Slashdot Mirror

← Back to Stories (view on slashdot.org)

Botnets As "eWMDs"

Posted by kdawson on from the trying-to-wake-sleeping-policymakers dept.

John Kelly writes "The current issue of Policy Review has a paper by an American computer scientist and the recent Permanent Undersecretary of Defense for Estonia. Drawing on the Estonian cyber attacks a year and a half ago, as well as other recent examples, they argue that botnets are the major problem. They propose that botnets should be designated as 'eWMDs' — electronic weapons of mass destruction. The paper also proposes a list of reforms that would help to limit the scale and impact of future botnet attacks, beginning with defining and outlawing spam, internationally." Many of the proposed solutions are common-sensical and won't be news to this audience, but it is interesting to see the botnet threat painted in such stark terms for readers of the Hoover Institution's Policy Review. For a more comprehensive overview of cyber-security threats, listen to NPR's interview with security experts on the occasion of the release of a new report, "Securing Cyberspace for the 44th Presidency," which recommends creating a cyber-security czar reporting to the President.

18 of 172 comments (clear)

  1. What masses, specifically, have botnets destroyed? by llamalad · · Score: 4, Insightful

    Subject says it all.

    This is... ridiculous.

  2. Even though no one dies from them. by khasim · · Score: 3, Insightful

    And anything destroyed by them SHOULD be able to be restored from backup.

    1. Re:Even though no one dies from them. by FranTaylor · · Score: 3, Interesting

      What if a hospital's infrastructure was taken down by a botnet immediately after a natural disaster?

    2. Re:Even though no one dies from them. by _ivy_ivy_ · · Score: 5, Funny

      Actually, an attack consisting of several simultaneous bombs in several areas of a city, combined with a systematic botnet attack of the major hospitals of the same city sounds quite evil...

      ..all of those doctors would be unable to properly bill for their services. Oh, the humanity!

    3. Re:Even though no one dies from them. by fuzzyfuzzyfungus · · Score: 4, Insightful

      Probably not as evil as you might expect. Most moment-to-moment computer controlled medical stuff(drug computers, life support widgets, etc.) is deep embedded stuff, and subject to FDA scrutiny, so no something that you can just bodge onto a commodity internet connected server. Patient charts, insurance, etc, etc. would be affected; but fairly large scale acute casualty incidents are perhaps the situation where you can most easily dispense with that. If your hospital goes down because they can't access insurance records and they must access insurance records before treating the pile o' bomb victims in the hall, then your society is fairly deep in "too sick to survive" territory.

      The stuff that would be more likely to be problematic are some of the emerging remote medicine toys. If the MRI is here but the radiologist is over at Bangalore Radiology Inc, then you aren't going to be getting any results back during a DDOS.

  3. Re:What masses, specifically, have botnets destroy by punkmanandy · · Score: 5, Insightful

    WMD isn't about the actual history of attack. There hasn't been a nuke detonated in an offensive capacity since World War II, but that hasn't stopped them from being a preoccupation of defense strategy since then. It's about the fear. And the concept of hundreds of thousands of zombie computers attacking an institution without the proper defenses could be devastating, especially if that institution is critical to the public health/safety.

  4. Sneaky by Anonymous Coward · · Score: 5, Insightful

    I bet this is a way to sneak in some more "general purpose" legislation on the net. There is going to be a strong push for that coming from the EU in the next months unfortunately.

    I can see it now. Newlines in the papers as Iran is found harboring WMDs along with Syria and Pakistan. Equating NBC weapons with botnets is retarded on an incredible amount of levels.

  5. wmd comparison by sveard · · Score: 4, Informative

    Perhaps we should compare some WMD's

    An atomic bomb detonated over a dense population center: millions die
    An eWMD shuts down water supply: people have to resort to bottled water and, in a worst case scenario, boil rain water; for a few weeks

    Perhaps eWMD is a better name for an EMP because that actually DESTROYS something that can not be brought back from the dead using backups

  6. Creative use of language for propaganda by pm_rat_poison · · Score: 5, Insightful

    Sadly, I'm always stumped by how far a language can be warped so that things are labeled in a desirable way by the authorities.
    This has been happening since the ancient times and we haven't grown out of it. The athenian hegemony was named the athenian alliance, the enslavement of foreign countries by the Romans was called Pax Romana, and even now, he american goverment classifies botnets as eWMD's, every country in the world dubs their Ministry of Military as Ministry of Defence, and War will always be Peace in the Ministry of Love.

  7. Re:What masses, specifically, have botnets destroy by knarf · · Score: 4, Funny

    That would make botnets weapons of mass accumulation, not mass destruction. The quality might not be up to par but you can not complain about the quantity...

    --
    --frank[at]unternet.org
  8. Re:What masses, specifically, have botnets destroy by shogarth · · Score: 4, Insightful

    If we think of mass-energy conversion in nuke plants, I would argue that some mass was destroyed (er, converted) to generate a portion of the electricity consumed in botnet attacks. Touche.

    More generally, reread the article. They are trying to address a real, asymmetric threat. Some jack-off (or group of jack-offs) can cause measurable harm (counted in your favorite currency if nothing else) via DDoS attacks. That is a demonstrated fact. Estonia argues that their financial sector was largely off-line for three weeks due to (purportedly) coordinated DDoS attacks. If their assertion is correct (a point about which I am neutral), then that DDoS attack was as effective (arguably more effective) on the Estonian financial industry as the 9/11 attacks were on the U.S banking system. Think back to how crazy people were that Wall St. was essentially off-line.

    In any case, it is hardly unreasonable to argue that DDoS attacks pose an effective asymmetric threat to certain industries. On the other hand, I am less than convinced that there are Evil Hackers out there capable of and planning to shut down water systems and power distribution. However, should it be possible and occur, think about how short a time it took for New Orleans civil society to disintegrate.

  9. Fear by Iamthecheese · · Score: 5, Insightful

    Great fear. Terror even. Terrorism! Danger! Danger! Threat level orange! All good citizens must immediately surrender their rights! We'll start by outlawing spam. But how can we enforce it? We need to verify all e-mail legitimacy! We'll do it with technology. What is needed is a massive database of all e-mails sent, which will be filtered to assure that no 1,000 of them are the same. After that we'll send it to the intended recipient. Of course we'll have to keep logs...

    --
    If video games influenced behavior the Pac Man generation would be eating pills and running away from their problems.
    1. Re:Fear by Iamthecheese · · Score: 4, Insightful

      Curtailing rights, raising taxes, and getting the governments fingers into even more of my business? This is exactly what they were intended to be used for.

      --
      If video games influenced behavior the Pac Man generation would be eating pills and running away from their problems.
  10. If I hear "czar" one more time... by GXTi · · Score: 5, Funny

    Pretty soon we're going to need a czar czar to keep track of all the czars we've been willing into existence lately.

  11. Re:What masses, specifically, have botnets destroy by Anonymous Coward · · Score: 5, Funny

    Yeah, maybe not a city, but think about what would happen if they took WoW offline for more than an hour. Oh the horror!

  12. Re:What masses, specifically, have botnets destroy by Gorobei · · Score: 3, Insightful

    Good Lord, "people looting grocery stores for food and water" is more just efficient use of national resources than anything else. More law enforcement wouldn't have helped: it would have compounded the problem. What would have helped is rapid national disaster response. So, some shops lost a few bottles of water and diapers - that's what insurance is for.

    I've walked 1/2 the length of Manhattan twice: once on 9/11 and once for the big blackout. Both times I was offered a bunch of free stuff (water, food, tissues for improvised masks, and even beer as the cooling failed.) Just small businesses and their employees behaving decently.

    If someone wants to lock down their basic supplies super-store in the midst of a week-long emergency, I'll be there with a saws-all and spend my day handing out bottled water.

  13. Re:What masses, specifically, have botnets destroy by hairyfeet · · Score: 4, Insightful

    What worries me is I was reading an article today calling on President Obama to create a new office to "protect cyberspace" and I noticed this little nugget from the report recommending Obama act "It proposed online "data warrants," for example, rather than traditional search warrants, which it said "may be increasingly impracticable in the online environment." Now I don't know about you, but after all that Fisa crap i trust their little "data warrants" about as far as I can throw a Cray.

    If you would like to read the article it is here but after the last pile of bull we were fed about WMDs the second I hear anything to do with them I start looking for the shovel. And let us be honest here: how many data breaches have we seen in the last few years of both government and private networks that were due to plain old stupidity? Maybe they should do a top to bottom audit of their networks to ensure that best security practices are being used and THEN they can start talking about eWMDs. But until then I will automatically think "power grab" when crap like this hits the news.

    --
    ACs don't waste your time replying, your posts are never seen by me.
  14. Re:What masses, specifically, have botnets destroy by TapeCutter · · Score: 3, Insightful

    New Orleans was 10 feet underwater from Katrina which is a tad more serious than no power or tap water. Outside the west many cities don't have running water to any but the weathiest of thier residents, let alone fridges in every kitchen. "Law enforcement" would have been much better served if the enforcers were handing out bottled water.

    Basic adult minimums: Breath once a minute, drink once a day, eat once a week.

    --
    And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.