Slashdot Mirror
"Cyberwar" As a Carrot For Those Selling the Stick
New submitter sackbut writes with a story at Wired about the often-discussed concept of "cyberwarfare," and the worst-case scenarios that are sometimes presented as possible outcomes of concerted malicious hacking. According to Wired, which calls these scenarios "the new yellowcake," "[E]vidence to sustain such dire warnings is conspicuously absent. In many respects, rhetoric about cyber catastrophe resembles threat inflation we saw in the run-up to the Iraq War. And while Congress' passing of comprehensive cybersecurity legislation wouldn't lead to war, it could saddle us with an expensive and overreaching cyber-industrial complex."
Writes sackbut: "Perhaps good for programmers, but not so good for rights."
Does the phrase "Wartime President" or "Wartime Government" still have any meaning when you're never again NOT at war?
SJW: Someone who has run out of real oppression, and has to fake it.
"Cyberwar" As a Cyber-Carrot For Those Selling the Cyber-Stick
FTFY
They're in the area around 4chan and Romania and east, west, south and north somewhat.
Check your premises.
Guarantied to prevent cyber and leopard attacks.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
The truth us that no one but the programmers want to make good and secure programs. It is the management that does not understands the insides to put unreasonable expectations, which leads to not working solutions. And it is the government to always request for a back-door capabilities, which again leads to UNSECURE programs.And good and bright example (not windows) is SCADA systems. The protocol that they defined and implemented is so wrong by design, so so so wrong, that i could now have 100 years just to start to explain how wrong it is. Just believe me. IT IS WRONG BY DESIGN.
Who knew! Why next you'll say that the Sky isn't falling, and that Foxy Loxxy doesn't want to eat Chicken Little.
That's the thing, either you're being scammed on one end or the other.
The end node is 'World Domination'. But somewhere in the middle, right on the critical path, there is an action node 'Shut Down Internet'.
Does that "report" feature actually allow comments to be *deleted?* I figured it would allow a site editor to mod a comment to -1 but not delete it. It doesn't say in the FAQ:
http://slashdot.org/faq
How do I report abuse?
Below and to the right of each comment is a small "Anti" symbol; click on this, and (optionally) explain why you consider the comment abusive. (Slashdot discussions are and should be robust; only cry "Abuse!" for comments that are utterly without redeeming value -- spam, racist ranting, etc. For everything else, use the other moderation options.) Reported comments will be reviewed and moderated by the editors, if appropriate.
"When information is power, privacy is freedom" - Jah-Wren Ryel
Whip everyone into a frenzy about a scary, ethereal threat.
Sell products that play into the new fears.
Profit!
Congress' passing of comprehensive cybersecurity legislation
What, "think of the children" and ACTA/SOPA/PIPA are "sooo 2011", no good no more?
Questions raise, answers kill. Raise questions to stay alive.
An Electromagnetic Pulse (EMP) would be much more devastating. One EMP would wipe out all electronics and yet the weapon would not harm one person. Think hurricane Katrina on steroids.
Won't you just think of the children^H^H^H^H^H^H^H^HPentagon?
Have gnu, will travel.
It really is sad - the foes of Net Neutrality and all that it stands for have completely taken control of the overall fight and the message. Those who would have an open 'net are now completely on the defensive, and never on the offensive anymore.
Check your premises.
A waste of money. We have have no money for education, the elderly, the infirm, veterans, community development, R&D, or infrastructure. But we have plenty of money to sink into DHS, DoD, the secret police, the weapons industry, and the intelligence black hole.
putting the 'B' in LGBTQ+
I was expecting all the hordes of commenters from the recent NASA/Mars/fed. budget thread to also show up here, to again say "hurf durf, you guys, we just can't go on spending money we don't have!!!1! Don't you understand?!!?! Budgets!! Deficit!! Taxes!!! Entitlements!!!46% (or whatever)!!"
What? Oh, this is Department of Defense? Oh, well, never mind then.
Cyber warfare seems very much like child pornography. There are plenty of people there claiming that there's child pornography everywhere in the internet, the FBI spends considerable resources fighting it.
Yet, after some 20 years browsing, after seeing countless examples of pornography of nearly all kinds, I have yet to see one single example of child pornography. I have never, ever, seen one photo or video of a child engaged in sex.
Proponents of the existence of child pornography have only one goal in mind: total control of the internet. What they want is censorship, under their control, they will invent all sort of lies to obtain it.
I couldn't help but notice how this "opinion piece" didn't bother to mention the use of Stuxnet and it's effect on the Iranian enrichment program. This was as prime an example of Cyberwarfare as you'll ever get.
I guess if you're a zealot on a platform, its customary to completely ignore anything that's counter productive to your agenda.
Not that I feel that sacrificing individual rights and/or providing the government with more power is the answer.
More like user education...user education...user education!
Actually, borrowing a few stories over, something we'd learn from a mission to Mars is the old-SF mentality of "there's no room for moron managers". Of course, the trouble is, that those types are good at weasel dealing, but stuff like code security/robustness would suddenly matter if we got a broadcast from space like "Sorry to say this folks, the manager who insisted we run the mission 6 months early for political reasons just killed all of us. The embedded Oxygen manager software has a fatal flaw that gives us only two days of air left. We're 6 weeks from home. Oops. So Long and Thanks For All the TPS reports you made us do."
Seriously, the future is coming out like the Family Guy episode where they created some awful WWIII. I want my good old SF future back. I don't even want the flying car. Just one where I can wake up without being ...uh... TERRIFIED of the ... "Good Guys".
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
> "[E]vidence to sustain such dire warnings is conspicuously absent."
Guess the Wired.com authors live in a different world than I do:
http://www.physorg.com/news/2012-02-nortel-penetrated-hackers-decade.html
http://articles.latimes.com/2008/aug/17/opinion/ed-cyberwar17
http://en.wikipedia.org/wiki/2007_cyberattacks_on_Estonia
http://arstechnica.com/business/news/2011/10/rsa-details-march-cyber-attack-blames-nation-state-for-securid-breach.ars
http://www.commandfive.com/research.html
http://www.darkreading.com/database-security/167901020/security/attacks-breaches/229700229/targeted-attacks-on-u-s-defense-contractors-fallout-from-rsa-breach.html
http://en.wikipedia.org/wiki/Stuxnet
I'm concerned about the response, but the threat is real.
Does this qualify as evidence? http://online.wsj.com/article/SB10001424052970203363504577187502201577054.html
sounds like the war on terror is working for you, citizen. carry on.
While the term "cyberwarfare" is a bad analogy (as I have detailed in a previous topic), is it such a problem that a government wants to enforce security in certain infrastructural systems? The article writes nothing about what exactly is the problem with the plans.
The idea that this is a fake threat, as implied by the article is just not in line with reality. This article all but brushes off the threat from SCADA systems which shows a massive logic fail on the part of the author. Just with Backtrack and a handful of other freely available tools, one would be able to see what scada systems are talking out to the internet at this second in the US. Just because there is a lot of money to be made, doesn't mean the threat isn't real. We view cyber security as an add on to a computer system after its been completed instead of working it in from the start. We don't take it as a serious problem right now. Worse the people who would need to write legislation about improving it can barely turn on a computer themselves. That said, ignore the threat of real disaster at your own peril, its real and as we continue to ignore our cyber security its more than likely going to cause real damage in the near future.
I was puzzled by the seeming lack of security on so many "critical" sites, lately I have been entertaining the idea that maybe they are that way for reason, so that something could "happen" and accelerate the Internet lock-down which benefits not only the Government but the content owners (MPAA/RIAA/etc) as well.
However for the little I know about Internet security, it seems to be a task of "how hard can I make it" rather than creating an impenetrable fortresses of data.
"If any question why we died, Tell them because our fathers lied."
One nasty way to do this is to have some sort of satellite that does X as a cover for being a GoldenEye charge. SpySats are bad enough but what about them having a small/medium NUKE inside??
Any person using FTFY or editing my postings agrees to a US$50.00 charge
It's a damn firesale!
What are these 'rights' of which you speak?
Wondering what kind of world my grandkids will live in...
The subject is child pornography.
The would be "Pre-Menstruation Porn"
As someone who knows a thing or two about computers (and I'm sure many of you will agree), I don't think it's news that the claims of "cyberwar" are inflated. I know a guy that states that he stops taking anyone seriously that uses "cyber-" with what they're talking about. I agree.
In my youth, the Y2K craze was abound. I was no expert in the industry, I understood the concept, but I found it highly unlikely all the predictions of chaos would come true. I set the clock on my old Windows 95 computer to Jan. 1 2000. It had no issues. Then I set it to multiple other dates in the future. No issues. That may have been naive, but I wasn't surprised when the end of the world didn't ensue on Jan 1, 2000.
There were some survivalists I knew that would viciously attack me when I stated that I think the "YTK bug" is all hype.
It makes me wonder how many other things I don't know a thing or two about -- that I just drink the koolaid up on like everyone else is fooled by the threat of "cyberwar."
Hasnt the american people realized yet how fear does nothing but make the rich richer and the powerful more powerful?
Everything something bad happens politicians exploit it to the fullest extenet to scare the people into going along with it. Like yes the 9-11 thing wasnt nice but ever since then its been terrorists this and terrorists that and 90% of it is simply because "they told us so" and a lot of unconfirmed information has created a lot of money flow for the government and because us common folk are scared were willing to give up freedoms and rights for the illusion of safety. In reality the who 9-11 thing amerkahns were all chanting "support our troops they protect our freedom! Amerikah is the bestest thing in the history of ever anything!" and not realizing the only way we lose freedom is when our own government takes it from us is what they were and are doing.
Same thing here, if the government scares people wth cyberwarfare then we all will give up more rights and industrial complex gets more money and more power all the while were not any safer than we were before, it just seems that way. Kind of like how people think the little airbag and floating seatcushion will keep you alive when the planes crashes into a mountain.
Personally this whole cyberwarfare thing is a overblown sham, they make a bigger deal of it than it is in order to justify spending a billion more dollars on things that dont actually do anything or help anyone.
Finally, at this late hour, they realize that they do not like freedom of speech, they do not enjoy liberty, that special interests and the unjust exercise of power are harmed or defeated by such blessings. They want the old system back, where the individual could scream into the wind and no one would hear it. Where only large media conglomerates had the coverage, and the privilege, to control "public opinion." They long for the days when "public opinion" was their opinion, and not off-message as it is now.
Well, I have five words for them: Too late. Too damn bad.
Dear antediluvian governments: Enjoy your newly empowered citizenry. You don't get an Arab Spring without this, and you can't control the people at home if you decide to treat us as they did in the Middle East, or Soviet Russia. Good luck with that.
Not believing in cyber war is like not believing in air war, sear war, land war, or space war.
Computers have tangible effects on our culture, our economics, our politics, and our military. We all know this.
Computer systems are broken into regularly, we all know this (go google a list of known data breaches, for example).
"Someone" (for this purpose it doesnt matter who) has used code to manipulate physical controls of industrial equipment (possibly for politics/military reasons). We all can see this (see: Stuxnet)
Cyber attacks have their own logical benefits that don't really need proof, they exist by definition (can be executed, remotely, relatively difficult to attribute, can reach multiple geographically separate locations at once, etc).
So, to deny "cyber warfare" here is a lot like saying "I know the enemy can reach out assets this way, I know they can impact us this way, Ive seen lesser versions of it in action so I know it could work if there was political will....but I havent actually SEEN anyone use ballistic nuclear weapons so the threat must not be there".
(And this is assuming there isnt any evidence for it, which is itself debatable. But if you can prove the likelihood and possibility given the right motivations, the difference in position if there is/isnt evidence of it *currently* going on doesn't amount to much. Defensive and offensive pre-positioning should be the same.)
The Cake is a Lie.
"If you only knew the POWER of the DARK SIDE!"
fnord fnord fnord
I agree with the overall tone of the article, but at the same time I am pretty skeptical that this is going to lead to an overblown cyber warfare capability. I guess it could lead to massively over budgeted security theater and rights-trampling clusterfuck legislation, but at the same time the trend I see as an infosec professional is to massively under-invest in information security and underestimate the threats.
Just today we learned that there were Chinese hackers in Nortel's network for a decade. Can you imagine? How many organizations used the Contivity client? Uhm....like *every* organization? Add that to Symantec's dismal failure to deal with the theft of their source code. These are *security companies* and THEY have had mind blowing security lapses...what's going on with the rest of the corporate world? What's going on with government systems where there are government funded APTs going after them 100% of the time? Do we seriously think the US government is so good at cyber-security that there are no major problems there? Not likely. I would say "not possible" in fact.
I think where it gets overblown is the threat to infrastructure. Not that I think serious compromises there aren't possible, but its not the boogeyman they are starting to make it out as. The threats are becoming more sophisticated all the time, though.
What I definitely agree with the article about is that declassification is necessary so that the public can evaluate these issues on their own, rather than relying on people who have a.) something to gain and b.) absolutely no idea what information security is, should be, or how one goes about implementing it. I mean you hear things anecdotally from vendors about what the government is up to and you think, "gee...I wouldnt go with that solution for my network...so why would the government, which has a lot more to lose, go with it....?" The instinct is always to close off, to classify, to protect but that is absolutely the wrong way to go about security. Organizations do this to try and keep their flaws secret, but at the end of the day all they do is lose visibility and accountability which invites even worse compromises. I can think of nowhere this is more dangerous than with government systems.
I think there is a real lack of high level expertise in InfoSec. I am not the most technical person who has ever gotten into this field, and have been starting to steer my career accordingly. However, common sense and a decade or so in the trenches will give you some pretty good ideas about what the threats are, how to prevent them, and what direction you should be moving in. Unfortunately, InfoSec personnel are rarely listened to when architecting networks, designing implementations, etc.
it could saddle us with an expensive and overreaching cyber-industrial complex.
Ignoring the ridiculous use of "cyber," you replaced the wrong word -- "cyber-industrial" doesn't imply any public-private collusion the way "military-industrial" does. Perhaps you meant military-cyber complex? Or government-cyber complex? But either way, internet technologies are an industry, so "military-industrial complex" has that covered already.
https://www.eff.org/https-everywhere
I'm not sure there isn't a cyber war going on. My servers are seriously attacked dozens of times a week. The IP addresses of the attacks are mostly from China and Eastern Europe but this could be a foil for attackers living anywhere. Fortunately I put a honeypot right next door (IP address wise) to my gateway so a hit there triggers a clamp down on my gateway. So far it's been effective (or am I fooling myself) but the attacks are real.
Right on! Google was attacked from within China. Change.org was attacked from within China when they were supporting a petition to release Ai WeiWei. Are these attackers government sponsored? Let's hope so! If not, our predicament is even worse -- If relations between the US and China were to deteriorate, the Chinese government would try a plethora of other alternatives to meet its objectives, before escalating to full cyberwar. An independent, cybervigilante group would escalate to cyberwar much sooner. After all this, denying not just the possibility, but the very existence, of cyberwar, is wilful ignorance.
-- Subvert the dominant paradigm. Repeat as desired. http://ownlifeful.com/