Governments Prepare for Cyber Cold War

superglaze writes "ZDNet UK has an analysis piece on the growing threat of a "cyber cold war". It's got some interesting examples and it seems everyone is up to something. "...attacks are not limited to any particular countries, or by alliances between countries, according to cyberwarfare watchers. In the McAfee report, Johannes Ullrich, chief technology officer for research organization the Sans Internet Storm Center, said that most countries hack each other regardless of any supposed allegiances. Alan Paller, director of research at security training organization the Sans Institute, concurred. "All nations are doing it to each other. I don't know of any country not doing it," he said. "If it's not for normal espionage, it's for economic espionage. It's a very broad set of countries [involved].""

Maybe It's Time for a Cyber-Treaty

[Apple+Acolyte]

It can be signed using an EULA!

Re:Maybe It's Time for a Cyber-Treaty

[TheMeuge]

It can be signed using an EULA!

But then it could be bypassed with an application of a black permanent marker!

Then again, lots of things can be fixed with a black marker - military intelligence, prisoner records, global warming reports...

Re:Maybe It's Time for a Cyber-Treaty

Huh? What's that? Another cold war? KEWL! More money to be made in the new "arms" race!

Now I am glad my graduate studies were in systems software not that frufy AI stuff...systems is where security is at baby! Cha-ching! Time to backup the truck and load up on government money! ;-)

war ...

[thrillseeker]

is the continuation of politics.

I know who to blame now.

[Kranfer]

Well, at least with all countries going after eachother's economies and such, I will start off by saying that at least I know who to blame when my Interest rates to up. You Bastards! But in related news, i did see that the Chinese Government attempted to hack into the Rolls Royce data center in Texas. The news article said everything was fine and dandy though so at least thats good.

http://infotech.indiatimes.com/articleshow/2591293.cms

I guess they want real engine technology or something.

Re:I know who to blame now.

[cp.tar]

But in related news, i did see that the Chinese Government attempted to hack into the Rolls Royce data center in Texas. The news article said everything was fine and dandy though so at least thats good.

Oh, right.
And if everything wasn't fine and dandy, they'd tell that to the public.

<borat>Pause not.</borat>

When war started in Croatia some 15 years ago, there were so many bombings, air raids and so on and so forth -- yet every single time there was an engagement, our national television broadcasted minimum losses on our side (most commonly, no casualties save for one wounded) and heavy losses on the opposite side.

I was but a kid then, but even then I found it... odd.

Likewise, I'm quite certain you Americans have quite a different view of the war in Iraq than the rest of the world does.
And by "different" I mean "much more filled with propaganda".

Apply to any kind of war-like conflict. The morale must be kept high, the opposite side's agents kept in the dark and fed false information -- and the best way to make sure they're fed crap is to feed everyone crap.

What no porn sites?

[Tragedy4u]

I'm shocked!

Not so Cold

[explosivejared]

Apparently it's not so cold after all. Maybe insane paranoia we will reap some benefits from increasing tech R&D. All it takes is one congressman talking about "an decryption gap" to get about 10^588484 billion dollars for this stuff.
 
  Last time the Soviet's spent themselves into exinction, so let's just hope it's not us this time.

Re:Not so Cold

[El_Muerte_TDS]

All it takes is one congressman talking about "an decryption gap" to get about 10^588484 billion dollars for this stuff.

I think you need a little bit more money than $65534

Re:Not so Cold

[TubeSteak]

All it takes is one congressman talking about "an decryption gap" to get about 10^588484 billion dollars for this stuff. I don't know about "10^588484 billion dollars" but the NSA has been receiving funding because of their antiquated energy infrastructure. Because nobody bothered to do any long range planning, they reached the max their local grid can handle, leaving no room for new super computers, etc. It might not exactly be "a decryption gap," but they're getting money to upgrade their facilities.

http://www.prisonplanet.com/articles/August2006/070806NSA.htm

Re:Not so Cold

[legoburner]

Not to mention how much this will help us defend against the cylons!

Re:Not so Cold

[Rockin'Robert]

We already have!

Got that?<br>
RR

Re:Not so Cold

Last time the Soviet's spent themselves into exinction, so let's just hope it's not us this time.

Naaaaaah.

I am Cyber Special Forces

I probably shouldn't be posting this, but I'm Cyber Special Forces, a US Cyber Seal. We have a motto - "the only easy day was yesterday". People think it's glamorous, but I'm out there risking my life every single day.

Here's something you might not have heard before - Freedom isn't Free.

If not me, then who?

Re:I am Cyber Special Forces

[cp.tar]

I probably shouldn't be posting this, but I'm Cyber Special Forces, a US Cyber Seal.

And your Cyber Dick is flat because when you get excited, you flap and clap your Cyber Flippers a bit too hard...

Re:I am Cyber Special Forces

[ObsessiveMathsFreak]

If not me, then who?

Some outsourcing guys in China! ...oh wait.

Worst Article Ever.

[moogied]

A cyber cold war? How is this going to work? Are we building servers right now that spam "STFU NUB, AMERICA #1 B1A+CH"?

Re:Worst Article Ever.

[Martian_Kyo]

I don't know perhaps like http://slashdot.org/article.pl?sid=07/12/03/0457206 Basically each major player will buy a social network, and they will compete. Spaming each others user comments. You'll have social network immigrants, and so on.

FYI I with anyone who buys last.fm, the only social network with a purpose (sort of).

You're so full...

...of sh*t that I can smell you 100 miles away.

It's not a bad thing in itself.

[Bragador]

Of course it can make people angry to get their own information stolen by other governments but on the other hand this happens only when the playing field is not leveled.

When all governments have similar technologies and ressources it forces the market to compete more and get new ideas on the market as soon as possible. Also, when military technologies are similar amongst nations, it forces them to negociate and talk instead of bullying the weaker ones.

Having a small advantage is all right but when some nations get to be much more advanced than others it gets problematic. It's all about having to listen to each other instead of simply using force. It's all about the human race advancing together instead of exploiting each other.

Re:It's not a bad thing in itself.

[grassy_knoll]

It's all about the human race advancing together instead of exploiting each other.

Problem is, it only takes one party to start a conflict. If the path of least resistance[1] to achieve one party's goal is armed conflict, and the achieving of that goal is important enough to that party, then armed conflict will be used.

The goals of the aggressive party don't have to be logical or even rational, they just have to "want it" bad enough.

Advancing together vs. exploiting each other is a fine goal, but since it would seem to require 100% buy-in to be effective, I don't think it will ever happen.

[1] read also: easiest to achieve, quickest result, et. al.

Firewalls?

[Burlynerd]

OK, so how long will it take for them to start building national firewalls? BN

Re:Firewalls?

[calebt3]

There is no reason in my mind for a "national" firewall. Maybe one to shelter the entire government's systems, but there is no reason to extend this to civilians, except for the fact that a local botnet will be able to DDoS more effectively than a distant one.

Re:Firewalls?

[farkus888]

This is a very very good point in a humorous tone some might miss. there is a lot of discussion about the privacy/access to knowledge aspects of the great firewall of China. no one seems to be drawing the correlation that much of this "cyber cold war" traffic is coming from or going to China, makes one wonder if those aspects of this firewall are really strawmen to keep people from talking about it really being a defense from other governments trying to track and retaliate against Chinas outgoing "cyber cold war" attacks.

Re:Firewalls?

[jelton]

Why not start placing entire nations behind NAT routers?

"The GNAT Router of China"
"National SOHO Router" (installed next to the Washington Monument; uses classical architecture, like UNIX)
"Institute for Internet Openness" (This was is found in Oceania)

Any others I'm missing?

Re:Firewalls?

[AndrewM1]

except for the fact that a local botnet will be able to DDoS more effectively than a distant one

Not advocating for a national firewall, but that'd actually be great, if we could make it harder to DDoS from outside the country. Someone DDoSing from inside the country is subject to our laws and can be arrested and punished, as opposed to someone from Brazil doing so.

I know it's part of what they do

[techpawn]

But I always take Security warning from software vendors with a grain of salt. It's like the wolf telling you about the fox watching your chickens.

Re:I know it's part of what they do

But who will watch the eggs? WHO?!!!!

Re:I know it's part of what they do

But who will watch the eggs?

Won't somebody please think of the eggs?!

Jump Off A Bridge

"All nations are doing it to each other. I don't know of any country not doing it,"

If all your friends engaged in cyber warfare, would you do it too?

How to strengthen your country's defences

[Ed+Avis]

With attempted 'hacking' from other countries, we see that domestic laws prohibiting unauthorized computer access are not much use. Of course they don't deter the Chinese army or any other government agency. They do deter domestic hackers, but have unpleasant side-effects like criminalizing viewing a page on a website to make sure it's not a phishing site. And if your computer security is oriented more towards tracking down individuals and bringing them to trial, you will be relatively defenceless against foreign agencies. Children brought up in an artificially clean and disinfected environment can suffer more infections when later exposed to the real world. It might be a better idea to legalize hacking, provided no damage is done, in order to strengthen your country's immune system.

Re:How to strengthen your country's defences

[cdrguru]

You must absolutely be 16...

Legalize "hacking", provided no damage is done. Define "damge" in this context. Would you include theft as damage, like stealing all of someone's money from their bank account? How about copyright infringement - would that count as "damage"? Or would "damage" only be things that physically damage computer equipment, like making a monitor burn up because of incorrect settings?

Would you want to include injecting code into a system to allow easier future access? That wouldn't really be "damage" would it? How about some innocent identity spoofing, like sending an email to everone in an address book on someone else's computer? That couldn't be construed as "damage", could it?

Today it is practically impossible to do anything about attacks to home and small business computers. Local law enforcement doesn't have jurisdiction and the FBI wants hard proof of greater than $25,000 in losses. No, your time as the administrator doesn't count - you're getting paid anyway. Besides, if all you have is an IP address, how does that identify a person? So such "hacking" is already non-prosecutable unless you go after government or Fortune 500-size companies.

Personally, I'm all for figuring out how to more easily stop folks that think they have a right to break in anywhere (or try to) than making it easier.

Re:How to strengthen your country's defences

[Ed+Avis]

I think the answers to your questions about what constitutes damage are obvious. In any case, theft is already a crime under existing laws, and copyright infringement is already a civil wrong and/or a crime, so the most serious attacks could be dealt with even without any computer crime legislation at all.

Today it is practically impossible to do anything about attacks to home and small business computers. Local law enforcement doesn't have jurisdiction and the FBI wants hard proof of greater than $25,000 in losses.

Which seems to be an argument for reforming the law. I would rather have a relatively liberal set of laws, applied strictly, than a loose and overly broad law which is then applied selectively depending on what the FBI feel like doing.

At the moment if you find a vulnerability in a web site (even stumbling across it accidentally) there's no way you would ever report it. By doing so you open yourself up to prosecution and there is no reward for doing the right thing. If you find a vulnerability in a company's product you may be sued by that company under the DMCA or similar laws - better to keep it secret. I think that in these cases overly strict laws work against computer security.

So what ?

[alexhs]

Espionnage agencies are using new technologies to achieve their goals. So what ?

Spying/Intelligence (gathering information) is as old as wars are (already Sun Tzu was talking about that). It's in no way specific to a "cold war".

Re:So what ?

[techpawn]

already Sun Tzu was talking about that

Chapter XIII was interesting and talked about the importance of spies during war. But if you remember that chapter well THIS should scare the ever living hell out of you unless you really think the information being fed to them is false or that they are so well rewarded that they won't defect.

Sun Tzu spoke of gathering information for attack before it happens, not info about the people/leaders.

Where do I sign up?

I would like to be all I can be for my government. A Digital GI Joe if you will. But without the military pay cut.

populations prepare for big flash

no gadgets, 'secret' spying or petty vandalism required. see you there?

http://www.washingtonpost.com/wp-dyn/content/article/2007/12/02/AR2007120201637.html?hpid=opinionsbox1

unprecedented evile never sleeps

however, its task becomes less daunting when its minions are at 'work', emtying yOUR pockets.

http://www.cnn.com/2007/US/12/03/us.debt.ap/index.html

micro management of populations has never worked (for very long). it's an illness. tie that with life0cidal aggression & gangster style bullying, & what do we have? a greed/fear/ego based recipe for disaster.

we're intending for the corepirate nazis to give up/fail even further, in attempting to control the 'weather'.

http://video.google.com/videosearch?hl=en&q=video+cloud+spraying [google.com]

the creators will prevail. as it has always been.

corepirate nazi execrable costs outweigh benefits
(Score:-)mynuts won, the king is a fink)
by ourselves on everyday 24/7

as there are no benefits, just more&more death/debt & disruption.

fortunately there's an 'army' of angels, coming yOUR way

do not be afraid/dismayed, it is the way it was meant to be.

the little ones/innocents must/will be protected.

after the big flash, ALL of yOUR imaginary 'borders' may blur a bit?

for each of the creators' innocents harmed (in any way), there is a debt that must/will be repaid by you/us, as the perpetrators/minions of unprecedented evile, will not be available.

beware the illusionary smoke&mirrors.con

all is not lost/forgotten/forgiven.

no need to fret (unless you're associated/joined at the hype with, unprecedented evile), it's all just a part of the creators' wwwildly popular, newclear powered, planet/population rescue initiative/mandate.

or, is it (literally) ground hog (as in dead meat) day, again? many of US are obviously not aware of how we appear (which is whoreabull) from the other side of the 'lens', or even from across the oceans.

vote with (what's left in) yOUR wallet. help bring an end to unprecedented evile's manifestation through yOUR owned felonious corepirate nazi glowbull warmongering execrable.

we still haven't read (here) about the 2/3'rds of you kids who are investigating/pursuing a spiritual/conscience/concious re-awakening, in amongst the 'stuff that matters'? another big surprise?

some of US should consider ourselves very fortunate to be among those scheduled to survive after the big flash/implementation of the creators' wwwildly popular planet/population rescue initiative/mandate.

it's right in the manual, 'world without end', etc....

as we all ?know?, change is inevitable, & denying/ignoring gravity, logic, morality, etc..., is only possible, on a temporary basis.

concern about the course of events that will occur should the life0cidal execrable fail to be intervened upon is in order.

'do not be dismayed' (also from the manual). however, it's ok/recommended, to not attempt to live under/accept, fauxking nazi felon greed/fear/ego based pr ?firm? scriptdead mindphuking hypenosys.

consult with/trust in yOUR creators. providing more than enough of everything for everyone (without any distracting/spiritdead personal gain motives), whilst badtolling unprecedented evile, using an unlimited supply of newclear power, since/until forever. see you there?

"If my people, which are called by my name, shall humble themselves, and pray, and seek my face, and turn from their wicked ways; then will I hear from heaven, and will forgive their sin, and will heal their land."

War kill, maims and physically destroys cities.

[shis-ka-bob]

This doesn't happen with 'hacking' by government agents. This is not war, this is espionage. Especially in the US, we must avoid labeling anything 'serious' as a war. There is a bright line distinction between the widespread killing that accompanies a war and the economic losses that could be inflicted by espionage over the internet or the chaos that could follow a deliberate 'cyber attack'. Espionage is also a continuation of politics, but that doesn't make it war.

Re:War kill, maims and physically destroys cities.

[Bearhouse]

I agree. I'm waiting for the 'war on dandruff' to be declared - bound to happen soon.

Back on topic, espionage can lead to loss of life, both in times of war and peace.

Re:War kill, maims and physically destroys cities.

[calebt3]

On a much smaller scale.

Re:War kill, maims and physically destroys cities.

[rucs_hack]

I met a spy once. Well a guy who'd been a spy in the second world war, fascinating stuff.
Alas he was bcoming senile, hence why I met him, he was a client of mine (used to be a nurse you see).

What was really funny is all through the war, and right up till the mid nineties, his wife had beleved he was a truck driver with some very long postings abroad on convoy duty or somesuch. Once she thought he was up in scotland for six months when he was actually in Africa. He only talked when he started to realise his mind was going.

Great stuff I thought.

Re:War kill, maims and physically destroys cities.

[thrillseeker]

By your definition then, the use of a large-scale EMP "weapon" at high altitude over a country, such as the US, rendering useless all the non-hardened electrical devices in the country, would not qualify as war - after all it doesn't cross your "bright-line" requirement of widespread killing. Disregard the incredible chaos and economic loss that would follow - no one died from the pulse - other than a few unlucky pacemaker wearers.

Death that accompanies violent[1] action is incidental to a military objective[2] - whether that be the destruction of a telephone switching station being used, or even possible for use, for the passing of military command and control, or if it be the killing of a specific person who's filling a key position in an organization's structure - the fact that a person was killed or not doesn't make it an act of war - it's the intent and objective that is sought by the action that does.

[1] Violence - the use of force to coerce an otherwise involuntary action to occur.

[2] Terrorism is is generally viewed as causing indiscriminate death, or the fear of it, to invoke a change in direction.

Re:War kill, maims and physically destroys cities.

[Elemenope]

Right, because economic jamming is ultimately just about money. Nobody has ever been killed for just money.

Please. In the 21st century, economic hegemony is shaping up to be much, much more important than simple military dominance, as military actions follow from economic imperatives, not the other way around. From the United Fruit Company to the Iraq Wars, blood runs when money stops flowing.

The bright line you describe doesn't exist; economic warfare, whatever the form, has real human cost in actual human lives. The person who dies of Cholera in Bolivia because their water supply is privatized (and devastated as a result) after heavy foreign pressure is just as dead as the Iraqi killed by an American bullet. At least one has a prayer of getting on the evening news.

Incidentally, while I generally agree that calling something a "war" does not make it so, if you are referring to the US War on Drugs, it resembles a war in every legitimate sense of the term. People in Putumayo and neighboring Columbian states see at the center of Cocaine traffic a fully militarized operation, while here in the US we have armed our local police offices with semi-automatic weapons, no-knock warrants, and a healthy disrespect for human life. (If on the other hand you were talking about the 'War on terror' or the 'War on poverty', you might be on to something. ;)

Re:War kill, maims and physically destroys cities.

[blahplusplus]

War kill, maims and physically destroys cities.

"Thus those skilled in war subdue the enemy's army without battle .... They conquer by strategy."--Sun Tzu

Re:War kill, maims and physically destroys cities.

[BlendieOfIndie]

This is just semantic nitpicking. I'd hope most of us understand the common usage of the terms "cold war" and "war."

Re:War kill, maims and physically destroys cities.

[glindsey]

I have to ask, though... isn't it possible that his senility caused him to believe he had been a spy during WWII? Or was he nowhere near far gone enough for that? I'm not trying to troll here, just seriously wondering...

Re:War kill, maims and physically destroys cities.

[magisterx]

I agree with you at the present time, however if current trends continue, that could change. Every more significant items are being networked, and as things which people depend on for life are networked destroying the network could effectively ruin a city. If the power supply or water network in a major city is destroyed then it will almost certainly lead to some loss of life and the effective loss of the city as a production center for a possibly significant amount of time.

Re:War kill, maims and physically destroys cities.

[rucs_hack]

What actually happened, as another poster said occurs, is that he lost his ability/conviction to keep the secret.

I've seen it a lot, we once had an immensly dignified, lovely old lady who turned out to have enjoyed the cannabis in her youth, going for walks in the jungle where she lived, high as a kite. She used to relive those walks out loud, as if the memory were replaying in her head. It was quite interesting, but on some walks she went with friends, and she'd say her side of conversations only, which made it hard to follow.

No Duh

[MM_LONEWOLF]

Alliances aren't being followed? Next thing you know, they're going to tell us that there were spies operating in Russia during the real cold war.

Not really a dupe, but recently well-discussed

[Bearhouse]

Here:

http://yro.slashdot.org/article.pl?sid=07/11/29/1936220

Attention Cyber Cold War Armies:

[morgan_greywolf]

1 h4v3 A /-r4d u83r m41nf4@m3 th4tz R1P3 4 4tt4c/! pwn d1s n u w1ll pwn d4 w0r|d! H3r3 i5 th3 s3cr3t 1p 4ddr3ss:

127.0.0.1

thx!

Re:Attention Cyber Cold War Armies:

[Bill,+Shooter+of+Bul]

127.0.0.1 !! That's amazing! I've got the same combination on my luggage!

Re:Attention Cyber Cold War Armies:

[sakasune]

Well done, sir - and your sig goes with your post too

Not a Cold War

[Doc+Ruby]

That scenario isn't a "Cold War". It's just the normal state of international relations, which has always been based on political and economic espionage, as well as "sustainable sabotage", for thousands of years among all nations. Even during every "hot war" (shooting involved), this is the norm. Even among allies, looking for advantage and testing for weakness that makes the entire alliance vulnerable.

People really ought to go check into one of these actual wars once in a while. The ones where states work to destroy each other, where lots of people are killed, where entire ideologies, religions, cities, landscapes get trashed and owned. People who think this kind of thing is a "war" really have it soft, and lose the proper respect for real war.

Re:Not a Cold War

[ceoyoyo]

It's particularly sad when we're just barely out of November, when most countries have ceremonies to remember those real wars. In Canada the theme of Remembrance day is "lest we forget."

Re:Not a Cold War

Like Brecher says, "Have you seen a Carthaginian lately?"

Put the Human Back in the Loop.

[deweycheetham]

Here is a novel approach. Thinking outside the box for /. "Put the Human back in the Loop".

OMG they don't bother to hide any more?

[hellfire]

I'm not disputing the accuracy one way or another, but c'mon. Not only does the article clearly reference McAfee as the author of the report, a corporation with a vested interest in scaring governments into buying more software, so does the summary! The moment a corporation starts posting fearmongering, I'm immediately skeptical. The immediate aim I see is to get the government to be scared and buy more software from McAfee. Maybe I'm wrong but I doubt it.

Government and corporations have been in bed for years, but my god it's gotten so bad that it's practically a daily public porn show where they don't care what you see any more.

Re:OMG they don't bother to hide any more?

[farkus888]

if mcaffee is the only thing we have protecting us we might as well just give them an email address they can send their requests to and hire a team of people to promptly respond with whatever they want to know.

Re:OMG they don't bother to hide any more?

[CodeBuster]

Yes, but you will continue to pay your taxes and "vote" for the other guy and you will like it that way.

Re:OMG they don't bother to hide any more?

[ceoyoyo]

No, no. We've got Symantec too.

So we'll need to get in contact with THEM and ask what they'd like.

Re:OMG they don't bother to hide any more?

[farkus888]

the bureaucracy and red tape of getting two companies that size to coordinate even something as simple as sending an email would probably take them longer to get the information that either of those security products could hold them up for.

Cyber War

[MM_LONEWOLF]

I've got an idea. If two countries are arguing, each cultivates their best cyber warriors for 1 year. After one year, they have a giant multiplayer team death match in a mutually chosen FPS. At the end of the day, winner takes all. The only problem is that Japan and/or China will become the new super-powers.

Re:Cyber War

[calebt3]

The problem there is that the losers, whoever they are, will pull out of the deal when they see that they have lost.

Re:Cyber War

[nonsequitor]

I've got an idea. If two countries are arguing, each cultivates their best cyber warriors for 1 year. After one year, they have a giant multiplayer team death match in a mutually chosen FPS. At the end of the day, winner takes all. The only problem is that Japan and/or China will become the new super-powers.

Good idea, but instead of an FPS, it will be more like DefCon's Capture the Flag competition. The game is already being played and the only side we'll ever hear about scoring is the Chinese, so us civilians will never know the true score. Since CTF is a fluid game it wont be "winner take all," but more of a "get whatever you can keep."

Re:Cyber War

[SparkleMotion88]

Sometimes I seriously wonder if "modern" warfare in the future will be similar to what you are joking about.

One of the first things you try to do in a war is defeat your enemy's information. If you can hack into your enemy's computers and remove all of the information he has gathered about you, then he won't be able to launch an attack because he won't know where your targets are. If he is able to launch an attack, then you try to disable the information systems involved in the attack. So perhaps in the future we will spend so much resources hacking each other and protecting ourselves from hacks that actual physical conflict will be less frequent. So this means the most important "warriors" in the future may be the skilled hackers trying to defeat information systems.

Re:Cyber War

[ceoyoyo]

No. See, that's sort of what the US's strategy was: let's make really good machines and when we've finished reducing the other guy's ability to conduct (our kind of modern mechanized) warfare, he'll give up and we'll be the winner and get what we want.

Unfortunately that's the point where the other guy picks up a gun/dynamite/shovel/pitchfork and goes old school.

Re:Cyber War

[Hyperspite]

I'm not sure, I think I saw something on TV once, but wasn't this similar to the plot of some sort of gundam show?

Let's hope ...

[Bearpaw]

Let's hope these idiots don't trigger a "Cyber Winter".

The world economy is becoming more and more dependent -- and interdependent -- on complicated electronic infrastructures. A nasty enough attack could hurt far more than the intended target.

A more relvant discussion

can be found here

Teenage lexicon popular among military?

[b1gp0pp4]

While the NIPRNet itself does not carry sensitive information, Paller argued that the ultimate aim of such attacks is to "own" the opponent's computer.
we got teh pwnd by Ch1n@ r0fl/\/\@0
I couldn't resist and don't see it anywhere else :-p.

We need a security education class in public school perhaps? Less gullible and greedy populace? A database of serials so real customers aren't frustrated by losing their key, and subsequently installing all kinds of horrible software in search of a key? That last one could be government sponsored or from a small tax on software sales or creators.
There are things average windows users can learn to protect themselves:
Have a "sandbox" computer to test unknown sites or to test software..
Use firefox..
Disable certain services (actually it's a lot of them I disable)
Enough anecdoting, you people add something. I'm done.

Re:Teenage lexicon popular among military?

[Hyperspite]

That would actually be really cool if cyber self defense was a regular part of school curriculum. You can have an advanced class for developers, but everyone gets the basic stuff.

Staggering incompetence

[QuickFox]

Apparently the incompetence reaches staggering proportions. FTA:

According to a source close to the situation, the chief information security officer of the US Department of Commerce learned this summer that his home computer was being used to send data to computers in China. He found his family had been the victim of a spear-phishing attack, in which his child had been encouraged by an email to unwittingly download malware onto the family's home computer. Once it was compromised, the attackers used the security officer's personal computer as a tunnel into the Department of Commerce's systems. The family of the chief information security officer of the Department of Commerce can't afford to have one computer for the family and another for high-security work? And the nation can't afford a separate computer for this apparently impoverished officer?

No way. It can't be lack of funds. It can only be staggering, incredible incompetence. And it's not the local burger flipper. It's the chief information security officer. The top boss in charge of keeping information safe.

Amazing.

Re:Staggering incompetence

The family of the chief information security officer of the Department of Commerce can't afford to have one computer for the family and another for high-security work? And the nation can't afford a separate computer for this apparently impoverished officer?

No way. It can't be lack of funds. It can only be staggering, incredible incompetence. And it's not the local burger flipper. It's the chief information security officer. The top boss in charge of keeping information safe.

Why should this surprise anybody? The security czar in an organization I work with is an ex-cop, and he has no actual cyberchops whatsoever. He's also dumber than a bucket of bricks. But hey, when you get a computer related masters over the interweb to augment your non-sequitur undergrad and you know the right people, it's easy to get hired. And this is in an organization of thousands of people. But don't worry, he's got the CISSP, PMP, and the Security+ certs!

I'd have a fucking tempest terminal running either hardened linux, trusted solaris, or openbsd right along with encryption out the ass, both hardware and software. But, as usual, the inmates are running the asylum.

Re:Staggering incompetence

[blahplusplus]

"The family of the chief information security officer of the Department of Commerce can't afford to have one computer for the family and another for high-security work?"

I doubt he was thinking about a random event where his kid replies to an email and downloads spyware, I mean really. Most people wouldn't think such things would occur, that is pretty damn random, and most importantly most people have tonnes of things on their minds, they are not obsessed with their job, he has a family, he has to shower, he has to eat, he has to take a shit. Cut the guy a break.

"And the nation can't afford a separate computer for this apparently impoverished officer?"

Welcome to Capitalist america, where profit gives way to mediocrity!

Re:Staggering incompetence

[Detritus]

You've obviously never worked for the government. Just because the government, in an abstract sense, has a trillion dollars, does not mean that you can spend any of it. You can be working on a billion dollar spy satellite program, and not have any money available for basic office supplies like pens, pencils, notebooks and stamps. I know people who built their own office PCs by scrounging parts from the surplus equipment warehouse. That was the only way for them to get a computer, since their was never any money in the capital equipment budget to provide peons with computers. Giving an employee a computer for working at home? Just thinking about it probably violates some property management regulations. It would be a bureaucratic can of worms.

Re:Staggering incompetence

[jdjbuffalo]

Being part of the IT organization in the DoC means he should have at least been aware of the generic problems that plague almost everyones computers--namely spyware, keyloggers and viruses. These things, especially keyloggers, could lead a hacker to gain access to his sensitive information on the computer and access to any place he logs into.

Even though I don't have a wife and kids yet, when I do you better believe everyone is going to have separate computers (especially if I use one of them for work). The kids will have their own. The wife will her own. And, I'll have several, although at least one that is separate from everyone else's.

If you don't at least understand the basics of security, especially if you are working from home with sensitive information, then you don't deserve a position in the IT organization.

Re:Staggering incompetence

[blahplusplus]

I agree with what you're saying, but I'm certain even you would think the change of *your kid* downloading spyware was pretty remote. The issues with security stem from ignorance of technology and how it works, and that is the hardest thing to cure, security courses don't matter if you don't even have a grasp of technology and how it functions.

Re:Staggering incompetence

[ceoyoyo]

The chief information security officer should be well aware that his work computer with sensitive data on it and a direct line into the department of commerce should be both physically secured and completely separate from the computer his kids (or he) check their myspace accounts on. Not only that, he's in charge of initiating and enforcing that requirement for everyone else.

Re:Staggering incompetence

[blahplusplus]

The cheif should have been briefed and given a special laptop or computer for the job, this was lazyness on both sides. The govenrment in it's cheapness and improper hiring of staff that doesn't know enough deserves all it gets when this shit happens.

Re:Staggering incompetence

[ceoyoyo]

But this is the guy who's supposed to be in charge of administering (or at least making sure they're administered) those briefings, setting those policies, and hiring those staff!

Re:Staggering incompetence

Sounds more like 'Don't browse pr0n from work laptop' to me. A beginner mistake. ;)

Makes me think of the Three Stooges ...

[HW_Hack]

each one slapping around one of the others:

wub-wub-wub-wub-wub!

Ow !

Oh Yeah ! ...

Only now countries can do this to each other digitally - guess thats progress. Its all fun and games until someone's hard drive gets formatted

Wars On Abstract Concepts

[EgoWumpus]

Any war on an {insert your chosen abstract concept here} is ridiculous. The War on Drugs resembles a war, and perhaps even is a war, but it's not a war 'on drugs'. It's a war against particular drug cartels. It may even be several separate wars. But by calling it an abstract war, you confuse yourself. Note that the Allies declared war on the Axis countries in World War II, not on Invaders. Fighting Invaders might be a good idea. Having a War on Invaders, on the other hand, is a really bad idea, because your objectives are entirely unclear.

It just goes to show you should never confuse people with concepts. You'll be way off.

Re:Wars On Abstract Concepts

[Elemenope]

An interesting point. I disagree, only because the "War on Drugs" has had a relatively coherent approach and consistent goals for a while now. That the militarization of the conflict has led to an unmitigated loss, and placed the "war goals", so to speak, almost completely out of reach, does not make it any less legitimate. Lost wars are still wars. The war was never against "Colombia" or "Mexico", but in the DEA office they had real targets (complete with red 'x's through the pictures of the targets that were eliminated or neutralized) and quantifiable goals.

Likewise, a "War on Invaders" seems to be eminently reasonable, if stupidly duplicative. The Westphalian system makes every country de facto at war against any territorial invader anyway, so "War on Invaders" is more of a standing international policy than it is a war on an idea.

The problem I have with using the rhetoric of 'War', whether it is associated with an actual military conflict that approaches the reality of warfare or not, is that it destroys the succinct and specific legal meaning that the word "War" had. That same international system of sovereign states depends a great deal upon the notion that only sovereign entities may declare war on sovereign entities, that such a declaration meant specific responses and held specific expectations of the parties involved, and that at least in the US it required a legislature to legitimate by vote in order to execute. Blurring the textbook definition of "War" between sovereign states with "War" that states only a goal, whether it be concrete or ephemeral one, and not a sovereign state, damages the integrity of the system that is designed to moderate the use of force internationally.

Re:Wars On Abstract Concepts

[QuantumFTL]

Any war on an {insert your chosen abstract concept here} is ridiculous.

I don't know, the War on Reason seems to be pretty alive and well here in the States.

Re:At least it isn't Temporal Cold War

[Karl0Erik]

Well, with the writers on strike and all, they might just do a reprise.

Offshore?

[reabbotted]

I wonder if the US offshores it's cyberhacking to India... I was looking at jobs at Symantec the other day and noticed much of their programming force is outsourced to India. That seems a little unsafe.

Hmmmm.

And the "cold" war between the USSR and the west involved killing how many? Technically none. After all, it was all about espionage. That is your definition. There was no direct conflict between the west and east. Our MI-5 and CIA that were killed were not. The same is true of USSR, North Korea, Libya, Cuba, and China, Right?

Thanks McAfee!

[Finuance]

Ah yes, time to open up a new business market. I mean, it's not like your software is a bloated piece of garbage, which doesn't really clean or prevent any viruses that you can't get from something like AVG http://free.grisoft.com/ which is free. I seriously hope we aren't contracting our government IT security to THAT company.

War ?

[Yvanhoe]

A cold war is a war that doesn't happen.
A cyber war is a war that doesn't happen physically.
A Cyber Cold War is a scam to get government funding.

Yet Another Unsafe Redirect

[sethstorm]

Unsafe redirect on link.

The big switch

[HalAtWork]

So does that mean all countries besides US will be switching to non-US software?

Re:The big switch

[cyberblatt]

Not besides, but including US, will be switching to non-US software.

root

He found his family had been the victim of a spear-phishing attack, in which his child had been encouraged by an email to unwittingly download malware onto the family's home computer. There is a very simple fix for this: Don't let your child be root.

WTF?

[PingXao]

Why don't they prepare - and spen a ton of money - for alien invasions, too? This stuff is way overblown. The government can get the telcos to run their spying apparatus for them, but they would have us believe they are incapable of cutting off packets to and from certain countries. What's up with this? I want to know why anyone believes this is a real threat. Anyone outside of those with a vested interest in seeing that the "threat" is taken seriously.

In the future, there will be no war; only...

[UttBuggly]

...Rollerball !

NOTE: not the completely stupid remake, but the brilliant and overlooked 1975 Norman Jewison film with James Caan as Jonathan E.

Seriously, if the idiots don't get a clue soon, America will have signs at every port stating "Owned and operated by" some multi-national company like the Carlisle Group.

With no penalities and no time limit..........

Re:In the future, there will be no war; only...

[myowntrueself]

Oh I remember it well...

Jonathan!
Jonathan!
Jonathan!
Jonathan!
Jonathan!
Jonathan!
Jonathan!
Jonathan!
Jonathan!
Jonathan!

from back when Hollywood actually made some decent movies...

Senility doesn't work that way

[billstewart]

Senility doesn't work that way - if anything it's the opposite. During my grandfather's last few lucid years, it was *much* easier to talk with him about Paris in the 1920s or 1950s or the US during WWII than about what had happened in the previous few years when his memory wasn't working so well, and later on it got harder for him to remember what had happened yesterday or recognize people, but the older memories stuck around longest and were least confused. Memories of what other people did are harder to keep track of - my grandmother did the stereotypical "Rosie the Riveter" thing during the war, but my mom has trouble remembering whether grandma actually did riveting or whether it was something else (I think it was welding, though we mostly remember stories that grandma'd gotten good enough at it that she mostly taught other people rather than doing it herself; mom wasn't actually at the defense plant seeing grandma weld so it was still second-hand knowledge even though she was around at the time and I wasn't.)

Russia vs Estonia

[Venik]

I liked the part where some Estonian official was complaining about Russia trying to destroy the Estonian society by attacking Estonian computers. All six of them at the same time. This brazen attack came at a difficult time, when half of Estonia's 62-strong army was involved in Iraq, leaving their homeland vulnerable to a Russian invasion. As a precautionary measure, Estonians decided to temporarily shut down both of their Web sites, until they can come up with the funds needed to upgrade their Win 95 server.

I thought it said...

[graviplana]

"In the McAfee report, Johannes Ullrich, chief technology officer for research organization the Sans Internet Porn Center, said that most countries ***k each other regardless of any supposed allegiances. Alan Paller, director of research at security training organization the Sans Institute, concurred. "All nations are doing it to each other. I don't know of any country not doing it," he said.
for a sec, then I RTFA.
-OR-
There, fixed that for you. :)

Stealing "terabytes" of data?

[Master+of+Transhuman]

These US government departments losing "terabytes" worth of data must have some serious upload bandwidth!

Or can you say, "hype"?

War is always last resort of the intelligent man

[Steeltoe]

Whenever there is War, two things happen:

1) someone earning Big Bucks
2) someone earning Big Power

Getting Big Bucks helps/helped fund the people's campaign earning Big Power, and the people getting Big Power introduces acts like the Patriot Act and other insanities.

So there are litterally people who _want_ war for personal gain. This is why we shouldn't allow _any_ war to happen just because someone else wants it, or are outraged by something. Even if it is "just in name", because it never really is. Look behind the scenes and you will see behind _every_ war there is a huge power and money grab by people who are either insane, deluded or greedy.

For an intelligent man, war is the last resort in his arsenal of tools to heal the world.