CIA's Info Ops Team Hosts 3-Day Cyber Wargame

ScentCone writes "The CIA has booked some conference rooms and is working through a simulated 'digital Pearl Harbor' to see how government and industry handle a monster net attack from an imaginary future foe composed of anti-American and anti-globalization hackers. Having been accused of lacking imagination about potential terror attacks, they're using the exercise to better shape the government's roles in a variety of attack scenarios. The networking industry, it seems, is expected to always play a big part in detecting and thwarting such threats, as 9/11-scale economic disruption is a likely bad-guy objective."

Comparison in slightly bad taste...

[strider44]

People compare September 11 with a lot of things, but comparing it with a crack-fest? I doubt that it's even *possible* to kill several thousand people with cracking, you could only cause extreme inconvenience.

Besides, security can be achieved through a couple of simple steps: Don't use Windows, use OS's designed with security in mind. Use SELinux or equivalent on mission critical nodes. And secondly, educate the users and gain a culture of safety.

Re:Comparison in slightly bad taste...

[James_Duncan8181]

What? Bringing down a power grid during rush hour, changing details of patient notes on a hospital network, or sending false messages and checking the content of sent messages all have the potential to kill.

Have you no imagination at all? ;)

Re:Comparison in slightly bad taste...

[John+Seminal]

What? Bringing down a power grid during rush hour, changing details of patient notes on a hospital network, or sending false messages and checking the content of sent messages all have the potential to kill.

Almost all hospitals have generators, so power would not be an issue for them. Sure, the hospital might shut down the non-emeregency, non-critical care wards, they will have enough energy to protect life.

As for traffic signals not working, that won't cause a loss of life, it will cause many people to get pissed off.

If 9/11 was not about flying airplanes into buildings, but shutting down all electricity in the USA, maybe we would not be in Iraq or in the middle of a war.

Still... it would piss me off a ton if I could not watch any TV, could not check email. It is like an addiction, like caffine or cigarettes. Once you get hooked, you need your daily dose. In one way, they might be doing us a favor. Maybe people would pick up a book and think about the world, not in 30 second bursts like the TV programs us to do, but in thoughtful ways.

What the fuck am I saying. I need some cake. I am sooo fucking hungry, not like the bastards in ethiopia who fake it for attention, but really hungry for some cake with icing. Then I am going to watch the 2am edition of the news to see if anything changed from the 1am edition of the news. Then I am going to work to make enough money to pay for my cable bill, my tivo bill, my cell phone bill, my internet bill, my insurance bill... i am sure everyone gets the idea.

Slashdot folks are smarter than most. And that scares me.

Re:Comparison in slightly bad taste...

[voixderaison]

I suppose there are a variety of crack scenarios that would result in massive loss of life. Spoofing the air traffic control system in some fantastically improbably way might cause a few mid air collisions before the planes were grounded.

Launching a single nuclear missile would shoot past the mark by rather a lot. Let's hope the control systems for those things are not connected via some backdoor to to a network in turn connected via some other back door to a network connected to the internet, eh?

These crackfest doomsday scenarios are not preparing government for the real problems at hand, today. Consider the case reported by the New York Times last week :

"During a two-day period they watched as the intruder tried to break into more than 100 locations on the Internet and was successful in gaining root access to more than 50. "

It was probably a lone cracker, possibly a small group. rooting fifty boxes in a couple days. That was just a two day sample of a months long probably-one-man crackfest. Low level information theft poses a real threat to national security. Many government agencies are not even able to detect it.

By the way, it seems to be more popular in government circles to invoke September 11, probably because in the current climate it helps get funding. At least there is that perception.

Re:Comparison in slightly bad taste...

[Canberra+Bob]

"If 9/11 was not about flying airplanes into buildings, but shutting down all electricity in the USA, maybe we would not be in Iraq or in the middle of a war."

Maybe if the USA went after the culprits of 9/11 you would not be in Iraq either. Otherwise I agree with your point.

Re:Comparison in slightly bad taste...

[synthespian]

Incidentally, I had to go to Al Jazeera to find that passage- CNN, those J-school dropouts, post a heavily edited version without even mentioning that it was edited.

Yeah, I remember reading the original statement:
"And it was to these sorts of notions and their like that the British diplomat and others were referring in their lectures at the Royal Institute of International Affairs. [When they pointed out that] for example, al-Qaida spent $500,000 on the event, while America, in the incident and its aftermath, lost - according to the lowest estimate - more than $500 billion.

Meaning that every dollar of al-Qaida defeated a million dollars by the permission of Allah, besides the loss of a huge number of jobs.

As for the size of the economic deficit, it has reached record astronomical numbers estimated to total more than a trillion dollars.

And even more dangerous and bitter for America is that the mujahidin recently forced Bush to resort to emergency funds to continue the fight in Afghanistan and Iraq, which is evidence of the success of the bleed-until-bankruptcy plan - with Allah's permission.

It is true that this shows that al-Qaida has gained, but on the other hand, it shows that the Bush administration has also gained, something of which anyone who looks at the size of the contracts acquired by the shady Bush administration-linked mega-corporations, like Halliburton and its kind, will be convinced. And it all shows that the real loser is ... you."here)

Actually, at the time I was kind of shocked at the self-imposed censorship of the American media. Sometimes I think the USA has achieved a more effective way of brain-wahing than the Soviets could have ever dreamed of...No in-depth analysis in news media, no space for political discussion, people afraid to vent their political views, a presidential campagin that can only be won with loads of money, indirect elections for president, moralism, fear of "communism" (or, as the neo-macarthist term would have it today "anti-americanism"), etc. And, no, I'm, no a lefty.

People don't die when networks crash

[Dancin_Santa]

For all the hoopla about the pervasiveness of the internet in our daily lives, when it comes down to brass tacks, it's all just electronic pulses. When those pulses go dark, the wires are still around routing telephone calls. No one dies in a burning, collapsing building. No one dies in a hijacked airplane. No one dies because they stand too close to a bomb. Those bits just go dark and the internet disappears for a while.

A day without the internet is like a sky without vaportrails.

Even the data that is destroyed by such an attack is not at such a disadvantage. Though the paper-less office has been a longstanding goal, it is totally a dream. Everything has a papertrail and can be backed up.

There is no calamity awaiting us in the event of a terrorist cyberattack. The real calamity is the usurpation of rights due to terrorist attack fearmongering.

Re:People don't die when networks crash

[thynk]

It depends on what network is crashed. Crash the network of your local 911 and see how many people die because the operator isn't able to find the address of a heart patient who can't speak well enough during the attack to give thier address.

We've become very dependant on computers and networking. Sometimes, very critical systems are left wide open. I think that having them tested for security leaks is a good idea.

A friend of mine who is a consultant did a 26 page report on a small town police department's network, finding that he was able to access everthing on thier network, including personal and critical information from home, with out a user account on the network.

"Anti-American and anti-globalization hackers"

[Raindance]

I'm not sure whether this is completely appropriate to include in a press release.

Insofar as the intelligence community is coming up with possible scenarios, yes, I think this is a possible scenario. And worth looking into.

Insofar as the government- MY government- is identifying and singling-out anti-globalization folks as "The Enemy" and "anti-American," I'm a bit frustrated. I'm an American who is also somewhat anti-globalization*.

So, thumbs up for doing some preparation that might actually matter. Thumbs down, however, for singling out anti-globalization as "The Enemy" and "anti-American."

You're the government. You have a responsibility to your citizens to not insult moderate views commonly held by U.S. citizens, however accidentally you do so. If you're going to put out press releases, hire some rhetoric Ph.Ds or something.

*There a lot of ins-and-outs to globalization. I'm against greedy globalization, which so far has unfortunately been rampant.

Re:"Anti-American and anti-globalization hackers"

[Jack+Taylor]

singling-out anti-globalization folks as "The Enemy" and "anti-American,"

I agree. I'd even go one step further and disagree with their use of "anti-American" itself. I mean, it seems that these days all you need to be "anti-American" is to disagree with some of the current US government's policies, the right to which would seem to be a fundamental tenet of democracy. If that's the case then Amnesty International is an "anti-American organization" for protesting about the US government's use of Guantanamo Bay. I live in the UK, and I've never heard anyone utter the words "anti-British"...

We fear what we don't understand

[Moraelin]

The less one knows about computers and networks, the more one can believe any "digital Pearl Harbour" scenarios.

E.g., I still fondly remember when I was 18, and mind you I was programming assembly for some years already, I thought I could write _the_ virus that would bring the whole economy to its knees. (Which is why I didn't actually release it.) Looking back in retrospect, omg, that idea was soo retarded.

Now throw in politicians, who have about as much clue of computers as your cat has _and_ make a living by blowing things out of proportion to an audience who knows even less. Right. You can see where that is going.

In practice, our computers aren't that vulnerable, ironically, because we know they're a fragile contraption. They don't exist in a vaccuum, as some box in a corner that noone knows about. Any company has a small army of admins who can deal with threats, has backups, etc.

Even things like Blaster didn't really do that much harm. The network congestion died pretty quickly, as everyone scrambled to block ports and disinfect machines. At the corporation I work for, it cost a total of a couple of days of the IT staff's work, to deal with some tens of infected computers out of many thousands. And that was the only virus I know of that made it inside in the last half a decade. (Unlike what Linux zealots like to claim about Windows securitiy, IRL it doesn't really cost _that_ much to keep it running.)

Or I remember one bank bitching about their DB/2 corruption, but even that didn't shut them down. Even doing the irresponsible thing and keeping running with a corrupt database and repairing it on the fly, in the end worked. It cost them some millions per day, yes, but the bank continued to work.

Just about the only thing one can't really defend against is a DDOS attack. No matter how well patched and firewalled a network is, when you have 10 GB/s stuffing your inbound pipe, you're stuffed.

But here's the fun part about those: they work against one site at a time. Directing some tens of thousands of zombies to spew 10 GB/s at one site, yeah, stuffs it. Directing the same 10 GB/s at 10,000 sites, won't even start to matter. There is no way that can be a threat to the whole economy or anything.

It is probably recruitment

[John+Seminal]

It's wonderful that the CIA has such trustworthy people that wouldn't think of disclosing details of such a secure operation..... Oh, wait.

Nah, we don't kill people. We play video games.

Sometimes I think the Army and government recruits like a gang or drug dealer. They offer people with little hope in life a job. They offer training. Stop me if you have heard this one: "The Navy will train you how to work on nuclear submaries... do you know how much people who work on nuclear stuff make outside the navy? $100,000 cash. Cold cash. Come on, let me hook you up, we'll even give you $5,000 if you sign up. It is a cakewalk, in 4 years you'll be out, and while you are in, we'll show you exotic places, exotic pussy. What do you want to do? Work in a McDonalds the next 4 years trying to save money for college? Hell, you can't even read".

Then the real story starts after boot camp. "You want me to do what? Tie a rope around my waist and drop down off the side of the battleship and clean the salt off the boat??" then in 4 years "My time is finally up. WHAT??? I got extended. By who?". And then the worst trick of all, 5 years later. "But I have nuclear experience, why can't I work for Ford? What, you exported all your jobs? Where??"

They have to get people in one way or another. Army and government recruitment is like spam for making your penis bigger. They will rip off anyone they can. It is ashame we let them in highschools to sell their programs to kids under 18, to prep them for when they turn 18. Kids should need to have their parents sign an approval form for their kids in highschool to watch the recruitments.

Re:anti globalism = anti americanism?

[arstchnca]

It is an all-too-common misconception that disagreeing with a nation's administration renders one "unpatriotic." As far as I know, the definition of a patriot remains "one who loves and defends his or her country."

What many these days seem to fail to realize is that one's country and one's government are too very different things. If that were not the case, those fighting for America's freedom from British rule during the American Revolution, the quintessential example of an American patriot, would not be considered patriotic at all.

I'd like to remind everyone that the kid wearing the "Fuck Bush" t-shirt is still very much a patriot, so long as he loves his country for blessing him with the freedom to express his beliefs that contradict the administration's policy.

(And yes, I do realize that anyone kid wearing said t-shirt is, in all likelihood, doing so for attention rather than to further a political opinion.)

Slashdot has caught the political meme

There used to be a time when you could comment on such articles without it being turned into a political diatribe. This article is damn interesting and there could be some awesome commentary by some /.'ers. However you political numbnuts decided to turn this into soapbox rant afternoon.

BTW, I am left-leaning as well, but for fucks sake keep your politics to yourself. It's completely off-topic yet gets modded up becuase of /. groupthink. Leave your political rants for the /. political threads.

Cmon guys don't drag this place down a notch. It's annoying to sort through at +4/5 expecting cool comments but all you get is some guys off topic political rant that fits the /. atmosphere.

Some people rubbish the parent, but

[panurge]

They suffer from imagination deficiency. Apart from disrupting things like pipelines, which (as I discovered when working for a company that made pipeline parts, among other things) have some interesting design deficiencies, there is the potential to do things like change the schedule of estuarine sewage pumps so that they pump out on the rising, not the falling tide. Or change the dosing pump settings on water treatment plants. Most of the world is incredibly dependent on clean water and sewage treatment, with river pollution so high as to make untreated water undrinkable. Serious disruption to the water system would kill or make sick a lot of old people and young children - and, just like US and Russian landmines that are designed to injure children rather than kill them, this would have disruptive effects out of proportion to the numbers and economic activity of those affected.