Slashdot Mirror

← Back to Stories (view on slashdot.org)

The One Sided Cyber War

Posted by Unknown on from the great-firewall-of-america dept.

Curseyoukhan writes with a skeptical perspective on the U.S. Cyberwar posturing. From the article: "The first shot was probably the release of Stuxnet sometime during or before 2009. Even though no one has officially claimed responsibility everyone knows who was behind it. Stuxnet hit with a bang and did a whole lot of damage to Iran's uranium-enrichment capabilities. We followed up Stuxnet with Flame — the Ebola virus of spyware. What did the Iranians fire back with? A series of massive, on-going and ineffective DDoS attacks on American banks. This is a disproportionate response but not in the way military experts usually mean that phrase. It's the equivalent of someone stealing your car and you throwing an ever-increasing number of eggs at his house in response. It's fascinating that Iran continues to do nothing more despite the fact that U.S. critical infrastructure currently has the defensive posture of a dog waiting for a belly rub. Keep that in mind the next time you hear that a 'cyber Pearl Harbor' is imminent."

10 of 215 comments (clear)

  1. They should retaliate by posting movies and music by Anonymous Coward · · Score: 5, Funny

    They should threaten to make available copies of movies and music online for free.

  2. Re:not really by ByOhTek · · Score: 5, Insightful

    And...

    If Iran did too good of a job in a counter attack, do you think the US would keep the confrontation just "cyber", or would it escalate? That's another of their considerations.

    --
    Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
  3. Re:not really by SJHillman · · Score: 5, Interesting

    That's my thoughts. It's like the schoolyard bully taunting the nerd just the nerd will take a swing at him. That way, he can pound the nerd into the ground and then claim "well, he started it!"

  4. Holy shit... by Shoten · · Score: 5, Interesting

    This is so incredibly wrong that it's astounding to me. A whole series of declarative statements that show a total lack of knowledge, and a total lack of understanding of the background material as well. Let's count them:

    "The first shot was probably the release of Stuxnet sometime during or before 2009."

    No. Cyber warfare did not start with Stuxnet...and common sense bears that out. Nobody can mount a successful and incredibly complex offensive the first time they field troops on the battlefield. Chinese thought leadership on cyber warfare goes back to the early 90s, when they seized upon it as an avenue to even the odds after witnessing our performance during Desert Storm...which, quite simply, made them wet themselves with shock at how effective we were at kinetic warfare.

    "Even though no one has officially claimed responsibility everyone knows who was behind it."

    Um, Obama took responsibility for it. At least read the headlines of what you're talking about? He was even called out for doing so, by others.

    "Stuxnet hit with a bang and did a whole lot of damage to Iran's uranium-enrichment capabilities."

    AWESOME! You FINALLY said something that was factually accurate! Too bad it took three sentences to get there.

    "We followed up Stuxnet with Flame — the Ebola virus of spyware."

    Uh, nope. Flame/Duqu, by all assessments, was actually a predecessor to Stuxnet, and I don't get the "Ebola" reference, since it's a data stealer and not designed to brick systems.

    "What did the Iranians fire back with? A series of massive, on-going and ineffective DDoS attacks on American banks."

    Okay, so first off, this is not the first thing...or the only thing...the Iranians have done. They've been in the cyber business a long, long time and are viewed as one of the big three actors in offensive cyber operations. Second of all, the attacks were not at all "ineffective"; ask any Bank of America customer who uses online banking. The site was down for weeks nonstop. And the banks have gone to the NSA asking for help in fending off the attacks as well.

    "It's fascinating that Iran continues to do nothing more despite the fact that U.S. critical infrastructure currently has the defensive posture of a dog waiting for a belly rub."

    See again, under Iranian cyber operations and how the banks fared during the DDoS attacks. Also keep in mind that the financial industry is at the top of industry sectors, when ranked in terms of cyber security maturity.

    NOW, let me add the total way in which the OP ignores anything related to Russia or China, using only his incredibly faulty understanding of one country to justify his assessment of an entire form of warfare. Forget Red October (Russia, still in play but being shut down), forget Ghost Net (China), forget Aurora (also China), right? Forget what the Russians did in Georgia and Estonia. Forget North Korean actions against South Korea. Yeah...wow, good analysis dude. I bet Fox News would love you.

    --

    For your security, this post has been encrypted with ROT-13, twice.
  5. Re:The reason a "cyber Pearl Harbor" isn't imminen by Ravaldy · · Score: 5, Interesting

    My brother works for a very large electricity plant and he says that the only computer controlled anything is the monitoring systems. The action of turing on/off turbines is manual. I know this isn't true of the whole electrical grid but I'm sure there are considerations made when hooking up computers to critical systems like those ones.

  6. Re:The reason a "cyber Pearl Harbor" isn't imminen by Zeromous · · Score: 5, Insightful

    Oh not you again! Does your fallacious "intelligence" position grant you highlevel access to sources such as the telegraph and wall street journal?

    Look, if you've hooked up your command/control infrastructure to the Internet, all the DHS in the world is not going to save you. Stuxnet like viruses? Sure. Maybe. Unpreventable, by anything beyond quality engaged PHYSICAL security.

    As for impact, if you recall, 10 years ago, power was down for up to 3 days across the NE. This was caused by something far less insidious and delibrate than a cyber attack. It's impact beyond the first grid affected was also completely mitigable and took several MANUAL command/control failures to become as pervasive as it did.

    http://en.wikipedia.org/wiki/Northeast_blackout_of_2003

    --
    ---Up Up Down Down Left Right Left Right B A START
  7. Re:The reason a "cyber Pearl Harbor" isn't imminen by vlm · · Score: 5, Insightful

    That's all made up scaremongering to gather $$ and enforce central authority. I work on the "other side" no, not the black hat side, I mean the infrastructure provider side. Seriously claiming that our main site backup generator which doesn't have a networked SCADA interface will magically fail? And all our POPs which have gens that barely have electronic engine computers on the diesels will be magically reprogrammed? My cousin maintains large fixed diesel gens for hospitals, you're going to reprogram his ratchet set so he can't turn bolts? Without the internet no planes fly? LOL

    A grid hit would look EXACTLY like the great NYC power outage about a decade ago. In fact, seeing as no newsies really looked into it to the depth necessary, it could very well have been an external hit to send a message.

    A REAL hit wouldn't look like Jericho or a survivalist fanfic, it would look like an economic hit. If every centrifugal pump VFD at the local plant instantly reversed so they get to buy new ones, that doesn't mean we're going back to worldwide feudalism, it merely means bankruptcy for one plant. Actually it would look a heck of a lot like a major aerospace jetliner manufacturer having to ground an entire worldwide fleet leading to all kinds of economic effects.

    --
    "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
  8. Re:The reason a "cyber Pearl Harbor" isn't imminen by SirGarlon · · Score: 5, Insightful

    Or maybe because the professianls who do this for a living know something you don't.

    Secret evidence is indistinguishable from fabricated evidence. Maybe the professionals who do this for a living are a bunch of frauds collecting fat paychecks for nothing. I have as much proof of my assertion as you have of yours.

    --
    [Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
  9. Re:not really by Anonymous Coward · · Score: 5, Interesting

    Plus it's stupid to claim that Iran is doing nothing; it seems that way when you box yourself into just "cyber-warfare". IRan responds with what they have, which is a robust intelligence community based on personal relationships, used to destablize places like Iraq and the Levant. They use their ties in the Shia community to make Iraq difficult for the US, whcih is what they did for the past 10 years or so we were there. They also run advanced missiles to Hamas and let them fire them off, missiles with enough range to directly threaten Israeli population centers. They run training exercises in the Strait of Hormuz designed to make it known how they can mine the whole thing and close it off, and it sends oil prices through the roof.

    Cyber-warfare is a meaningless term, because cyber-weapons are just one type of weapon, and one that Iran is not as sophisticated at. But they are sophisticated with other weapons, and they use them extensively.

  10. Re:The reason a "cyber Pearl Harbor" isn't imminen by ShanghaiBill · · Score: 5, Interesting

    Traffic light and elevators come to mind ...

    No way. Both traffic lights and elevators have low level hardware interlocks that prevent them from going into an unsafe mode. Even if you have access to the control systems, the most you could do is stop the elevators, or put the lights into 4-way blinking red mode. To make the lights go into something dangerous, like 4-way green, you would need to conduct physical sabotage with a crowbar and a soldering iron. It would be easier to just buy a gun and shoot people as they drive by.