Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why Laws Won't Save Banks From DDoS Attacks

Posted by Soulskill on from the legislative-firewalls-are-less-effective-than-actual-firewalls dept.

kierny writes "Rep. Mike Rogers (R-Mich.) should know better. The chairman of the House Intelligence Committee claimed to told NBC News that the Operation Ababil U.S. bank disruption DDoS campaign could be stopped, if only private businesses had unfettered access to top-flight U.S. government threat intelligence. Not coincidentally, Rogers is the author of CISPA (now v2.0), a bill that would provide legal immunity for businesses that share threat data with the government, while allowing intelligence agencies to use it for 'national security' purposes, thus raising the ire of privacy rights groups. Just one problem: Numerous security experts have rubbished Rogers' assertion that threat intelligence would have any effect on banks' ability to defend themselves. The bank disruptions aren't cutting-edge or stealthy. They're just about packets overwhelming targeted sites, despite what Congressionally delivered intelligence might suggest."

8 of 80 comments (clear)

  1. Locks keep out honest people... by Midnight_Falcon · · Score: 4, Insightful
    And laws stop honest people from doing something. Criminals, on the other hand, are criminals -- and conducting a DDoS attack cannot be stopped by policies and laws alone. There need to be both technical countermeasures, and political ones as well. In a "positive peace" the reasons for conflict are addressed and removed, while in a "negative peace" the only reason conflict is not happening, is well, the cost of the conflict to both sides.

    These folks obsessed with a "negative peace" by making more laws should study history.

    1. Re:Locks keep out honest people... by amiga3D · · Score: 4, Insightful

      They feel like they must do something and do it right now. It's more important to appear to be doing something to fix the problem than to actually fix the problem.

    2. Re:Locks keep out honest people... by ackthpt · · Score: 3, Insightful

      Passing laws makes the powerless feel better. You've never heard "There oughta be a law"? What they really should be saying is "There oughta be trained people who know how to track down the criminals and convictions which show the laws already on the books are enforced."

      Good luck enforcing laws overseas.

      --

      A feeling of having made the same mistake before: Deja Foobar
  2. And laws helped cause it by MikeRT · · Score: 5, Insightful

    In the name of fighting money laundering--an activity primarily associated with the War on Drugs--Congress passed a law requiring all transactions around $5k or more to be logged and sent to federal law enforcement. Paying in cash for everything is now being called a sign you might be a terrorist. Paying in cash is also *gasp* resistant to DDoS attacks. The coralling of most of our commerce into the hands of banks has effectively made banks a target that can cripple unrelated businesses. If we were mostly a cash society, it'd be no big deal. The worst a DDoS could do is delay the processing of your paycheck or an ATM withdrawal.

    1. Re:And laws helped cause it by amiga3D · · Score: 5, Insightful

      The end result of all these wars is that individual liberty is collateral damage. The war on Drugs, on Terror, on Child Porn, etc., means that innocent people pay the price while the thing they war against never goes away. One unwinable war after another.

  3. Let's focus on the important part by quietwalker · · Score: 4, Funny

    ... I don't think 'rubbished' is a legitimate word.

  4. Therein lies the rub ... by gstoddart · · Score: 3, Informative

    Not coincidentally, Rogers is the author of CISPA (now v2.0), a bill that would provide legal immunity for businesses that share threat data with the government, while allowing intelligence agencies to use it for 'national security' purposes

    These people want this information shared for their own purposes.

    This has nothing at all to do with protecting banks from DDoS -- it's about ensuring government access to all of our data. If they can get private industry to hand them data they can't collect on their own then they can circumvent other laws.

    I agree with the assessment that no law is going to make this kind of attack hitting from all over the world (and probably on zombie computers) go away.

    These people just want the total surveillance world that scares the rest of us.

    --
    Lost at C:>. Found at C.
  5. Re:Sue Microsoft for willful negligence by amiga3D · · Score: 3, Interesting

    I think he's talking about all those windows peecee's slaved into botnets because of their defective by design OS and are used in DDos attacks such as this. It all starts with malware ya know and Windows is the most pervasive form of malware on the planet.