Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why Laws Won't Save Banks From DDoS Attacks

Posted by Soulskill on from the legislative-firewalls-are-less-effective-than-actual-firewalls dept.

kierny writes "Rep. Mike Rogers (R-Mich.) should know better. The chairman of the House Intelligence Committee claimed to told NBC News that the Operation Ababil U.S. bank disruption DDoS campaign could be stopped, if only private businesses had unfettered access to top-flight U.S. government threat intelligence. Not coincidentally, Rogers is the author of CISPA (now v2.0), a bill that would provide legal immunity for businesses that share threat data with the government, while allowing intelligence agencies to use it for 'national security' purposes, thus raising the ire of privacy rights groups. Just one problem: Numerous security experts have rubbished Rogers' assertion that threat intelligence would have any effect on banks' ability to defend themselves. The bank disruptions aren't cutting-edge or stealthy. They're just about packets overwhelming targeted sites, despite what Congressionally delivered intelligence might suggest."

12 of 80 comments (clear)

  1. Locks keep out honest people... by Midnight_Falcon · · Score: 4, Insightful
    And laws stop honest people from doing something. Criminals, on the other hand, are criminals -- and conducting a DDoS attack cannot be stopped by policies and laws alone. There need to be both technical countermeasures, and political ones as well. In a "positive peace" the reasons for conflict are addressed and removed, while in a "negative peace" the only reason conflict is not happening, is well, the cost of the conflict to both sides.

    These folks obsessed with a "negative peace" by making more laws should study history.

    1. Re:Locks keep out honest people... by amiga3D · · Score: 4, Insightful

      They feel like they must do something and do it right now. It's more important to appear to be doing something to fix the problem than to actually fix the problem.

    2. Re:Locks keep out honest people... by ackthpt · · Score: 3, Insightful

      Passing laws makes the powerless feel better. You've never heard "There oughta be a law"? What they really should be saying is "There oughta be trained people who know how to track down the criminals and convictions which show the laws already on the books are enforced."

      Good luck enforcing laws overseas.

      --

      A feeling of having made the same mistake before: Deja Foobar
    3. Re:Locks keep out honest people... by teaserX · · Score: 2, Interesting

      Locks also keep out lazy criminals. When you can't know who the criminals are that's a fair defense against most of them. This legislation seeks to more effectively determine who/where the criminals are. They can round up all of the car thieves in my neighborhood and it still be stolen if I leave it unattended and running. Legislation that provides consequences for banks that leave the "door" unlocked might be more effective than this "intelligence sharing" which does little to that end. Makell them to lock the doors. We may not even need anything further.

      --
      We really need your help
      http://www.gofundme.com/help-sherry
  2. And laws helped cause it by MikeRT · · Score: 5, Insightful

    In the name of fighting money laundering--an activity primarily associated with the War on Drugs--Congress passed a law requiring all transactions around $5k or more to be logged and sent to federal law enforcement. Paying in cash for everything is now being called a sign you might be a terrorist. Paying in cash is also *gasp* resistant to DDoS attacks. The coralling of most of our commerce into the hands of banks has effectively made banks a target that can cripple unrelated businesses. If we were mostly a cash society, it'd be no big deal. The worst a DDoS could do is delay the processing of your paycheck or an ATM withdrawal.

    1. Re:And laws helped cause it by amiga3D · · Score: 5, Insightful

      The end result of all these wars is that individual liberty is collateral damage. The war on Drugs, on Terror, on Child Porn, etc., means that innocent people pay the price while the thing they war against never goes away. One unwinable war after another.

  3. Let's focus on the important part by quietwalker · · Score: 4, Funny

    ... I don't think 'rubbished' is a legitimate word.

  4. Therein lies the rub ... by gstoddart · · Score: 3, Informative

    Not coincidentally, Rogers is the author of CISPA (now v2.0), a bill that would provide legal immunity for businesses that share threat data with the government, while allowing intelligence agencies to use it for 'national security' purposes

    These people want this information shared for their own purposes.

    This has nothing at all to do with protecting banks from DDoS -- it's about ensuring government access to all of our data. If they can get private industry to hand them data they can't collect on their own then they can circumvent other laws.

    I agree with the assessment that no law is going to make this kind of attack hitting from all over the world (and probably on zombie computers) go away.

    These people just want the total surveillance world that scares the rest of us.

    --
    Lost at C:>. Found at C.
  5. Re:Sue Microsoft for willful negligence by SJHillman · · Score: 2

    What the hell are you going on about? Odds are the DDoS is taking down the target network before a single packet reaches anything running Microsoft software. Actually, the reason it's a DDoS is because packets aren't reaching anything running Microsoft software (clients and servers). You'd be making a tiny bit of sense if you said Cisco, but that would be like suing the New York City because the roads can't accommodate every single person in the country visiting NYC at once.

  6. Re:"Congressionally delivered intelligence" by ackthpt · · Score: 2

    NO

    There actually is, but the main body of Congress routinely ignores it because the seat of their collective pants tell them to.

    Representatives like Rogers like to get laws on the books with their names bandied about them, to show that they're not just fooling around, then they can get back to the business of whatever their big campaign donors want them to do. Circus and bread.

    --

    A feeling of having made the same mistake before: Deja Foobar
  7. Re:Sue Microsoft for willful negligence by amiga3D · · Score: 3, Interesting

    I think he's talking about all those windows peecee's slaved into botnets because of their defective by design OS and are used in DDos attacks such as this. It all starts with malware ya know and Windows is the most pervasive form of malware on the planet.

  8. Improve infrastructure, don't inact laws to prolif by tanawts · · Score: 2

    Given that a lot of these problems stem from inherent design flaws with our current Internet protocols, perhaps we ought to start improving upon the 20 and 30 year old protocols we've been relying on. Fundamental scale and design flaws will continue to empower bad people to do bad things so long as it continues to be nearly effortless. BGP, DNS, IPv4... You can only build on a foundation for so long before its age and brittleness beings to cause serious problems.