Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cyber-Attacks?

Posted by michael on

Galahad2 writes "The Washington Post has a lengthy article about the Bush administration's fears of an Al Qaeda cyber attack on the nation's infrastructure. Though we have all seen this sort of attack as a possiblity for a long time, I'm having a hard time believing that Al Qaeda is capable of anything along these lines." You're not the only one. The article does cite an example of the only known infrastructure attack, a case in Australia where a consultant used his inside knowledge of a local sewage treatment system to dump raw sewage, hoping for a contract to solve the problem he created.

9 of 369 comments (clear)

  1. Smart Move... by Howzer · · Score: 5, Funny
    This, and several other even less plausible recent "possible attack" stories look to me like a classic "cover your arse" move from the White House. The conversation in the "war-room" probably went something like this:

    Flak 1: "Hey, we're really getting pasted over the fact that we "knew about" 9-11 and didn't warn anyone."
    Solemn pause as the room thinks. Scratching of heads, etc.
    Flak 2: "I know, let's warn everyone about every possible type of attack, so that if and when the next one occurs we can say..."
    Flak 1: "... I told you so?! That's brilliant! Bob, call your guy at the Post and see if you can sell that cyber attack story. Frank, get the Times on the phone, tell them ... oh you'll think of something! Ted, start posting stories on Slashdot; those hackers suck up every meme that's going..."
    Scene of chaos as flunkies run in every direction to Flak 1's barked commands.

    Something like that, right?

  2. A quote from Assistant Secretary of Defense thing by aelvin · · Score: 5, Funny
    "DCS and SCADA systems might be accessible to bits and bytes," Assistant Secretary of Defense John P. Stenbit said in an interview. But al Qaeda prefers simple, reliable plans and would not allow the success of a large-scale attack "to be dependent on some sophisticated, tricky cyber thing to work."

    I don't know whether to be more concerned about a potential cyber attack or the fact that the Assistant Secretary of Defense refers to critical infrastructure as "some sophisticated, tricky cyber thing."

  3. Why is important infrastructure online? by khym · · Score: 5, Insightful

    Why are any of the computers controlling national infrastructure on the Internet or available via modem? Anything that important should be completely cut off from the outside world.

    --
    Give a man a fire, and he'll be warm for a day, but set him on fire, and he'll be warm for the rest of his life.
  4. Re:Inconceivable? by red5 · · Score: 5, Insightful

    Prior to September 11th, 2001, it was inconceivable that anyone would be capable of using airplanes as guided missiles and then fly them into buildings. Look where we are now.

    Okay what about kamikaze?

    "Those that don't learn from history are doomed to be beat to hell by those who do. " -- red5

    --
    I know I'm going to hell, I'm just trying to get good seats.
  5. the real terrorists are governments and media by g4dget · · Score: 5, Insightful
    Government experts and the media are bombarding us with possible scenarios: smallpox sprayed from crop dusters, terrorist attacks shutting down our stock markets, dirty bombs in New York harbor, nuclear missiles raining down from God-knows-where, etc.

    Why do they do that? Certainly not to improve our life expectancy or security. If we wanted to do that, spending $280 billion on public health and education would save a lot more lives than a missile defense system even in the unlikely event that we were attacked and that the system worked. If we are worried about attacks on our financial system, stopping crooks like Enron and WorldCom executives would be a whole lot less trouble and costly, not to mention less threatening to our civil liberties; Osama sending a Microsoft Word virus out of his cave pales in comparison to what a single felonious US executive can achieve.

    No, people create fear in order to gain power. That's true for Afghan terrorists as much as for the US government and the media. Creating fear gives people power and it allows politicians to move billions of dollars to their favorite campaign contributors.

    Folks, life is dangerous: live with it. And learn to evaluate risks and spend dollars wisely on prevention. Nearly 50000 people die each year in the US in traffic accidents, more Americans than in the entire Vietnam War. Cars cause even more deaths each year from pollution. Smoking causes 440000 premature deaths each year. Obesity causes about 280000 premature deaths each year. (Data comes mostly from JAMA.) Those are all easily preventable, with better education, reduced stress, and a better transportation infrastructure. Instead, however, we get worked up about obscure threats and spend enormous amounts of money on anti-terrorist measures and military hardware that will almost certainly not protect us anyway.

    In the literal meaning of "terrorist"--people who create terror for power--governments and the media are way ahead of any third rate coward in some cave halfway around the world. Hold the people who spread fear accountable the next time you go to the ballot box.

  6. Re:Forgotten Y2K fiasco already ? by MrMickS · · Score: 5, Insightful
    Y2K is called a fiasco because work was done and there were no disasters. People talked about it, spent money checking systems, upgrading systems, fixing problems before the event. No great disaster so all of this was in vain. A hoax. A fiasco.

    If the work hadn't been done and there had been disasters wouldn't that have been a greater fiasco?

    Situations like this are a no-win. If you do the work and fix problems, you've talked up the problem to get work. If you do nothing and their are problems you are negligent.

    Choose now.

    --
    You may think me a tired, old, cynic. I'd have to disagree about the tired bit.
  7. Rise in UNIX Targetted Attacks by Nishi-no-wan · · Score: 5, Informative
    Off topic, I know, but there's been a serious increase in attempts to hijack my web site since the Gobbles' proof of break-in-ability code for the Apache hole was released last week. It's probably the work of out of school script kiddies rather than that cad Al, but I'd like to know if other sys-admins have notice an increase in UNIX targetted attacks (specifically geared toward Apache) in the past week.

    The usual attack pattern goes:

    1. Enter the site on a "powered by freebsd" google search reference
    2. Cause an error ("GET ../.." or a "GET / HTTP/1.0" request) to get the web server name and version.
    3. If the version is a vulnerable version of Apache, an attack commenses with a different tool.
    If everyone hasn't upgraded Apache to a safe version yet, I strongly suggest you do. It's not just a Microsoft hole any more.
  8. Re:In summary by nordicfrost · · Score: 5, Interesting
    Well, when I was in the military, working on multimedia apps, I was impressed by the security precautions on the computers... We really wanted to make one of the servers accessible from the 'net because of the nature of the app. We applied to the HQ to be allowed to make the info on the server available from outside the secure digital phonelines. This was a "Restricted" server, the first security level in our classification system. The HQ said, "of course you can connect it to the 'net. On one condition; you must install a firewall". "No prob", I said. Then they answered; "oh yeah, one more demand. The firewall must be 100% intrusion secure, guaranteed by you personally. Not 99,9997%, not even 99,999999% but 100% secure. Then and only then can you put the server on the 'net." It never accessed the 'net.


    Security in the military is amazing. At least here. Any computer net designed for "Classified" to "Secret" is not allowed to be connected to ANYTHING except a fiber-op LAN. No floppy, no HDD, Windows boots from servers. The parallel and serial ports are removed, keyboard cords are glued to the machine, cabinet locked with padlock... The network I spent most of my time on had nothing more secret than the SSN of several persons, but that info is "Classified" so we had the server in a EMP-safe, TEMPEST-classified locked concrete room. The fib-op was in concrete ducts, the switch cabinets were thin safes, backups were stored in two separate fireproof vaults... I dare you. Hack that server, my guess is that it is next to impossible, primarily because of the NoNet-policy. Any computer connected to the 'net is automatically classified as "Unsafe" no matter what firewall in between. A computer that is "Unsafe" is not allowed to be next to a secure computer(!). This is to avoid human confusion...

  9. Consulting by carlos_benj · · Score: 5, Funny

    ....a consultant used his inside knowledge of a local sewage treatment system to dump raw sewage, hoping for a contract to solve the problem he created.

    Isn't that what consultants do everywhere? Come in, dump raw sewage, hope for a contract.

    --

    --

    As a matter of fact, I am a lawyer. But I play an actor on TV.