Slashdot Mirror

← Back to Stories (view on slashdot.org)

Government Cyber Storm Ends

Posted by CmdrTaco on from the guess-who-is-to-blame dept.

Bemmu writes "Mainichi Daily News and BBC News are reporting that the 'Cyber Storm' operation, for testing how prepared America is for fending off cyber attacks, has now concluded. Apparently they even used bloggers as part of the operation, as relayers of misinformation!"

20 of 124 comments (clear)

  1. Misinformation? by Winlin · · Score: 5, Funny

    Are you trying to tell me bloggers aren't reliable??? My whole worldview has come crashing down.

    1. Re:Misinformation? by Zeinfeld · · Score: 4, Insightful
      the gov don't want you getting information off the oficial channels. stick to your tv and leave the internet alone.

      This lot don't want people to take information from anywhere else than themselves, Fox News and the Washington Times.

      But I suspect that the reason Blogs were in the simulation was because of their speed of reaction rather than anything else.

      The biggest cyberwar effect being seen today is freebooting groups of partisans launching unofficial (and possibly sometimes official) actions. A big concern in the intel community is that these unofficial actors my tip an international incident into a crisis.

      Take the current spate of attacks by Islamist hackers attacking targets in Denmark. Imagine if Denmark was a crazy-actor like Libya or Iran and a cyberattack by one of those unofficial freebooters took out a major infrastructure. Or imagine what might happen if Iranian hackers attacked Denmark, took out a major infrastructure and Danish hackers retaliated in kind.

      Add freebooter hackers into an environment where diplomats are doing everything they can to avoid escalation and the potential for disaster is large.

      --
      Looking for an Information Security student project suggestion?
      Try http://dotcrimeManifesto.com/
  2. Lies! by elleomea · · Score: 5, Funny

    Clearly it han't ended and slashdot is just being used for misinformation!

  3. Internet attack? by xxxJonBoyxxx · · Score: 4, Funny
    "It was carried out on secure computers in the basement of the Secret Service in Washington DC."

    Sounds realistic...

    1. Re:Internet attack? by Rosco+P.+Coltrane · · Score: 4, Funny

      "It was carried out on secure computers in the basement of the Secret Service in Washington DC." Sounds realistic...

      Dude, the simulation is supposed to be accurate, remember? I bet the SS guys playing the 3v1l h4x0rs even drew pimples on their faces, wore CCC-branded shirts, didn't wash for 2 weeks, bought the latest issue of 2600 and messed up the basement with old slices of pizza before doing their simulated deeds...

      --
      "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
    2. Re:Internet attack? by mister_llah · · Score: 3, Funny

      It'd be even more realistic if those agents were morbidly obese, unshaven, and unshowered...

      --
      MoM++ - A Classic Expanded - [Master of Magic 1.5]
      http://mompp.sourceforge.net/
  4. "Apparently they even used bloggers..." by Anonymous Coward · · Score: 5, Funny

    Man, I am so linking to this.

  5. Uh oh by rwebb · · Score: 5, Insightful

    If the exercise Hurricane Pam is to Hurricane Katrina as Cyberstorm is to an actual cyber attack, then we're in deep doodoo. No smiley.

    --
    Trusted by cats.
    1. Re:Uh oh by carpe_noctem · · Score: 5, Insightful

      Hey, that's a rather unfair comparison. The Hurricane Pam exercise accurately pointed out everything bad that would happen in case of a category-5 hurricane, and it also outlined the government's areas where they were not prepared (well, up until the point when the exercise was cancelled, that is). The exercise itself could have been very useful, had the government actually used information from this exercise. However, gross amounts of miscommunication (which seems to be the norm in the US government these days) led to the katrina disaster.

      --
      "Quoting famous computer scientists out of context is the root of all evil (or at least most of it) in programming." - K
  6. Cyber-BS by Rosco+P.+Coltrane · · Score: 4, Insightful

    The exercise had given the US "an excellent opportunity to enhance our nation's cyber security," the US said.

    What? they finally told Microsoft to release a secure OS or else...?

    Seriously, most "cyber-attacks" are as much the result of criminals, professional spammers and teenage virus writers as it is the result of the single shoddy OS they target. Both are needed for an attack to work. The rest can easily be taken care of by training IT professionals better and by selecting more secure OSes.

    And no, before you ask, I'm not trying to push *nix or MacOS against Windows: while I do believe Windows is badly designed at core and will always be insecure one way or the other, if Microsoft could make it secure, it would most certainly give a lot less headaches to the DHS folks.

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  7. This just in... by coastin · · Score: 5, Funny

    After thinking that the Internet had doged a bullet from the Cyber Storm of the century, reports are now coming in that several cyber levys have been breeched and the internet is filling with spam.

    --
    I lost my sig...
  8. Crack by Anonymous Coward · · Score: 5, Funny

    I wonder what happens when they use crackers instead of hackers.

  9. Mock attack = Mock results by t7 · · Score: 5, Insightful

    "The war game drew in 115 agencies from the FBI and CIA to the Red Cross, the Department of Homeland Security said."

    "IT companies and state and foreign governments also played a role in responding to the mock attacks."

    These "simulated" attacks are all well and good, but they are being performed by entities meant to keep the system secure. Isn't that only attacking from one angle? Did these groups attack the systems like scriptkiddies would? Like seasoned professionals not skewed or influenced by "standard corporate security measures"? Did they take into account social engineering and attacks from the inside?

  10. They apparently forgot ..... by Anonymous Coward · · Score: 3, Interesting

    .... that all known US Military / NATO et al. intelligence compromises have been
    perpatrated by their own employees, for former disgruntled employees.

    The Cyber Storm exercise appears yet again a vender dog and pony show to
    impress the current check signing crowd to buying more worthless stuff.

    Some years ago MS tried to wire-and-run a crusier off the Virginia coast in
    a test of Windows NT at ship control with a minimal crew. NT crashed about
    30 minutes into the test and the ship had to be towed back to port.

    Toodles!

    1. Re:They apparently forgot ..... by jimicus · · Score: 3, Insightful

      It's worse than that.

      I can't provide references off the top of my head, bu IIRC some estimates suggest that up to 70% of "attacks" come from within - disgruntled or corrupt employees being the most obvious example.

      Naturally, most companies aren't too keen to issue a press release saying "Yeah, this chap we employed walked out the door with a couple of thousand customer records when we sacked him last week", so these estimates are little more than educated guesses. But even so, if there's only the tiniest grain of truth to them it demonstrates how important it is to consider both internal and external security.

  11. Quick - someone save the internet by MECC · · Score: 4, Funny

    "The Internet survived, even against fictional abuses against the world's computers."

    I've got this picture of DHS undercover agents running around screaming "the sky is falling, the sky is falling!", and then making chicken-clucking noises. Nobody panics, and they proclaim "Right then, all is well".

    My tax dollars hard at work...

    --
    "We are all geniuses when we dream"
    - E.M. Cioran
  12. Why then... by audioinfektion · · Score: 3, Funny

    Is the data light on my internet connection still pegged.. Was not before this thing started...

  13. Re:Press Release by Max+Threshold · · Score: 4, Interesting

    Seriously, though... I think the do this all the time. They've been testing the public and the media for decades to see who calls bullshit. Their lies and obfuscation have slowly gotten more outrageous, and people have been conditioned to think nothing of scandals that just a generation or two ago would have resulted in civil war.

  14. Harbinger of bad news? by zappepcs · · Score: 3, Interesting

    IANACE (I am not a computer expert) but I have to say that Science Fiction, poor as some of the plots are, has already taken this game to a level that that US, or any government, cannot even imagine. The plot in The Terminator and The Matrix is only going a little further than what reality is probably already producing.

    What the world knows of virus and malware programs is only what has been discovered AND disclosed to the public. It is quite probable that there are malicious programs out there that are stealthily eating away at personal and business data or waiting till the right moment to do so, or worse, transmitting small bits and pieces of it back to the 'boss' on a regular basis. The latter has already been shown to be effective.

    Any exercise done to improve or test computer security is farsical in comparison to what the imagination of any geek can dream up. No, I don't have the program sheet for the tests done, but I do know that they cannot have tested for security against what I can dream up... and trust me, if I can dream it up, its probably already being done.

    Imagine a program that replicates itself, is small, does not trigger AV software, is executed by the computer user, does no damage, but propels itself across the networks until it finds itself on the computer of some user whose first name is Bill, and belongs to the domain microsoft.com. Now, every time that Bill lets his screen saver run, or recalculates some values in MS Excel, the program looks to see what the oldest file on the computer is, and queues it for transmission to another host when such transmission is likely to be unnoticed. (you figure out when that would be). Its not so hard to see such a program working, and going undetected by AV software. Yes, yes, I'm sure you could figure out how to catch it, but the time from zero-day to erradication would be a long time indeed.

    The selectivity of this program would make it very difficult to identify and get rid of. Especially if it is passing data from one infected machine to another so that final destination is impossible to find. I hate to say it, but Tor and BT could be used for impossibly complex industrial and government spying.

    The only way to stop malware is to disconnect the network cables, or very strictly control what passes over them to your computer or network. That gets difficult when such programs can mutate and then try tunneling via http etc. An http post request would be difficult to defend against if you are running an http server?

    Now, to get modded down: Didn't the US government think they were prepared for natural disasters? I'm sure that people in charge of such things do all they think reasonable to be prepared, but that force5 program is just waiting for them....

    --
    Support NYCountryLawyer RIAA vs People
  15. Slashdot CyberSecurity Consulting by tritab · · Score: 4, Insightful

    How many comments do we need asking "what if this", "what about that", "why don't they make Microsoft fix their insecure OS", etc? I for one, am excited that the government even attempted this exercise. The smart folks who were involved with this definitely learned valuable lessons. Likely, as was seen with hurricane Katrina, communication was the biggest obstacle. Even the PHB's will notice the major problems. Please keep in mind that the government is a large bureaucracy and as such, is large and hard to change.

    Also keep in mind that the information security profession is still very immature. Remember that doctors and lawyers "practice" their professions. Do we "practice" information security? Engineers are legally required to submit their designs for peer review for all municipal projects. Is that same level of review required for information security for government efforts?

    We still have quite a way to go, but we are making steps forward.