven't done the article justice. Hersh is renowned for his long-form journalism. It's old-school, I know, but he takes his time to investigate and analyse. He doesn't foist his conclusions on the reader; he presents his take on the available information and leaves the reader to think it through.

      I'll be the first to admit that he's more patient -and more deliberately objective- than most of us. In fact, that's exactly what I wrote about him [imagicity.com] earlier today.

      This is the same guy who broke the story of the My Lai Massacre [wikipedia.org] as well as many of the most important stories about the American military over the last few decades. His sources are impeccable, and his research is world class. Do yourself a favour: load the page onto your favourite e-book reader and take the time to follow his argument all the way to the end.

      • Re: (Score:3, Insightful)

        by _Sprocket_ (42527)

        Whoa. Wait a second. You mean we've been complaining all this time about shallow sound-bite and press-release "reporting" and then they slip in a REAL reporter? With an in-depth story? That requires... reading the whole thing?!

    • by lkcl (517947)

      clearly, it does not fit with your belief structure: it is beyond your ability to cope, so you dismiss it.

      ironically it's worth pointing out that the story is probably beyond the journalist's ability to cope as well, resulting in much garblement.

      but - yeah. please read between the lines, and try not be quite so dismissive. there's more going on here than meets the eye.

  • The Navy’s experts didn’t believe that China was capable of reverse-engineering the plane’s N.S.A.-supplied operating system, estimated at between thirty and fifty million lines of computer code, according to a former senior intelligence official. Mastering it would give China a road map for decrypting the Navy’s classified intelligence and operational data.

    If China had reverse-engineered the EP-3E’s operating system, all such systems in the Navy would have to be replaced, at a cost of hundreds of millions of dollars. After much discussion, several current and former officials said, this was done.

    This makes no sense. Compromise of the OS binary meant that a new operating system had to be somehow created, and every system had to be reinstalled? I can't understand why compromise of a single system led to every other system being vulnerable - that would be a gaping security hole.

    • And you'd think that if it's that sensitive the hard drives would all have blocks of thermite strapped to them to allow them to be destroyed if capture is likely.
      simply knowing the cipher shouldn't compromise any non-awful encryption method unless you have the keys as well.

      • by bsDaemon (87307)

        The keys are present, and there has been key leakage in the past. This is what John Walker was selling the Soviets -- encrpytion keys for the intel messages sent between the NSA listening posts on various ships and Ft. Meade, among other things.

        However, its not just about the keys. It's about the possibility that the Chinese could find a vulnerability in the operating system that could be exploited, or get a better read on what the listening capabilities of the sigint gear is, which means knowing what you

        • by chrb (1083577)

          It's about the possibility that the Chinese could find a vulnerability in the operating system that could be exploited, or get a better read on what the listening capabilities of the sigint gear is, which means knowing what you need to do to better avoid it.

          To your first point - I seriously doubt that the NSA wrote a new operating system from scratch after the Chinese got a copy of the binary of the existing OS. What are they going to do, keep writing a new operating system every time someone gets a copy of the old one? At 50 million lines of code, and a cost of $850 per LOC (NASA is $850 per LOC, and the NSA's code is just as sensitive as NASA's and will have similar development process and associated costs), that would be $42.5 billion. That's crazy. So I wo

          • by bsDaemon (87307)

            The OS is only tangentially related. Was writing an entire new operating system necessary? No, but a thorough code review would have been, just to double-check and see if there was anything there that was missed before that the Chinese might have found.

            The fact that the hardware was in the hands of the enemy is the problem, and software that drives it is part of the whole package. You're still looking at this from an IT perspective rather than a national security perspective. When the incident happened,

      • by BLKMGK (34057)

        Boy that would be a fun ride - strapped into a plane with all of the sensitive equipment set to burn or blow! I do agree that it's disappointing that more wasn't done to destroy the equipment. Perhaps not having the super secret stuff strewn all over would have made it easier? Honestly this is the first I'd heard that what was on that plane was compromised so badly - it was reported at the time that it was all trashed. Did they not have any time on the ground to destroy it or did they bug out the moment it

        • by onionman (975962)

          Did they not have any time on the ground to destroy it or did they bug out the moment it touched down?

          The crew stalled for as long as they could, but the Chinese gave them an ultimatum: come out right now or we will come in shooting.

          The US learned with Gary Powers that giving people suicide orders is a very unreliable way to keep a secret. That's why I wouldn't expect thermite bricks on the equipment in a confined space in a pressurized airplane.

  • by Manip (656104)
    I keep reading these articles about "cyber-warfare" and sometimes I forget that they're talking about my field of expertise. The things they talk about are more akin to some kind of real life battlefield, and they seem to want to push that as the methodology to "fight it." Which seems to involve counter-attacks which make no sense and has little to do with patching and best practices.

    Frankly I feel as if you have a bunch of Generals and politicians who have seen Operating Swordfish, Hackers, and similar
    • FTFA:

      A great deal of money is at stake. Cyber security is a major growth industry, and warnings from Clarke, McConnell, and others have helped to create what has become a military-cyber complex.

      And...

      In July, the Washington Post published a critical assessment of the unchecked growth of government intelligence agencies and private contractors.

      Need we comment further?

    • Good insight. The Chinese lose as much as we do if something like that occurs. Militant Islamists may see that as a goal, but I doubt there are as many "hackers" on their side that know much about what they're doing to really cause something along those lines.
    • by _Sprocket_ (42527)

      Frankly I feel as if you have a bunch of Generals and politicians who have seen Operating Swordfish, Hackers, and similar Hollywood blockbusters - and think that hacking (and security) is this glamorous little battle rather than a spotty nerd installing patches, changing configuration files, and others looking for human mistakes in those configurations/networks.

      We're in a state of transition. Those who have long been charged, in one manner or another, with security have long dealt with the concept within a physical domain. But now they are finding that their role has expanded in to information security. The natural instinct is to apply one to the other.

    • But that all being said, what do I care if some General has a boner for cyber security and wants to invest a few million in a industry I happen to profit from. Go right ahead I say. I just want them to quit attempting to alarm the general public with nonsense threads about hackers setting off a nuclear bomb, shutting down power, and otherwise ending the world.

      But it's the alarmed public (and congresscritters) that justifies the funding.

  • 'Current Chinese officials have told me that [they're] not going to attack Wall street, because [they] basically own it,' and Whitfield Diffie.

    Something is seriously wrong when you don't control your own economy, this can not possibly be sustainable. Someone will want to cash in on this eventually and who knows if anyone will pay up?

    slashdot hit the icon jackpot on this one! 5 icons! woot
    • They don't "own Wall Street", but they do have a considerable investment in US debt. It's simply not in their best financial interest to cause catastrophic problems for our economy.
    • by khallow (566160)

      Something is seriously wrong when you don't control your own economy, this can not possibly be sustainable. Someone will want to cash in on this eventually and who knows if anyone will pay up?

      The quote is a classic communist bluff combined perhaps with the willingness of a member of the press to exaggerate a little. For example, you might recall hearing this one:

      "We are Bolsheviks!" he declared pugnaciously. "We stick firmly to the Lenin precept—don't be stubborn if you see you are wrong, but don't give in if you are right." "When are you right?" interjected First Deputy Premier Mikoyan—and the crowd laughed. Nikita plunged on, turning to the Western diplomats. "About the capitalist states, it doesn't depend on you whether or not we exist. If you don't like us. don't accept our invitations, and don't invite us to come to see you. Whether you like it or not. history is on our side. We will bury you!"

      Point is, you have to consider both what the speaker may have said something different and that deceptive statements are the norm for anything coming out of the Chinese government or its supposed leaks. Also, you have to consider how the mechanism of "ownership" would exist. He's probably just exaggerating the power and influence that co

    • read ron paul's book, "End the Fed". it's an incredibly well-written and well-informed book, showing the disastrous economic reality that is the United States. the financially irresponsible decisions made by successive governments is merely stacking up trouble, and the longer it is "delayed" by further irresponsible decisions, the larger the crash will be.

      the main problem is that the U.S. dollar is the de-facto international reserve currency. this is why china has had a policy, for the past 18 months at

    • by swb (14022)

      Bluff? Translation error? Bravado?

      The Chinese are heavily invested in Treasuries, but they need to in order to maintain their currency peg. Without the ability to hold their currency peg their export-based economy has serious, future-of-the-Party problems.

      But their "control" of these Treasuries is essentially meaningless as a "weapon". For one, the the US could simply void them and unilaterally declare the debt non-payable. This would be an extreme circumstance, but at the end of the day the consequenc

  • Fact from fantasy? Meaning that the text on your computer screen doesn't get reflected on your face and hackers really aren't edgy, thin, clean-shaven hipsters (some of whom are girls) who speak weird slang out of a Gibson novel and define their philosophies by the indie band du jour's latest hit?

    Man, cyber warfare is boring.

  • Just don't use a Windows OS. (ducks and covers)

    No really folks, my mum had an issue recently, the government office used an ActiveX component, over the net, to calculate annual TAX, which caused clients to become unstable and crash. The horror, the horror.

  • Nevermind then! (Score:2, Interesting)

    Schmidt told me that he supports mandated encryption for the nation’s power and electrical infrastructure, though not beyond that. But, early last year, President Obama declined to support such a mandate, in part, Schmidt said, because of the costs it would entail for corporations.

    Oh, well then if it costs corporate America too much then it's a bad idea. But if it costs the taxpayers money, blank checks for everyone!

    Yes, I am well aware that corporations pay taxes. But my point is the double standard applied whenever government mandates something. It's the same with any law. We have water restrictions in the SE - except for businesses. I can't wash my car with my little bucket and hose, but I can go to a car wash and they can use hundreds of gallons of water to wash my car - all beca

    • Re: (Score:3, Interesting)

      by BLKMGK (34057)

      The car wash recycles and filters the water for reuse, do you?

  • by lkcl (517947) <lkcl@lkcl.net> on Friday October 29, 2010 @09:07AM (#34061500) Homepage

    several months back, a very frustrated U.S. General said that it would be a good idea to respond with conventional military strikes in response to cyber "warfare". the problem with that, and the problem with using the word "warfare" at all, is that "warfare" falls under the international treaties that make up the geneva convention.

    to spell it out: should someone make a physically violent attack on a citizen of another country who did nothing more than accept an open invitation to manipulate infrastructure which should never have been open in the first place, then all citizens of that country have the right - THE RIGHT - to respond with physical violence against ALL the attacking country's citizens, and against ALL assets and territories of the attacking country.

    put simply: no matter what the "excuse", if you attack one country's citizens, you have declared war on that country, and they can LEGITIMATELY attack back.

    this is the definition of war.

    so it is very, very stupid to link the two words "cyber" and "war" in the same sentence.

    regarding the espionage issue and the infrastructure issue: it's very very simple. the best way to protect assets is not to connect them to the outside world! sometimes i have difficulty understanding why this is not understood. it's very simple: pull out the plug! to fail to take this simple precaution is to INVITE attack, and the consequences have to be accepted!

    but yes: the "ownership" issue is very telling. america and europe's reliance on cheap chinese products basically places them entirely into china's debt. they really aren't kidding when they say "we own you" - why do you think the U.S. is devaluing its currency so rapidly! they're playing exactly the same trick that Hitler's government played on its war reparations of the first world war. ... we live in interesting times, boys and girls...

    • by ledow (319597) on Friday October 29, 2010 @09:25AM (#34061624) Homepage

      Since when has the US cared about the Geneva Convention? There are more than one Geneva Convention, for a start, and the US never ratified two of those. Those it did, it regularly breaches - you have things like Guantanamo Bay which is still operational and where sleight of hand is used to endorse various forms of torture against people because it's unclear if they are prisoners of war or not.

      The US has to decide - either it's at war, and thus the prisoners it holds have the rights of prisoners of war (and, come on, just show some god-damn humanity too), or it's not in which case why is it bombing another country including its civilians? And if that country attacks back, surely that's just an act of war too and nothing that can be condemned? Listen carefully - they have a "war on terror" and even that phrasing has been phased out. You can't be "at war" with a concept rather than a particular country. And if you are "at war" with someone then pretty much any act they perform against your military and (if the US is playing the same game) your citizens is fair game.

      The US has much, much bigger problems to worry about that a few hackers, and should be disgusted with itself. Land of the free? Only if you're not foreign-looking, only within the bounds of the US borders (so we'll take you to a foreign country where you don't have those rights), only if you can prove you've never done anything wrong despite never being given a trial. Home of the brave? How much courage does it take to beat, torture and humiliate a captured prisoner? The US doesn't care and even claims that things like an American "Internet kill-switch" would be at all useful in an *international* network - sever routes to the US (just in case their "kill switch" means active attacks against peers) and everyone else carries on as normal. All it could/world ever do is censor the US population.

      To be honest, if the US military *is* seriously worried about such things as cyber-warfare over the Internet, then they really don't know how to design a military system.

      • Re: (Score:3, Informative)

        by BLKMGK (34057)

        It's not the military systems that are at risk with regards to "warfare" but rather the industrial systems that are public and supply things like water, electricity, and sanitation.

      • by argStyopa (232550)

        1) The fact that the US hasn't ratified 2 of them (dunno if that's true, not taking the time to look it up) would conversely confirm that we DO take them very seriously, not the opposite.
        2) if you want to talk about conforming strictly to the Geneva conventions, then the US military would have been totally within its right to summarily execute all non-uniformed combatants in Iraq or Afghanistan. Either it's a war, and they are nonuniformed combatants that can be executed, or they are bandits operating in a

    • The US has already declared war on (their NATO partner) The Netherlands for housing the International Court of Justice. In the US, declaring war is a national sport.
    • he happens to see on the street. Sweet.

    • I have heard the current economic situation between US and China described as "Economic M.A.D.". I found it a telling enough description to bear repetition.
    • A lot of things you write are wrong -- for instance, attacking one country's citizens does not declare war. Regarding the relationship between cyber war and conventional war: There are several kinds of computer attacks. Simple computer espionage certainly is no reason for a way, and neither are computer attacks that merely inconvenience the other party. Simple economic damage falls under that category. However, computer attacks that cause or can be expected to cause injury, death, damage or destruction qual

  • by Anonymous Coward

    ..the one that shows idiocy of before unheard proportions, and which makes me wonder how some people can attain such a high position anywhere..

    Lynn also alluded to a previously classified incident, in 2008, in which some N.S.A. unit commanders, facing penetration of their bases’ secure networks, concluded that the break-in was caused by a disabling thumb drive; Lynn said that it had been corrupted by “a foreign intelligence agency.” (According to press reports, the program was just as like

    • I was going to post the same thing but you beat me to it...

      OK, now who's fault is this? Clearly in some previous "cybersecurity" article on Slashdot, some jokester said "Want your computers secure? Just fill all the ports with epoxy glue! You'll never catch a virus again!" Then some military guy with a buzzcut and a scar on his cheek doing "cybersecurity research" ran across this, exclaimed "Holy shit, this is brilliant!" as he quickly printed it and ran to the office of a high-ranking Pentagon officer.

      "Sir

  • The article itself is a very good read eh. (Which is probably why there are not that many comments here yet (RTA FTW). It focuses mostly on the war/espionage aspects and has very few mentions of privacy and such, downplaying it rather well. The interesting thing I learnt is that the NSA is pretty messed, [the article saying they] want security but they would rather know everything about everyone. In all, it's probably all hype eh. Sure there are implications of damage war can be brought, but as the article
  • I enjoy (Score:3, Insightful)

    by nimbius (983462) on Friday October 29, 2010 @11:16AM (#34062900) Homepage
    how all these articles focus mostly on China. If this were 45 years ago, you could replace china with soviet union, and cyber warfare with nuclear holocaust. In my opinion this just goes to show how generally targeted and short sighted most american foreign policy really is. There is always something new to fear, new to hate.
  • The problem that a lot of people seem to be missing is that the Chinese control the US 100% - up until the point where we say they do not. The US has two solutions: devalue the currency such that the debt is worthless and probably pointless as it could be paid off by anyone, or simply repudiate the debt, saying we don't owe it anymore.

    There is no "international court" that would rap the US on the hand to say "No, no, you have to pay." If the President were to declare the debt null and void the US would ta

You can do more with a kind word and a gun than with just a kind word. - Al Capone

Working...