Officials Warn: Cyber War On the US Has Begun

snydeq writes "Security pros and government officials warn of a possible cyber 9/11 involving banks, utilities, other companies, or the Internet, InfoWorld reports. 'A cyber war has been brewing for at least the past year, and although you might view this battle as governments going head to head in a shadow fight, security experts say the battleground is shifting from government entities to the private sector, to civilian targets that provide many essential services to U.S. citizens. The cyber war has seen various attacks around the world, with incidents such as Stuxnet, Flame, and Red October garnering attention. Some attacks have been against government systems, but increasingly likely to attack civilian entities. U.S. banks and utilities have already been hit.'"

"Cyber 9/11"

[ShaunC]

Really? So we're going to see buildings destroyed, thousands murdered? The hyperbole is way out of hand on this one.

Re:"Cyber 9/11"

[binarylarry]

Don't you get man?!

The porn! They're going to be deleting all of our precious, precious porno!

It'll be like back in the dark ages again with cave drawings and domestic animals.

Game over man, GAME OVER!

Re:"Cyber 9/11"

[dkleinsc]

Well, how else are you going to convince people that they should be spending huge sums of taxpayer money to help private industry do the computer security work they should have already done at their own expense?

But yes, it cheapens the meaning of the real 9/11 when you use it to scare people into responding to non-lethal threats. Apparently, banks and utilities have already been hit, and nobody outside of those organizations even noticed. That tells you how much of a non-threat it is.

Re:"Cyber 9/11"

[NFN_NLN]

Really? So we're going to see buildings destroyed, thousands murdered? The hyperbole is way out of hand on this one.

It's all about strategically timed loss of service to exacerbate tensions:

- Disable electricity during a heat wave in Atlanta = Riot
- Disable communications right after a white police officer is acquitted of beating a black suspect in LA = Riot & Looting
- Disable banking/credit card during Black Friday = Riot, people already riot and trample each other in Walmart without a loss of service.

Basically the US is a powder keg... all it takes is a spark :)

Re:"Cyber 9/11"

[vlm]

The problem is finding an area of the USA where a medium term power loss would not be business as usual, due to 3rd world infrastructure.

Hmm shutdown NYC's power, they'll collapse. Naah tried that short term back in the 00s and longer term last fall due to a mere rainstorm.

Hmm shutdown power in the south? Naah thats called a hurricane, they do that stuff couple times a year no problemo.

Hmm shutdown power in the west? Naah thats called a rolling california blackout, all part of a corrupt plan to increase prices and revenue. No problemo. Heck the crooks who run the place made more money, if anything thats encouraging them!

Hmm shutdown power in the midwest? Naah every time we get a wee windstorm or ice storm or blizzard or pretty much anything but still air, happens all the time. Oh yeah and the damn mississippi is either almost bone dry or flooding the land both causing power issues.

Is there anywhere left where power outages are unusual, maybe even dangerous?

Doesn't mean its not annoying, maybe even a little dangerous. In fact if there's even a hint that foreigners are behind it all, the biggest danger is attacking some other country. If saudi arabians fly jetliners into our skyscrapers we bomb afghanistan, so I assume if Venezuelans shut down the power in Florida for a little while we'd probably respond by bombing Iran.

Re:"Cyber 9/11"

[GT66]

I've been using the color copier at work to print my favorite pornos out one frame at a time on reams of company paper to turn into flip books.

Anything to keep the masses fearful

[fredrated]

After all, what with fiscal responsibility looming, we need all the excuses we can get to keep the war funds flowing.

Bad news on the horizon.

[doubledown00]

If even somewhat true, this is the kind of thing that will usher in a new era of network surveillance and the kind of restrictions that will kill a formerly free Internet. Governments will have much more incentive to get involved in the standards drafting process in order to ensure "proper adherence" to national security "requests" etc.

I hope I'm wrong, but having seen how people go apeshit with simple "point and click" technologies like guns.......let's see what happens when you get a bunch of old white guys with power trying to lock down things they *truly* don't understand.

Re:Idiots

[icebike]

This cyberwarfare has been going on for more than five years now. Do you know how many banks, medical facilities, etc. as well as research institutions have been hit by the Chinese? I won't say whom, but a major US aerospace research corporation has been undergoing an almost constant stream of attacks since 2005...

So has my ssh server. Except that has been going on for much longer.
And when I turn on logging in iptables I see a constant patter of attempts on common windows networking ports as well.

Is this is what constitutes an "attack" in these reports?

My guess is that with public news articles coming out daily and homeland security trying to convince every
little public utility of grave danger and stampede them to harden their system, that these script kiddie attempts, which are
almost universally unsuccessful, are exactly what is being touted as a cyber warfare attack.

US Agencies warning about other US Agencies?

[Spectre]

They are mentioning StuxNet and the like as a threat example? So, the US is in danger of malware created by the US ... perhaps loosing viral code on the world wasn't a good idea.

"We're finding espionage, advanced persistent threats (APTs), and other malware sitting in networks, often for more than a year before it's ever detected," Martinez says.

Now, to "protect" ourselves from our government we need to do what ... turn over more information and control to the people that created the problem? Why would I want to give more power to people that have already proven they can't be trusted with it?

This sounds like nothing more than multi-faceted spin control and manipulation.

What I hear being said:
Look, we need a larger budget to monitor this situation.
And more power to get the information we need without the red tape of actually getting warrants.
For your protection against what we've done, you should just give us all your info, all the time.

Re:US Agencies warning about other US Agencies?

[slodan]

You are exactly right. This column by Glenn Greenwald is timely, and a far better source than "InfoWorld". Here are some select quotes:

This massive new expenditure of money is not primarily devoted to defending against cyber-aggressors. The US itself is the world's leading cyber-aggressor. A major purpose of this expansion is to strengthen the US's ability to destroy other nations with cyber-attacks. Indeed, even the Post report notes that a major component of this new expansion is to "conduct offensive computer operations against foreign adversaries".

As Wired's Ryan Singel wrote: "[McConnell is] talking about changing the internet to make everything anyone does on the net traceable and geo-located so the National Security Agency can pinpoint users and their computers for retaliation."

Don't forget that McConnell is the chode who got the telecoms retroactively immunized for their participation in the illegal NSA domestic spying program.

Infoworld is full of $hit

I'm a security professional. I work for one of the largest banks in the world, in a role directly involving online security.

Putting it succinctly, Infoworld is full of shit.

Yes, there have been attacks. There were also attacks last year. And the year before. And pretty much every year going back to the day somebody first connected a modem to the serial port of a computer with access to the bank's internal network. I have no doubt whatsoever there will be attacks this year, next year, and every year to come.

This is NOT "Cyber 9-11". Not even fucking CLOSE to it. People fucking DIED on 9-11, including two guys I was friends with in college and used to drink, play videogames, and trade warez with all the time. I think one of them might have even jumped, and had to spend ~40 terrifying seconds deciding whether he'd prefer to be killed instantly, or live an extra millisecond or two in searing pain after getting shredded by the steel and glass atrium feet first.

It sucks having to tell your boss that there's a distributed denial of service attack in progress, or someone might have compromised an application and harvested usernames or email addresses (but as of yet, no passwords). It doesn't even come CLOSE to sucking as badly as falling a thousand feet to your death, or getting liquefied and burned alive by 400 million tons of flaming concrete.

Picture sitting at your desk, sipping a latte, checking out the morning's posts on Slashdot, and having a 767 crash into your office at 500mph. A chunk of wing hurls across the floor, tears off your legs, and sends you flying into a column or something solid. You have about a quarter of a second to think, "WTF" before getting engulfed in a fireball and dying more slowly than you'd have otherwise rationally preferred. Now, in that context, try to think of ANY conceivable computer hacking attempt or attack that either keeps people from accessing their accounts or creates fraudulent line items for the forensic bookkeeping team to try and sort out that you'd EVER classify as being worthy of being used in the same sentence as "9-11". Go ahead, I *dare* you.