Slashdot Mirror

← Back to Stories (view on slashdot.org)

Government Cyber Storm Ends

Posted by CmdrTaco on from the guess-who-is-to-blame dept.

Bemmu writes "Mainichi Daily News and BBC News are reporting that the 'Cyber Storm' operation, for testing how prepared America is for fending off cyber attacks, has now concluded. Apparently they even used bloggers as part of the operation, as relayers of misinformation!"

35 of 124 comments (clear)

  1. Misinformation? by Winlin · · Score: 5, Funny

    Are you trying to tell me bloggers aren't reliable??? My whole worldview has come crashing down.

    1. Re:Misinformation? by nazsco · · Score: 2, Interesting

      the gov don't want you getting information off the oficial channels. stick to your tv and leave the internet alone.

    2. Re:Misinformation? by Zeinfeld · · Score: 4, Insightful
      the gov don't want you getting information off the oficial channels. stick to your tv and leave the internet alone.

      This lot don't want people to take information from anywhere else than themselves, Fox News and the Washington Times.

      But I suspect that the reason Blogs were in the simulation was because of their speed of reaction rather than anything else.

      The biggest cyberwar effect being seen today is freebooting groups of partisans launching unofficial (and possibly sometimes official) actions. A big concern in the intel community is that these unofficial actors my tip an international incident into a crisis.

      Take the current spate of attacks by Islamist hackers attacking targets in Denmark. Imagine if Denmark was a crazy-actor like Libya or Iran and a cyberattack by one of those unofficial freebooters took out a major infrastructure. Or imagine what might happen if Iranian hackers attacked Denmark, took out a major infrastructure and Danish hackers retaliated in kind.

      Add freebooter hackers into an environment where diplomats are doing everything they can to avoid escalation and the potential for disaster is large.

      --
      Looking for an Information Security student project suggestion?
      Try http://dotcrimeManifesto.com/
    3. Re:Misinformation? by HiThere · · Score: 2, Interesting

      Where do you find a world where the diplomats are trying to discourage escalation...or don't you count elected officials as diplomats?

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
  2. Lies! by elleomea · · Score: 5, Funny

    Clearly it han't ended and slashdot is just being used for misinformation!

  3. Internet attack? by xxxJonBoyxxx · · Score: 4, Funny
    "It was carried out on secure computers in the basement of the Secret Service in Washington DC."

    Sounds realistic...

    1. Re:Internet attack? by Rosco+P.+Coltrane · · Score: 4, Funny

      "It was carried out on secure computers in the basement of the Secret Service in Washington DC." Sounds realistic...

      Dude, the simulation is supposed to be accurate, remember? I bet the SS guys playing the 3v1l h4x0rs even drew pimples on their faces, wore CCC-branded shirts, didn't wash for 2 weeks, bought the latest issue of 2600 and messed up the basement with old slices of pizza before doing their simulated deeds...

      --
      "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
    2. Re:Internet attack? by mister_llah · · Score: 3, Funny

      It'd be even more realistic if those agents were morbidly obese, unshaven, and unshowered...

      --
      MoM++ - A Classic Expanded - [Master of Magic 1.5]
      http://mompp.sourceforge.net/
  4. "Apparently they even used bloggers..." by Anonymous Coward · · Score: 5, Funny

    Man, I am so linking to this.

  5. Press Release by iphayd · · Score: 2, Funny

    We are not wiretapping without warrants, this was just "misinformation" that was leaked to America to see how "gullible" they are. Of course, this official press release is completely legitamate and not consisting of misinformation.

    - Emperor Bush

    1. Re:Press Release by Max+Threshold · · Score: 4, Interesting

      Seriously, though... I think the do this all the time. They've been testing the public and the media for decades to see who calls bullshit. Their lies and obfuscation have slowly gotten more outrageous, and people have been conditioned to think nothing of scandals that just a generation or two ago would have resulted in civil war.

  6. Uh oh by rwebb · · Score: 5, Insightful

    If the exercise Hurricane Pam is to Hurricane Katrina as Cyberstorm is to an actual cyber attack, then we're in deep doodoo. No smiley.

    --
    Trusted by cats.
    1. Re:Uh oh by carpe_noctem · · Score: 5, Insightful

      Hey, that's a rather unfair comparison. The Hurricane Pam exercise accurately pointed out everything bad that would happen in case of a category-5 hurricane, and it also outlined the government's areas where they were not prepared (well, up until the point when the exercise was cancelled, that is). The exercise itself could have been very useful, had the government actually used information from this exercise. However, gross amounts of miscommunication (which seems to be the norm in the US government these days) led to the katrina disaster.

      --
      "Quoting famous computer scientists out of context is the root of all evil (or at least most of it) in programming." - K
  7. Cyber-BS by Rosco+P.+Coltrane · · Score: 4, Insightful

    The exercise had given the US "an excellent opportunity to enhance our nation's cyber security," the US said.

    What? they finally told Microsoft to release a secure OS or else...?

    Seriously, most "cyber-attacks" are as much the result of criminals, professional spammers and teenage virus writers as it is the result of the single shoddy OS they target. Both are needed for an attack to work. The rest can easily be taken care of by training IT professionals better and by selecting more secure OSes.

    And no, before you ask, I'm not trying to push *nix or MacOS against Windows: while I do believe Windows is badly designed at core and will always be insecure one way or the other, if Microsoft could make it secure, it would most certainly give a lot less headaches to the DHS folks.

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
    1. Re:Cyber-BS by RiotXIX · · Score: 2, Interesting

      I'm fairly confident that whenever we see reports like this publicizing how 'tests show the US internet is hacker proof!' it's just media garbage: real tests are confidentially held (maybe in basements!), and the public sure as heck are told of the results. I don't know why they bother handing out bits of information like to feed the public.

      Articles like this are the ones that we need to be worried about.

      --
      "You know you don't act like a scientist, you're more like a game show host." Dana Barret
  8. CYBER STORM LOL by MikeSty · · Score: 2, Interesting

    Cyber Storm took place on computers isolated from the net

    Right... This way they're not actually vulnerable to anything, such as BotNet attacks by little script kiddies who want ad revenue. Or maybe they just were afraid of Windows Update.

    1. Re:CYBER STORM LOL by AB3A · · Score: 2, Insightful

      Most hackers would have a hard time doing that where I work. It is TRULY isolated. Granted, in many utilities, the IT department has taken over things like DCS systems and SCADA systems. This is a very BAD thing. IT may be really good with computers, but they often don't know anything about how industrial control systems work. It is not "just another data source" or "just another network". Screw up on projects like these, and there may not be anything left to reboot. It is wise to cultivate a few engineers and attempt some cross training between the two groups.

      Sadly, most IT departments are in it for the flashy reports and cool looking web page designs. Most engineers I have spoken to on this subject just shake their heads in disgust.

      --
      Nearly fifty percent of all graduates come from the bottom half of the class!
  9. This just in... by coastin · · Score: 5, Funny

    After thinking that the Internet had doged a bullet from the Cyber Storm of the century, reports are now coming in that several cyber levys have been breeched and the internet is filling with spam.

    --
    I lost my sig...
  10. Crack by Anonymous Coward · · Score: 5, Funny

    I wonder what happens when they use crackers instead of hackers.

  11. Mock attack = Mock results by t7 · · Score: 5, Insightful

    "The war game drew in 115 agencies from the FBI and CIA to the Red Cross, the Department of Homeland Security said."

    "IT companies and state and foreign governments also played a role in responding to the mock attacks."

    These "simulated" attacks are all well and good, but they are being performed by entities meant to keep the system secure. Isn't that only attacking from one angle? Did these groups attack the systems like scriptkiddies would? Like seasoned professionals not skewed or influenced by "standard corporate security measures"? Did they take into account social engineering and attacks from the inside?

    1. Re:Mock attack = Mock results by savorymedia · · Score: 2, Interesting

      Not just all that, but you wonder if they ignored the physical factor...like setting off a small EMP generator (most likely a very small nuke) inside or near certain data centers. There are SO many more factors to cyberwarfare than just crackers.

      --
      1 is the square root of all evil.
    2. Re:Mock attack = Mock results by offal · · Score: 2, Insightful

      Speaking from experience, security audits from the feds have been much deeper and uncomfortable than any big four (or however many there are today) accounting/risk firms. "Some" feds are true wizards and may be the same "black hat" irc buddy you are in awe of. Script kiddies are called that for a reason. Anyone remotely experienced with IT Security better know Nessus and NMAP. Anyone selling "expertise" had better provide more than a report based solely on those two tools. In terms of using a test environment, well that's a good thing. Running an unannounced cyber Pearl Harbor attack on the real grid is what some folks call reckless. Regarding why are these systems on the net, well that may have something to do with commerce, deregulation, and the need to accomodate web based transactions without requiring a private T1 line that adds it's own concerns of risk, redundancy, and dependency.

  12. Re:Bloggers eh? by schmu_20mol · · Score: 2, Informative

    From TFA (BBC):

    It was carried out on secure computers in the basement of the Secret Service in Washington DC.

    There was no effect on the internet.

    ... read: they played in a sandbox far away from the real deal.

    --
    "Nae Kin! Nae Quin! Nae laird! Nae master! We willna be fooled again!"
  13. They apparently forgot ..... by Anonymous Coward · · Score: 3, Interesting

    .... that all known US Military / NATO et al. intelligence compromises have been
    perpatrated by their own employees, for former disgruntled employees.

    The Cyber Storm exercise appears yet again a vender dog and pony show to
    impress the current check signing crowd to buying more worthless stuff.

    Some years ago MS tried to wire-and-run a crusier off the Virginia coast in
    a test of Windows NT at ship control with a minimal crew. NT crashed about
    30 minutes into the test and the ship had to be towed back to port.

    Toodles!

    1. Re:They apparently forgot ..... by jimicus · · Score: 3, Insightful

      It's worse than that.

      I can't provide references off the top of my head, bu IIRC some estimates suggest that up to 70% of "attacks" come from within - disgruntled or corrupt employees being the most obvious example.

      Naturally, most companies aren't too keen to issue a press release saying "Yeah, this chap we employed walked out the door with a couple of thousand customer records when we sacked him last week", so these estimates are little more than educated guesses. But even so, if there's only the tiniest grain of truth to them it demonstrates how important it is to consider both internal and external security.

    2. Re:They apparently forgot ..... by AB3A · · Score: 2, Interesting

      When it comes to utilities, yes, we're very concerned about what the employees know and what they can do. The percentage figure is misleading because there are actually very few documented cases of such attacks.

      I hate to put cold water on this parade, but cyber attacks aren't nearly as effective as good old infrastructure attacks. Most of the control systems used for distribution networks are designed with an awful lot of fail-safe behavior. You can damage things, but doing it in a way that will bring the system to its knees is difficult. Why get upset over esoteric computer security issues when a couple of idiots and a cutting torch can bring down high tension lines. Why build elaborate security systems when for the cost of a suit, a hardhat, a phony badge, and a clipboard, you can enter most of these places unmolested?

      Yeah, we ought to be concerned, but there are bigger vulnerabilities that need addressing first...

      --
      Nearly fifty percent of all graduates come from the bottom half of the class!
  14. Bloggers in a basement by pigreco314 · · Score: 2, Funny

    "It was carried out on secure computers in the basement of the Secret Service in Washington DC."
    How many bloggers can be crammed into the basement of the Secret Service in Washington?

    --
    "linux" is a very common word and was not included in your search.
  15. Quick - someone save the internet by MECC · · Score: 4, Funny

    "The Internet survived, even against fictional abuses against the world's computers."

    I've got this picture of DHS undercover agents running around screaming "the sky is falling, the sky is falling!", and then making chicken-clucking noises. Nobody panics, and they proclaim "Right then, all is well".

    My tax dollars hard at work...

    --
    "We are all geniuses when we dream"
    - E.M. Cioran
  16. Why then... by audioinfektion · · Score: 3, Funny

    Is the data light on my internet connection still pegged.. Was not before this thing started...

  17. Re:raises the profile of computer security by topham · · Score: 2, Funny

    The real world involves pain and suffering. And that's just the fun stuff.

    The only thing I want fom the RealWorld is a few electrons, and a continuous supply of caffeine.

    And maybe a little less light.

    Now let me get back to my LCD Tan...

  18. Slashdot Headlines by DavidD_CA · · Score: 2, Funny
    they even used bloggers as part of the operation, as relayers of misinformation

    Well, that explains most of the recent Slashdot headlines.

    --
    -David
  19. Harbinger of bad news? by zappepcs · · Score: 3, Interesting

    IANACE (I am not a computer expert) but I have to say that Science Fiction, poor as some of the plots are, has already taken this game to a level that that US, or any government, cannot even imagine. The plot in The Terminator and The Matrix is only going a little further than what reality is probably already producing.

    What the world knows of virus and malware programs is only what has been discovered AND disclosed to the public. It is quite probable that there are malicious programs out there that are stealthily eating away at personal and business data or waiting till the right moment to do so, or worse, transmitting small bits and pieces of it back to the 'boss' on a regular basis. The latter has already been shown to be effective.

    Any exercise done to improve or test computer security is farsical in comparison to what the imagination of any geek can dream up. No, I don't have the program sheet for the tests done, but I do know that they cannot have tested for security against what I can dream up... and trust me, if I can dream it up, its probably already being done.

    Imagine a program that replicates itself, is small, does not trigger AV software, is executed by the computer user, does no damage, but propels itself across the networks until it finds itself on the computer of some user whose first name is Bill, and belongs to the domain microsoft.com. Now, every time that Bill lets his screen saver run, or recalculates some values in MS Excel, the program looks to see what the oldest file on the computer is, and queues it for transmission to another host when such transmission is likely to be unnoticed. (you figure out when that would be). Its not so hard to see such a program working, and going undetected by AV software. Yes, yes, I'm sure you could figure out how to catch it, but the time from zero-day to erradication would be a long time indeed.

    The selectivity of this program would make it very difficult to identify and get rid of. Especially if it is passing data from one infected machine to another so that final destination is impossible to find. I hate to say it, but Tor and BT could be used for impossibly complex industrial and government spying.

    The only way to stop malware is to disconnect the network cables, or very strictly control what passes over them to your computer or network. That gets difficult when such programs can mutate and then try tunneling via http etc. An http post request would be difficult to defend against if you are running an http server?

    Now, to get modded down: Didn't the US government think they were prepared for natural disasters? I'm sure that people in charge of such things do all they think reasonable to be prepared, but that force5 program is just waiting for them....

    --
    Support NYCountryLawyer RIAA vs People
    1. Re:Harbinger of bad news? by kadathseeker · · Score: 2, Interesting

      The plot in The Terminator and The Matrix is only going a little further than what reality is probably already producing.

      I think I get what you mean, but in the interest of humor: when was the last time a porno site popup killed you? For a more realistic bridge between far out sf and reality, read Peter Watts. The first two books in his Rifters trilogy are scheduled for reprint in 2007, and until then , he has made them available for download in PDF format on his website under the CC licencse http://rifters.com/real/shorts.htm

      They're really good and very well researched. The part about viral software and malware is in the second book.

      --
      The 'Net is a waste of time, and that's exactly what's right about it. - William Gibson
  20. Slashdot CyberSecurity Consulting by tritab · · Score: 4, Insightful

    How many comments do we need asking "what if this", "what about that", "why don't they make Microsoft fix their insecure OS", etc? I for one, am excited that the government even attempted this exercise. The smart folks who were involved with this definitely learned valuable lessons. Likely, as was seen with hurricane Katrina, communication was the biggest obstacle. Even the PHB's will notice the major problems. Please keep in mind that the government is a large bureaucracy and as such, is large and hard to change.

    Also keep in mind that the information security profession is still very immature. Remember that doctors and lawyers "practice" their professions. Do we "practice" information security? Engineers are legally required to submit their designs for peer review for all municipal projects. Is that same level of review required for information security for government efforts?

    We still have quite a way to go, but we are making steps forward.

  21. So.... My blogs can be censored? by ShyGuy91284 · · Score: 2, Interesting

    I can't think of any way they could really fight misinformation from blogs successfully other then forcing the "wrong" blogs down, since most might not be so trusting of a politician saying "I'm not bad. I'm good. I'd never do anything crooked".

    --
    In undeveloped countries, the consumer controls the market. In capitalist America, the market controls you.