Slashdot Mirror
Operation 'Cyber Storm' Starts Tomorrow
cyberbian writes "Federal Computing Week reports that the Department of Homeland Security have moved up their rescheduled cyber security exercise, designed to test enterprise and private sector alike. The tests are expected to run from February 6-10, and are intended to gauge the state of readiness for a cyber attack on critical infrastructure. FCW also reports that the scope of the fake attacks will be global, and they are coordinating with partners in Australia, Canada and the UK."
How much damage they'll end up doing?
I'm glad that they are doing something like this, in the UK people have been estimating that "in the city" only around 50% of companies are anything like prepaired for an attack of this nature, hopefully this will show people what needs to be done...
I hope no real attacks take place during this time though...
*''I can't believe it's not a hyperlink.''
And then they discover they accidently broke the internet.
Then go home for a couple days!
WooHoo!
So all you need to do is find one unlucky zombie on a government IP, and use it to break in to random computers, and people will assume you're a good guy?
Well, I think I speak for all of us when I say on behalf of the internet community: Thank Ford for the Department of Homeland Security.
Exactly what can be expected in regard to online use just after the Superbowl? Will there be more or fewer people online during that time? I expect there'll be more. People will want to celebrate and complain about whomever won or lost. If we were under a cyberattack, then certainly that would be the best time to do these tests.
"IT-ISAC has eight members participating in the exercise, the center's Web site states. The participants are Cisco Systems, Citadel Security Software, CA (formerly Computer Associates), Computer Sciences Corp., Intel, Microsoft, Symantec and VeriSign."
In other words, little, if any.
The bits on the bus go on and off... on and off... on and off...
Last time i saw something like this, our 'organizataion' was tested.
They caused more damage to us with childhood tactics ( like locking out system accounts ) than doing 'real' tests. We were screwed for a week trying to undo damage, and trying to figure out how it was happening again and again.
Posting anonymously for obvious reasons.
I'm a lot more worried about the damage caused by the "Tiered Internet" proposals currently being bandied about. All network admins know that the damage caused by attackers is insignificant compared to the damage caused by upper management and government meddling.
This is like Microsoft checking its own code for security holes. If there is a weakness then resources could be better used by trying to eliminate the weakness instead of finding theoretical ways it could be exploited - because there's always the way you didn't think of and THAT's the one that's going to get you.
Homeland security is going to turn around and tell everyone that we're NOT ready for a "terrorist cyber attack"? No, it makes much more political sense to say "see? Our networks can survive millions of nerf-ball hits; more funding please."
Seven puppies were harmed during the making of this post.
Aren't "enterprise sector" and "private sector" the same thing (as opposed to "government sector")? When did we install Communism? Did I miss something?
Do you Gentoo?
Hrm, wonder how this will affect companies planning stress tests of their systems during that time period. Like for example the DDO stress test that starts on the 7th. It's wonderfully nice of the government to move the schedule at the last minute like this. I'm sure they won't be specifically targeting a small internet games company like Turbine... but I'd feel for any company who's planned tests will get nice and invalidated because the government decided that'd be a nice day to DDOS them.
I can see it now...
FROM: cyberstorm@dohs.gov
TO: unlucky.recipient@yourcompany.com
SUBJECT: Participation in Cyber Storm exercise
Your company has been identified by the Department of Homeland Security as potentially vulnerable to cyber attack. During the week of February 6th - February 10th, the DoHS will be testing cyber infrastructure as part of our Cyber Storm security exercise. In order to participate, you will need to supply us with [insert favorite hacking data here]...
GetOuttaMySpace - The Anti-Social Network
I thought for a minute there they were talking about IRC back in the late 90's. Now THERE was a storm of cybering for you. Not that I would..ummm...have any personal knowledge or anything.
Now that Cyberdyne has been established, I wonder how much longer it will be until SkyNet is initialized?
Ryan - http://www.thecosmotron.com/
As a precautionary measure, should I set fire to all my machines running XP???
FCW also reports that the scope of the fake attacks will be global, and they are coordinating with partners in Australia, Canada and the UK."
I didn't know that computers only speak English.
Hmmm... learn sumthin new evry day.
While I think this article is talking about a table top or paper drill, it does hint at a bigger question. How do you do realistic pen testing on a system that must be 100% configuration controlled? I think you have to assume that the Pen Testing will take the system into an unknown state though you should know the range of that unknown state, (it may not effect the entire system.) From that you can conclude you need to have a plan to take the system or parts of the system from an unknown configuration state back to the current baselined configuration state. But is this possible? How long does it take? What methods do you use? Does anyone on slashdot have any experience with such a plan? Has anyone had to write one or even enact one?
I do security
I doubt the Department of Homeland Security has anything like a globally distributed botnet, or permission to run DDoS like a real attacker might. The virus attack on the Russian stock market is not something goverments can replicate.
The only winners will be the companies who sell the extra bandwidth!
Zen tips: Pay attention. Don't take it personally. Believe nothing.
So, they're just going to submit a bunch of web sites to Digg and Slashdot. Big Deal! :-)
If Nalgene water bottles are outlawed, only outlaws will have Nalgene water bottles.
"Mr. McKittrick, after very careful consideration, sir, I've come to the conclusion that your new defense system sucks."
Proof by very large bribes. QED.
Was the massive blog outtage yesterday part of this, and someone just jumped the gun a little? What's to stop the feds from shutting down huge pieces of the net, or replacing pages with look-a-likes that have information they want you to believe, as opposed to real information? Phed Phishers in other words, geek goose stepping order followers.
This crap is weird. I fully expect them to pull off another false-flag terrorist attack and use that as an excuse to do real damage to the freedom parts of our society, they have already shown that is their primary agenda and that is exactly what they have been doing. Controlling the web could be part of it.
Suppose their attacks allow them to get into various machines and networks, what will they do with the data that is accesible in those machines?
Is this just another end run around warrantless search and seizures of data?
What kind of oversite is there on this process and how can we be sure the information is not used, stored, or otherwise desiminated among the various US spook agencies and their foreign lackeys.
And how much do you want to bet Google will be a very well excercised target since they have been fighting the governments abuse of power already.
My next Slashdot post will be ready soon, but subscribers can beat the rush and see it early!
http://www.april-fools.us/internet-cleaning.htm
Original Message - 1996
DO NOT CONNECT TO THE INTERNET FROM 12:01 AM GMT ON FEB. 29 TO 12:01 AM GMT, MARCH 1 !!
*** *** Attention ***
It's that time again!
As many of you know, each leap year the Internet must be shut down for 24 hours in order to allow us to clean it. The cleaning process, which
eliminates dead email and inactive ftp, www and gopher sites, allows for a better-working and faster Internet.
This year, the cleaning process will take place from 12:01 a.m. GMT on
Feb. 29 until 12:01 a.m. GMT on March 1. During that 24-hour period, five powerful Internet-crawling robots situated around the world will search the Internet and delete any data that they find.
In order to protect your valuable data from deletion we ask that you do the following:
1. Disconnect all terminals and local area networks from their Internet
connections.
2. Shut down all Internet servers, or disconnect them from the Internet.
3. Disconnect all disks and hardrives from any connections to the Internet.
4. Refrain from connecting any computer to the Internet in any way.
We understand the inconvenience that this may cause some Internet
users, and we apologize. However, we are certain that any
inconveniences will be more than made up for by the increased speed and efficiency of the Internet, once it has been cleared of electronic flotsam and jetsam. We thank you for your cooperation.
Kim Dereksen
Interconnected Network Maintenance staff
Main branch, Massachusetts Institute of Technology
Sysops and others: Since the last Internet cleaning, the number of
Internet users has grown dramatically. Please assist us in alerting
the public of the upcoming Internet cleaning by posting this message
where your users will be able to read it. Please pass this message on to
other sysops and Internet users as well. Thank you.
They'll conduct the exercise, discover that there are serious problems--just as every other evaluation of our cybersecurity has discovered. They'll make a report, the report will note that to fix things it would be necessary to spend money. And involve uncomfortable decisions like reducing our dependence on a monoculture of Microsoft Windows.
The decision-makers will decide (as they have so far about everything involving actual defensive measures involving the homeland that they would prefer to spend the money in some other way. They'll appoint yet another cyber defense "czar" as evidence of action, he will start with the clear understanding that the one thing he can't do is get the funding to implement the measures recommended in the report.
And when the actual attack happens and is devastating, they'll say nobody could have anticipated it.
See also Hurricane Pam
"How to Do Nothing," kids activities, back in print!
And people wonder about the existence of crazed fundamentalists in the middle east? We have the exact same kind of mentally unbalanced (or damaged) people in the west as presented on behalf of Webster Griffin Tarpley by the Anonymous Coward parent poster.
2 20.stm). By the logic of the extremist pseudo-muslims any picture or photograph should be equally protested but instead they actually break the intentions of Islam in their idolatry of the prophet Mohammed and sadly as such (in my personal opinon) showing how Islam is falling into the same trap as those "christians" who idolate Jesus Christ as a replacement of God.
"The Mohammed cartoons are a transparent provocation by NATO intelligence through a Danish right wing newspaper of limited circulation."
I'm sure that makes much more sense to the conspiracists than the issue as put forward by both the original publisher (making a point against self-censorship by the media on muslim issues) as well as the outbursts of support by other newspapers and magazines all over europe (and even in Jordan and Egypt!) and international press organisations correctly coming to the defence of freedom of speech.
If people like Webster Griffin Tarpley had a few more firing synapses they would instead speculate about the following peculiarities:
- the original publishing happened last year in september, there was zero international outcry at that point in time (only local danish discussion on the topic between civilized muslims and the rest)
- yesterdays burning of embassies in Syria is extremely unlikely to have happened without the approval of the brutal Syrian Baath-party dictatorship. Violent destruction of embassies would normally be regarded as a declaration of war as it's the sovereign domain of whatever country the embassy belongs to
- todays attacks on embassies in Beirut, Lebanon was in all likelihood initiated by people who ideologically are extremely closely related to Syria, if not also directly related to them (Hamas-supporters)
- the Beirut attacks very quickly shifted focus onto attacks on Lebanese christians and christian churches, so quickly as to make it likely that the inital attacks were a cover for trying to reinflame the unrest in Lebanon
- Norwegian imams as well as other western islamic representatives are urging for calm, non-violence, as well as against the hijacking of the issue by islamic extremists (most muslims are intelligent rational people and have nothing in common with the extremist rabble)
- there has been next to none, or at least extremely small levels, of muslim outcry on the issue in Norway (I'm a norwegian btw). In general I would say norwegian muslims are better integrated into society (through no small effort of the muslims themselves as should be expected) than danish ones although we of course have issues in Norway too. I live next door to the oldest mosque in Norway (and a very pretty one imo) and have had enough muslim friends and aquaintances both in Norway and South East Asia to feel confident in saying this
- respect for the prophet Mohammed is one thing, the prohibition against depiction in Islam actually isn't specifically about the prophet Mohammed but about all living things and intended to discourage idolatory! (might want to read http://news.bbc.co.uk/1/hi/world/middle_east/4678
But no, instead of all the above Webster Griffin Tarpley concocts paranoid delusions based on ignorance of how NATO even works and is structured (all NATO decisions are made by unanimous approval of all members). The level of idiocy required to hold the opinions of the AC is the same as that which is required to claim Denmark and other scandinavian countries are ruled by "Zionists" as some middle east government representators have said... lol
--
this additional sig includes a portrait of Mohammed in support of freedom of expression, feel free to reproduce it
this comment is provided "as is" and without any express or implied legibility or congruity [...]
Suppose their attacks allow them to get into various machines and networks, what will they do with the data that is accesible in those machines?
Well, according to TFA, "IT-ISAC has eight members participating in the exercise, the center's Web site states. The participants are Cisco Systems, Citadel Security Software, CA (formerly Computer Associates), Computer Sciences Corp., Intel, Microsoft, Symantec and VeriSign." So those companies seem to have signed up and are ready to have their networks accessed as part of the excercise. In the absence of evidence to the contrary, your supposition is groundless.
Is this just another end run around warrantless search and seizures of data?
If you were going to attempt to grab all sorts of data, would you publicize it and bring in several nongovernment participants? It seems that bringing in so many actors and making it all public would violate several of the tenets of Black Helicopter Ops 101.
What kind of oversite is there on this process and how can we be sure the information is not used, stored, or otherwise desiminated among the various US spook agencies and their foreign lackeys.
In the House of Representantives, the House Committee on Homeland Security provides oversight. In the Senate, the Senate Committee on Homeland Security and Governmental Affairs provides oversight.
And how much do you want to bet Google will be a very well excercised target since they have been fighting the governments abuse of power already.
Google is fighting a subpoena from the Department of Justice. If you think that the Department of Homeland Security automagically does the bidding of the DOJ, you've obviously never worked in government. The people at DHS aren't morons, and though the structure of the organization almost guarantees incompetence, I doubt they would be so stupid as to "target" Google in this exercise.
Read the EFF's Fair Use FAQ
"Cyber" this and "Cyber" that. I'm just about as sick and tired of that term as I am "rampant piracy". Somehow, I think certain portions of the United States Federal Government, specifically those involving national security, have been taken over by either small, odious children or full-grown chimpanzees. At this point I can't really tell which.
The higher the technology, the sharper that two-edged sword.
The type of test I participated in wasn't invalidated by this lack of surprise because it was deliberately designed to expose procedural flaws and systematic gaps that fell between different areas of responsibility. The lack of surprise was a nuscience in the design of the test, but it was planned for and accounted from the very beginning. Having an announced testing window was a necessary security feature and not a flaw in the test.
These tests either were performed within the announced window of time or they were cancelled outright. Delay was out of the question. Delay was insecure. Cancelled tests were a nuscience for the test teams because it meant almost a month delay before they'd be allowed to perform the test, but the insecurity introduced by saying "Oh wait, the tests are back on schedule" or "Oh we'll just delay the test window a few days" was unnaceptable to security.
I've heard a time (though I didn't participate) in a test where a piece of equipment failed the day before the two day test window. Without this piece of equipment data measurements would be fuzzed by an order of magnitude on one part of the test. A replacement was ordered but on the day the tests were to begin it still required a day of prep time. To you and me our first inclination might be to simply delay the test a day. That was not acceptable to the security team. The test went on with the bad piece of equipment and the test results were compromised but in only that part of the test. Another test window was scheduled six weeks in the future and the test team's budget was increased to have redundant pieces of certain test equipment on hand and ready as part of the design of new testing procedures.
What seems almost absurd was the idea of moving forward the timeframe of an announced security test. There were times when test teams were very ready ahead of time, but they used the time to double and triple check their preparation, take documentation for next test, meet and discuss the game plan, and use the extra time productively while waiting for the arrival of the upcoming announced testing window. Why not just go ahead with the tests? Because once again, moving the announced test window was a security risk. And performing the test outside a test window was considered a break-in by security, and unnecessary for properly designed tests by the test teams.
I know banking security differs from computer security, but it still seems rather insecure and dangerous to move an announced test window period at all. What's worse is that it seems unnecessary, unusual, and odd to move the test period forward. If the test requires surprise, then it's either a poorly designed test or it was compromised by having an announced test window to begin with. If we're dealing with computer security on an international scope, then it would seem incredibly helpful to take the extra test time and double check the game plan. Tests inside a single banking company with far fewer issues of timing, language, and politics welcomed an extra week to plan and prepare before most tests of even moderate complexity. It seems arrogant, ignorant, or careless to say "Oh, we don't need this extra time before the tests. We'll deliberately tamper with our security and throw away this extra time we could use to prepare and coordinate this very complex international test."
So what's really going on here?
By Adam Brookes
BBC Pentagon correspondent
A newly declassified document gives a fascinating glimpse into the US military's plans for "information operations" - from psychological operations, to attacks on hostile computer networks.
Bloggers beware.
As the world turns networked, the Pentagon is calculating the military opportunities that computer networks, wireless technologies and the modern media offer.
From influencing public opinion through new media to designing "computer network attack" weapons, the US military is learning to fight an electronic war.
The declassified document is called "Information Operations Roadmap". It was obtained by the National Security Archive at George Washington University using the Freedom of Information Act.
Officials in the Pentagon wrote it in 2003. The Secretary of Defense, Donald Rumsfeld, signed it.
The "roadmap" calls for a far-reaching overhaul of the military's ability to conduct information operations and electronic warfare. And, in some detail, it makes recommendations for how the US armed forces should think about this new, virtual warfare.
The document says that information is "critical to military success". Computer and telecommunications networks are of vital operational importance.
Propaganda
The operations described in the document include a surprising range of military activities: public affairs officers who brief journalists, psychological operations troops who try to manipulate the thoughts and beliefs of an enemy, computer network attack specialists who seek to destroy enemy networks.
All these are engaged in information operations.
Perhaps the most startling aspect of the roadmap is its acknowledgement that information put out as part of the military's psychological operations, or Psyops, is finding its way onto the computer and television screens of ordinary Americans.
"Information intended for foreign audiences, including public diplomacy and Psyops, is increasingly consumed by our domestic audience," it reads.
"Psyops messages will often be replayed by the news media for much larger audiences, including the American public," it goes on.
The document's authors acknowledge that American news media should not unwittingly broadcast military propaganda. "Specific boundaries should be established," they write. But they don't seem to explain how.
"In this day and age it is impossible to prevent stories that are fed abroad as part of psychological operations propaganda from blowing back into the United States - even though they were directed abroad," says Kristin Adair of the National Security Archive.
Credibility problem
Public awareness of the US military's information operations is low, but it's growing - thanks to some operational clumsiness.
Late last year, it emerged that the Pentagon had paid a private company, the Lincoln Group, to plant hundreds of stories in Iraqi newspapers. The stories - all supportive of US policy - were written by military personnel and then placed in Iraqi publications.
And websites that appeared to be information sites on the politics of Africa and the Balkans were found to be run by the Pentagon.
But the true extent of the Pentagon's information operations, how they work, who they're aimed at, and at what point they turn from informing the public to influencing populations, is far from clear.
The roadmap, however, gives a flavour of what the US military is up to - and the grand scale on which it's thinking.
It reveals that Psyops personnel "support" the American government's international broadcasting. It singles out TV Marti - a station whi
"Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell