Slashdot Mirror
Cyber-Attacks?
Galahad2 writes "The Washington Post has a lengthy article about the Bush administration's fears of an Al Qaeda cyber attack on the nation's infrastructure. Though we have all seen this sort of attack as a possiblity for a long time, I'm having a hard time believing that Al Qaeda is capable of anything along these lines." You're not the only one. The article does cite an example of the only known infrastructure attack, a case in Australia where a consultant used his inside knowledge of a local sewage treatment system to dump raw sewage, hoping for a contract to solve the problem he created.
Flak 1: "Hey, we're really getting pasted over the fact that we "knew about" 9-11 and didn't warn anyone." ... oh you'll think of something! Ted, start posting stories on Slashdot; those hackers suck up every meme that's going..."
Solemn pause as the room thinks. Scratching of heads, etc.
Flak 2: "I know, let's warn everyone about every possible type of attack, so that if and when the next one occurs we can say..."
Flak 1: "... I told you so?! That's brilliant! Bob, call your guy at the Post and see if you can sell that cyber attack story. Frank, get the Times on the phone, tell them
Scene of chaos as flunkies run in every direction to Flak 1's barked commands.
Something like that, right?
I don't know whether to be more concerned about a potential cyber attack or the fact that the Assistant Secretary of Defense refers to critical infrastructure as "some sophisticated, tricky cyber thing."
Why are any of the computers controlling national infrastructure on the Internet or available via modem? Anything that important should be completely cut off from the outside world.
Give a man a fire, and he'll be warm for a day, but set him on fire, and he'll be warm for the rest of his life.
Prior to September 11th, 2001, it was inconceivable that anyone would be capable of using airplanes as guided missiles and then fly them into buildings. Look where we are now.
Okay what about kamikaze?
"Those that don't learn from history are doomed to be beat to hell by those who do. " -- red5
I know I'm going to hell, I'm just trying to get good seats.
Why do they do that? Certainly not to improve our life expectancy or security. If we wanted to do that, spending $280 billion on public health and education would save a lot more lives than a missile defense system even in the unlikely event that we were attacked and that the system worked. If we are worried about attacks on our financial system, stopping crooks like Enron and WorldCom executives would be a whole lot less trouble and costly, not to mention less threatening to our civil liberties; Osama sending a Microsoft Word virus out of his cave pales in comparison to what a single felonious US executive can achieve.
No, people create fear in order to gain power. That's true for Afghan terrorists as much as for the US government and the media. Creating fear gives people power and it allows politicians to move billions of dollars to their favorite campaign contributors.
Folks, life is dangerous: live with it. And learn to evaluate risks and spend dollars wisely on prevention. Nearly 50000 people die each year in the US in traffic accidents, more Americans than in the entire Vietnam War. Cars cause even more deaths each year from pollution. Smoking causes 440000 premature deaths each year. Obesity causes about 280000 premature deaths each year. (Data comes mostly from JAMA.) Those are all easily preventable, with better education, reduced stress, and a better transportation infrastructure. Instead, however, we get worked up about obscure threats and spend enormous amounts of money on anti-terrorist measures and military hardware that will almost certainly not protect us anyway.
In the literal meaning of "terrorist"--people who create terror for power--governments and the media are way ahead of any third rate coward in some cave halfway around the world. Hold the people who spread fear accountable the next time you go to the ballot box.
If the work hadn't been done and there had been disasters wouldn't that have been a greater fiasco?
Situations like this are a no-win. If you do the work and fix problems, you've talked up the problem to get work. If you do nothing and their are problems you are negligent.
Choose now.
You may think me a tired, old, cynic. I'd have to disagree about the tired bit.
I don't believe Osama's buddies would attempt something like this. Somebody else, maybe, but not Al Quaeda. They're much more interested in the 'honor' and the 'glory' of making big, bloody direct attacks. Look at their history of attacks: WTC, Khobar Towers, USS Cole, WTC again, Kenya embassy,... All aimed at directly attacking symbols of US hegemony, with big booms and many dead. Computers is just not like them.
Anthrax, maybe.
superblog.org: all your favourite blogs on o
I'm having a hard time believing that Al Qaeda is capable of anything along these lines.
So they have towels on their heads, hide in caves and currently live somewhere between Afghanistan and Pakistan - so this makes them stupid, right?
Whatever. Have you forgotten that these people managed to simultaneously hijack FOUR aircraft, in a country with absurdly tight border restrictions, keep the whole thing quiet from an increasingly Orwellian state, run the whole gig on a budget of eighty dollars and five camels AND get away with it? Hmm? Do I see Osama Bin Laden's head mounted on a plaque in the oval office? Quite.
Thing 2 - Sysadmin's are notoriously lazy, particularly Microsoft ones. Count the number of no brainer hacks we've had over the last, say, two years: Default passwords on SQL servers, unpatched IIS installations by their thousands... Not to mention the notoriously bad security record of the vendor itself.
Not that you need to actually attack anything, don't forget that the multi billion dollar Yahoo! empire was reduced to rubble by some kid in fuckwad Arizona calling himself "Mafiaboy". And he bragged about it on IRC, hardly the gold standard in attempting to get away with things.
Fucks' sake, A "cyber attack" is so thoroughly within the reach of Al Queda that the only reason I can suggest that they've not done it is that they've been busy regrouping after their previous hosts, the Taliban, had their arses royally kicked a few months back.
You think they're going to run forever? Grow up America. You're not as smart as you think you are, and you're very much a target. Have a nice day.
Dave
I write a blog now, you should be afraid.
They keep using that word. I do not think it means what they think it means.
SpyDock: Scientific Python in a Docker container
Al Qaeda has hired script kiddies to bring down rain down computer destruction. I don't understand why the fuck things not designed to be hooked up to the internet are being hooked up to it.
I ask in all seriousness, why is a railway switch hooked up to the public internet? What good reason is there for eletronic valve controls for fresh or sewage water to be hooked up to the internet? Does a passing shit or dead goldfish need to check its e-mail? I can understand having some sort of network linking a bunch of sensors and whatnot, that makes sense. I do not understand however why that network needs to be on the internet or even publicly accessible. In some cases, like the guy in Australia, the method of intrusion was not the internet or a network of any sorts, just an unsecured method of entry. Having singular systems with unsecured entry point is understandable and pretty forgivable. Not everyone expects some jackass to try to scre with something. A network of systems with unsecured entry is ridiculous.
I remember reading a billion and a half philez back in the day on how to fuck with systems through Tymnet and other networks similar to it. I still don't see why the SCADA system controlling the Hoover damn needs a modem in it, if it does need that modem in it what is up with the lack of intense and thurough handshaking and password challenges?
The internet is an obvious target regardless for you bozos who question militant religious fanatics and their target aquisition. Why attack the WTC? It was a symbol, same with the White House or Pentagon. They're both symbols. The internet is another symbol of Western culture. Who is the internet big with? A hint: it is not a bunch of predominatly Muslim countries but the word does start with W and end with est. It would be yet another symbol to attack if you're in the mindset that the West is the source of all of your ills.
If you're worried about phone lines going down and needing network access get some geeky friend together, get yourselves Ham licenses and form yourself an emergency packet radio network. If you've got laptops and battery powered equipment you'll be fine even if your power goes from al Qaeda script kiddie attack. While it sounds sort of ufnny to some it is a good idea, hams in an area suffering from power outages or down phone systems can be a big help keeping the flow of information flowing. Nothing helps in an emergency situation like the right information getting to the right people at the right time.
I'm a loner Dottie, a Rebel.
The idea that critical systems of a power-plant of any kind would be on-line and accessible via the web or dial-up is so preposterous as to defy reason. The idea is surely suggested by ignorant kooks, and snatched up and carried into daylight by "journalists" who would rather see their name in a byline than verify the information in the stories they rush to press. In short, someone has seen one to many USA Channel Sunday Night Movies.
Having worked on nuclear plant monitoring systems software, I can tell you for a fact that the critical systems not only can not be tripped from off-site, but also can not be accessed from anything but specific, highly secure and redundant systems.
These systems have physical switches that often require two hands to operate. They are designed to prevent insider sabotage, so no wanker with a laptop, sitting in a cave or boardroom half a world a way can do anything. The only action that can be caused by any local anomaly is a controlled, safe shut-down. The only thing that a remote action will result in is a line-item in the logs, period. A plant shutdown may be costly and greatly inconvenient, but hardly lethal, and absolutely not catastrophic. The "terrorists" will have better luck flying a 747 into the Hoover Dam.
The notion that someone with access from outside could trip a plant or cause anything but the generation of a non-critical statistics report to be generated is lunacy. Yes, some aspects of some systems may be monitored from outside, but this is only for informational purposes only.
The usual attack pattern goes:
- Enter the site on a "powered by freebsd" google search reference
- Cause an error ("GET
../.." or a "GET / HTTP/1.0" request) to get the web server name and version.
- If the version is a vulnerable version of Apache, an attack commenses with a different tool.
If everyone hasn't upgraded Apache to a safe version yet, I strongly suggest you do. It's not just a Microsoft hole any more.Of course the Bush administration will finally have a real reason to blame the Clinton administration for somthing, with Al Gore being the inventor of the Internet and Cyber-everything.
_______
2B1ASK1
I'm sure that many government computers are safely isolated from any public nets, but many of them have the sole purpose of serving information to the Internet, and would be pretty useless if they were isolated! Furthermore, it's not just government installations that are at risk. The 9-11 attacks weren't just aimed at the Pentagon. Or perhaps you forgot about the WTC?
The major US backbones of the Internet itself could be considered part of our national infrastructure. I hope you're not going to ask why the backbones are on the Internet!
So right, and the really funny and tragic thing about this is that 1000 years back, Islam was the cultural light of the world. They had no problem with science, saw it as studying Allah's creation, and a truly proper thing to do. Large parts of the Rennaissance were merely bringing knowledge from the Islamic world into Europe.
Then sometime in the past few hundred years, they began to throw all of that away.
Kind of like the US and Freedom.
The living have better things to do than to continue hating the dead.
It is true that today Al-Qaeda or who ever are not be able to disrupt our infrastructure anymore than any script kiddie. Of course these enemy forces have a great deal more resources and time than even an army of script kiddies. That is the real problem.
Please assess the situation as it is, not as you want it to be or think it might be. There is an enemy force that killed 2823 Americans on Sept. 11 2001. This force probably spent as many as 8 years and much money planning that attack; since the previous attack in 1993. They are patient. They may field students that get jobs in very vulnerable places, and then do a great deal of harm. This will take time and money, and they have a track record of doing just that.
I appreciate the hubris expressed by everyone here, but as Teddy Roosevelt said, lets "walk softly and carry a big stick".
Cheers, SEB
....a consultant used his inside knowledge of a local sewage treatment system to dump raw sewage, hoping for a contract to solve the problem he created.
Isn't that what consultants do everywhere? Come in, dump raw sewage, hope for a contract.
--
As a matter of fact, I am a lawyer. But I play an actor on TV.
Yea and if I told you a year ago someone would crash three airliners into major buildings in the US you'd have said the same thing.