Cyberterror Not Yet a Credible Threat, Says Policy Thinktank 165
Trailrunner7 writes "A new report by a Washington policy think tank dismisses out of hand the idea that terrorist groups are currently launching cyber attacks and says that the recent attacks against US and South Korean networks were not damaging enough to be considered serious incidents. The report, written by James Lewis of the Center for Strategic and International Studies, looks at cyberwar through the prism of the Korean attacks, and calls the idea that terrorists have attack capabilities and just aren't using them 'nonsensical.' 'A very rough estimate would say that there is a lag of three and eight years between the capabilities developed by advanced intelligence agencies and the capabilities available for purchase or rental in the cybercrime black market. The evidence for this is partial and anecdotal, but the trend has been consistent for more two decades,' Lewis writes."
bring back the pr0n! (Score:1, Offtopic)
let me share somethin' special with you, which i call perry's perspective. [youtube.com].
Re:bring back the pr0n! (Score:5, Interesting)
Well I think this whole "cyberterror" idea is pretty funny. I even remember that back in 2000 in school we had to write about some article where they described "cyber attacks from China goverment". Has anyone actually proven that China as a goverment is doing those? It still seems like a myth. Considering world is filled with script kiddies, and China+India together have half of the population on Earth, it's not surprising that many percentage of them could be from there.
Another thing is that it's quite hard to launch such a catastrophic, large-scale attack against the internet. Yeah, you can cause some minor annoyance or accidentally route traffic elsewhere like what happened with YouTube for ~30 mins a few years ago, but those are quickly fixed when upstream ISP's responsible notice.
Also isn't terror's one meaning to cause, well, terror? What are you going to on the internet, put a scary picture on google.com (if you even could hack it - I bet there have been many that have tried)? It just doesn't sum up.
Re: (Score:2)
A lot of it depends on what's being attacked, and how.
A concerted effort to blow up / corrupt / poison the DNS root servers? Could be considered as something to worry about. A DDoS against any IP belonging to $targetNation, or even just all major banks belonging to $targetNation? Probably not as much (mostly due to the sheer size of the target, the bandwidth soaking that doing so would require, etc).
Re:bring back the pr0n! (Score:5, Insightful)
But if we consider that usually terrorism tries to get some point across (with inhuman ways) and get people to hear them, causing disturbance for the Internet would be quite stupid, as it's actually the first worldwide medium to get your word across without goverment control like with radio and tv. Terrorism doesn't do terror just for the fun of it, but there's always some reasoning behind it - sometimes rational, sometimes more irrational. However script kiddies do it just for the fun of it, to gain that small time period of fame for randomly hacking something.
Re:bring back the pr0n! (Score:4, Insightful)
As you say, the main goal of terror groups will be to intimidate and cause widespread panic and lasting fear. Now, how that's done depends largely on the environment. If we're talking domestically, e.g. in the US, and I'm going to assume we are, the greatest threats online IMHO are things like identity theft, financial fraud (they're always looking to fund their activities), target profiling, and causing temporary disruptions of service (power, emergency services, telecom, transportation, etc) just before an attack. Those are all places where vulnerabilities are definitely present, and where we could and should definitely make changes for the better. Such a glib assessment that there is no threat smacks of the same arrogance/ignorance that led a certain ship to be called "unsinkable."
Re:bring back the pr0n! (Score:4, Insightful)
So, what's the difference between an attacker looking for fun and an attacker with a political agenda?
Cyberterror is not a credible threat because we're already up to our necks with spammers, script kiddies, whatever. Whether or not they have reasons to do it other than "I want your money", we don't know and we don't care.
Re:bring back the pr0n! (Score:4, Interesting)
But if we consider that usually terrorism tries to get some point across (with inhuman ways) and get people to hear them, causing disturbance for the Internet would be quite stupid, as it's actually the first worldwide medium to get your word across without goverment control like with radio and tv.
You're assuming that:
1) Everyone in the world understands what the Internet offers.
2) That those who would target the Internet don't see it as a symbol of Western power / pride.
3) Everyone WANTS people to have access to a worldwide medium that gives them free access to thoughts and ideas not dictated by their regional government / society.
Re:bring back the pr0n! (Score:5, Insightful)
A guy I work with likes to point out that we always protect against the last terrorist attack, not the next one. You have listed a bunch of things which probably won't work and are not a concern. We should try to think about the things which we are outside our idea of the scope of terrorist operations. Prior to 911 we didn't consider suicide hijackings to be a threat.
Creative thinking ahead (Score:3, Interesting)
Once you start down that route then your hypothetical ideas go three places: people who do not care, government investigative agencies, and actual terrorist groups.
The people who don't really care are probably the people with which you discuss these things.
The government investigative agencies, depending upon the quality of your hypothetical ideas, may begin to monitor or make inquiries about you. Many people are not comfortable with vague gray fuzzy inquiries from vague gray fuzzy characters. Look for t
Re: (Score:3, Interesting)
Yes, things like dragging half of their equivalent of congress out the back and forcing the other half to shoot them. It makes everybody that knows it in anything faintly resembling a Democracy uncomfortable.
But that's not a reason for the invasion, earlier administrations were quite happy to deal with them and some current military allies such as Algeria are far more of a basket case. There were plenty of stupid, petty, greedy or strategic reaso
I think you've got the order backwards here (Score:3, Insightful)
Actually, the decision process went more like this: 1) Iraq deserves to be invaded. 2) How can we justify invading them? 3)I know, let's say they have nukes!
Oh, yeah, and 4) profit (for oil companies).
Re: (Score:3, Funny)
Sounds like somebody's been watching too many X-Files reruns...
There will be a vague gray fuzzy knock on your door shortly. Do not remove any of the crawlies from under your skin -- there's no time for that now. Pack only what you need, wrap your cash in tinfoil to attenuate the signal from the embedded tracking devices, and just RUN!!! When you arrive at the previously agreed-upon meeting place, then we can use my ultrasonic humidifier to examine you and find out how many organs they've already stolen.
Re: (Score:2)
We should try to think about the things which we are outside our idea of the scope of terrorist operations. Prior to 911 we didn't consider suicide hijackings to be a threat.
I disagree. While it may be entertaining to worry about new and innovative ways to cause mass hysteria and panic, we should only give minor attention to potential attacks because, frankly, the field is so wide open that we could spend all our money and not protect us from 1% of it.
For example, even if we had taken suicide hijackers seriously before 911, what would we have done about it? Even after 911 99% of the effort is a total waste - the only useful measures taken have been reinforcing the cockpit doo
Re: (Score:2, Informative)
Not to belabor the point, as he is already rather overexposed, but Bruce Schneier repeatedly makes the point that funding good investigative police work is also an effective measure (because it is often the case that the bad guys are making mistakes, regardless of the particular vector they have chosen to focus on).
Re: (Score:2)
Sure they did consider suicide hijackings to be a threat. This was not new at all. They simply underestimated the willingness to pull it off or that it would have such an impact. Even the 911 terrorists themselves, I'm certain, were sure the towers would not fall as they did.
I consider cyberterrorism less of a threat to my health than drunk drivers are. Anyone who think otherwise, to me, is simply for self-interest purposes. It would simply feed the well known conspiracy theory that malware detection/remova
Re: (Score:2)
Re:bring back the pr0n! (Score:4, Interesting)
"What are you going to on the internet,"
The classic examples are hacking in to the computers that control the power grid(s) and causing a widespread blackout, taking down the air traffic control system, opening flood gates on a dam, or causing a wide spread phone/cell phone outage. Its open to debate how feasible these are but they are certainly plausible and the systems involved may all interact with the Internet now in one form or another.
I find this statement amusing to no end:
"A very rough estimate would say that there is a lag of three and eight years between the capabilities developed by advanced intelligence agencies and the capabilities available for purchase or rental in the cybercrime black market."
It basically implies that advanced intelligence agencies are years ahead in developing the tools for Cyberterrorism. If that were actually true, which I doubt, then why wouldn't you still be "afraid" some advanced intelligence agency will launch a cyber terror attack, or is this submission implying that just because a nation state does it, its not terrorism?
Re: (Score:2)
The classic examples are hacking in to the computers that control the power grid(s) and causing a widespread blackout, taking down the air traffic control system, opening flood gates on a dam, or causing a wide spread phone/cell phone outage.
Except the last one, I dont think those systems should be running on the internet anyway. Even if some terrorist group isn't going to hit them, some script kiddie will.
Re: (Score:3, Interesting)
Air traffic control and power grids are inherently networked operations. You need to transfer planes from one control center to another, and to report loads or faults on the grid to various control centers, or turn generators on and off to balance load across wide areas. Only way you wouldn't have these functions on the Internet is if you go back to using phones to call people which is brutally inefficient and error prone. One hopes these networks are very secure VPN's but who knows.
Not sure if big dams
Re: (Score:2, Insightful)
'only' is a pretty strong word in that particular statement. For instance, imagine if someone ran a network very similar to the internet, except for all of the pesky public access.
Re: (Score:2)
Building an isolated network covering the entire nation is very expensive. Just about all network activity is running over the same backbone. I think by saying virtual private network I was saying what you are saying. But, when you have hundreds of thousands of computers on a private network its exceptionally easy for someone to hang one of them on their LAN too and open the whole thing up to the Internet. If completely private networks were so easy I don't think you would read so many stories of defens
yes, but (Score:2)
"Networked" != "accessible via the internet". While it's possible to break into some of these kinds of networks, it generally requires 1) physical access to a terminal (for wired networks) or 2) at least physical proximity to the system (for wireless networks).
I think it's highly, highly unlikely that bad guys in China or Pakistan or whatever are going to be able to break into systems controlling big, dangerous infrastructure like this
Re: (Score:2)
"Also isn't terror's one meaning to cause, well, terror? What are you going to on the internet, put a scary picture on google.com (if you even could hack it - I bet there have been many that have tried)? It just doesn't sum up."
A list of possible targets:
banking transactions being disrupted tends to terrorize people with money
taking down the power grid can be scary
disrupting mass transit can be scary
actually causing crashes of mass transit would be outright terroristic
publishing false news stories ranks som
Re: (Score:2)
A list of possible targets:
Get real...
banking transactions being disrupted tends to terrorize people with money
Terrorizing bankers? That's likely to win them a medal from everyone else...
disrupting mass transit can be scary
Except the safety-critical parts of mass transit systems are designed to fail safe. Disrupt them and all you get is a bunch of cross people on a stopped train; hardly terror.
actually causing crashes of mass transit would be outright terroristic
And also highly unlikely.
publishing false news stories ranks somewhere between scary and terroristic
Quick everyone! We've got to arrest the "journalists" at Fox News as terrorists!
disrupting news services is at least mildly scary
But disrupting all news sources is really difficult because they are a diverse bunch.
disrupting or taking over Department of Defense networks can contribute to terror
Are we talking about delaying the email of low-level folks (a
Re: (Score:2)
Terrorizing bankers? That's likely to win them a medal from everyone else...
Yes, I would sure love the person who stole my 401K.
publishing false news stories ranks somewhere between scary and terroristic
Gasp your right. In that case all bloggers should be shot. Markos Moulitsas should be shot twice, or at the very least made into even more of a laughing stock then he already is. All readers of blogs are guilty of aiding the enemy and should be punished by being forced to move out of their parent's basement.
actually STEALING Department of Defense secrets is REALLY scary
That's more cyber-spying than cyber-terror. That being said the NSA and CIA spend millions here.
Re: (Score:2)
Terrorising banks: Sure, no biggie -- right up until it happens for the eleventy-seventh time this year at YOUR bank, and you can't use your ATM/debit card/credit card...
Disrupting transit: Similar to above, but add in the perceived risk of actual physical harm.
Deliberately wrecking transit: "Highly unlikely"... like, say, crunching an airplane into a building on purpose?
Publishing false stories: Good thing bogus stories don't get spread by word of mouth as rumors...
Disrupting news sources: Unless, of c
Re: (Score:2)
You hit it on the head of the nail in your last line there- the magic word here is " YET ". The last three ones are deeply troubling if you think about it and the power grid one's much, much more possible than most would think and they're just going to make it more doable with the current Smart Grid stuff they're planning on doing.
Re: (Score:2)
Even things like shutting down power or communications can cause deaths,
Re: (Score:2)
Heh... Rolling brownouts/blackouts over the entire country or a blackout that makes the 2003 East Coast one look like a picnic are very possible and doable right now with the infrastructure the way it is. Do you think that it will be annoying the populace or freaking them out at that point?
Re: (Score:2)
Re: (Score:2)
However, you do raise a good point about "things that affect them directly". I think terrorism, to be effective, requires people to think that it could have affected them. So a random car bomb that kills 10 people is terrifying, because people think they could have been one of those people. On the other hand, thousands of people dying each year because they dri
Re:bring back the pr0n! (Score:4, Interesting)
Having worked for three letter agencies, let me say that yes, China is engaged in this activity. Certainly the Russians, French, US, British, and any other country with a foreign intelligence service. In China's case, it's very hard to officially link it to the government because the PLA owns so many companies in the country they can have one of those entities engage in the action with plausible deniability.
As far as it not being a "real" threat, I'd ask the Estonians what they think about that....
Re: (Score:2)
And your post gets today's award for being a truffle amongst the shit that makes up slashdot.
Re: (Score:2)
PLO, IRA and ETA ?
But what's the real threat (Score:2)
Isn't it true that the main threat from the Chinese, et al, is industrial espionage? I find it very, very difficult to believe that it's even possible to do things like bring down power plants, screw around with dams, etc, over the internet.
Re: (Score:2, Interesting)
Re: (Score:2)
Another thing is that it's quite hard to launch such a catastrophic, large-scale attack against the internet.
That's not the attack of interest.
Also isn't terror's one meaning to cause, well, terror? What are you going to on the internet, put a scary picture on google.com (if you even could hack it - I bet there have been many that have tried)? It just doesn't sum up.
While stealing, destroying, or maliciously altering important data -- financial or medical records, for example, or military technology -- are interesting attacks, most of the interesting cyberterrorism scenarios involve disabling or damaging non-Internet infrastructure, such as power generation.
Re:bring back the pr0n! (Score:4, Funny)
Also isn't terror's one meaning to cause, well, terror? What are you going to on the internet, put a scary picture on google.com
You have gravely underestimated the power of goatse.
Re: (Score:2)
Yeah, well what if they take away all your internet games [slashdot.org], that would be something to be scared about.
One word - SCADA (Score:2)
Ok, it's an acronym, possibly not a real word. But SCADA (jfgi) is the most likely target we need to defend against in any cyberattack. SCADA systems measure voltages, control levels and flip switches on industrial and civil infrastructure systems such as those controlling water and sewerage systems, and running petrochemical plants.
Most of the truly scary scenarios are being looked at by security experts now (disclosure: the company I work for is involved in this sort of work) and a lot of SCADA system
Re: (Score:2)
THANK YOU!
And I'd go so far as to say most of them have not been properly secured. Just putting up TLS security to secure the links isn't good enough. Just piling DNP3 authentication or comparable for other SCADA protocols on top of things isn't good enough.
I've been asking the embarrassing questions for a while now. Which reminds me...need to pester the NIST guys again over something... :-D
Re: (Score:2)
Well I think this whole "cyberterror" idea is pretty funny. I even remember that back in 2000 in school we had to write about some article where they described "cyber attacks from China goverment". Has anyone actually proven that China as a goverment is doing those? It still seems like a myth. Considering world is filled with script kiddies, and China+India together have half of the population on Earth, it's not surprising that many percentage of them could be from there.
I view anything with the "Cyber" prefix that intends to be serious as suspect. It works great in science fiction. Most of what exists in the real world with such naming tends to be a lot of noise with little substance - mere marketing. So I have a lot of skepticism towards "cyberterror" at face value.
But I have a hard time being entirely dismissive of the concept. I've been witness to all manner of attacks on Government and defense contractor networks. Most of them have been very much the described scr
THis is why we go to Defcon (Score:2)
The speaker spent a good amount of time on China and it's history. What it boiled down to is China's cyberware abilities are kind of like militias. They're different local groups tied tightly to the government and to academia.
In contrast, the US seems to either be research associated with academia or action explicitly part of military groups, (like the cyber
Re: (Score:3, Insightful)
That's Why We Must Be Proactive now (Score:2, Interesting)
It seems to me that even if this report was accurate, we shouldn't be resting on our laurels until the threats become credible and too late to stop.
Its clear the best way to stop and prevent terrorism is at the point of planning or in the initial stages, not when the have assembled and planted the bomb. Cyberterrorism should be no different.
We wouldn't want the smoking gun to be a complete breach and shutdown of our networks would we. I favor a more proactive and preemptive approach. Attack them now befo
Re: (Score:2)
Its clear the best way to stop and prevent terrorism is at the point of planning or in the initial stages
yes exactly, because changing things so that noone will have to resort to terrorism is just too easy. and expensive. and inconvenient.
Re: (Score:3, Insightful)
On the contrary. It's too inexpensive and too convenient. Worst of all, it might actually work (though not with politicians in charge).
Re: (Score:3, Informative)
It's not only what's happening with Middle-East. For example IRA [wikipedia.org], which is considered as terrorism group in the UK, "sought to remove Northern Ireland from the United Kingdom and bring about a united Ireland by force of arms and political persuasion.". Not knowing fully whats behind it, but it seems they have a clear purpose that isn't so irrational (and didn't the area used to belong to Ireland people before?). Obviously even you must understand that they're not causing "terror" just for the fun of it, but
Re: (Score:2)
Obviously even you must understand that they're not causing "terror" just for the fun of it, but have some agenda do so (usually so they can get people to hear their agenda, what the goverment doesn't allow)
But online you get groups or cyber-terrorist script kiddies that do it for the lulz because the repercussions don't really exist.
Re: (Score:2)
Re: (Score:2)
Of course to create the whole threat of 'cyber terror' they always claim, script kiddies taking over digitally controlled infrastructure. You know, take over the power plant and cause a melt down, disable traffic lights or even take control of air traffic control systems. The ultimate defeat of that crazy crap, has always been the same, if it doesn't need to be connected to the internet, then don't connect it to the internet.
Now if it is a system that lives depend on and some greedy idiot connected it to
Re: (Score:2)
Of course they would say that (Score:2, Funny)
Re:Of course they would say that (Score:4, Insightful)
Keep in mind that terrorist is a buzzword now, and means 'generic enemy' rather than 'psychological warrior'. Just like 'Commie' during the Cold War, or 'Nazi' during WWII.
Re: (Score:1, Insightful)
Not yet - shouldn't we still care? (Score:4, Insightful)
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Sure, I agree that we might not see cyberterror attacks for years yet. Does that mean we should turn a blind eye to our infrastructure and ignore the issue of proper security?
No but societies have scarce resources with alternative uses and realizing how big a risk this presents versus how big a risk other potential problems present helps us assign priorities. If you are worried about someone breaking in to your house, priority number one should be to get in the habit of locking your doors when not using them. Looking at things like motion lights are good, but locking doors is the best problem to solve first. It is all about relative risk.
Re: (Score:2)
I contend that we're not even at the "locking your doors" stage on a good portion of things out there. I don't think they've figured out the "lock" part of the whole equation there in at least a few of the cases.
terror? (Score:1, Redundant)
my spambox is fullfilled with cyber terror
Depends on the definition. (Score:5, Insightful)
To me, all that fearmongering of "terrorists" (that don't exist) is creating terror itself. So all the censorship and surveillance on the net would be the actual "cyberterror". If there were a point in adding "cyber-" in front of everything. It's just plain terrorizing the people. For the usual reasons: To gain control over them.
Re: (Score:2)
Even if these terrorists did exist, it wouldn't be worth throwing our freedoms away to stop them.
Re: (Score:2)
Okay...
In what way is putting decent security measures, including intrusion detection, into your SCADA network going to be throwing away your freedoms?
It's not.
Instead of decrying the hype and putting up counter rhetoric, why don't we start asking the troubling questions of people and insisting upon getting better answers that will actually mitigate the problem? Doing the rhetoric is as bad as the hype and will just leave us open for another incident like 9/11.
Cyberterrorism is a silly concept (Score:5, Insightful)
A few years back, we had an accidental shutdown of the power supply of most of the eastern North America. It was very inconvenient, and it cost a huge amount of money, and it even resulted in the loss of some lives. But it wasn't terrifying. It was just annoying.
It's not about the amount of damage, it's about the effect. A cyberterror event like a power or communications failure could result in hundreds of deaths, but there's nothing to focus on. A car exploding next to a bistro may only kill two or three people, but it is far more effective terrorism.
For terrorism to be effective, it has to produce terror. That's an emotional reaction, not an intellectual one. And to get that emotional reaction, there has to be real tangible threats, like flames, blood and gore, falling rocks, etc.
Re: (Score:2)
Re: (Score:2)
And that's why I have a generator and half a dead animal in the freezer.
Stupid power company spends more on advertising than they do on maintenance around here, went a week without winter before last and didn't much care for it.
Re: (Score:2)
If New York lost power for more than a week (especially in the middle of winter or summer), there would be real terror. By day four, you'll have fucking retarded amounts of looting. Plus all the deaths from exposure. Maybe the thought of it won't induce terror in us now. But if it did happen, the very idea of shit like that happening in your city would very much induce a terror response. Seriously.
Loss of power does not in any way mean law enforcement would simply abandon the city. I suspect more property damage would occur in a sports riot than in an overloaded power grid. It would be a problem, but police would still be there, and they have probably trained for such scenarios.
Re: (Score:2)
From New_York_City_blackout_of_1977#Effects [wikipedia.org]:
"Looting and vandalism were widespread, especially in the African American and Puerto Rican communities, hitting 31 neighbourhoods, including every poor neighbourhood in the city."
Re: (Score:2)
The police would be overwhelmed as there's most definitely a disparity of people to police officers. Training not withstanding, if you're outnumbered 1000:1 (and they would be...) there's a threshold that if the crowd in question goes over, the cops will be injured or killed as the crowd takes them at some point.
You put too much faith in law enforcement. It only works well when the bulk of the populace are law abiding. When the population largely is not law abiding and obviously outnumbers the enforcemen
Re: (Score:2)
A few years back, we had an accidental shutdown of the power supply of most of the eastern North America. It was very inconvenient, and it cost a huge amount of money, and it even resulted in the loss of some lives. But it wasn't terrifying. It was just annoying.
Now imagine if N. Korea or Iran had caused it.
Would it still be annoying or would it be a tangible threat?
Personally: I'm betting a large portion of the populace would call it an Act of War.
Re: (Score:2)
Great point. I think electronic infrastructure security should be beefed up, but I doubt it would be done in an intelligent manner.
Re: (Score:2)
tangible threats, like flames, blood and gore, falling rocks,
WOW addicts stumbling down streets, moaning incoherently...
Re: (Score:2)
It may not be "terror", but if they could cripple our economy for a few days, then that would be an effective tool for them. Executives and politicians would not be yelling "run for your lives, our website is down!", but they would be worried, and they would be willing to change the way they did business if it were the only way to prevent this from happening again. In this respect cyberterror could be the most effective means of terror there is, as it would directly hurt the wallets of the people who have t
Hear, hear (Score:2)
What's more, it probably wouldn't even become APPARENT that the event was caused by a "terrorist" until long after the fact. That really limits the utility of this kind of thing from the "terrorist's" standpoint - it's hard to terrorize people when they don't even realize you've done something.
Re: (Score:2)
It's not about the effect, it's about the intent. The effect and reaction are up to *us*.
Need to move to mutual security model (Score:2)
This three to eight year lag is the spread of cyberweapons is supposed to reassure us? :-( What other weapons have three to eight year lags in being available to everyone?
We need to move beyond war, in part because it is too terrible to contemplate at this point:
http://educationanddemocracy.org/FSCfiles/C_CC2a_TripleRevolution.htm [educationa...ocracy.org]
We need to transition to "intrinsically secure" infrastructure:
http://en.wikipedia.org/wiki/Brittle_Power [wikipedia.org]
that we protect by means of "mutual security":
http:/ [beyondintractability.org]
They'll change their mind soon (Score:2)
The Saving Grace (Score:2)
I'd wager that lots of cyber-terrorist attacks would just seem like a normal Monday. If a co
Re: (Score:2)
Every business and organization SHOULD know, from experience, that their computer system could go belly up at any time, and have backup methods and redundancies ready to go.
Fixed that for you. Unfortunately, many don't.
Cyber "terror"? (Score:3, Insightful)
"Not yet?" Maybe "not ever." Cyber-sabotage? Sure. But people are pretty jaded about computers. Windows still has huge marketshare. Bring all of society crashing down and I'm still not sure it'll be "terror." People will be pissed, but will they feel the safe has become unsafe? Either they already think that, or they never will.
Maybe, maybe not... (Score:2, Insightful)
It seems that cybersecurity is only as good as who is administering it. If we take the object lesson of British Hacker Gary McKinnon, who is actually now in the process of being extradited to the U.S. to face prosecution for hacking various Pentagon and other miltary computers, he claims that various "highly sensitive" systems (running Windows operatin systems at the time) where on the network with the then default password "Admin".
In fact Mr. McKinnon doesn't really consider himself to be a very accomplis
Re: (Score:2)
Beer/Vodka is always helpful.
Re:"not yet credible" (Score:5, Interesting)
I am not worried about some scary foreign governments.
I am worried by something I really suffer from -- a permanent attack going on 24 hours a day, 7 days a week, 365 days in a normal year, 366 in a leap year, indistinguishable in nature from this "cyber-terror" scare talk, except it is real and harmful.
For no other recourse, I participate in a complex voluntary international network, and employ significant resources internally to mitigate this cyber attack. And all I can do is keep some part of it away, barely. Sometimes I suffer from the complexities of this very same mitigation system, when my services are denied by mistake.
And the governments, who btw also suffer from it, just keep tolerating it.
What I am talking about is called spam, and with the government of the largest spamming country being a bit more pro-active, it would decrease significantly. But the government does nothing, spending money on bullshit, instead of focusing on real problems.
My guess is, solving real problems is hard, and because of that less money are left for graft, so the interest of the politicians in solving them is significantly lower.
Re: (Score:2)
Maybe you should just try switching to GMail. They seem to have completely beaten spam, at least I sure never get any since I switched.
Re: (Score:2)
What exactly are you proposing "government" do about it. Even if the U.S. "government" did something about it that leaves about a hundred other countries where it can originate. Its kind of sad when people want the nanny state to solve all their problems for them. Like I said Google solved the problem so there is no reason any other big email service can't, and if you are an admin running your own email server and you can't solve it then that is probably the most compelling argument I've heard for moving
Re: (Score:3, Insightful)
Google (or anybody) hasn't solved any spam problem, they keep doing what I do - spend money/resources to filter it on the server side. Everyone else who is running an email server does the same. The effort and resources are still wasted, whether the clueless lusers see it or not.
The "government" (especially that of the US, which is still the top spammer, accounting for more spam than the next 9 in the top list) can do many things -- like hitting the spammers and their customers hard, and press other governm
Re: (Score:2)
You post assumptions you pulled out of your ass, but that doesn't mean real world works the way you think it does.
Here is a post to get you started, from the horse's mouth. This is for their "enterprise" filtering system, there are links for the gmail one as well. Notice how "total volume of spam" they get keeps increasing, just like everyone else's.
Your perspective is the luser perspective, you're content with a problem as long as you d
Re: (Score:2)
I am not worried about some scary foreign governments.
I am worried by something I really suffer from -- a permanent attack going on 24 hours a day, 7 days a week, 365 days in a normal year, 366 in a leap year, indistinguishable in nature from this "cyber-terror" scare talk, except it is real and harmful
I actually thought you were going to say "the erosion of our civil liberties in the name of fighting terrorism".
Re: (Score:2)
What I am talking about is called spam, and with the government of the largest spamming country being a bit more pro-active, it would decrease significantly. But the government does nothing, spending money on bullshit, instead of focusing on real problems.
Dude, we are in the middle of 2 wars, facing nuclear threats from Iran and North Korea, in a deep recession, facing constant terrorist threats, and facing the eventual collapse of Social Security and Medicare threatening everyone's retirement future. I suspect this is a much bigger problem then messages in your inbox saying "EnL@Rge y0r P3n1$".
Re: (Score:2)
Did said think tank read this?
http://www.foreignaffairs.com/articles/65499/wesley-k-clark-and-peter-l-levin/securing-the-information-highway [foreignaffairs.com]
This little tidbit is available in the full version of the article text:
In 1982, a three-kiloton explosion tore apart a natural gas pipeline in Siberia; the detonation was so large it was visible from outer space. Two decades later, the New York Times columnist William Safire reported that the blast was caused by a cyber-operation planned and executed by the CIA. Safire's insider sources claimed that the United States carefully placed faulty chips and tainted software into the Soviet supply chain, causing the chips to fail in the field. More recently, unconfirmed reports in IEEE Spectrum, a mainstream technical magazine, attributed the success of Israel's September 2007 bombing raid on a suspected Syrian nuclear facility to a carefully planted "kill switch" that remotely turned off Syrian surveillance radar.
Yup. No Cyberterrorism to see here. Riiiight.
Re: (Score:2)
Oh, Cyberterrorism is a bit more than what you say- it's just the media hyping up that stuff and I wish they'd quit, but it's not the type of news people want to hear for the real stuff (and it doesn't make ratings...)
Not that you can't get similar results with select SCADA networks and the regular rad hax0ring skillz...they're not at all secure, even after they applied "security" to them... Seriously. If you compromize the right part of the network, you can do the same things we purportedly did to Russia
Re: (Score:3, Insightful)
Anyone who things "cyberterror" is not a credible threat is naiive, or completely clueless. Yes, terrorists use the Internet, and know how to get around being traced.
Everything that you described in your post is criminal action, not terrorist action.
Re: (Score:2)
And terrorist action isn't at all criminal?
A terroristic act is a criminal act done with the intent to sow terror amongst the populace. Each of these things could be part of a bigger play- and the company was a hypothetical instead of what might be done, say with the government at large doing the same sorts of things. It could just as easily be done with the SCADA systems like some keep telling people (myself included...). It's not chicken little going the sky is falling. It's not the little boy who cri
Re: (Score:2)
The main stream news STILL does not want to admit that cyber 'terror' (like the attacks on twitter, facebook and in S. Korea) were conducted via WINDOWS zombie computers, as part of a segment of the greater BOTNET.
There is only ONE reason why they may not want to admit Microsoft Windows allows BOTNETS and that is MONEY.
If the mainstream media where to announce that all of Microsoft Windows computers have a major security flaw that can only be fix properly by rewritting the Kernel and File system permission design, would potentially seriously hurt the Economy. Think about all the people that would stop shopping Online... it is actually better 'economically' to just let cyber criminals phish away and get all our credit card numbers and steal some poor souls identity, than to cause mass hysteria.
Let's identify the real culprit. COMPUTERS! There is ONE... No TWO REASONS we have BOTNETS. COMPUTERS! and HIGHSPEED INTERNET! Clearly these two threats need to be removed and we will be safe from BOTNETS. Also ELECTRICITY! We should stop producing ELECTRICITY because it facilitates BOTNETS.
If the mainstream media were to reveal that COMPUTERS and ELECTRICITY were behind BOTNETS we would realize teh only way to stop the BOTNETS was to redesign all the USERS to not be SUSCEPTIBLE to PERSUASION and SOCI
Re: (Score:2)
And even on ordinary DSL modems and routers [zdnet.com]
Re: (Score:2)
Is this the Same Think tank that George Bush used when he announced that Iran had discontinued its Nuclear enrichment program in 2003?
I mean eve if this is a head-fake, its a pretty dumb one.
Re: (Score:2)
It may have been designed that way, but in practice the bean-counters have said "why are we paying for all this redundancy?!" and we cannot even handle a simple hurricane-caused fiber sever.
Re: (Score:2)
And me for want of mod points...
Re: (Score:2)
Just the west coast?
Heh...they understated it, actually. It's a bit worse than you'd think. And it's been that way for, oh, 6 or more years now- and some of them even know that this is the case.