Slashdot Mirror
A Cyber-Attack On an American City
Bruce Perens writes "Just after midnight on Thursday, April 9, unidentified attackers climbed down four manholes in the Northern California city of Morgan Hill and cut eight fiber cables in what appears to have been an organized attack on the electronic infrastructure of an American city. Its implications, though startling, have gone almost un-reported.
So I decided to change that."
We should also consider whether it might be necessary to harden some of the local infrastructure of our communities. The old Bell System used to arrange cables in a ring around a city, so that a cut in any one location could be routed around. It's not clear how much modern telephone companies have continued that practice. It might not have helped in Morgan Hill, as the attackers apparently even disabled an unused cable that could have been used to recover from the broken connections.
Always assume the enemy knows the system. Hardening wouldn't hurt, but redundancy is the most important thing. Hardening a system tends to make it that much more vulnerable to a single insider. Redundancy mitigates this effect. Having such a small group be able cause so much disruption from such a relatively simple act makes it obvious that the city placed way too much on a single point of failure remaining in tact. Have redundant fiber. Have auxiliary wireless setups. Maintain a base of ham volunteers. Multiply your points of failure.
Personally, I think this sort of lax infrastructure security has become endemic. The 'war on terror' rhetoric we were fed for so long has us looking for the next suicide jet-liner attack or what have you, completely distorting any real conception the public had of real-world modern security risks.
I got a catholic block.
Ham radio operators save the day once again... 'nuff said.
Lets not all go blaming terrorist organizations on this one.
My money is on unionized workers facing layoffs or payroll cuts. They would best know how to hurt the system and this sort of sabotage being linked to unions is not exactly unheard of.
"linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
Comment removed based on user account deletion
Jesus. Here come four thousand posts about how awesome hams are, and how Internet over power cables sucks, etc.
My Dad was a ham. Yes, hams are awesome. In their nutty little useful-once-in-a-lifetime, semi-Luddite way.
We love you, hams. We're glad you're out there. But please, seriously, shut the fuck up. On the Internet. Feel free to blather on your radios.
-Peter
Indeed, that's very possible: the contract between the Communication Workers of America and AT&T expired on April 11th.
Q: What does the "B." in Benoit B. Mandelbrot stand for? A: Benoit B. Mandelbrot
Hopefully this catches enough attention to get people to evaluate their area's utilities similar to the blackout across parts of the US and Canada back in 2003. http://en.wikipedia.org/wiki/2003_North_America_blackout
So now a "cyber" attack includes the physical destruction of hardware/infrastructure without any exploitation of any programming logic?
If an organized group of people orchestrated this attack in order to bring attention to some goal, wouldn't that make them a terrorist group?
No.
What makes a terrorist group a terrorist group, is that they inflict, you know, terror .
Cutting some cables isn't going to (and, in fact, didn't) send the general populace into a panic.
Yes, it's an inconvenience, but unless they are trying to instill terror in the general populace, they're not terrorists.
I doubt many readers here could physically fit into a manhole, much less survive a climb down any sort of non-motorized ladder.
The entire Santa Cruz County area was cut off from all telecommunications outside of Point to Point wireless and Satellite. (Comcast customers aside.) Sprint, AT&T, Verizon, long distance for POTS was all down. TFN's were not able to be dialed by any customers. 911, 611, 411 were not functioning. 'Point-to-point' T1's that were aggregated over DS3's in Hayward, were not functioning for area users. Many of the "redundant" network connections for companies in the Monterey Bay area were completely down. Both legs of their "best practice" 2 provider networks were crippled.
Other than a couple islands of connectivity (namely the Shell Gas station at 41st and Capitola Rd in Capitola, my mother In Law's house, and my Uncle's business) who were lucky enough to only have Satellite service available to them, or were on Comcast, the packets stopped flowing.
Ironically Comcast services inside the Santa Cruz county were still working. Users of Comcast voice wouldn't have noticed (except for the fact that everyone they called went straight to voicemail.)
However, inter CO calling was working (you could
call anyone in the Watsonville-Santa Cruz area if they had a POTS line from a POTS line. Still, corporate communications for nearly everyone in the area (Ag. Brokers, Packers, Pickers, Shippers, Bottlers, etc.) Was down. Commerce came to a halt.
People couldn't get gas at gas stations around the area unless they had cash. Area banks wouldn't let people inside the bank unless you were making a deposit. People couldn't be players in the game of commerce without little pieces of paper. And so once again, cash was king.
More cars sat on the side of the road that day then normal between santa cruz and watsonville. Which begs the question how does the regular joe call for help if the call boxes can't talk to a phone switch?
My money is on unionized workers
Well then, ionize the workforce in future.
I am TheRaven on Soylent News
I guess this kinda puts a damper on all the cloud computing hype of late...
The day my employer strips me of my loosely bound electrons is the day I give notice.
Unless of course I'm on the "to be negatively charged" list, in which case:
Sucks to be you, alkali employees!!!
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
Sure, you can do things like reducing single-points-of-failure, beefing up security, but you can do this only to a point. At some point, you realize that society is, by nature, cooperative, and if you remove that basic assumption of cooperation, society will fail.
There aren't any exceptions to this. There are just too many possible things that can be destroyed by people who desire a society or civilization to perish.
You can salt fields. The Romans did this thousands of years ago, and the areas they ravaged are, to this day, incapable of meaningful agriculture.
You can poison drinking water. LSD is pretty easy to make cheaply, and a single pound of it thrown into a public water system would cause mass insanity.
This list is infinite: You can destroy power lines, you can cut fiber cables, you can make a bomb out of fertilizer and destroy a building or the Golden Gate Bridge or any of a quintillion other things that are both easily done and highly destructive.
A society is secure when its population are generally happy with it continuing. When a society reaches the point where enough of its population are disenfranchised with it, it will becomes incapable of maintaining the critical infrastructure necessary for a complex civilization. Adding security measures such as multiple points of failure quickly become reasons NOT to fix why anyone would want the civilization to perish in the first place - and thus actually make the civilization LESS secure.
And that's just the simple truth of it. So, if we want to be secure, we need to clear up the reasons why people would want our culture to fail. These include things like
A) Not torturing people.
B) Allowing other countries to be sovereign in their own affairs.
C) Not being overly greedy with our wealth. Exploitation is only good for the short term - it's a long-term destabilizing force and that's bad for everyone.
Really, I don't get it. You get people who swear by our Constitution yet somehow think that torturing is OK. Perhaps they should read the 4th and 5th ammendments? This issue is a deep, dark stain on the freedoms we are otherwise so quick to espouse.
I have no problem with your religion until you decide it's reason to deprive others of the truth.
I am the Network Administrator for an ISP (AS4307) in San Martin, CA (between Morgan Hill and Gilroy) that was directly affected by the cuts.
We are multi-homed by two providers. BOTH providers fiber ran through those SONET rings that were cut. We were COMPLETELY isolated (internet, POTS AND cell) from 2:15am to 10:42pm. Luckily, 90% of our customers are in the Morgan Hill/Gilroy/San Martin/San Jose area, so they were fully aware of what happened.
As a side note, the cuts were actually in San Jose. I live 3 blocks from where the cuts occured (Monterey Hwy and Cottle Rd. for those interested). And it did not just affect Morgan Hill. Some parts of South San Jose were affected, along with Morgan Hill, San Martin, Gilroy, Watsonville, Santa Cruz, and parts of Hollister.
What was interesting was when service was restored, customers who lived out of the area who had not heard of the happenings here, called and told us they thought one of two things:
A) We went out of business
B) Natural disaster (Earthquake was #1 on the list, considering where we are located)
We lost no customers over this fiasco, and are now looking at getting a provider that feeds from completely separate fiber (i.e. from the SOUTH)
Robert Glover
Director of I.S.
South Valley Internet (AS4307)