Slashdot Mirror
NSA Says It Foiled Plot To Destroy US Economy Through Malware
mrspoonsi writes "Business Insider Reports: The National Security Agency described for the first time a cataclysmic cyber threat it claims to have stopped On Sunday's '60 Minutes.' Called a BIOS attack, the exploit would have ruined, or 'bricked,' computers across the country, causing untold damage to the national and even global economy. Even more shocking, CBS goes as far as to point a finger directly at China for the plot — 'While the NSA would not name the country behind it, cyber security experts briefed on the operation told us it was China.' The NSA says it closed this vulnerability by working with computer manufacturers. Debora Plunkett, director of cyber defense for the NSA: One of our analysts actually saw that the nation state had the intention to develop and to deliver — to actually use this capability — to destroy computers."
...and subprime lending really DID destroy the U.S. economy.
Rampant carbon sequestration destroyed the Dinosaurs' tropical paradise. I'm here to help repair the damage.
Once those pesky real journalists that insist on facts and sources start digging into this, I'd expect the cataclysmic claims will be slowly walked back to something much less sinister, like almost all other claims of thwarted plots.
China holds a huge amount of our debt. They want us to buy their stuff and to borrow money from them. Why cripple our economy? Or, even worse, why do something like this that will point a finger back to them and stir up the pot against them? (and possibly lad to embargos, and so on)
If these attackers the NSA supposedly thwarted (the Chinese it is speculated), managed to gain control over large numbers of computers with access enough to damage their firmware, it would make far better sense to keep those machines alive and working for them instead. You could cause far more damage to the US economy by keeping those machines alive and pwn3d than if you simply bricked them. A bricked machine will cost a few hundred dollars to fix. A pwn3d machine is a gift that keeps on giving!
Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y trouverai de quoi le faire pendre.
Does this strike anyone else as being utterly ridiculous? "Cataclysmic"?? I mean, if a bunch of bricked computers could bring down our economy (and possibly the global economy) then isn't the whole thing in need of some serious attention? Maybe we've built an unreasonable amount of dependence on something that is entirely too frail to warrant such trust? - both the computer systems and our current economic system.
Alex, I'll take keybindings not used by Emacs for $400....
Right, sure they did. A BIOS attack of the sort hinted at in this interview is difficult to believe.
If they worked with computer manufacturers to close some such massive security hole, then they can easily point to the historical vulnerability. The technical community can verify their claims. Failing that, no, I do not believe such an attack ever existed outside the overheated imagination of some technically illiterate NSA bureaucrat.
In other news, I have a bridge I'd like to sell you.
Enjoy life! This is not a dress rehearsal.
Sorry, I'm not buying it. Despite the NSA's best efforts, Microsoft did release Vista.
Koans and fables for the software engineer
Have been known for years. The problem is you have to gain admin access to the machine first, so basically you are bricking your own botnet.
LOL.
http://en.wikipedia.org/wiki/CIH_(computer_virus)
ps. It didn't destroy the US economy.
and this lame vague shit is the best they can do.
100% of the NSA budget needs to be given to NASA.
because I can't imagine the scenario in which they uncovered that plot by looking at the metadata from American cellphones.
A more dangerous cyber threat would be malware that collects all the users personal information and stores it until the malware writer is ready to use it against the victim.
Oops!
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
Please. I saw this on 60 Minutes and that entire pandering two-parter on Sunday night was a such a load of bullshit, I could smell it through the TV.
And this segment of it was the worst, because it made no sense. I mean, they dumbed the story down for Ma and Pa in Pigsknuckle Arkansas, but for anyone with even a hint of technical acumen, it came off as complete tripe.
Why *exactly* would China want to destroy the global economy? Such a move would hurt them more than us, because they are in a period of crazy growth, and their entire stability *depends* upon that growth or they'd have rioting.
Secondly, if a nation wanted to destroy us, why use "malware"? A better way would be to use lobbyists to force more deregulation and let us cut our own throats as we've already seen. Our own greedy bastards will happily destroy the global economy if it means 6 more dollars in *their* pockets.
The whole thing is fishy and smells of NSA desperation to look good to the average american, and paint the Chinese and Edward Snowden as bad guys we need to be afraid of so that the NSA can "protect" us, by of course, stripping us of all our rights.
If telephones are outlawed, then only outlaws will have telephones.
Includes those that are set not to automatically upgrade BIOS, of course
Two words: BIOS backdoor!
More importantly, they need to show that the massive dragnet of surveillance of all Americans was essential to find out about this.
Another thing, ironic that the US worries about other people doing things that it has already done. For example, the US created Stuxnet and is worried someone else will follow our lead. The US dropped a nuclear bomb on civilians and we are worried someone else will follow our lead.
I routinely stop alien invasions. Their lazors are no match for my hands (and let's not mention my other weapon... in my pants).
Your move NSA - what have you done lately?
I thought it was odd too untli I read the article and realised they were not talking about a real threat, they were talking about an analysts scenario. To quote:
"One of our analysts actually saw that the nation state had the intention to develop and to deliver — to actually use this capability — to destroy computers."
So basically this is a fear-mongering story since if the country in question had had the intention and capability to deploy such an attack, it would have been SUCCESSFUL. Only a small proportion on PCs would have been "fixed" if they had "worked with computer manufacturers".
They really do think everyone is stupid don't they?
From your link:
Matt Blaze, a computer and information sciences professor at the University of Pennsylvania, said that BIOS could be overwritten by malware, bricking an unsuspecting computer. But the vagueness of the description of the “BIOS Plot” made him suspicious.
“It would take significant resources – and an extraordinary bit of co-ordination and luck – to actually deploy malware that could do this at scale,” Blaze said.
“And it's not clear how you'd ‘thwart’ such a scheme if you found out about it if you were NSA, since it's basically a combination of a large number of vulnerabilities spread among a zillion computers rather than one big problem that can be fixed with a single patch.”
The lack of specificity made cybersecurity expert Robert David Graham dubious that the plot NSA claimed to discover matched the one it described on TV. “All they are doing is repeating what Wikipedia says about BIOS,” Graham blogged, “acting as techie talk layered onto the discussion to make it believable, much like how Star Trek episodes talk about warp cores and Jeffries Tubes.”
Maybe one part of the NSA wrote the malware and another part found out about it and stopped them.
If Slashdot were chemistry it would look like this:Cadaverine
There's this moment when you're acting out when you cross from plausible belief to total, in-your-face disbelief. Does NSA seriously imply that such an attack would have lasting consequences? Do they really think that there wouldn't be many BIOS recovery solutions popping up left, right and center literally within hours? My bet is that within a week there'd be a thriving BIOS recovery business going on all around us, and the damage would be well contained in spite of whatever bullshit the clueless media would be spewing around.
A successful API design takes a mixture of software design and pedagogy.
Our governments certainly lied but they did not know what Saddam had. Not until there were US/UK boots on the ground did we really know one way or the other.
Sorry, but no. Many other foreign countries had a look at the evidence and they voted "no WMD". Only US lapdogs went along (coalition of the willing), everyone else took a pass. So people were able to tell "one way or another".