Slashdot Mirror
Government Cyber Storm Ends
Bemmu writes "Mainichi Daily News and BBC News are reporting that the 'Cyber Storm' operation, for testing how prepared America is for fending off cyber attacks, has now concluded. Apparently they even used bloggers as part of the operation, as relayers of misinformation!"
Cyber Storm took place on computers isolated from the net
Right... This way they're not actually vulnerable to anything, such as BotNet attacks by little script kiddies who want ad revenue. Or maybe they just were afraid of Windows Update.
I have to wonder how much MySpace, LiveJournal and other blogsites were effected by this. Did the Cyber Storms use any of these vulnerabilities to test the infrastructure?
the gov don't want you getting information off the oficial channels. stick to your tv and leave the internet alone.
.... that all known US Military / NATO et al. intelligence compromises have been
perpatrated by their own employees, for former disgruntled employees.
The Cyber Storm exercise appears yet again a vender dog and pony show to
impress the current check signing crowd to buying more worthless stuff.
Some years ago MS tried to wire-and-run a crusier off the Virginia coast in
a test of Windows NT at ship control with a minimal crew. NT crashed about
30 minutes into the test and the ship had to be towed back to port.
Toodles!
Not just all that, but you wonder if they ignored the physical factor...like setting off a small EMP generator (most likely a very small nuke) inside or near certain data centers. There are SO many more factors to cyberwarfare than just crackers.
1 is the square root of all evil.
I'm fairly confident that whenever we see reports like this publicizing how 'tests show the US internet is hacker proof!' it's just media garbage: real tests are confidentially held (maybe in basements!), and the public sure as heck are told of the results. I don't know why they bother handing out bits of information like to feed the public.
Articles like this are the ones that we need to be worried about.
"You know you don't act like a scientist, you're more like a game show host." Dana Barret
Seriously, though... I think the do this all the time. They've been testing the public and the media for decades to see who calls bullshit. Their lies and obfuscation have slowly gotten more outrageous, and people have been conditioned to think nothing of scandals that just a generation or two ago would have resulted in civil war.
IANACE (I am not a computer expert) but I have to say that Science Fiction, poor as some of the plots are, has already taken this game to a level that that US, or any government, cannot even imagine. The plot in The Terminator and The Matrix is only going a little further than what reality is probably already producing.
What the world knows of virus and malware programs is only what has been discovered AND disclosed to the public. It is quite probable that there are malicious programs out there that are stealthily eating away at personal and business data or waiting till the right moment to do so, or worse, transmitting small bits and pieces of it back to the 'boss' on a regular basis. The latter has already been shown to be effective.
Any exercise done to improve or test computer security is farsical in comparison to what the imagination of any geek can dream up. No, I don't have the program sheet for the tests done, but I do know that they cannot have tested for security against what I can dream up... and trust me, if I can dream it up, its probably already being done.
Imagine a program that replicates itself, is small, does not trigger AV software, is executed by the computer user, does no damage, but propels itself across the networks until it finds itself on the computer of some user whose first name is Bill, and belongs to the domain microsoft.com. Now, every time that Bill lets his screen saver run, or recalculates some values in MS Excel, the program looks to see what the oldest file on the computer is, and queues it for transmission to another host when such transmission is likely to be unnoticed. (you figure out when that would be). Its not so hard to see such a program working, and going undetected by AV software. Yes, yes, I'm sure you could figure out how to catch it, but the time from zero-day to erradication would be a long time indeed.
The selectivity of this program would make it very difficult to identify and get rid of. Especially if it is passing data from one infected machine to another so that final destination is impossible to find. I hate to say it, but Tor and BT could be used for impossibly complex industrial and government spying.
The only way to stop malware is to disconnect the network cables, or very strictly control what passes over them to your computer or network. That gets difficult when such programs can mutate and then try tunneling via http etc. An http post request would be difficult to defend against if you are running an http server?
Now, to get modded down: Didn't the US government think they were prepared for natural disasters? I'm sure that people in charge of such things do all they think reasonable to be prepared, but that force5 program is just waiting for them....
Support NYCountryLawyer RIAA vs People
I can't think of any way they could really fight misinformation from blogs successfully other then forcing the "wrong" blogs down, since most might not be so trusting of a politician saying "I'm not bad. I'm good. I'd never do anything crooked".
In undeveloped countries, the consumer controls the market. In capitalist America, the market controls you.
Where do you find a world where the diplomats are trying to discourage escalation...or don't you count elected officials as diplomats?
I think we've pushed this "anyone can grow up to be president" thing too far.