Slashdot Mirror
Japan Will Stage Mock Cyberattacks
freaktheclown writes "Japan is set to start staging mock cyberattacks on various companies as precautionary exercises. According to the article: 'Japan will conduct nationwide exercises next year to prepare effectively for cyberattacks on computer networks. Mock cyberterrorists will simulate attacks on computer networks of businesses and government organizations to discover vulnerable areas, the Yomiuri Shimbun reported Wednesday. Participants in the exercises will include financial institutions, communications companies and Internet service providers, as well as the central government and local governments.'"
If you are developing your own cyberattack techniques, here's your chance to test them while "hiding in plain sight".
The NSA: The only part of the US government that actually listens.
Japan better not try to attack Microsoft, they might end up with BSOD hell.
He who knows best knows how little he knows. - Thomas Jefferson
So how many radioactive reptiles does it take to bring down a server?
This is the perfect smokescreen for some 'renegade' Chinese to do some real damage.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
where Japan staged a mock attack on Hiroshima and Nagasaki after the Jews staged a mock Holocaust.
This is great. I hope we learn something important from observing this, and frankly I'm glad we (US) aren't having to pay for it.
.sigs are for post^Hers.
Whenever I need to test my new firewall installation, I just open up an IRC session or post a Usenet post (containing my IP address) saying something like "Hi there, I'm a researcher for Microsoft/SCO/Natalie Portman/George Bush and I've been watching you all and you are all lamers"
Then I just wait for the attack to begin.
(although, when I say I'm working with Natalie Portman, most of the attacks seem to come in on port 79 for some reason...)
The perfect cover for my real attack on Japan. They'll never know.
Ready the botnet!!!
Why do all the overweight ones in your group insist on wearing goatees? Don't you know that facial hair doesn't work for disgusting cubicle shit such as yourselves?
Slashdotters: You are all a bunch of faggots.
Do you hear me, you repulsive faggots? NO DIGG.
Company: Somebody set up us the bomb
...and 8 others - we'll call them 'undecided'.
Government: HAHAHAHAHAHA
Company: You killed kenny.somecorp.com.jp! You bastards!
Maybe they're trying to stimulate hardware sales.
--
There are 10 kinds of people in the sig
Smart people like me who understand binary.
Those who don't.
I wonder if this is your typical test where only the strongest points are tested. Will hackers cold-call targeted businesses pretending to be admins verifying passwords?
"God fights on the side with the best artillery." - Napoleon, Marshal of France - speaking truth to power
These are either full attacks (perhaps cancellable) or they will lead to false confidence (IMHO more an American than a Japanese trait).
To follow up the mock cyber-attacks, Japan will then undergo a mock giant robot attack, which will be followed by Godzilla drills.
It's good to use your head, but not as a battering ram.
Just post up a link on slashdot to any of the companies needing a test.
Live forever, or die trying.
There were even drills for the Oaklahoma City bombing.
... is it my imagination or did Bush promise the Palestinians a state? http://www.bbc.co.uk/pressoffice/pressreleases/sto ries/2005/10_october/06/bush.shtml
... or Pakistan ... or Germany ... or England ... or ...
Read about it at www.infowars.net
or see the videos at www.prisonplanet.tv
Oh, and BTW
Pretty crazy, no? Wondor how the Zionists feel about that one. (The fact that Bush said that in June of 2003 and we're just now learning about it is telling.)
Guess that means tonight's nation-wide address should be pretty interesting, huh? Suppose we need a draft? (That'll get the slashdotters' attention.)
Mock drills are a coming in droves, it would appear. And not just from Japan
(Yeah, you can learn about all their mock teror drills, too, at www.infowars.net, too)
The companies are warned and can make their backups in time.
Anyway, I consider this to be a logical step forward, after all, Japan is one of the countries that have suffered most from earthquakes and Tsunamis, and they surely take the prevention measures against these disasters.
Why should a network attack be any different?
Do these mock attacks include agents dressed as multi-tentacled demons attempting to rape the women?
- For the complete works of Shakespeare: cat
In my days in big financial services tech hell, I was on the Disaster/Recovery planning committee. If the plan could not be really tested, it was fantasy hoping for good luck.
The test cases weren't only terrorism - just what would happen if we had a steam explosion, the building was sprayed with asbestos, and the NYPD and FD put yellow tape around it.
In Peopleware, Tom DeMarco tells of the job interview... "We need a juggler. Can you juggle?" "I'm great!" "Burning Logs?" "No problem!" "Animals?" "No problem-o!" "You've got the job!" "Don't you want to see me juggle?"
So the idea of something that resembles live-fire testing is a very good idea. Intrusion testing, auditability (even open book audits as in "we're gonna ask you this, uber-geek!")is not perfect; however, I remember speaking with smug black frocked dotcommers who built systems that couldn't scale etc. etc.
Ok. I think I'm gonna get some of that spray-on hair now and sort punch cards. But a test (if not completely lame)is a critical part. If the thing fails, do it again. If it passes the test, make the test harder. Fight dirty when you test - it will make for better results when the stuff hits the fan for real.
Verizon: Latin for "poor rural service".
Just post your targets at Slashdot, and we will simulate a DoS attack.
Circumcision is child abuse.
I know it's offtopic, but that's what I am staging- make sure you put this on your recipe card for the holidaze!
_______________________
Ritz Mock Apple Pie
The classic pie, featuring Ritz crackers baked in a golden crust,
is perfect for the holidays.
Pastry for two-crust 9-inch pie
36 RITZ Crackers, coarsely broken (about 1 3/4 cups crumbs)
1 3/4 cups water
2 cups sugar
2 teaspoons cream of tartar
2 tablespoons lemon juice
Grated peel of one lemon
2 tablespoons margarine or butter
1/2 teaspoon ground cinnamon
1. Roll out half the pastry and line a 9-inch pie plate. Place
cracker crumbs in prepared crust; set aside.
2. Heat water, sugar and cream of tartar to a boil in saucepan
over high heat; simmer for 15 minutes. Add lemon juice and peel;
cool.
3. Pour syrup over cracker crumbs. Dot with margarine or butter;
sprinkle with cinnamon. Roll out remaining pastry; place over pie.
Trim, seal and flute edges. Slit top crust to allow steam to escape.
4. Bake at 425 F for 30 to 35 minutes or until crust is crisp
and golden. Cool completely.
Makes 10 servings
NUTRITIONAL INFORMATION per serving
413 calories, 3 g protein, 63 g carbohydrate, 17 g total fat,
3 g saturated fat, 339 mg sodium, 0 g dietary fiber.
Preparation Time: 45 mins.
Cook Time: 30 mins.
Cooling Time: 3 hrs.
Total Time: 4 hrs. 15 mins.
All your base are belong to us!!!
An increasing number of companies and government offices have experienced cyberattacks. In one such case, kakaku.com, Japan's largest Web site specializing in product comparison information for consumer goods, had to be shut down temporarily after its code had been tampered with. ---------
Sounds like they need to secure their code first, then they can perform mock attacks.
On a side note, Kakaku.com sounds like a pr0n site
He who knows best knows how little he knows. - Thomas Jefferson
Microsoft sales will likely skyrocket as a result of this test.
i hate linux. its used but a bunch of fucking losers who have sex with pigs. eat it you faggats
US Will Mock Staged Cyberattacks
Be a real patriot: Question authority. Think for yourself. Formulate your own conclusions.
Ah, yes, round-eye. I see you suppry I speck Engrish so werr.
Who needs to stage it? Just post your website here and Slashdot will take care of it.
Comment removed based on user account deletion
I thought what I'd do was, I'd pretend I was one of those deaf-mutes...
"MIT betrayed all of its basic principles."
In my opinion, mock attacks largely allow people to feel good about their mock defenses.
This sig has absolutely no significance and serves only to take up screen space and waste the time of the reader.
Simple, just send 165+ text messages in less than a minute..
Who says we're not paying for it?
A) We're "paying for it" by not simulating our own right away and experiencing it ourselves.
B) We're sitting by while someone else gets experienced hardened professionals out of it while we sit and watch.
C) We're hoping they'll share information with us about the attacks and precautions taken. Do you really think they'll share everything? Hell no.
My presumption is that we've been invited, but you never really know how much the US will be permitted to see or to participate.
"Love is like pi - natural, irrational, and very important." (Lisa Hoffman)
I mock staged cyberattacks...
Chris Mattern
Original publication: http://www.yomiuri.co.jp/dy/national/20051005TDY01 003.htm
They should definitely try social engineering techniques too. There was article [http://www.pacifict.com/Story/%5D written by a former Apple catractor that details how he worked on the graphing calculator app for a year without being an employee.
Where I work, you just have to mention an employee's name and someone will assume that you work there. Of course I do work at Starbucks, but whatever [not really, I'm mean really not really].
W32.GODZILLA.K@MM!!!!!!!!!!!!
I am currently staging a mock time-wasting drill in my office. The goal is to find out what would happen if an employee here were to spend all morning looking at slashdot instead of working. Will I be caught? Stay tuned for the results!
When Japan is worried about an "electronic Pearl Habor", you know comedy's a dead art form. Now tragedy, that's funny!
I'm proud of my Northern Tibetian Heritage
[Note to terrorists: please disregard this message.]
SoundTimer makes you sound busy.
An Ad comes up and covers the article so I cannot read it. Same on IE... is there somewhere else I can go to read it?
Out of the corner of my eye, I could have sworn the title of this blurb was :
"Japan Will Stage Cyber Monkey Attacks"
Step 1.
Turn off the router.
Step 2.
Order pizza and have a party
Step 3.
Go home and sleep - take a couple days of vacations
Step 4.
go back to work, and reboot the router.
That's all they have to do.
... sorry, wrong address.
Let's test everyone just to make sure they are ready for the holiday season...
http://swankmartini.com/contact/
Am I the only person who couldn't read the article because a Flash advertisement covered up all the text and refused to be closed when I clicked the little "X" in the top corner?
Direct away from face when opening.
Just go to the front page of that publication, and click some of the links of the list on the right hand site of the list on the bottom of the page. One of them is our story, but without that obnoxious advertisement.
I'm not surprised, the Japanese do have experience with officially organized and controlled attacks: Tokyo Police Cataclysm Division.
or they will lead to false confidence (IMHO more an American than a Japanese trait).
I can think of one exception. That time the Japanese had false confidence that if they hit Pearl Harbor, the Americans will be too weak or timid to respond, and they will be able to rule the Pacific unchallenged.
Who knows what might be lurking underneath it...
They're the ones the burned Penny Arcade to the ground for the past 2 days.
On the other hand, the Chinese don't go in for Giant Steam-Powered Mecha Robots, so this could be, like, cool...
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Did anyone else read this as "Japan Will Mock Cyberattacks on Stage" at first glance?
I can just picture it:
"Pfft, You call that a cyberattack?"
Next!
Cyber attacks mock you!
I apologize sincerely
...belong to us
Mongrel News all the news that fits and froths
On September 22, Bruce E. Bernstein, President of the New York Software Industry Association (NYSIA), testified in writing to the U.S. Senate Committee on Banking, Housing and Urban Affairs during a Hearing on "Examining the Financial Services Industry's Responsibilities and Role in Preventing Identity Theft and Protecting Sensitive Financial Information", mentioning Prof. Malkin project analyzing the security configuration of TLS-protected servers.
Part of the testimony read:
"The most pertinent is a project undertaken by Dr. Tal Malkin and her team in the Computer Science Department at Columbia University, in partnership with researchers from IBM, related to the cryptographic security of Internet servers. Cryptography is an essential component of modern electronic commerce. With the explosion of transactions being conducted over the Internet, ensuring the security of data transfer is critically important. Considerable amounts of money are being exchanged over the Internet, either through shopping sites (e.g. Amazon, Buy.com), auction sites (eBay), online banking (Citibank, Chase), stock trading (Schwab), and even the government (irs.gov).
Dr. Malkin and her team made a systematic study of the cryptographic strength of thousands of "secure" servers on the Internet. Servers are computers that "host" the main functions of the Internet, such as Web sites (Web servers), email (mail servers), and other functions. Communication with these sites is secured by a protocol known as the Secure Sockets Layer (SSL) or its variant, Transport Layer Security (TLS). These protocols provide authentication, privacy, and integrity. A key component of the security of SSL/TLS is the cryptographic strength of the underlying algorithms used by the protocol. Dr. Malkin's study probed 25,000 secure Web servers to determine if SSL was being properly configured and whether it was employed in the most secure way. Improper configuration can lead to attacks on servers, stolen data identity theft, break-ins, etc. Dr. Malkin's project is the most extensive study of actually existing server security on the Internet.
The team's findings, relevant to these hearings, included some serious weaknesses in how Web servers, including eCommerce servers employed by financial service companies, are currently being configured.
The most prevalent is that an old, outdated version of SSL, known as SSL 2.0, is still being supported on over 93% of these "secure" servers. SSL 2.0 has many flaws, including a vulnerability to "man in the middle" attacks, which are commonly used for identity theft. While most of these servers also employ a more advanced version of SSL, the incoming communication can choose to use Version 2.0 and thus breach the defenses of the server.
Another serious problem is the use of 512 bit "public keys" (1,024 bits are recommended), which can be broken readily, thus compromising all of the data on the server using this key length. Over 5% of the "secure" servers are using this key length.
These security shortcomings are quite serious, and pose risks both to the consumers and the providers in the financial services industry. Financial server security can be increased both by popularizing the correct configurations and, possibly, by greater government oversight in this area.