Europe Simulates Total Cyber War

Tutter writes with this quote from the BBC: "The first-ever cross-European simulation of an all out cyber attack was planned to test how well nations cope as the attacks slow connections. The simulation steadily reduced access to critical services to gauge how nations react. The exercise also tested how nations work together to avoid a complete shut-down of international links. Neelie Kroes, European commissioner for the digital agenda, said the exercise was designed to test preparedness and was an 'important first step towards working together to combat potential online threats to essential infrastructure.' The exercise is intended to help expose short-comings in existing procedures for combating attacks. As the attacks escalated, cyber security centers had to find ever more ways to route traffic through to key services and sites. The exercise also tested if communication channels, set up to help spread the word about attacks, were robust in the face of a developing threat and if the information shared over them was relevant."

Exercise FAQ

[zrbyte]

Find it here. [europa.eu]

Re:

[davester666]

Really, how much can guns that are tiny enough to fit through those crazy little tubes hurt us?

ISPs in my country

[TheLink]

So that explains it now.

The ISPs in my country have obviously been preparing us for years of cyberwar.

Shall we play a game?

[CityZen]

Love to. How about Global Cyber Internet War?

Everything was fine...

[ducomputergeek]

Until prompted at the terminal whether they wanted to play global thermal nuclear war....

Re:

[zhong-guo-1]

I didn't read your post, it was just the first one with a score above 2. I didn't read the article, I didn't even read the summary! However, here I sit and will tell you exactly what the article said. European government cooperated in testing their systems. They hired top notch people. when it was said an done, they found that severe work needed to be done to secure the systems in preparation for future threats. The article also manages to embarrass a government agency due to their incompetence. Whil

cyber attacks are launched from botnets, ergo...

[Anonymous Coward]

Since cyber attacks are launched from pwned machines, what is needed is:

(1) More diversity. We need around 5 major OS families with roughly equal market share, not one with 90% and a few others begging for scraps. Lack of genetic diversity makes life much easier for botnets and malware.

(2) We need people to start taking ownership for their machines. Running random shit that random untrusted web sites thrust at you (whether exes or just scripts used as an attack vector) is just idiotic, and people have go

Re:

[grumbel]

(2) We need people to start taking ownership for their machines.

No, we need OS that don't give every app access to the full system. Why is there no OS today that allows you to run an application in an isolated sandbox? Why should running an .exe be less safe then running a Flash or Javascript app? There simply isn't any good reason why things are so fucked up, its just historic ballast from the pre-Internet age, back when nobody cared about safety.

I'm not sure how to do that.

Yeah, because it *DOESN'T WORK*. And heck, even if it would work, people have absolutely no way to tell a fraudulent app fro

Re:

[grumbel]

What do you mean? That ability is available today and has been for some time.

Where? Every OS has a "Run as Administrator"/"Run as Root", but I have yet to see one that has a "Run in Sandbox". Sure you can build a sandbox with chroot or do some stuff with virtualisation, but that is hardly practical for average Joe and would probably give a bunch of trouble when it comes to the GPU.

Re:

[Anonymous Coward]

A combination AppArmor (which has no GPU issues) and for very dangerous things a VM (which does, but can still run light to moderate 3D workloads) works a treat. The rollback button in the VM is a mere mouseclick away. My grandmother could do it, once I showed her the button. We're not talking rocket science here, or any kind of deeply complex problem that takes years of study to master. You don't even need a VM to browse safely, you just have to not run things thrust in your face. If browsers would ju

Re:

[grumbel]

The tools already exist. People just have to use them.

The tools do not exist, some bare framework exists from which it is possible to replicate some effects from a proper sandbox, but thats all. I seriously doubt that you go out and build an AppArmor profile for every little app you want to run, heck, even the distris don't bother with that and only put a tiny small fraction of apps into AppArmor.

If browsers would just ship with the default of not running things unless whitelisted, most of these problems would disappear.

While whitelisting would certainly help, a proper secure OS shouldn't have an issue with running insecure code in the first place, thats the whole point of a sandbox

Re:

[Durandal64]

No, we need OS that don't give every app access to the full system. Why is there no OS today that allows you to run an application in an isolated sandbox?

It's called iOS. Also, Mac OS X has sandbox-exec(1).

Re:

[laffer1]

Section 1 of the manual.. another words run
man sandbox-exec on mac os to find out about it!

you'd see:

NAME
sandbox-exec -- execute within a sandbox

SYNOPSIS
sandbox-exec [-f profile-file] [-n profile-name] [-p profile-string] [-D key=value ...] command
[arguments ...]

DESCRIPTION
The

Re:

[SwedishPenguin]

It's the section the manpage is in. For instance, printf(1) refers to the program printf, and printf(3) refers to the C function printf. You can search a specific section with man , so man 3 printf will result in the Linux Programmer's Manual entry for printf on my machine.

Re:

[MrMr]

The command is explained in section 1 of of the man pages.
You would say 'sandbox (8)' for redhat (default SELinux enabled) systems. Claiming no OS today allows you to run an application that way is just a bit of friendly trolling.

Re:

[TheLink]

Claiming no OS today allows you to run an application that way is just a bit of friendly trolling.

I think he still has a point because: How does Joe Public easily use "sandbox" for an arbitrary program he just downloaded and have the program actually work if the program is actually safe...

The people who can easily figure out 1) and 2) typically need sandboxes less than Joe Sixpack :).

I have actually proposed this: https://bugs.launchpad.net/ubuntu/+bug/156693 [launchpad.net]

Just because there's SELinux and AppArmor doesn't mean much, they're the equivalent of security doors, locks, walls and safes. They are the buildin

Re:

[u38cg]

One easy answer to the question of how to make hard things happen (for example, making sure people run secure computers) is to mandate insurance for it. It's not a particularly liberal system, but if you can demonstrate to an insurer how you have mitigated the risk you are insuring against, you get a lower rate. Insert obligatory car analogy here.

How is this different from a DDoS sim/pen test?

[mlts]

How is a mock cyberwar different from a DDoS simulation from the outside and other points, combined with a thorough penetration test?

A thorough pen test doesn't just scan ports and call it a night, the testers call employees pretending to be IT or managers and demand/browbeat for access, either to be handed a password for "auditing" reasons, or because the main IT people are supposedly gone for the day and a remote OEM needs access. I have even seen some thorough pen tests actually drop U3 USB flash drives in the parking lot that if autorun, would note which machine got "compromised".

I just don't see anything here that is different from hiring a thorough tiger team to test every piece of an organization's security (which companies should do at random times throughout the year.)

Re:

[Anonymous Coward]

How is a mock cyberwar different from a DDoS simulation from the outside and other points, combined with a thorough penetration test?

I think it sounds more expensive when you say "mock cyberwar".

Re:

[mlts]

To boot, if I were at a multi-site organization, one of the disaster plans would be getting the word out to CHQ if one of the data centers was being attacked. The DR plan would be getting in communication with the other site via another link such as a secure telephony app. This way the message would get out about being slammed from an unknown source, either as part of a drill, or as a reaction to a vicious attack. Smaller businesses that don't have the VoIP structure or the need to be on the Net 24/7/365

Re:

[Linzer]

How is a mock cyberwar different from a DDoS simulation from the outside and other points, combined with a thorough penetration test?

Don't tell me. It's been a while since I was treated to one of those...

Re:

[TaoPhoenix]

Because a mock cyberwar across all of Europe is a "measure to test preparedness". However when Mitchell L. Frost, age 23, of Bellevue, Ohio admitted that between August 2006 and March 2007, he initiated denial of service (measures to test the preparedness) on web servers hosting the sites of political commentators Bill O'Reilly, Rudy Giuliani, and Ann Coulter, they were so pleased with his services that threw him in jail.

In other words, "Global Cynernuclear War" is a test, while a coke can with baking soda

help?

[Anonymous Coward]

At which point in their simulation are they planning on having USA saving their asses?

Re:

[kevinmenzel]

Probably about the same point where they've successfully turned the tide and don't need American help anyway.

Re:help?

[Anonymous Coward]

About 4 years later, and after Russia's done 75% of the work...

Re:

[moortak]

So will the US be producing a huge chunk of Europe's war material?

Re:

[Verunks]

About 4 years later, and after Russia's done 75% of the work...

you mean after russia helped the attackers doing 75% of the work? http://en.wikipedia.org/wiki/Soviet_invasion_of_Poland [wikipedia.org] http://en.wikipedia.org/wiki/Molotov-Ribbentrop_Pact [wikipedia.org]

Re:

[dunkelfalke]

the soviet invasion of poland was just russia getting back its former territories which poland has taken two decades earlier when they invaded the still young ussr.

Re:

[evilviper]

Just because Russia's done 75% of the dying doesn't mean they've accomplished a equivalent amount of the progress.

In the US-Afghan war, did the Taliban do 1000% of the work? Because the casualties work out about that way...

Re:

[Super_Z]

Just because Russia's done 75% of the dying doesn't mean they've accomplished a equivalent amount of the progress.

Comparing total german losses [wikipedia.org] (5,533,000) to german losses on the eastern front [wikipedia.org] (4,215,000) shows that the Soviets indeed did the "equivalent amount of the progress.".

Re:

[phantomcircuit]

That's funny, but about 60 years out of date.

Re:

[Synonymous Homonym]

Correct. These days, it is the US calling the NATO for help.

Re:

[jovius]

The arrogance and selfishness lead astray a bit. The war wasn't won by just massing in troops but also because of the tactical and strategic mistakes by Germany. One can claim whatever, but the things just happened to go like that with help from the German leadership. The nationalist fervor is based on a false pretense. We should have gotten rid off it already after we killed each other by millions, but the winning states divided the world between each other and locked into trenches.

One of the founding i

Re:

[hydrofix]

At about the same point that USA finally wins its "liberation wars" in the Middle East

Re:

[Anonymous Coward]

After America spends years ignoring the biggest threat to civilisation ever, only responds when America's threatened, and then contributes a tiny amount of resource (both as a total compared to USSR, Britain, France, Canada, and as a % of their size) and then goes on and on about it for ever. Just like WW2 then.

Re:

[ewanm89]

Sorry, the American's aren't in any better shape at the moment.

Re:

[Anonymous Coward]

I think you replied to the wrong post.

Might want to check on that.

Re:

[AnonymousClown]

... the morons who breed with dudes with no employment prospects, ...

Getting that MBA seemed to be a good idea at the time. Gimme a break!

Re:

[bhiestand]

GNAA member forgets to click "Post Anonymously"? Classic.

De-friended... I'll try to remember to link to your post whenever you spout your normal anti-Obama rhetoric, etc.

they never call these things what they really are

[PJ6]

These are feasibility studies where defense is only a secondary consideration. Next we will see several small but notable "cyber attack" events that will justify increased funding to the biggest players.

Re:

[PJ6]

It's always been that way, everywhere, with almost no exception.

You have a right to be angry, but it won't change anything.

Peace protests

[Anonymous Coward]

Make cyber-sex, not cyber-war!

Can simulate all wars, instead of fighting them?

[PolygamousRanchKid]

Sure would save a lot of lives, materials and money. Oh, wait, they tried that on Star Trek and it ended in tears, until Captain Kirk shutdown the simulation.

cyber - nonsense

[drDugan]

the whole cyber- prefix is getting old and useless.

cyber-crime (it's crime)
cyber-war (it's war)
cyber-stalking (it's stalking)
cyber-bullying (it's bullying)

you get the picture.

Re:

[ewanm89]

yeah, but unless we come up with something better.

Re:

[drDugan]

touche (well, or *not* in the cyber version)

Re:

[dillee1]

Cyber-sex (it's not sex)

Re:

[Scorch_Mechanic]

It was old and useless the instant the internet came online (hah), simply because it's a buzz word that means "internet". Hell, it's a full blown euphemism. It's like the people using it feel like being caught saying "internet" will somehow damage their careers, so they do a dainty dance around the issue, instead of calling it what it is. The only cyber-whatsits I want to hear about anymore are robotic prosthesis and brain interfaces.

Re:

[TeknoHog]

Cybernetics deals with robotics and other control/feedback systems. What kind of a genius decided that it would be a good name for doing things on the Internet?

Picture of computer then ran it on

[noidentity]

I found a picture of the computer [e0d.com] the simulation was run on.

Re:

[kthreadd]

No no, that's not the computer. You see that's the locomotive they use when moving the computer.

Europe simulates total cyber war

[David Gerard]

WEB 0.1, Cyberspice, Saturday (NTN) — The European Union has run a simulated "cyber attack," in which simulated outsourcing companies strike mortal blows upon national budgets [newstechnica.com] for consulting fees for "cyber security" while still using Windows.

The simulation steadily reduced access to critical services to gauge how nations react, removing access to working email, letting loose old viruses and charging €300 callout fees to look at why you can't log in.

Neelie Kroes, European commissioner for the digital agenda, said the exercise was intended to help expose short-comings in existing procedures for combating attacks on funding. "It is an important first step towards working together to combat potential online threats to essential infrastructure and the consulting fees therefrom."

The exercise also tested how nations work together to avoid a complete shut-down of international links when internet service providers charge £50/month for a "super-fast" connection with a 20GB bandwidth cap.

The exercise was overseen by bouncing new baby quango the European Network Security Agency. "We considered just bombing Redmond, Washington from orbit, which simulations showed would have pretty much solved all attacks over the network itself," said Dr Udo Helmbrecht, most recently of outsourcing firm EDS Capita Goatse. "But we're not so silly as to put ourselves out of a job."

UK outages

[History's Coming To]

So would this have anything to do with the two multinational (Scotland, N.Ireland, Eire, England) broadband outages in the last week?

Good thing...

[frank_adrian314159]

I'm glad I had my porn backed up on my hard drive. No downtime for me...

Re:

[Paradise Pete]

I had my porn backed up on my hard drive. No downtime for me...

None? Aren't you worried about chafing?

Would you like to play

[Rasperin]

Gobal Cyber War?