Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security The Military Government The Internet

The Next Arms Race: Cyberweapons 125

Harperdog writes "Scott Kemp writes about the similarities between the nuclear arms race and the use of cyberweaponry for offensive purposes. As the article points out, offensive cyberwarfare leaves a nation's own citizenry vulnerable to attack as government agencies seek to keep weaknesses in operating systems (such as Windows) secret. Quoting: 'In the world of armaments, cyber weapons may require the fewest national resources to build. That is not to say that highly developed nations are not without their advantages during early stages. Countries like Israel and the United States may have more money and more talented hackers. Their software engineers may be more skilled and exhibit more creativity and critical thinking owing to better training and education. However, each new cyberattack becomes a template for other nations — or sub-national actors — looking for ideas.'"
This discussion has been archived. No new comments can be posted.

The Next Arms Race: Cyberweapons

Comments Filter:
  • government agencies seek to keep weaknesses in operating systems (such as Windows) secret.

    God forbid you simply keep these machines offline.
    Nope, gotta keep them open for people to find and attack.

    • by s.petry ( 762400 )

      Well, you know that media tells you that you must be on line 24/7, and must use Facebook to be a person. They also tell you that you must use Windows right? At least the Windows rhetoric has slowed down a bit lately, but the hype to get people on Facebook is pretty massive.

      • by NIN1385 ( 760712 )
        I have seen at least two shows this week, that showed a fugitive and a few suspects in a murder investigation caught with the aid of facebook. These cops and bounty hunters simply logging on to their facebook pages, obtained information about them and their friends and both shows ended with the suspects and fugitives behind bars. If there was ever a deterrent to not use this "social networking" site, these are some strong reasons. It puts everything about you out there for anyone to find. These were cops...
      • Macs. Everyone must use Facebook, and own a Mac. Check out the number of Macs prominently displayed in the latest movies.

        • by s.petry ( 762400 )

          I thought it was MAC for the people of power or with money, but Windows for the rest of the world. I have to watch some TV I guess. On second thought.. nah, I'll take your word for it! Thanks for the catch!

        • by ozduo ( 2043408 )

          Macs. Everyone must use Facebook, and own a Mac. Check out the number of Macs prominently displayed in the latest movies.

          it's called product placement, the cigarette industry have been paying movies to show people smoking for 50 years.

    • by Anonymous Coward on Friday June 08, 2012 @02:59PM (#40261687)

      The nuclear enrichment site at Natanz was kept offline. That didn't keep stuxnet out of there.

      The problem with security in general is that no matter how many protections you put in place humans are still the weakest link. We will always make mistakes.

      • Re: (Score:3, Funny)

        by kelemvor4 ( 1980226 )
        Humans are the problem and chuck norris is the cure.
      • by NIN1385 ( 760712 )
        We also pay people a lot of money to ensure that mistakes happen to people we don't like and/or agree with.
      • Good point, this would mean that various countries have spies or the software makers that supply there software too intentionally allow this cyber malware. That is the scary part of this, I said this as an AC, who is to say these countries will not use hackers or outside-the-box programmers to set-up some type of software or malware to catch these cyber attacks. The pathetic part or arrogant part of this report was the use of "educated" countries. I do not know of a school or educational institution that h
    • We need more destructive malware that wrecks unsecured systems, or USERS WILL NEVER CARE ABOUT SECURITY.

      Immune responses are built be sustained attack.

      Humans aren't wired to worry about vague threats of things they will never understand. They ARE wired to worry about their machines being bricked and the loss of data they will never back up.

      • Where's the profit for the cracker in a dead machine?

        But if that machine can be turned into a zombie ... lots of money making opportunities.

      • by f3rret ( 1776822 )

        We need more destructive malware that wrecks unsecured systems, or USERS WILL NEVER CARE ABOUT SECURITY.

        Immune responses are built be sustained attack.

        Humans aren't wired to worry about vague threats of things they will never understand. They ARE wired to worry about their machines being bricked and the loss of data they will never back up.

        I have a better idea. First we need to set up a highly secretive network of death squads, then we start tasking the NSA, those CNET guys, the Kasparsky guys and the FBI with identifying and tracking infected users. Once we know where the people live we send in the death squads and murder them in horrific ways and blame the malware.

        Or we can somehow make the malware spread HIV or bird flu or SARS.

    • by mrchaotica ( 681592 ) * on Friday June 08, 2012 @03:03PM (#40261737)

      I interpreted that statement differently: it's not that government agencies seek to keep weaknesses secret in order to avoid being attacked, it's that they want them secret so that they can use those weaknesses to attack others.

    • Re: (Score:3, Insightful)

      by lightknight ( 213164 )

      Indeed. Were I in the military, I'd personally ensure that any computer connected to anything remotely important did not even have an Ethernet connector.

      The sad part is, the military probably thinks we are joking when IT people tell them "No, really. Just don't connect anything important to the internet. It will be cracked, no matter what the security vendor / sales guy is telling you." It can be running the most harden variant of Unix you know of, with all sorts of security schemes; but if you put it on th

      • by DarkOx ( 621550 )

        The entire computer 'security' industry that has sprouted up over night is headed by people who couldn't make it as network admins, but want the same rights and privileges. Whole corporations following the advice that is found on page 209 in most 'Welcome to {insert name} Operating Systems: An Administration Guide'

        Right the IT Sec community would do better to hold a few less 'Cons' and a few more Conventions; perhaps put on shirt with buttons in traditional locations. It really is time to grow up. Its one of the reasons the C[EIT]O is not taking you seriously. Trouble is the 'network admins' are not doing much better most places. Until someone does convince the C[EIT]O the sky is falling those guys don't generally have the political muscle to do it right.

        Users don't want to wait for the systems to be patched. Pr

  • The plus side is, that creating cyber attacks is very cheap. Learning the low level instructions is not so easy, but the advent of the internet makes things easy to find. Hell, I have never coded a graphics device in my life but I can find a great number of header files that know the calls.

    In the US, this is going to be extremely difficult in a year. The new NSA supercomputers will be on line spying on everything being done. They will be able to track you pretty quickly. Outside of the US, tracking som

    • The problem I have with the "cyber weapons" terminology is that they are weapons which do not kill anyone. Not that that is a bad thing.

      But it places them more in the "vandalism" category rather than than the "weapon" category.

      Now it may be technologically advanced vandalism delivered by double agents ... but it's still just vandalism.

      The same as pouring sugar into gasoline tanks would be.

      • by Baloroth ( 2370816 ) on Friday June 08, 2012 @03:16PM (#40261881)

        A weapon does not have to kill someone or indeed even be able to kill someone to be a weapon. The two definitions are "a thing designed or used for inflicting bodily harm or physical damage" and "a means of gaining an advantage or defending oneself in a conflict or contest." Cyberweapons fulfill both, except, of course, it's "cyber" damage, not physical (hence the name, which of course is stupid but effective).

        What Anonymous does is effectively vandalism, yes. Stuxnet, however, was a weapon.

        • A weapon does not have to kill someone or indeed even be able to kill someone to be a weapon.

          Except that once you go down that route EVERYTHING becomes a "weapon" and the term "weapon" becomes meaningless (since it means everything).

          And while "weapon" CAN mean something else, the term that more correctly describes that action is "vandalism".

          • Except when something like Stuxnet is deliberately designed to sabotage and damage a weapons development program, or a virus is designed to shut down the power grid. Some thought is required when assigning the term "weapon" to an object, just as with many nouns. LOIC? Not a weapon. As you say, that is vandalism. A virus that causes a reactor to explode? Weapon, not vandalism.

            Flame and others are obviously subject to debate about whether they are actually "weapons" or not, especially since we have no idea w

            • I think that would be the proper label for "Flame". Some middle east nation choked their opposing nation's weapons procurement official to death in Dubai, recently. They got his travel details from a recce virus in the guys computer. You "betcha" it was Flame or Brethren Of Flame. So the malware did not kill immediately, nut facilitated the killing.
              The nation in question also disabled some russian-made airdefence system in a bombing raid on enemy territory (to take out a suspected reactor) and the rumor m
          • by s.petry ( 762400 )

            Did you know that in courts, people have been convicted of using frying pans as weapons. We can add shoe laces, bricks, fishing line, and even spoons to that list. We have drones that fly by TV screen and people use Joysticks to launch weapons. In that case, computers and technology are very much weapons. As would be the radios providing the intelligence to find targets. Voices have been used as psychological weapons dating back to WW I, when we had loudspeakers on the front lines. The term weapon in

        • don't assume that cyber weapons can not inflict bodily harm or physical damage. They already have...many times over.

      • by xstonedogx ( 814876 ) <xstonedogx@gmail.com> on Friday June 08, 2012 @03:19PM (#40261905)

        "Loose chips sink ships."

      • by ThunderBird89 ( 1293256 ) <zalanmeggyesi@y a h oo.com> on Friday June 08, 2012 @03:23PM (#40261953)

        The same as pouring sugar into gasoline tanks would be.

        Your saboteur just "poured sugar" into the tank of every HMVV, jeep, tank, and vehicle on the eve of your invasion on the base nearest to your entry point. The defender is going to have a mighty hard time forming an effective defense with no mechanized infantry and armor. Even harder if the power grid and water pumps suddenly go down in a major city that necessitates the Army's assistance in supplying and policing the area (most countries armies double as disaster relief too). Oh, and factor in that the communication relays are suddenly transmitting garbage and white noise.
        To add insult to injury, you now have the blueprints of their newest tanks, so even if they manage to clean out the turbines and get them running again, your gunners will know exactly where to shoot to take them out in one hit, and you know exactly how long their air superiority fighters can stay in the air, how high they can climb how fast, etc.
        And for a final "Fuck you", your hackers broke into the enemy's central bank's network, along with a few other major banks in his country, and 'diverted' most of the country's funds, including all the foreign currency stockpiled on the central bank's accounts, to you a day or two after the first shot rang out, so the state as a whole is left penniless and unable to pay its army.

        As a wise man once said, "Knowing is half the battle". Infrastructure is good 25% or more, so you're left with 25% at most that constitutes military might. Far fewer casualties on your side, and possibly fewer on the target side as well if the leaders recognize early on that they have lost the war before the first shot was fired (since they can't mount a proper defense due to the chaos and lack of funds). Cyberwarfare can certainly kill, but it need not do so, for the objective is to cripple the target so the army encounters less resistance.

        • by sdguero ( 1112795 ) on Friday June 08, 2012 @03:45PM (#40262237)
          I never really thought of G.I Joe as a wise man...
        • by Anonymous Coward

          Amazing summary. You left the part out about how you leave your enemy so paranoid they can't trust anything or one and the cost of doing business goes through the roof.

          Someone has definitely read the Art of War and taken it to our level which is so cool, I welcome the 21 century, game on.

          • Ideally, there's no time for the enemy to become paranoid. Should everything go according to plan, and should the plan survive first encounter, a war like this would be a literal "They don't even know what hit 'em", and should be over in less than a week with an unconditional surrender.

      • The problem I have with the "cyber weapons" terminology is that they are weapons which do not kill anyone.

        That's not a given. What about a malware which causes a nuclear power plant to blow up? What about one which just opens all gates at a major dam, causing a flood downstream? Or more subtle, what if some malware in a hospital is used to kill people by making machines emit too much radiation, by making life-support machines to switch off themselves, or even simply by slightly manipulating the medication p

      • by ae1294 ( 1547521 ) on Friday June 08, 2012 @03:33PM (#40262057) Journal

        The problem I have with the "cyber weapons" terminology is that they are weapons which do not kill anyone. Not that that is a bad thing.

        They could be made to kill people. Your local hospital is probably still running WinNT/2k on a lot of their equipment. Think of all the trouble one could cause for a nation if you infected their hospitals. Talk about a terror attack...

        • Yes, but it's time consuming, and far too much effort for what it's worth.

          • by ae1294 ( 1547521 )

            Yes, but it's time consuming, and far too much effort for what it's worth.

            Eh? Isn't that the definition of a government project?

            • *facepalms*

              I agree with your assessment, but damn is that depressing to read at 4 AM.

              Still the idea of bringing war to the internet is...well, you don't want to know what I think about it. Caricatures of Officer Farva (from Super Troopers, http://4.bp.blogspot.com/_a1Gr4UKmN6Y/S-nv_mdqNvI/AAAAAAAACTM/dQ0-RwCCau8/s1600/largefarva.png) come to mind when I think of the kinds of people training to be 'cyber-commandos.' The idea that they want to turn our playground into a battlefield...

      • by gorzek ( 647352 )

        Although I find the tendency to prefix "cyber" to everything a very tedious practice, consider that software flaws very well can be used to inflict physical damage--Stuxnet being the perfect example of that.

        As computers take over more and more tasks, I think it's inevitable that a malicious individual will use a software flaw to cause the deaths of a significant number of people. I just think it's silly to call that sort of thing "cyberwarfare." It is sabotage, plain and simple. That it's done with code rat

      • by s.petry ( 762400 ) on Friday June 08, 2012 @03:40PM (#40262157)

        Military doctrine states very clearly that the best weapons do not kill people at all. The best weapons will cause damage that takes people off line, so that your killers have less targets to deal with. This is why your first targets in a war are the command and control centers, radio towers, and major transit routes. The first targets are never a "Kill". This is also why the 5.56mm round is designed to wound, not kill (by no means does this mean that the round does not kill, however the size and shape are designed to do do damage without killing. If we intended to kill the round would be much larger and heavier).

        In the case of espionage, this is much more complex. Gaining information on movements and targets, locations of C&C, and lastly impersonation. How many of those statements released by Egypt's leaders, or Libya's leaders were really from them? That last game is played much more often than you would guess.

      • by Mysticalfruit ( 533341 ) on Friday June 08, 2012 @03:40PM (#40262161) Homepage Journal
        Recently a vulnerability was found in a pacemaker / defibrillator that reported stats about the patients heart via bluetooth. The attackers found that they could alter the users heartrate and induce the device to attempt to defibrillate the patients heart on cue.

        Likewise, vulnerabilities have been found on devices connected to CAN (Car Area Networks) were attackers could over the cellular link to the car (via something like on-star) do things like disable the air bags, engage the cruise control, etc.

        Imagine the mayhem a terrorist group could cause if say they took an ultra small device and buried next to the road that randomly would insert malware into peoples cars as they drove by that after some random number of miles, locked the doors, disabled the brakes and air bags and then set the cruise control to 100mph.

        [http://isutech.wordpress.com/2012/03/11/all-your-devices-can-be-hacked-2/]
      • A weapon need not be lethal to be considered a weapon. A two foot length of rubber heater hose can be used as a whip, it isn't very lethal but it will hurt like hell. Sure, you could probably use it to strangle someone, so in that sense it is a lethal weapon, but so are one's hands.

        A weapon is something that can be used to assault or injure someone (or destroy or damage material). Its lethality is tangental. Can be a rolled up newspaper or a computer virus attacking life supporting equipment in a ho
        • Indeed, but human beings typically assign priorities to the ability of a weapon to deal damage.

          Let me explain:

          Nuclear / Chemical / Biological weapons score a 10 / 10.
          Your average military fighter / bomber / tank...gets a 7 / 10.
          Your average gun, a 5 / 10.
          Your average knife, a 3/ 10.
          Your average computer virus, maybe a 0.5 / 10.

          The whip gets a 1 / 10.

      • Hmm. "Cyber weapons," specially designed, might be able to kill people, but only as a side effect. It all comes down to what the system is connected to, and you need to get the 'enemy' to connect an internet enabled computer to it first.

        Of course, there are other methods, but it's easier to usually do it without resorting to 'cyber' weaponry.

        If I want to kill a regiment of soldiers, do I
        a.) hack into a satellite, plot a trajectory that would give a super-computer a head-ache, and drop it on them? or
        b.) dig

      • Being able to just pour sugar into gasoline tanks would actually be a pretty sweet capability... yeah, you could even say that explosives are used mostly against armoured targets because the gasoline tanks can't be reached, and you can't get close enough to screw a lid on the barrel of the gun etc. If you could just stop stuff from moving and firing, why bomb to bits what you could keep for intelligence and spare parts?

        Besides, if you take down the enemy network, you end up with soldiers you can see, who ca

      • but it's still just vandalism. The same as pouring sugar into gasoline tanks would be.

        So that would be no vandalism at all [snopes.com] then...


      • The problem I have with the "cyber weapons" terminology is that they are weapons which do not kill anyone. Not that that is a bad thing.


        Try going without the power grid for a week across the country, especially during the winter, and see who dies.

        Shut down the transportation infrastructure, for instance by disabling the fuel supply infrastructure, and see who dies. Grocery stores have, at best, enough food for 3-4 days before they're out.

        Shut down the public water utilities, esp if you shut down the p
  • by PolygamousRanchKid ( 1290638 ) on Friday June 08, 2012 @03:08PM (#40261787)

    . . . because both sides were scared enough not to even think about using them. Just a few isolated tests here and there in underground isolated places. No, or very limited, collateral damage.

    With the Cyberweapons arms race, it seems to be like the wild west. Cyberweapons are being deployed and tested everywhere, and affecting innocent bystanders. Imagine having nukes tested in your backyard. Or Cyberweapons tested live on your Internet.

    • by Baloroth ( 2370816 ) on Friday June 08, 2012 @03:21PM (#40261933)

      The difference is that cyberweapons inherently exploit fixable weaknesses in existing infrastructure (assuming the government isn't just inserting backdoors, which they may be doing, but they are also doing much more). The more widely they are used, the greater the pressure to fix those weaknesses and implement better security practices. Given that criminals are going to use those weaknesses even if every single government stops, that means they have fewer and fewer exploits and avenues to exploit, which is good for everyone.

      It's more like a rat infestation than nuke testing. Sure, it's annoying, but the more of the bastards you get, the faster you can patch all the holes they are coming through (and the more rat poison to stop the stragglers).

    • by Hentes ( 2461350 )

      A government spends years of research and lots of money to develop a malware. They deploy it and it causes the damage they were hoping for. The problem is, unless the malware is very specific, the target can now copy it and shoot it back at them. Which is why the "cyber arms race" is not like the nuclear arms race, but more like the gas weapon arms race in WW1: if you deploy your weapon before developing sufficient protection against it, you will hurt yourself just as much as you hurt the enemy. So if the

  • Public Policy (Score:5, Interesting)

    by girlintraining ( 1395911 ) on Friday June 08, 2012 @03:10PM (#40261801)

    Governments want to keep vulnerabilities secret so they can hit the enemy, but the enemy has the same equipment and setup as ours. If you increase resistance to attacks locally, the same happens remotely.

    So the decision to be made is, what's more important: Our offensive capability, or our defensive capability? It's a zero sum equation, but with a twist: Every offensive action creates a corresponding signature which can be used to increase defense against that action next time. Effective surveillance increases the chance of detection and remediation. So the tipping point is the ratio of exploitable vulnerabilities (think of this as army size) each party possesses. If you have more than your enemy by a considerable margin, your enemy is unlikely to attack. Conversely, if you don't have sufficient resources to discover and refine vulnerabilities and the intelligence capabilities to know where to use them (and when), your best response is to form alliances with others, so that when a vulnerability is used on their infrastructure, they share their surveillance with all parties; thus creating a force multiplier in favor of defense.

    I guess my point is that the problem can be framed using conventional military tactics, rules of engagement, etc.; But I would hesitate to equate it to military action. Otherwise you wind up in a legal quagmire: That would be turning that guy who keeps trying to run Reaver against my router to hack his way onto my network into an enemy combatant or a private citizen into an arms dealer for having a copy of TrueCrypt.

    • That's a rather good analogy, but with a significant flaw: states know the size of other armies almost exactly (satellite imagery allows them to discern the housing capacities of bases, and lets them detect aircraft, armor, navy, etc. from orbit, or at least a close approximation of their number, and possibly even type, armaments, defenses, etc. Plus, much of that information is public or obtainable, since it's private corporations that manufacture these units), while the number and type of exploitable vuln

      • That's a rather good analogy, but with a significant flaw: states know the size of other armies almost exactly...

        It wasn't always that way. It's not like satellites have been around since war was invented. Just because the technology and methodology has changed doesn't mean that principles behind control of terrain, force multipliers, offense versus defense, etc., are any less valid.

        I'd say that cyberwarfare is a sort of 'supplementary warfare', designed to shorten a war and lessen casualties by causing enough confusion and chaos that the enemy can't mount an effective defense and is forced to surrender.

        If you are able to spread a virus that attacks critical infrastructure like the electric grid, water supply, hospitals, etc., you can unbalance the civilian population, which means fewer resources can be devoted to a military response --

        • I'd say that cyberwarfare is a sort of 'supplementary warfare', designed to shorten a war and lessen casualties by causing enough confusion and chaos that the enemy can't mount an effective defense and is forced to surrender.

          If you are able to spread a virus that attacks critical infrastructure like the electric grid, water supply, hospitals, etc., you can unbalance the civilian population, which means fewer resources can be devoted to a military response -- it's a lot harder to maintain an army when your own population is starving, in the dark, or cannot receive medical treatment. I wouldn't say it's as "supplementary" as nuclear weapons. Sure, you might not let one off the chain everytime there's a problem, but having the capability constrains the number of options the enemy has.

          That's exactly what I meant by supplementary: it doesn't (usually) kill on its own, it just weakens the enemy force, hopefully enough to force a surrender.

          That's a rather good analogy, but with a significant flaw: states know the size of other armies almost exactly...

          It wasn't always that way. It's not like satellites have been around since war was invented. Just because the technology and methodology has changed doesn't mean that principles behind control of terrain, force multipliers, offense versus defense, etc., are any less valid.

          True, war was not always an almost-fully informed game. However, while some of the tactics and strategies discussed by Sun Tzu are still valid, most have been superseded: terrain is no longer a constraint when you can air-lift your troops into position and conduct air strikes and bombardment over strategic ranges, the traditional maxim of "Defenders are a

      • Your nasty few words nicely display why half the world hates Americans - you are saying that soldiers can kill criminals just like the KGB eliminated their (real or perceived) opponents.
        • I'm not saying that!
          What I'm saying is that since terrorists don't count as combatants, they are not subject to the provisions of the Geneva Convention, and therefore, soldiers have who encounter one have no obligation whatsoever to spare his life, like they do with regular enemy combatants. Even civil uprisings and irregular combatants are afforded more protection given that they fulfill the required criteria (relaxed version of the regular combatants' criteria).

  • by JSBiff ( 87824 ) on Friday June 08, 2012 @03:10PM (#40261803) Journal

    I'd say this is a bit more like biological weapons, and less like nuclear - more likely to spread, more likely that a single individual or small group can successfully develop and deploy them, some chance that once deployed, it will come back to attack its creator-state, because you can't be completely sure you can control it. (That is to say, once a given nuclear device is detonated, it's gone and can't attack again, but biological can cyber weapons can be harvested, tweaked, and re-deployed against you).

  • by Anonymous Coward

    When you drop a nuclear bomb on an enemy, is there a warhead left to analyze? Exactly. That's how cyberweaponry should be designed...one time use only, and it destroys itself, whether it's successful or not. Not only does that keep the enemy guessing, but it also keeps the minds behind the attacks active and creative.

    • by Anonymous Coward

      When you drop a nuclear bomb on an enemy, is there a warhead left to analyze? Exactly. That's how cyberweaponry should be designed...one time use only, and it destroys itself, whether it's successful or not. Not only does that keep the enemy guessing, but it also keeps the minds behind the attacks active and creative.

      Actually, there is enough left to analyze. The decay products can tell you a lot about the material in the warhead. Arguably, enough to identify not only the nation state, but possibly even

      • ..cyberweapons are banking on the incompetence of the victim. Because that works most of the time and on the interesting targets, that is Good Enough. Stuxnet only succeeded because the Iranians were more or less completely incompetent. A Belarus company (!) had to do it for them. Belarus is a little tyranny with little resources, except brains left from the soviet union. Much larger Iran could not do it because their software engineers are so bad.
    • by plover ( 150551 ) *

      When you drop a nuclear bomb on an enemy, is there a warhead left to analyze? Exactly. That's how cyberweaponry should be designed...one time use only, and it destroys itself, whether it's successful or not. Not only does that keep the enemy guessing, but it also keeps the minds behind the attacks active and creative.

      Cyberweapons come in two main flavors: code that runs internally on the target system (malware such as Stuxnet, Flame, Duku, etc.) and attacks that are run external to the target (Distributed Denial of Service DDoS attacks from tools such as LOIC, disabling the routers that serve the target, disrupting their DNS, etc.) External weapons remain safely out of the hands of the target. The only thing the target gets is the SYN packets, or the RST packets, or a dead router. An analogy would be that nothing in

      • ..smart cyber weapons could be inserted by a microwave transmitter into the target's signal processing software and from there fsck with some critical data displayed to humans.
        Or, inject a virus directly into a sigint system, because by definition that system is listening promiscuously for other people's data streams.
        Inject malware by a laser triggering some sensor's automatic gain control rapidly, triggering a buffer overflow.
        Basically, the sky is the limit when it comes to hacking modern weaponry, as
  • I have been hearing about the next war about cyber weapons for several years. Seems the same old tricks keeps geting them time and time again.

  • Ok, so you work with the Israelis and Brits/Germans/French to sneak some viruses into the computers of Iran, Russia and China. You pop a couple of beers and celebrate as the targeted computer systems lockup or crumble.... --------> Two years later. Iran, Russia and China pull off a successful cyberattack against computers in the U.S., Israel, Britain, Germany, France. Now the "Allies" have to deal with computers that lockup, fuckup, or crumble. Of course, the "Allies" will regroup and launch another cybe
    • And this is different from conventional war...how?
    • That's not the point of cyberwarfare. When done correctly, you attack with conventional forces while their systems lock up and crumble, and strike into the chaos for a quick win.

    • I think you just described conventional war: You hurt yourself in order to hurt your enemy more, and hope that he'll give in before you have to.
  • by Anonymous Coward
    Why is it that almost every single article I've read lately thinks I'll like Rand Paul's story?
  • A cyber-what?
  • I'll keep it short & simple:

    • The President believes any cyber attack is "an act of war".
    • Only congress can declare war.
    • Congress has not declared war on Iran.
    • The President engaging in "acts of war" of an offensive nature, is illegal.
    • by fa2k ( 881632 )
      Not just Iran, Obama attacked lots of countries with Stuxnet. Even US itself.
  • by Trepidity ( 597 ) <[delirium-slashdot] [at] [hackish.org]> on Friday June 08, 2012 @03:53PM (#40262319)

    One more crippling cybershell hit the already beleaguered cyberdefense community when CyberIDC confirmed that cyberwarfare rates have risen yet again, now up to more than 100 percent of all servers. Coming on the heels of a recent Cybercraft survey which plainly states that cyberdefense has lost more cyberbattles, this news serves to reinforce what we've known all along. Cyberdefense is collapsing in complete cyberchaos.

  • i'm all for escalation of weapons that can only do as much damage to me as i want.
  • by Anonymous Coward

    Cyber Attacks cannot be controlled once released the same way poison gas could not be controlled once released. As any idiot could foresee, and as has already been demonstrated in the first "International Warfare" "deployments". Like poison gas cyber-weapons go whichever way the wind blows, linger in low areas, in still pockets and under inversions. Their remnants continue to wreak havoc on the more sensitive, as "dispersed" gas did the pigeons used in WWI to carry messages. And, like mustard gas, and D

    • "Cyber Attacks cannot be controlled once released"
      Just because there exists malware which will attack anything it is compatible to, does not mean much. You could very well write malware which would attack only computers with a very small set of IP addresses, with a very specific config, in a very specific subnet or DNS domain. Your argument is the same as the pope lamenting the use of longbows. "distance weapons are dehumanizing like nothing before. The bad guy with the horns on the head must have created
  • by Anonymous Coward

    I don't care about their arms race.

    I just want to know:
        is nmap and wireshark protected by the second amendment?

  • ... tax revenue is like a piñata for some people*, fear- and warmongers in particular.


    * = read 'unscrupulous bastards'
  • Geez, it's like something out of Doctor Who.... ... ...Oh wait. Cool!!! How long before we have actual Cybermen fighting our wars, stomping around yelling "DELETE, DELETE!"?

  • The great Prophet Mel Brooks predicted our Cyberwar strategy in his metaphorical vision: Blazing Saddles:

    Our (that is, the US's) Cyberweapons threaten ourself more than any other target. We are the most dependent on the internet We have the most to lose. We wave these weapons of self-mutilation around in the hopes that our intimidated foes will not force us to destroy ourself.

    What could go wrong?

    ALL Praise Iro

  • I'm going to have to write an OS, based on capability based security. Even if it sucks, it'll be the only thing left running after skynet becomes self aware, infects everything, then gets paranoid, then kills itself in a case of mistaken identity. (Total time, 4 hours, 9 minutes, 2.3 seconds)

  • What are Cyberweapons? How to use them?
    • Stuxnet ? Flame ? Taking out your opponents computers means taking out their weapons, if they have anything smarter than an AK47. Even modern handheld radios now contain lots of sw.
  • The first step to defend systems is to know all the types of defensive armor. Here is a list of what I consider useful:

    Formal Verification. Proof your code correct. Works on small pieces of code

    Sandboxing. Google Chrome is doing it conceptually very well and could be applied to many more systems

    Behavioural Analysis at network chokepoints such as firewalls and fileservers. Malware will be challenged to make its extraction and C&C traffic look like legitimate traffic. Requires competent analysts who actua

You are always doing something marginal when the boss drops by your desk.

Working...