Slashdot Mirror
Officials Warn: Cyber War On the US Has Begun
snydeq writes "Security pros and government officials warn of a possible cyber 9/11 involving banks, utilities, other companies, or the Internet, InfoWorld reports. 'A cyber war has been brewing for at least the past year, and although you might view this battle as governments going head to head in a shadow fight, security experts say the battleground is shifting from government entities to the private sector, to civilian targets that provide many essential services to U.S. citizens. The cyber war has seen various attacks around the world, with incidents such as Stuxnet, Flame, and Red October garnering attention. Some attacks have been against government systems, but increasingly likely to attack civilian entities. U.S. banks and utilities have already been hit.'"
Really? So we're going to see buildings destroyed, thousands murdered? The hyperbole is way out of hand on this one.
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
Otherwise, nothing new here !!
This cyberwarfare has been going on for more than five years now. Do you know how many banks, medical facilities, etc. as well as research institutions have been hit by the Chinese? I won't say whom, but a major US aerospace research corporation has been undergoing an almost constant stream of attacks since 2005...
So, they put a bug in Russian oil pipeline controlling kit that blows up. They put a virus on Iranian nuclear power testing plants (could have blown up).
And everything was just "The Next Cyber War Could Be Deadly".
But now that the USA's banks are being attacked, "ITS THE NEXT 11/9!!!!!!!!!!"
Fucking drama queens.
FUD to steal more of our rights away. "FOR YOUR PROTECTION, we need to monitor everything, sign on the dotted line and everything will be ok. You Can Trust US" MEH.
After all, what with fiscal responsibility looming, we need all the excuses we can get to keep the war funds flowing.
Spottswoode: From what I.N.T.E.L.L.I.G.N.C.E has gathered, it would be 9/11 times 100.
Gary Johnston: 9/11 times a hundred? Jesus, that's...
Spottswoode: Yes, 91,100.
If even somewhat true, this is the kind of thing that will usher in a new era of network surveillance and the kind of restrictions that will kill a formerly free Internet. Governments will have much more incentive to get involved in the standards drafting process in order to ensure "proper adherence" to national security "requests" etc.
I hope I'm wrong, but having seen how people go apeshit with simple "point and click" technologies like guns.......let's see what happens when you get a bunch of old white guys with power trying to lock down things they *truly* don't understand.
It's going to be a cyber holocaust!
Can't say I'm surprised about how vulnerable our infrastructure is. TheDailyWTF is chock-full of stories about massive security holes in company networks, and the firing of anyone who tries to point them out and get them fixed.
Lawrence Lessig on the coming "i-Patriot Act" - Boing Boing http://goo.gl/Zl0oq
will be hit by the second stone
Some may call it a war, but I call it retaliation, for what ? .. Stuxnet, Flame, ..
Btw. there is an easy way how to prevent war .. well it includes NOT throwing the first stone .. and NOT presenting the first stone and playing a around and faking to through ..
Well it's like what israel does - not throwing the first stone not playing with one around - with it's nukes, they have them, everybody knows off, but they do not present them and they do not say that they have them.
I'm lucky in that I live in a cyber bunker with no outside cyber communic ***CARRIER LOST***
Begun, the Cyber Wars have.
What the heck is he smoking? China et al. have been attacking the US through computer systems for decades.
Love sees no species.
They are mentioning StuxNet and the like as a threat example? So, the US is in danger of malware created by the US ... perhaps loosing viral code on the world wasn't a good idea.
Now, to "protect" ourselves from our government we need to do what ... turn over more information and control to the people that created the problem? Why would I want to give more power to people that have already proven they can't be trusted with it?
This sounds like nothing more than multi-faceted spin control and manipulation.
What I hear being said:
Look, we need a larger budget to monitor this situation.
And more power to get the information we need without the red tape of actually getting warrants.
For your protection against what we've done, you should just give us all your info, all the time.
"Flame away, I wear asbestos underwear"
Security Pros say: We need more money for security! There is a war that has just begun, and we need to win it, but to win it we need money. Lots of money! Tons of money! Shitloads of tax-payer money!
Thank you very much.
Yeah, right. This works. Native americans where throwing stones, and they where just blown away by someone hitting them back. Like other conquired/occupied nations: they all started it.
Rules the one who has biggest stick. It was so, and it will be so.
Oh! Noz! We need help to keep away the bad hackerz! (terrorists)
We need money to rebuild our infrastructure and a special prosecutor to chase the bad terrorists.
(even though they have been wandering around for the last 40 years with their pants down)
Rick B.
Wasn't it the US who helped MAKE that thing in the first place?
And they wonder why they are a target?
Yeah, I trust Iran as much as I trust a kid with a grenade, but fuck, I trust the USA considerably less than I do Iran.
[ just got put on the terrorist list, banned from USA ]
Like I care anyway, wouldn't want to go to that disgraceful place. Shame for the people there.
They are pretty much the privatised China.
I'm sorry China, don't hurt me. I love you guys. You get shit done. Even if it kills people.
Seriously!? wtf, it started a long long time ago my friends... (perhaps even in a galaxy far away)
Instead of cyber-pearlharbour or cyber-9/11, the right expression should be cyber-normandy. So far the main cyber attacking force comes from US in a lot of fronts, stuxnet/flame (is a nice point to show destructive weapons to scare population without naming that you are the one creating/using them), massive spying on private communications from all the world is being done by US agencies, and intrusive legal initatives are pushed to all governments of the world (SOPA/PIPA/derivates like Spain's Sinde/etc). So far has been a war against freedom, and some of the forces "attacking" US seem to be trying (in a good or bad way) to not lose that freedom.
Is a war of US against the World, and they put the world in front to make you believe that they are the victims.
Seriously? why not just use an article from Fox news and be done with it? Banks get hit by attacks constantly. This is not news.
Gross mismanagement, corruption and negligence of companies which spend millions of tax dollars and fail to secure basic computing resources (like encrypted laptops)? Now that's something to call attention to.
Join the Slashcott! Feb 10 thru Feb 17!
I have a new startup sound. It's the sound of rubber gloves being snapped into place. The TSA wants to look down my trousers and inspect my transport layer.
How does this sentence make sense? "We're finding espionage, advanced persistent threats (APTs), and other malware sitting in networks, often for more than a year before it's ever detected," Martinez says. Isn't that the same as saying, "We detected it before it was detected?" Are they just leaving it there to let it bite others in the ass?
The only thing we have to fear is fear itself.
Oh: and apparently you can fool enough people all the time.
Don't fight for your country, if your country does not fight for you.
then quit your bitching and take it up the ass like a man
EVE Online? Amiright???? Just saying its a little *too* convenient.
They basically shut down the Citizens bank web site for 3 days last week. It made it impossible to pay some bills on-time. The idiots at the bank called it "heavy traffic which is called a distributed denial of service". They would not call it an attack.
" U.S. banks and utilities have already been hit.'"" I knew there was an up side to having no savings and owing shitloads of money to the utilities. Take that prudent financial management!
This wouldn't happen near as much if every corp, govt, person, and entity otherwise had a hardened multi-layer, stateful packet inspection firewall, with obscurity on the internal network, good policies, and Linux/BSD client machines. I blame Cisco and their crappy software on their great hardware, Microsoft for their substandard OS and applications, and Apple for their elitist "you can't touch this" attitude towards security on their OS.
The government has simply decided to call it a War because with the wars on "drugs" and "terror" winding down, they need a new bogeyman to make everyone afraid of so they can get the next big round of taxpayer-funded defense grants.
Hacking has been going on since the birth of the Internet, and it will keep going on until global warming turns the Earth into a smoldering cinder.
Oh look another "war" without a clear enemy or end in sight...
One that is super simple to avoid you have to wonder why they keep leaving critical infrastructure online.
"If any question why we died, Tell them because our fathers lied."
BITS we'll be blown to, all of us, after all.
Everytime an agencies cocaine bucket runs dry they drum up some hyperbole about how "america is under attack" and then "declare war on" said attacker in order to get bills passed and to get funding. Want a couple easy million? Say america is under attack and tadah, 20 million dollars in your pocket.
The war on terror, the war on drugs, the war on homelessness, the war on poverty, and so on. Americans love to think america is at war with something that somehow threatens americans. They get out their flag hats, flag tshirts, flag bumper stickers and start chanting about how awesome america is. But none of them ever notice that what we are declaring war on is ever actually fixed. A lot of money is spent, a lot of time is wasted but at the end of the day nothing has changed.
This one should be entertaining to say the least though. The war on terror was hillarious to me especially considering everyone lined up to get behind the president and chanted "support our troops" in order to protect our freedom. But none of them stopped to realize the only, and I mean only people who can take our freedom away is our own government. And we lost some freedoms in that war on terror and it was taken by our own government. So this whole cyber war should prove to be quite interesting from a spectators viewpoint.
Who is warning us of this impending doom? "Security Pros". Who has the most to gain from security panic? "Security Pros".
Let's just call it a draw shall we?
My understanding is that SCADA -- which allows the remote management of a great many infrastructure technologies like power substations and such -- is extremely vulnerable, to the extent that I read there is a manufacturer's back door in many (most?) that is easily determined if you know the mac address of the device, and that the mac addresses are fairly easy to come by.
The problem with quotes on the internet, is that nobody bothers to check their veracity. -- Abraham Lincoln
Considering that the private sector considers anything that doesn't "generate revenue" as a massive cost sink, it's no wonder that security and maintenance infrastructure has been gutted to the point where a stiff breeze could send it all crashing down and massive data theft is so common it's no longer newsworthy.
Not noteable, IMO a rubbish article.
So... some rich dude will take out a huge insurance policy on a credit card database, just days before it's hacked and the information stolen?
The government and/or the powers that be have simply decided to call it a War because with the wars on "drugs" and "terror" winding down, they need a new bogeyman to make everyone afraid of so they can get the next big round of taxpayer-funded defense grants.
Hacking has been going on since the birth of the Internet, and it will keep going on until global warming turns the Earth into a smoldering cinder.
USSC.gov. was hacked. Sys Admins put it back online. USSC was hacked again. This time with keystrokes to play tetris and a nyan cat. As of this writing USSC is still down. Someone is pissed.
So........This is a great excuse to steal more money from taxpayers using fear. The fear instilled in us taxpayers (stuxnet etc) was created by..guess who??
The game is over .. Anonymous has called it right. This will be an interesting ride over the next few years.
Great strategy. Its kept Israel out of so many wars.....
Oh, wait...
Sig Battery depleted. Reverting to safe mode.
All in all, this is sounding like just another scare tactic to maintain a perpetual state of war, keeping the public paranoid and distrusting of anyone except our "benevolent leaders" who pretend to be looking after our best interests.
This space unintentionally left blank.
In fact, the November 15th United Airlines was a cyber attack. This was a retaliation for the severing of Russian civilian satellite control. In turn, that was a U.S. attack intended to silence Russian (RT.com) claims that the Petraeus scandal was the fall-out of a barely-discovered voting fraud "coup attempt," and that President Obama and Defense Secretary Panetta had fled the United States to Asia immediately after the coup was discovered.
Next time, instead of writing "cyber-9/11", please consider setting yourself on fire instead. Thanks.
9/11 comparisons and DoD goons routinely discussing threat from cyber war in terms of parity with nuclear weapons is quite amusing like comparing getting detention with being sent off to a Nazi concentration camp.
Asserting the age old problem of "espionage" is now "cyber" and dreaming up of doomsday scenarios which leave even braindead zombies asking the obvious question how hard is it really to keep "critical infustructure" off the Internet?
I have little doubt real intent of this media blitz and TLA warnings are to create an atmosphere conducive to tolerating government overreach. Overreach which cannot possibly work to accomplish better security for anyone.
If the government really cared about US infustructure being hacked via Internet they would find a legal framework making hacking against every government/public target without any restriction legal by US citizens with some rules against lame attacks (ddos) and intentional non-collateral damage.
Penalize agencies that get 0wn3d. Make it a huge game (with cash prizes) focus on educational resources to help and encourage hacking. Not only do you get better infustructure you get more knowledgable peeps.
Security pros
Microsoft shills and antivirus software makers' PR departments.
and government officials
Propaganda workers and PR departments of military-industrial complex.
Contrary to the popular belief, there indeed is no God.
Tell that to the Vietnamese.
I'm a security professional. I work for one of the largest banks in the world, in a role directly involving online security.
Putting it succinctly, Infoworld is full of shit.
Yes, there have been attacks. There were also attacks last year. And the year before. And pretty much every year going back to the day somebody first connected a modem to the serial port of a computer with access to the bank's internal network. I have no doubt whatsoever there will be attacks this year, next year, and every year to come.
This is NOT "Cyber 9-11". Not even fucking CLOSE to it. People fucking DIED on 9-11, including two guys I was friends with in college and used to drink, play videogames, and trade warez with all the time. I think one of them might have even jumped, and had to spend ~40 terrifying seconds deciding whether he'd prefer to be killed instantly, or live an extra millisecond or two in searing pain after getting shredded by the steel and glass atrium feet first.
It sucks having to tell your boss that there's a distributed denial of service attack in progress, or someone might have compromised an application and harvested usernames or email addresses (but as of yet, no passwords). It doesn't even come CLOSE to sucking as badly as falling a thousand feet to your death, or getting liquefied and burned alive by 400 million tons of flaming concrete.
Picture sitting at your desk, sipping a latte, checking out the morning's posts on Slashdot, and having a 767 crash into your office at 500mph. A chunk of wing hurls across the floor, tears off your legs, and sends you flying into a column or something solid. You have about a quarter of a second to think, "WTF" before getting engulfed in a fireball and dying more slowly than you'd have otherwise rationally preferred. Now, in that context, try to think of ANY conceivable computer hacking attempt or attack that either keeps people from accessing their accounts or creates fraudulent line items for the forensic bookkeeping team to try and sort out that you'd EVER classify as being worthy of being used in the same sentence as "9-11". Go ahead, I *dare* you.
Well we just see what's what when all you WoW players are sitting in your Mom's dark cold basement when they hack the power grid! Yeah, we'll just see then!
*Yawn*
Glad I'm not a taxpayer in that country.
You mean, nine million one hundred and ten thousand? good lord.
DRM: Terminator crops for your mind!
"We need resources because the war is against us". In real terms, is US the one that is attacking all the others, putting things like they are the victims is intentionally deceptive. The cyberweapons named in the summary (flame/stuxnet) were done and used by US and allies. There are other kinds of cyberattacks going on, like surveillance on everyone no matter of country, and pushing laws limiting other countries population (like SOPA, PIPA or derivatives like spain's Sinde law). The motto of this one should be "the war against freedom"
The main attackers so far mostly are people, not countries, that right or wrong say that fight for their (or our) freedom, and odds are badly against them (unless you are anonymous, you will probably get caught despite international laws, no matter where you are). Is a war, and we all are in the hopeless side of it.
Actually, you can't set traffic lights to always green and if you try then you will blow a special fuse put in place to prevent exactly that so the worst you could do is turn off all the traffic lights completely or make them all red.
The government is not dumb, but plays dumb to achieve sneaky goals. The internet is nor more or less a danger than ever, but the red flag here is that now that the US government is making statements about it openly, it may want to declare war on it, and no one can argue against "terrorism" while they attempt to crack down on the zones of free speech and trade.
"Security pros and government officials warn of a possible cyber 9/11 involving banks, utilities, other companies, or the Internet,"
Cyber anything involving the internet? Now that's original. Somebody should get a patent on that. Just who are these "security pros"? Mall rent-a-cops? I'm guessing that the government officials are from the FDA or some other unrelated agency.
'A cyber war has been brewing for at least the past year,'
Escalating, not brewing. Or was the original link from 1999? Oh wait, maybe it's because it's brewing that the FDA got involved. It all makes sense now.
How to Prevent Any and All Cyber War Attacks
1 - Disconnect the RX network connection from critical control SCADA like systems from the internet/internal networks
(this was problem alerts can still be transmitted via TX, but all system intervention requires physical access)
2 - Physically remove USB, DVD-ROM, card readers, and other data transfer devices from these same control systems.
(this is to prevent casual access/infection, updates can be applied by opening the (locked) controller machine)
In Summary: No data is to be normally received by the controllers of critical infrastructure.
FINAL EXAM (3 hours):
Q1: Should data any be normally received by the controllers of critical infrastructure.?
Answers:
Q1: No - Marks 100%
Congratulations, you are now a fully trained PhD. of Cyberwar threat naturalisation.
Not unlike the thousands of 'terrorism experts' who popped up days after 9/11,
you are now free to work as a High paid military consultant in cyberwar prevention techniques.
If anyone asks you details not raised in the course material, please prepare a Powerpoint containing
interspersed clips of Stephen Kings Lawnmower Man, and Hackers, with an audio overlay of the screaming of children.
http://youtu.be/I33u7P-XokE?t=6m11s
http://youtu.be/Ql1uLyuWra8?t=1m9s
(it also helps if you can rollerblade)
Never let anyone tell you that your profession is complete horseshit.
"This is Serious Fucking Business" - Donald Rumsfeld
http://www.youtube.com/watch?v=FGhGHxw0mSo
shouldn't be connected to the internet in the first place.
also...
banks DONT NEED TO BE
utilities DONT NEED TO BE
etc..etc.. they do NOT NEED TO BE but are for convenience. we COULD GO BACK to the days before the internet for paying bills, transferring funds, etc. no big deal.
The root cause of our vulnerability isn't the users, nor the administrators, etc... it's the model underlying the OSs we all use. It trusts code, which is foolish at best.
To really fix computer security, you need to implement Capability Based Security. The Genode project is doing that, Here is their road map for 2013 which includes being able to eat their own dog food. (Which they wanted to get done by this year, but when has a software project actually met schedule?
If we can start to secure the nodes of the internet with non-swiss-cheese based OSs, we can just kill off this "cyberwar" nonsense once and for all.
Obvious distraction to real issues at hand. i.e. Guns/Money.
During the fall of any great civilization, they tend to burn down the libraries. And what is the Internet, but the largest library on Earth? And who wishes to burn it down, but armed forces?
I imagine the Library of Alexandria faced a similar problem.
I am John Hurt.
this is why the banks are a perfect hacker target. they are full of arrogant, ignorant people whose main judgment on whether something is important or not, is what their buddies think. since their buddies are all bankers, they kind of have a myopic view of the world.
i used to work at a 'financial institution', and let me tell you, its running everything from DOS to WinNT to WinXP ---- everyone brings their cellphones and USB sticks and plugs them into their computers to charge, everyone visits any website that pops into their mind without thinking about security. machines are running all kinds of versions of IE, sometimes back to 6.0, often unpatched.
nobody understands even the basic principles of computer security - and despite the banks strong profits, it refuses to invest anything in training anyone. the bank branches are full of minimum wage employees who have something like 90% turnover for a year, and they have access to all of the vital systems. the apps where you can deposit checks now on your phone have been sent out - again, little or no discussion of security issues.
you get more training working for a call center cube farm for $10/hour than you do when you work at a bank moving around millions of dollars of negotiable instruments.
the real thing going on here is that since the banks watched themselves all get bailed out in 2008, why should they bother? the government will come bail them out again if they get in trouble. if there is a huge breach, it wont matter. if someone tries to bring up a HIPPAA style law from bank records, the banks will simply buy off congress and stop it.
Why wont somebody think of the gibsons?
Its world cyber war 1, but instead of a dictator intent on conquering the world, like a real war, its a bunch of script kiddys thinking they are clever
everyone be afraid....be very afraid
Gee, let's take EVERYTHING and connect it all on a giant, publicly accessible, open network that spans the entire world using a protocol suite designed in the 70's with no security in mind.
After that let's stack most everything on top of a protocol intended to serve up static text with some images and links to other text files thrown in. And then shoehorn it into becoming an application delivery platform. And pile kludges 10 layers deep to make it sort of usable.
Seriously, if you run critical infrastructure and you connect it to a public network, you're stupid. I saw this coming as a CHILD.
Now that everything with a data port practically has a CPU capable of running general purpose code and rewritable flash.... often running Linux.... it's only going to get worse from here.
I think it matters how long term the outage is. The Northeast cascade power failure in 2003 was partly due to a software bugand would have been devastating if it was below freezing. 55 million people without heat is a huge number. Even if there weren't many deaths the economic damage would be tremendous from just the water pipes freezing and bursting. Yeah we're used to small scale outages with heavy snows or ice but not anything on that scale. If an entire region could be shut down for say a week things would take a long time to be back to normal.
lol propaganda nonsense. Stop running vulnerable wordpress apps and the chinese will stay away.
Can you imagine the EBT food stamp card system going down for a few days and millions could not get their free food?
"The cyber war has seen various attacks around the world, with incidents such as Stuxnet [Windows], Flame [Windows], and Red October[Windows] garnering attention. Some attacks have been against government systems, but increasingly likely to attack civilian entities. U.S. banks and utilities have already been hit [DDOS attacks run from compromised WINDOWS desktops]".
...
"Given the malicious actors that are out there and the development of the technology, in my mind, there's little doubt that some adversary is going to attempt a significant cyberattack on the United States at some point"
Only if you persist in running your infrastructure on that back-doored OS and connected directly to the Internet
AccountKiller
Oh hai gaise, we the US are at cyber war because we put up Flame, Stuxnet and shit on our own to fuck with the rest of the world.
So as we attack anybody without a reason with huge weapons and they are all like very angry.
So now we have to prepare to defend agains our acts: duuuhr duuuhr 'murican warmongering, terrorists, dey took' our jobs !
And who was it who opened pandoras box? Who attacked infrastructure to destroy it? Who attacked a nation and said it with a straight face to the rest of the world? Tit for tat I would say.
I can see a future where government regulated software on everyones machine DDOSs Chinese and Russian targets in retaliation while their utilities, banks and institutions networks are raided, backdoored and looted.
Who says the morons in Washington didn't gain anything from ANONYMOUS?
In a perfect world the attacks would be made on spammers and phishers and their ilk.
*Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
"Gee, let's take EVERYTHING and connect it all on a giant, publicly accessible, open network that spans the entire world using a protocol suite designed in the 70's with no security in mind".
...
I don't think so, Microsoft was selling Windows NT as the Internet platform for commerce, since at least 1995
AccountKiller
1. Turn off the router that connect to the internet
2. Go ahead, hack into my network at home
Oh - you can't connect ??
So the USA attack others with viruses, and complain about retaliation.
I hope the banks get hit hard, they deserve it.
Or trying to.
The Nazis, North Koreans, Vietnamese, Communists, Soviets, nuclear war, just about every country in S.America, Al Qaeda, satanists..... These don't scare us all that much anymore. The Government now has to think up the Next Scary Thing.
Stuxnet, Flame, and Red October were all US virii. Now they're crying that someone might attack US back? What a bunch of BS.
Oh great, another "war on ". Terrorism and drugs don't scare people any more so American politicians need a new "war" to use as a front for trampling human rights all over the globe and enriching their military-industrial backers...
How many times are the American people going to fall for this same BS? Government and the media spreading a constant message of fear in order to consolidate power.
I'm "afraid" that in the age of mass media, the government can afford to relentlessly bombard us with the message "Be AFRAID! Now, give more money and more power to government and sacrifice your civil liberties so that we can protect you!"
Some day we're going to wake up and discover that we're in a nice "safe" police state. Sadly, most of us deserve it.
See Cyber War: The Next Threat to National Security and What to Do About It [Paperback] Richard A. Clarke (Author), Robert Knake (Author)
Where ever an empire puts its assets, its adversaries will seek to capture, control, or disable them.That has been a standard strategy since before the Romans as any student of history would know. Why this is news is a good question since it should have been obvious from the beginning. Any of you folks ever read Sun Tzu? Sheesh. You sound like the "let's ban assault rifles" nannies when 3 to 1 pistols were used in mass shootings and only 323 people where killed with rifles in 2011 while 700+ were killed with fists and 1,700 were killed with knives while over 6,200 were killed with pistols which you'll never ban.
http://www.guardian.co.uk/commentisfree/2013/jan/28/pentagon-cyber-security-expansion-stuxnet
http://www.guardian.co.uk/commentisfree/2013/jan/29/obama-guantanamo-pentagon-cyber-yemen
Liberty.
Who in their right mind actually bets on the internet anyway. I know a lot of folks do, but it's like signing a contract with someone that's also throwing up into a paper bag,..you're not quite sure of their own stability, but you want the money they say they are going to give you. Personally, I think it would be funny as hell if the internet just went down forever.
http://www.youtube.com/watch?feature=player_embedded&v=Kp_8j13DiiY
Liberty.
So why don't we counterattack? We're always playing defense on this issue. We call it a warlike act, it is sponsored by many governments whom our government laughingly refers to as allies, but all we do is try to put in defensive measures. I say lets shut down much of the internet in these countries and let the people start civil wars on twitter like they did in Egypt.