Slashdot Mirror
Should the US Go Offensive In Cyberwarfare?
The NYTimes has a piece analyzing the policy discussions in the US around the question of what should be the proper stance towards offensive cyberwarfare. This is a question that the Bush administration wrestled with, before deciding that the outgoing president didn't have the political capital left to grapple with it. The article notes two instances in which President Bush approved the use of offensive cyberattacks; but these were exceptions, and the formation of a general policy was left to the Obama administration. "Senior Pentagon and military officials also express deep concern that the laws and understanding of armed conflict have not kept current with the challenges of offensive cyberwarfare. Over the decades, a number of limits on action have been accepted — if not always practiced. One is the prohibition against assassinating government leaders. Another is avoiding attacks aimed at civilians. Yet in the cyberworld, where the most vulnerable targets are civilian, there are no such rules or understandings. If a military base is attacked, would it be a proportional, legitimate response to bring down the attacker's power grid if that would also shut down its hospital systems, its air traffic control system, or its banking system?"
Why? Just contract /b/ to do all the dirty work for you.
It could be the Blackwater of Online Warfare.
Those who believe the Internet is private,
find their privates are on the Internet.
What the US should do is stop connecting 'computers' to the Internet that can so easily be hijacked in phishing/malware/spam attacks.
Starting in 2002 we gave away our dominance in software technology to other nations. The policy of China was to subsidize tens of thousands of students studying in the computer sciences. In 2002 American companies subsidized this policy of China by shipping over American jobs so that Chinese students could gain the necessary and hard to obtain experience of working on real systems. American programming jobs were shipped to India, China, and Russia and subsidized these nations in their ability to build expertise in software technology.
Now very few American students are enrolled in the computer sciences departments of America to provide the expertize necessary for threats to American computer systems, while other nations have tens of thousands that can obtain all of the benefits of software technology. American students will not enroll in the computer sciences when the policy of America is simply to ship programming jobs overseas. Now many American systems are dependent upon offshore foreign programmers. There have already been incidents where offshore foreign workers were bribed to provide account information on bank customers.
The reality is that major American system may have already been compromised by bribes to offshore foreign workers to insert malicious code into the American systems where they have direct access. Hollywood movies show complex schemes and supposedly sophisticated attacks to access computer system when the reality is that you can simply walk in the front door with a bribe and have complete access. It is meaningless to protect these systems from attacks over the internet when they may already have been seriously compromised.
=Smidge=
Is it just my observation, or is eldavojohn an idiot?
If a military base is attacked, would it be a proportional, legitimate response to bring down the attacker's power grid if that would also shut down its hospital systems, its air traffic control system, or its banking system?"
no.
"If a military base is attacked, would it be a proportional, legitimate response to bring down the attacker's power grid if that would also shut down its hospital systems, its air traffic control system, or its banking system?"
What country would be foolish enough to connect its power grid, hospital systems, air traffic control and it's banking system to the Internet.
I can just imagine the streaming video of masked men slowly lowering a powered-up motherboard into water while yelling "why did you portscan us?"
The US military should comport itself online similar to how it handles the distinction between government and civilian targets in physical battles. That means the US military should regard all Chinese and Russian systems as open, hostile targets of opportunity the way that those governments treat everyone else. However, the US military should refuse to use its resources for the betterment of the US economy, unless that is something like stealing Russian jet designs and handing them quietly over to Lockheed or Northrop Grumman to analyze.
Let's stop kidding ourselves that these countries are only responding to us. There are plenty of people who foolishly believe that the Russians and Chinese are only engaging in an arms race to keep up with us because they're "afraid of us." Bull. Fucking. Shit. Like hell they're scared of us. The reason they're doing this is obvious to anyone who has studied their history. For centuries they've been imperialists and aggressors, and now a young country has finally kicked them to the curb. It's a pride issue, not a national security issue. The moment we accept that is the moment we'll finally come to grips with what we're really dealing with here.
Conflict always been part of our history. War will always be with us. The lunacy that leads people to believe in progress to negate that is the same lunacy that has lead to the economic mismanagement that resulted in the Great Depression, the millennial bubble and our current fiasco. Basic facts about war, foreign policy and economics will always be with us.
At least, not until provoked, and then only at resources demonstrably being used in actual operations against the US.
The reason is that we don't want politically motivated cybervandalism to be legitimized.
This is what I had against the whole neo-con "spread democracy" program. I'm all for spreading democracy, but it won't work unless you spread the values and institutions necessary to make democracy work. One of those is freedom of thought and expression. It makes no sense to promote democratic government in a country where you are conducting psyops campaigns and are complicit in or actually performing suppression of free speech.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
As a former fed IT staffer and military specialist, our policies were always to be proactive. Resting is never a good place to be when an attack hits. Obama (and the rest of our NATO nations) need to have their own cyber-warfare military units to respond to any potential threat. With our economies being tied closer and closer each year to the internet, its now along the same lines of our need for energy and needs to be guarded as such.
Besides, I would rather these units proactively dismantle bot-nets, spynets, and spam-nets to protect our infrastructure than to constantly force the private companies to deal with the criminal and 'not-so-criminal-china-warfare' tactics going on today.
Management is doing things right; leadership is doing the right things. - Peter F. Drucker
If a military base is attacked, would it be a proportional, legitimate response to bring down the attacker's power grid if that would also shut down its hospital systems, its air traffic control system, or its banking system?"
Seriously, if any military official takes more than two seconds to realize that it is clearly insane and has not learned one thing from our struggles in Iraq and Afghanistan. Alienating the populace of a nation like that has no benefit and is outright counterproductive. An attack on civilians like this works only in the context of strategic, conventional total war. We haven't fought a conventional war in 50 years. For any foreseeable conflict that U.S. could be involved in, it would be only sane to scrap the idea of attacking civilian infrastructure of any kind, information infrastructure included.
I got a catholic block.
Since when does the gov ask NYT or slashdot readers what to do? And, would we really expect that the CIA would be making public announcements about their actions and intentions?
"Cyberwar" by definition involves at least two warring parties, doesn't it?
And, the internet is an interesting beast, requiring a computer to be connected to it in order communicate. Once connected, there's the potential for an exploit, given the complexity of software + hardware and the human vulnerability to coercion (mandatory http://xkcd.com/416/ ).
So the question is less of should we start but should our government continue leading a "quiet war" with governments they pretend to be friends with. In your name, with your money.
The Machiavellian approach destroys trust and non-trusting relationships are a lot of work and no fun.
Just because you don't read about it doesn't mean it doesn't exist.
You seriously think the country with the worlds largest and longest established sigint program doesn't use it for offensive purposes?
They will take a look at it as soon as they finish playing with their airplanes.
hard to imagine it hasnt happened already, the stronger the denial the more likely it is
Nothing prepares you for war like lots of practice.
Todos mis movimientos están friamente calculados
That would be illegal.
Just as the invention of the atomic bomb changed warfare and deterrence 64 years ago, a new international race has begun to develop cyberweapons and systems to protect against them.
I agree. And just like the atomic bomb, exactly two of these might ever be used in actual warfare.
Think it through:
1) North Korea kills several power plants with cyberweapons.
2) US kills North Korea with conventional weapons.
Sure, if you're Estonia or Georgia you may have problems. You don't have one of the most powerful military forces in the world at your disposal. But here in the US we have all sorts of muscle that we use against people that we feel are misbehaving.
In fact, I doubt highly that we would prevent such an attack were the enemy foolish enough to launch one.
Stop an excuse to go to war? This nation? I think not.
last time i checked, terrorists are known to use channels that are also used by a large portion of the public, so bringing them down doesnt sound good. And to go fully (especially publicly) offensive against any nations sounds like a very good way to start a war, even if a cold one.
Until the U.S. government realizes who the big cyberspace enemy is, the one that costs everyone the most money and does the most damage, then no, it shouldn't do anything. Once it figures out that spammers are the enemy, then yes, by all means launch authorized government-sized counterattacks against their servers.
A related but more general question: When people talk of bits of infrastructure being connected or disconnected from the Internet, are they talking about the presence of direct, layer 3 connectivity (can I ping the airport's tracking systems?), any layer (if I hack the contracting company's intranet can I view aircraft positions through a series of proxies and application layers?) or actual electronic disconnection from the Internet (can you get only get in via getting your man on the inside the tweet the secrets from his cell)? Distributed infrastructural systems communicate Somehow...
"Should" is a moral question. Moral questions are a luxury afforded by rich societies with no pressing needs (in other words, no cause for survival except continued convenience). The real question is "Do we need to?" and my answer is that if you have enemies, you always need to keep track of them.
I may be channeling Niccolo Machiavelli here... stupid cheap acid I bought back in my sophomore year.
Futurist Traditionalism
This was about Arlen Specter.
I mean, it would be a lot cheaper wouldn't it?
We will lose that offensive.
We are the ones who come up with copy protections and it takes some kid in Scandanavia a few hours to crack it.
We will quickly be destroyed by the cyber armies of 13 year olds with 22 hours of sunlight and Mountain Dew in their grasp.
The price is always right if someone else is paying.
Retaliation against a real world country because one, a few or several of the attacking parties were doing the final/traceable connection from there could not be very fair, and could show how close is militar intelligence with absolute stupidity.
Even if could be attacks lauched by other countries government internet addresses, but how you separate government willing to do that attack from some individuals there just checking the waters without autorization?
What is worse, what were the biggest internet attacks till today in general? From Morris worm to Conficker, passing thru all the spam in the middle, all were done by individuals and groups not related with government. There was the cyberattack to Estonia (?) some years ago, that was done more by individuals than from a government.
With nuclear bombs at least you have them enclosed in silos, military security, isolated. You need a small army to try to get one if not get disabled before. But a clever kid could take for its own benefit (from turning it to you or launching a big attack at your name) your entire botnet from the safety of his home.
But i have to agree that the 1st cyberattack from America was a big success. Crippled most of the computers of the world, caused lots of damages to other countries and still is active doing its work. But still, you cant say for sure if was launched by the government or Microsoft Corporation.
As an American, I think I already am pretty offensive to most people on the Internet.
I say we NIMDA the site from orbit.
It's the only way to be sure.
Even if hackers/governments were to bring down an Air traffic control system, the chances anybody would die are slim. At least in the USA, approach controls are still equipped with old-school battery radios, and will land the planes that way. Occasionally they do it this way now, from freak system outages, etc.
Or did everyone already forget ECHELON? Or does it only count if you actively break into other systems, rather than only intercept everyone's personal, business and political Internet communications?
And it would really surprise me if they didn't break into other systems yet. It's not like they first asked for public approval for ECHELON before starting to set up and use it.
Donate free food here
they are utilizing probably a tenth of their hacking capacity. they are hitting sparse targets for capital gain or espionage.
What would happen if they decided to hit us for real?
They're using their grammar skills there.
Israel's policy, which America supports, is that firing a missile into a block of flats full of civilians is okay, if they think a terrorist is in the building. The attack is not aimed at the civilians, they just happen to be there. I'm sure the same mindset would apply in this case.
Unless the internet tubes are full of oil, I don't see it happening anytime soon.
The US has been on the offensive in cyber wars since the beginning of the internet, which they created. Most countries and businesses run our trojan. You might have heard of this. It is called Microsoft Windows.
"I guess I'm gonna fade into Bolivian."
Doing such things would be almost as awful as ... putting a caterpiller on someone. How could anyone respect a country that uses such things as caterpillers and worms?
Obama should ban such devices of torture as worms, just like he banned caterpillers.
Who would win this election: Andrew Weiner vs Andrew Weiner's weiner.
WE did nothing of the sort. The giveaway in software technology was on the part of traitorous corporations that decided to outsource, in the name of short-term profit, and without regard to the very economy that made them big in the first place. Don't include me, or most other U.S. citizens, in that "we"!
Further, the U.S. still leads in software technology, even if there has been a drain. And further yet, your information is out of date: students in the U.S. have again started enrolling in Computer Science programs nationwide, bringing the numbers back up.
I would have to agree with you that American systems have been compromised. Blame the big American corporations and multinationals. They are responsible (along with the politicians who made it all possible). However, the idea that money and physical access is the easiest way to compromise a system is nothing new; it has always been that way.
...Another is avoiding attacks aimed at civilians. God knows the US has NEVER intentionally attacked civilians, no siree! (Cough, Hiroshima, Cough, Nagasaki, Cough) I'm not really certain that avoiding "collateral damage" is a big a concern to the US military as you seem to think it is.
I've abandoned my search for truth; now I'm just looking for some useful delusions.
And me waiting all this time for the '+10inches - Garanteed - Swedish Pump + 15 Original Cyalis' package to be delivered...
It takes 40+ muscles to frown, but only four to extend your arm and bitchslap the motherfucker
Yes.
It's no different than any other logistic target. If another country strafed an interstate or shot down one of our satellites, we'd consider it an act of war. Just because it involves a computer doesn't mean the principle or effect is any different. Enough of this "cyber" crap, a violation of a law, a treaty or an understanding is just what it is, whether it happened electronically or not.
This unbiased moderation brought to you by the Porcine Aviation Group!
DoD developed BSD under DARPA for Public Network Safety
Then ignored or wasted the development research
and used microsoft.
Start by dumping microsoft.
Former DoD Systems Engineer
If a military base is attacked, would it be a proportional, legitimate response to bring down the attacker's power grid if that would also shut down its hospital systems, its air traffic control system, or its banking system?
Give me a break.
If a US military base is attacked by a foreign government, whether physically or online, it is an act of war, and should be treated as such. A military response may be appropriate, and that could include an online attack as one component of the military strategy.
If a US military base is attacked by foreign teenagers in their parents' basements, it is a criminal act carried out by individual citizens, and should be treated as such. The perpetrators should be prosecuted by their own government in their own country, or extradited to our country to stand trial, depending on international treaties. No retaliation against the government of that country, or its infrastructure, is appropriate unless they refuse to take law enforcement action. If existing treaties don't allow things to work this way, then it's time to work on negotiating some new ones.
The whole notion of a "proportional response" is insane.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
If the government would quit running fucking Windows, hire some IT guys who know their ass from a hole in the ground; maybe we wouldn't have so many problems on the cyber front.
"I bow to no man" - Riddick
Because going on the offensive worked so well in Iraq, Afghanistan, Somalia, Vietnam, etc...
Bibo Ergo Sum.
Richard Clarke spoke at my campus about a month ago and addressed this question. His claim was that United States needs to put forth some doctrine of cyberwarfare deterrence for the same reasons it did with nuclear warfare. His argument was that because of how dependent on computers the world is, cyberwarfare, a relatively unknown beast, has the same potential for the mutually assured destruction that nuclear weapons are capable of.
For example if you read the Geneva Conventions, you find that various places are "off limits" for war. Hospitals and religious places would be the big ones. The rules say you need to take care not to attack them. However, there's a flip side to the rule: You also need to take care not to use them for military purposes. So if there's a church and it is used by people as a church, no problem, that church is off limits. However if an army decides to set up shop in there are use it as a base, it just became fair game.
This happened in WWII. The Nazi's took over a monastery since it had a good position for messing with shipping in the Mediterranean. They figured that the allies wouldn't bomb it, since it was a Christian religious structure, and as with many monasteries, it was designed rather like a fortress making an infantry assault impractical. Ya well, they were wrong on the not bombing account. the place was reduced to rubble. Not something that anyone really wanted to do, but it became a valid military target when it was being used to host attacks.
Now the situation in Palestine is obviously not identical, but it is similar. While a group of houses is manifestly a civilian setup and thus not a legitimate military target, it changes if those houses are used to house fighters, weapons and launch attacks.
Let Linus sort'em out!!!
"The average reporter we talk to is 27 years old......They literally know nothing." - Ben Rhodes
What country would be foolish enough to connect its power grid, hospital systems, air traffic control and it's banking system to the Internet.
What country would be foolish enough to connect its power grid, hospital systems, air traffic control and it's banking system to the telephone network?
What country would be foolish enough to connect its power grid, hospital systems, air traffic control and it's banking system to radio receivers?
And so on.
You gotta communicate with 'em SOMEHOW. Are you proposing the banking system, the hospitals, and the military all SEPARATELY (and each individual organization within each group SEPARATELY as well) dig up the country and run their own private network? (And harden it against manhole-divers with bolt cutters while they're at it?)
"The Internet" and other networks sharing infrastructure (and potential vulnerabilities) is the current communication utility. It's time to stop wringing hands about how foolish it is to actually use it and join those working on how to do so safely and reliably.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Which, like it or not, is treated very differently. There is a tacit agreement among nations that spying isn't a cause for war. Many nations try to spy on each other and while the spys themselves have little to no protections, the spying itself doesn't result in major stir ups. Remember that not long ago Aldrich Ames, a CIA counter-intelligence officer, was convicted of spying for the Russians. While he went to prison for it, the US certainly didn't go to war with Russia, or for that matter even get mad and impose sanctions or the like. Heck for that matter Russia has even refused to release the identity of the bank account that has $2 million of money for Ames because they argue he rightfully earned it and it shouldn't be subject to seizure by the US.
It is just accepted as part of the game. Intelligence gathering is something all nations try to stop when it is against them, but they don't go and start wars over it. So if you want to start a cyber war with the US over their intelligence gathering, well then you might not like the result as that is a major change in the rules.
From the article:
I always find it disturbing when these issues are treated like physical security issues. Part of that is because it is often physical security specialists that are brought to task. It is an environment that they often seem to be completely unprepared to deal with.
The issue is that information security and physical security are fundamentally different domains. We have no real control over the laws of physics. They exist whether we want them to or not. The best we can do is work within those laws. The most cutting edge military hardware is simply a better understanding and ability to exploit the laws of physics which have remained constant. But there are still limits. And so physical security specialists find themselves with limited options to mitigate risk and tactics designed around those limits.
Information security deals with systems, protocols, and laws that we design and implement. If we discover that an adversary has found a way to take advantage of any given law, we can alter it so that advantage no longer exists. This provides a very wide degree of options as an infosec specialist can not only mitigate existing risks, but take steps to completely change the entire situation if warranted.
And that's probably why the whole "cyber" thing annoys me to no end. It seems to be some kind of meme that tries to put our physical existence in to the electronic domain. In reality, there is no Tron. We are not Neuromancers. What is referred to as "CyberWarfare" is really information warfare - signals intelligence, espionage, electronic warfare, and other well-trodden paths. There may be new techniques and social implications. But the situations we're looking at are just extensions of things we already deal with. Attempting to blur the lines between the physical and informational domains only confuse the issue.
Why would you assume that we aren't already?
All I see here is pretext. The notion I have heard expressed that hackers can do the same damage as nuclear weapons is absurd to the ears of anybody with an ounce of intelligence. Massively exaggerated threats can only mean one thing; a power grab.
They want to have spyware built into every piece of hardware and software out there. They want to turn every single bit of data processing equipment of any kind into part of their foreign and domestic intelligence network. They want to take the vast amounts of data generated by this network and feed it into a supercomputer that will replace trial by jury with data mining.
Don't let them.
If we can put a man on the moon, why can't we shoot people for Apollo-related non-sequiturs?
Ahh just like the ol' cyberpunk novels. The feds are gonna start running some black ice, eh?
I do think, if someone's trying to break in, it's fully appropriate to try to root 'em back (as opposed to "nothing" that is done now.) Going out and trying to break into people's boxes unprovoked is inappropriate though.
but, i have to say, absolutely
Hell yes!
Anoint/Appoint Richard M. Stallman as Cyberwarfare Czar/Emperor.
Need US to be more offensive than that? *ducks*
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
Why? We're so far behind already.
Plus, we're not permitted to shoot a sniper from the back: there are actually LAWS to keep us from fighting in an efficient manner.
Plus, in this time of prelude-to-war, we're cutting our military by 20%. No need investing any more money.
These are the goals of the Liberal. Obama is Liberal. It's Liberals, not Capitalism that got us into this big-government, control-every-aspect-of-our-lives world,
Let's just enjoy the crash. That would be change, no?
While we're at it:
Let's stop kidding ourselves that the militaries of our, and all other, nations, along with all the other power groups, will simultaneously adhere to medieval European ideas of the separation of the serfs and the armies, as codified in the alleged "laws of war".
World War II and the Cold War's MAD doctrine treated the civilian population and its infrastructure as a military resource. (They DO produce the materiel of war, after all. This makes them, like the war-materiel manufacturing plants and the infrastructure that supports them - including water, electricity, and communications, military targets.)
In republics the electorate are the basic decision makers and the bulk of the civilian population is the electorate. Pressuring "the country" to change its foreign policy involves pressuring these decision-makers. So many power groups - governmental and especially "terrorist" - consider them fair game.
Bans on political assassination are convenient for officials - deflecting the attacks from them to those below them. So of course these find their ways into the "law of war" as promulgated by these officials. But some power groups consider it more cost-effective to hurt or kill a handful of leaders than a large number of soldiers or a larger number of civilians. (The colinization-era American Indians, the American Revolutionaries, and the Viet Cong come to mind just for three quick examples. "Knock off the guy with the shiny geegaws on his clothes and the rest of 'em run around in confusion." That's why Marines don't salute or wear officer insignia in the field.)
So don't expect political organizations of any level of recognition to actually refrain from attacking their "opponent"s' infrastructure, even if it's civilian.
Yes it might be nice if wars, or "cold wars", were fought with rules and among only a small warrior class on each side. (Then again it might be a really bad idea. Sanitizing the conflict leads to more war, by reducing the constituency for peace.)
Having said that: Such attacks are ACTS OF WAR. (That's why the US reined in its cold warriors by banning the assassination of foreign leaders during "peacetime".) Using them invites retaliation and escalation, including the escalation from covert to overt.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Has a war ever been won by not fighting back or just surrendering?
Running with Linux for over 20 years!
NO!, DOWN! Not unless the U.S. senate declares war
All your database are belong to U.S.
The US has 'gone offensive' enough for some good 80 years. Just please... Stop.
Send your spendthrift head of state this
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Why? The one year old child has had significantly fewer resources invested in it, than the 1000 year old monastery which had to be built by hand and then maintained for 1000 years.
It would take the parents maybe....two years, and less than $100,000 to recreate another one year old child. The point I'm making is that, human life is important, but I don't believe it's something to be held on such a high pedestal.
So as not to be hypocritical, I actively try and spread this philosophy. I'd be willing to live with the daily risk of being killed in a terrorist attack, such as people have in Israel, etc. in order to have greater personal freedom from government intervention, for instance: I'd be willing to trade my own life, in this manner, for the good of society.
I'm reminded of the video from the band Van Halen for the song "Right Now" that says something to the effect that "Right now our gov't is doing things that we think other gov't is doing to us."
Anyone remember the cookie that the NSA was placing on systems that visited their site? Could not delete it, etc. Google that up if you doubt it.
Dam...talk about a bunch of sheep.
... shouldn't throw stones and DoS attacks.
(Especially since glass might be a major step-up for the US when it comes to online security.)
Why can't all fpga/microcontroller manufacturers just release free optimizing compilers???
D Rumsfeld.. I don't believe you or a lot of your cohorts. You are not believable.
We should at least establish a central location for reporting IP addresses of break in attempts. I get a lot from China, some from India, and even one from Kuwait.
How it should be:
1. As citizens of the United States, we are bound by the Constitution of the United States.
2. The Constitution grants Congress the power to declare war (Article I, Section 8).
3. As a responsible nation, the United States is obligated to conduct war in compliance with the treaties by which it is bound (such as the Geneva Protocol).
4. Such treaties (to my knowledge) do not address so-called "cyberwarfare".
5. Ergo, should Congress declare war on a foreign sovereign nation, I believe our government should consider cyberwarfare to be a potential offensive option.
How it is:
1. Despite not declaring war on any foreign sovereign nation since 1942, our government does whatever it damn well pleases anyway, so what's the difference?
Jesus told him, "I am the way, the truth, and the life. No one can come to the Father except through me. - John 14:6 NLT
onerous:
like, you cant put melamine into baby food in order to make it look like it has more protein content? (china)
like you cant build schools in earthquake areas using sub standard concrete so they collapse and kill thousands of children? (china)
like you cant bypass electrical codes just to get a job done quicker and reduce labor costs (iraq), with the result people get electrocuted?
like you cant have mercury and lead leaking into peoples drinking water?
like 10 year olds shouldnt be working in coal mines?
like there should be a thing called a 'weekend'?
like you have to have a safe working place (the ship breaking yards in india.. motto 'another day, another death')
maybe you thought the 20th century in America was a crappy place to live, what with clean drinking water and weekends and holidays... but i kind of like it, and the 21st century seems to be ready (with help from people like you) to abandon all of those things and turn the social clock back to 1897.
Any justification I try to make will come across as dogmatic, and it kind of would be unfortunately. The most I can say is, if/when you have kids, there's a decent chance you'll side with me on this one.
yeah! spoken like a true american!
Wealth is the gift that keeps on giving.
... that nobody has yet suggested googling for "Siberian pipeline explosion" to answer this question.
It's widely believed in much of the world that the US government has long been the prime mover in "cyber warfare". Whether this is true or not, fact is that people believe it, and this is a significant part of the rest of the world's attitude towards the US dominance of the Internet. You might have noticed that there have been moves afoot in a lot of the world to end this dominance and install networking equipment that is beyond the (easy) reach of the US government.
(OTOH, I've found that most people everywhere on the Net are quite friendly towards individual Americans, as long as you don't give the impression of having any sort of official position. Or maybe it's just me ... ;-)
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
germany believes you do since the advent of the internet, though u're an ally, our BND and (attenttion umlaut) AuswÃrtiges Amt (that was an a with dots) prefer running linux.
Though... it's great that the american public shapes once again images of it's public worldwide "special friends". It's gonna be just one or two years until we gonna have great movies again. I will comfort myself until then with searching old german movies for russian voices that sound like german voices in old british movies; Klingon Style!
that's what russia and china do
there is no need to encourage them, merely track them and get out of the way of any of their initiatives. and when the shit hits the fan and another government complains, the government can play dumb: it really wasn't their doing, there's no financing or chain of command. the only crime is one of omission: watching someone do something wrong and not stopping them. the nationalist partisans steer clear of their own nation's computers out of fealty (perhaps protecting them too), they obediently report to the government any stupendous finds (nuclear plant blueprints, warfare plans, etc.) simply for the renown, and in times of great duress, are predisposed to fall under the umbrella of government control. all at the same time, they are complete free of cost, and of the highest technical proficiency and motivation. their motivation is simply passion
this is already happening, for years. before 9/11 there was the hainan island incident:
http://en.wikipedia.org/wiki/Hainan_Island_incident
this spy plane bump and crash brought american partisans and chinese partisans at full war online. how do i know this? because one of my windows boxen in new york at the time got hacked. its front page was replaced with the chinese flag and the text "fuck poisonbox! hacked by chinese". i traced the attacking ip to a technical college near beijing. who is poisonbox? i researched it: he was an american partisan hacker(s) laying waste to various chinese servers at the time
i found an article about the proceedings still online from that era:
http://attrition.org/security/commentary/cn-us-war.html
there is no debate here, it's already happening, done by partisan hackers, in loose affiliation with their governments and the government's turning a blind eye to the hijinks
someone out there, perhaps reading this comment, has the makings of a great book or movie, with years of hardcore cyberwarfare already under their belt. they could be in any number of countries where ultranationalism rages (turkey, greece, israel, pakistan, india, etc.)
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Why? The one year old child has had significantly fewer resources invested in it, than the 1000 year old monastery which had to be built by hand and then maintained for 1000 years.
It would take the parents maybe....two years, and less than $100,000 to recreate another one year old child. The point I'm making is that, human life is important, but I don't believe it's something to be held on such a high pedestal.
The insurance industry has this all worked out. People value human lives at a few million bucks (no, I don't remember how much exactly) as in that's how much people will actually spend to save a life. Callous for sure, but true all the same.
"Little does he know, but there is no 'I' in 'Idiot'!"
to fight this war. Pork for everyone
hi dr frends The initiative taken for the concern is very serious and needs an attention of everyone. This is the concern which exists in the society and needs to be eliminated from the society as soon as possible. Eliza One thing that a lot of people have missed in this recent economic down turn is the fact that in-game money for all of the massive mutliplayer online role playing games has not been effected. I guess it just shows how strong and stable the computer game industry really is. Virtual Currency
It's just another war on an abstract concept, and every american knows you can't have enough of those. Now for some actual adversary to throw into the mix. Something to kill and maim and forget it were ever human or alive....
Bitter? Moi? I prefer to think of it as "Experience-Backed Realism".
They already do!
The head of DNI, Dr. Joel Brenner, National Counter Intelligence director, gave a Q/A session at MIT last week and came out and admitted it.
"They're very, very good."
You're talking about attacks against, say, the U.S. from foreigners. What about attacks from inside the U.S.?
I have some real bad news for you: You - yep, you, U.S. software developer - are to be watched. What?!? Yes, the DHS (Department of Homeland Security) thinks -you- need watching, not, say, foreign hackers. Only a government could come up with this! And I wish I was kidding.
The DHS has made some pretty weird official "Findings" recently. They're a trial balloon. If no one yells, DHS knows they can get away with them; bureaucracies want to grow. For example, DHS made a Finding recently that "right wing extremists" should be watched. In particular, DHS said, veterans from Iraq and Afghanistan needed watching. They even said that groups opposed to abortion needed watching; that's code for 'religious groups'.
A screaming hornet's nest landed on DHS head Janet Napolitano, who then apologized "for any offense to our veterans". [You want to watch her real carefully from now on.]
Okay, you're saying, what does this have to do with me?
You probably did not see the OTHER recent DHS "Findings". This one is dated Janury 26, 2009, about 8 pages long. It's about "leftwing extremists" doing "cyber attacks". But it's so broadly written that it affects most of us.
You can find it on wikileaks.org.
Here it is, in their words, their summary:
Scope:
"The information is provided to federal, state, and local counterterrorism and law enforcement officials so they may effectively deter, prevent, preempt, or respond to terrorist attacks against the United States."
"This assessment is intended to alert DHS policymakers, state and local officials, and intelligence analysts monitoring the subject so they can better focus their collection requirements and analysis."
Key Findings:
"DHS Office of Intelligence and Analysis judges that a number of emerging trends point to leftwing extremists maturing and expanding their cyber attack capabilities over the next decade with the aim of attacking targets in the United States.
The potential for economic damage, the individually-initiated and anonymous nature of cyber attacks, and the perception that cyber attacks are nonviolent align well with the ideological beliefs, strategic objectives, and tactics of many leftwing extremists.
The increasing reliance of commercial businesses and other enterprises on cyber technologies, including interconnected networks and remote access, creates new and expanding vulnerabilities that technically-savvy leftwing extremists will exploit.
The proliferation of cyber technologies and expertise as well as the public availability of online hacking tools and "hackers-for-hire" offer leftwing extremists incentive to adopt a cyber attack strategy."
- end their summary of Key Findings -
(Personally, I'm impressed that anyone could jam the phrase "leftwing extremist" into every paragraph of this Finding. Ye gods.)
Then, they continue:
"(U) LAW ENFORCEMENT INFORMATION NOTICE: This product contains Law Enforcement Sensitive (LES) information. No portion of the LES information should be released to the media, the general public, or over non-secure Internet servers. Release of this information could adversely affect or jeopardize investigative activities."
"(U) WARNING: This document is UNCLASSIFIED/FOR OFFICIAL USE ONLY (U/FOUO). It contains information that may be exempt from public release under the Freedom of Information Act (5 USC 552)." ( -- This goes on and on. [This Finding is exempt from the FOIA ?? !! What the hell? ]
I did not know that your political beliefs ... and a belief in nonviolence? ... would make you a target to be watched by DHS. I am just so naive.
I quote directly from this Finding:
"A simple online search provides users with numerous links to discussion forums and websites that offer hacking tutorials and information regardin
Left foot a half step in front, toes pointed towards target. Right foot a half step behind, toes at 90 degrees. Knees straight but not locked. Take aim. Breathe in, breathe out, stop breathing but don't hold your breath. Squeeze the trigger, don't pull it.
It's ridiculous to assume that if you're attacked using a certain weapon, that's the only weapon you can defend with. Just because there's not a great deal of collateral damage doesn't mean the intended damage wasn't done and wasn't serious. If say, the power grid was disabled, we're not going to care by what means, we're going to make sure the attacker is made unable to attack more.
If it hasn't happened yet, it will. I suspect it already has, but only among the organized crime groups associated with botnets and other malware.
Oh, and I'm kidding in the first paragraph. You can't fight cyber anything efficiently with a rifle. Efficient would be a cruise missile with a conventionally armed EMP device. Better still, on the horizon (!) is delivery of small payloads like an EMP device via rapid deployment suborbital launch platforms and stealth reentry bodies that appear as small meteors until low altitude when they veer horizontal towards the target, only second before detonation. Ultrasonic vehicles with scramjets are superbly suited for this.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
I'm interested to hear about this policy of not targeting civilians. I suggest that its implementation should be more closely monitored, since US forces managed to kill 60,000 Iraqi civilians during the invasion, and at least 5,000 of those died during the initial 'shock and awe' raids. God knows what would happen if they were actually trying to target civilians.
It's a spambotand scareware downloader.
Best Slashdot Co
"If a military base is attacked, would it be a proportional, legitimate response to bring down the attacker's power grid if that would also shut down its hospital systems, its air traffic control system, or its banking system?"
That all depends on the nations involved.
1. If the USA attacks another nation's military base, any response whatsoever by the foreign nation would be illegal. Trying to shut down the US power grid, hospital systems, air traffic control, banking, etc. systems would obviously be downright terrorism and quite inexcusable.
2. If another nation attacks a US military base (even on that other nation's own soil), any response whatsoever by the USA - up to and including the use of nuclear weapons - would be perfectly natural and entirely justified. Shutting down other nations' power grids, hospital systems, air traffic control, banking, and other critical infrastructure such as roads, railways, water supplies, etc. is what the US armed forces routinely do as a matter of course. For example against Serbia and Iraq, neither of which had attacked a US military base nor committed any other hostile action.
I am sure that there are many other solipsists out there.
Offensive cyber attacks could be useful as a first step to a physical operation. Exploiting a vulnerability in the enemy's defenses could greatly increase their response time. Maybe turning off the power so they can't open the garage doors and get their tanks out. Or causing all the cash machines to spew money to lure the squishies into the streets before a bombing run.
I can say [REDACTED] anytime I want!
That's like asking if the government should break the law.
Slashdot sucks when it's time to try to actually learn something instead of flaming and ranting and trying to one-up each other.
The principle of least privilege is the only known approach that might possibly lead to a secure operating system... what do we do in the US? Let the only project we have fall off into obscurity.
We then deride the EU when they actually decided it would be a good idea to try to fund a project with the possibility of success.
We need secure endpoints before we can ever hope to have a secure infrastructure. We're not smart enough to even try to pursue the only known approach that might work. We're doomed. Hopefully someone will understand this, not see it as a pure rant, and learn something.
--Mike--
You gotta communicate with 'em SOMEHOW. Are you proposing the banking system, the hospitals, and the military all SEPARATELY .. dig up the country and run their own private network?
You are talking technological nonsense. All it would take is secured encrypted VPN nodes running on embedded devices.
"(And harden it against manhole-divers with bolt cutters while they're at it?)"
And having more then the one redundant path, so as to protect from when someone accidentally or otherwise digs up the cable.
[quote]
As of 15 January 1999, the DoD High Performance Computing Modernization Program (HPCMP) has required MHPCC to restrict access to our computers to valid users who:
1. Are running Kerberos or Secure Shell software on their local computer, and
2. Have a one-time password SecurID card issued to them by either HPCMP or MHPCC.
[unquote]
"putting vital systems on the Internet (Score:5, Funny)"
.. he he hee ... heeee ... fucking nymshifting mod trolling moron
"The reality is that several million computers have reported infections of the Conficker.C virus"
Hospital Equipment Infected with Conficker
Royal Navy warships lose email in virus infection
--
he he