Slashdot Mirror
US's Greatest Vulnerability is Ignoring the Cyber Threats From Our Adversaries, Foreign Policy Expert Says (cnbc.com)
America's greatest vulnerability is its continued inability to acknowledge the extent of its adversaries' capabilities when it comes to cyber threats, says Ian Bremmer, founder and president of leading political risk firm Eurasia Group. From a report: Speaking to CNBC from the Munich Security Conference on Saturday, the prominent American political scientist emphasized that there should be much more government-level concern and urgency over cyber risk. The adversarial states in question are what U.S. intelligence agencies call the "big four": Russia, China, North Korea, and Iran. "We're vulnerable because we continue to underestimate the capabilities in those countries. WannaCry, from North Korea -- no one in the U.S. cybersecurity services believed the North Koreans could actually do that," Bremmer described, naming the ransomware virus that crippled more than 200,000 computer systems across 150 countries in May of 2017.
Borge Brende, president of the World Economic Forum, weighed in, stressing the economic cost of cyber crimes. "It is very hard to attribute cyberattacks to different actors or countries, but the cost is just unbelievable. Annually more than a thousand billion U.S. dollars are lost for companies or countries due to these attacks and our economy is more and more based on internet and data."
Borge Brende, president of the World Economic Forum, weighed in, stressing the economic cost of cyber crimes. "It is very hard to attribute cyberattacks to different actors or countries, but the cost is just unbelievable. Annually more than a thousand billion U.S. dollars are lost for companies or countries due to these attacks and our economy is more and more based on internet and data."
If we would acknowledge that the problem exists, rather than deny it because it somehow diminishes the ego of the current occupant of the Oval Office, we could start to do something about it.
in the last few years we've learned that America itself is the biggest cyber terrorist on the planet. Stop trying to make us believe other countries are the enemies and aggressors. And if you attack other countries you have to expect that they fight back.
Stuxnet - I bet the Iranians never believed the USA could do THAT. A real act of war if ever there was one.
It will be interesting to watch how the US government goes about preventing all "foreign" interference by way of the Internet and the Web without completely cutting the USA off from the rest of the world.
I am sure that there are many other solipsists out there.
Instead of the NSA working with privacy industry to fix exploits, it sits on them and weaponizes them. It means other parties who find the same can also exploit them against us. It makes all our security weak.
Then we insist on putting industrial and military systems on the internet when smarter countries are moving the other way, sometimes even using paper records to make the data more difficult to steal. Not that paper data can't be stolen but it is harder to get a lot at once and it requires old fashioned spy methods.
'Then we have legions after legions of technically clueless managers who ignore the advice of security experts for "convenience".
So if we have cyber security probs those are probs we made for ourselves and we deserve to face the consequences.
We're vulnerable because we continue to underestimate the capabilities in those countries. WannaCry, from North Korea -- no one in the U.S. cybersecurity services believed the North Koreans could actually do that
WannaCry famously used exploit code developed by NSA. It demonstrates an almost sociopathic lack of self-awareness to turn around and blame threats caused by the unnecessarily agressive weaponisation of the internet by US state actors on those same actors underestimation of the threat posed by others.
Our biggest cyberthreat is Windows. Until that thread is neutralized, we will continue to be unnecessarily vulnerable.
In other words: from everyone else on the planet!
Great minds think alike; fools seldom differ.
That wall was painted years ago and they're just now realizing this?
Snappy!
Pity it just sounds good. That's nothing more than some philosophical bubble gum to make you feel better about your contrarian bullshit.
There's a problem with the internet and it's eating your country alive.
It is likely that cyber vulnerabilities follow the same pattern. While everyone is busy looking for the overseas threat, the domestic (and government) hackers are spreading mayhem and chaos internally.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
The biggest threat is incorrectly assessing and overreacting. The threat is there but making it out to be a bigger boogeyman than it really is can and will set in motion consequences both internal to the nation and outside it that will be extremely dangerous and difficult to walk back from. Don't let politicians influence you with their unbridled suspicion and fear. Remember these experts are paid by someone and they have personal incentives that drives their outspokenness.
You can lead a man with reason but you can't make him think.
The problem lies on a way more fundamental level...
For instance, how much Equifax had to pay for leaking a whole ton of sensitive data? It was obviously less than enough.
How much other companies who leaked medical data, credit card data, governmental data, electors data, had to pay for weak security?
Not enough.
US is it's own cyber threat, it doesn't need to label other ships as the enemy, it's sinking by itself.
What's the response around security from US politicians? Let's use fearmongering against smartphone companies without any proof and bar them from the US market without any proof of doing anything wrong, because we think the chinese government might exploit connections to spy on us. It applies because we'd certainly do the same in their position.
We don't punish incompetence, we put in question the competence of others, and we accuse others of the unethical behaviour that we practice and deserve to be called for. US gets exactly what it deserves. Leaders who thinks they own the place and keep pushing others away while making unreasonable demands all the time eventually gets overthrown. Those who still didn't get this will be forced to given time.
Windows isn't the biggest threat. I know plenty of people who don't even have a computer any more. Besides, Windows can be locked down.
Phones, on the other hand, are always-on cameras and microphones that cannot be locked down in any way. Phones alsoallow for 100% harvesting of all email, text messages, and phone calls sent through them.
We'd be in good shape, as a country, if Windows really was the greatest "cyberthreat".
I don't respond to AC's.
Interesting to see so many comrades on the job right away. Slashdot must be closely monitored.
Thanks Ivan. It's good to know you can flip to "totally hyperbolic" when you need to. I'm sure you'll make a few extra rubles for this little exchange.
The world's burning. Moped Jesus spotted on I50. Details at 11.
Interesting article
https://medium.com/incerto/the...
Ergodicity
As we saw, a situation is deemed non ergodic here when observed past probabilities do not apply to future processes. There is a "stop" somewhere, an absorbing barrier that prevents people with skin in the game from emerging from it -and to which the system will invariably tend. Let us call these situations "ruin", as the entity cannot emerge from the condition. The central problem is that if there is a possibility of ruin, cost benefit analyses are no longer possible.
Consider a more extreme example than the Casino experiment. Assume a collection of people play Russian Roulette a single time for a million dollars -this is the central story in Fooled by Randomness. About five out of six will make money. If someone used a standard cost-benefit analysis, he would have claimed that one has 83.33% chance of gains, for an "expected" average return per shot of $833,333. But if you played Russian roulette more than once, you are deemed to end up in the cemetery. Your expected return is ... not computable.
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
The term was in use before George Orwell was even born.
https://en.wikipedia.org/wiki/...
Our company provides security services for many fairly large companies. Rackspace, for example, is one of our many customers. You can imagine how much data flows through our IDS every day. We have millions of security events logged.
Attacks can be broadly classified into two groups - bulk, unsophisticated attacks, and targeted, more sophisticated attacks.
The largest VOLUME of attacks come from Eastern Europe and Russia, places where local law enforcement isn't all that concerned about hackers targeting the US, and there are computer geeks capable of attacks. That's a lot of countries, though - the single country with the greatest number of attacks is China.
The most sophisticated attacks come from China.
I have phone numbers of FBI agents at the Cyber Division who want to hear about any significant attacks originating in the US. If a domestic attacker targets a specific organization or group of organizations, the FBI can send a Cyber Action Team to the targeted facility within 24-48 hours. The CAT performs the initial forensics, making sure evidence isn't lost, assesses the threat, and can call on other experts as needed. The Cyber Action Team is the first step in series of events that involves the Computer Fraud and Abuse Act. The US is not a the place to be if you're a black hat hacker. If you're going to try to hack US computers in a significant way, you REALLY want to be somewhere the FBI won't go to visit you.
Windows isn't the biggest threat.
However, the larger threat of Windows comes from what it's used to manage, specifically SCADA systems.
Windows can be locked down.
Unfortunately, Windows has a perpetual stream of 0day bugs being added to it from Microsoft via Windows Update. The other problem is that getting a distribution of Windows that focuses specifically on security costs more money, so Cheapy McCheapskate is just going to use vanilla Windows.
Phones, on the other hand, are always-on cameras and microphones that cannot be locked down in any way. Phones alsoallow for 100% harvesting of all email, text messages, and phone calls sent through them.
There is no doubt that they are a significant threat but exploiting them is difficult without having them installing malware.
You can create the most secure systems but unless it's cheap and easy, you're going to get assholes that don't know what the fuck they are doing completely screwing over the rest of us. The biggest threat is people and the second biggest is people using Windows.
Anons need not reply. Questions end with a question mark.
It's also a key concept in Foundations of Geopolitics by Aleksandr Dugin, influential Russian nutcase
https://en.wikipedia.org/wiki/...
In Foundations of Geopolitics, Dugin calls for the influence of the United States and Atlanticism to lose its influence in Eurasia and for Russia to rebuild its influence through annexations and alliances.
The book declares that "the battle for the world rule of [ethnic] Russians" has not ended and Russia remains "the staging area of a new anti-bourgeois, anti-American revolution." The Eurasian Empire will be constructed "on the fundamental principle of the common enemy: the rejection of Atlanticism, strategic control of the USA, and the refusal to allow liberal values to dominate us."
Military operations play relatively little role. The textbook believes in a sophisticated program of subversion, destabilization, and disinformation spearheaded by the Russian special services. The operations should be assisted by a tough, hard-headed utilization of Russia's gas, oil, and natural resources to bully and pressure other countries.
The book states that "the maximum task [of the future] is the 'Finlandization' of all of Europe".
In Europe:
* Germany should be offered the de facto political dominance over most Protestant and Catholic states located within Central and Eastern Europe. Kaliningrad oblast could be given back to Germany. The book uses the term "Moscow-Berlin axis".
* France should be encouraged to form a "Franco-German bloc" with Germany. Both countries have a "firm anti-Atlanticist tradition".
* The United Kingdom should be cut off from Europe.
* Finland should be absorbed into Russia. Southern Finland will be combined with the Republic of Karelia and northern Finland will be "donated to Murmansk Oblast".
* Estonia should be given to Germany's sphere of influence.
* Latvia and Lithuania should be given a "special status" in the Eurasian-Russian sphere.
* Poland should be granted a "special status" in the Eurasian sphere.
* Romania, Macedonia, "Serbian Bosnia" and Greece - "Orthodox collectivist East" - will unite with "Moscow the Third Rome" and reject the "rational-individualistic West".
* Ukraine should be annexed by Russia because "Ukraine as a state has no geopolitical meaning, no particular cultural import or universal significance, no geographic uniqueness, no ethnic exclusiveness, its certain territorial ambitions represents an enormous danger for all of Eurasia and, without resolving the Ukrainian problem, it is in general senseless to speak about continental politics". Ukraine should not be allowed to remain independent, unless it is cordon sanitaire, which would be inadmissible.
In the Middle East and Central Asia:
* The book stresses the "continental Russian-Islamic alliance" which lies "at the foundation of anti-Atlanticist strategy". The alliance is based on the "traditional character of Russian and Islamic civilization". ... [like] the Iranians and the Kurds".
* Iran is a key ally. The book uses the term "Moscow-Tehran axis".
* Armenia has a special role: It will serve as a "strategic base," and it is necessary to create "the [subsidiary] axis Moscow-Erevan-Teheran". Armenians "are an Aryan people
* Azerbaijan could be "split up" or given to Iran.
* Georgia should be dismembered. Abkhazia and "United Ossetia" (which includes Georgia's South Ossetia) will be incorporated into Russia. Georgia's independent policies are unacceptable.
Russia needs to create "geopolitical shocks" within Turkey. These can be achieved by employing Kurds, Armenians and other minorities.
* The book regards the Caucasus as a Russian territory, including "the eastern and northern shores of the Caspian (the territories of Kazakhstan and Turkmenistan)" and Central Asia (mentioning Kazakhstan, Uzbekistan, Kyrgyzstan and Tajikistan).
In Asia:
* China, which
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
Here in Europe the Belgcom hack has just come into the newspapers. A Belgian telecom company was hacked by the British GCHQ a few years ago. Although there is more than enough evidence no one dares take them to court because of politics: https://theintercept.com/2018/...
-- Cheers!
Well at least you're not pretending to be an American anymore Ivan, but that's going to cost you some rubles. You'll get downgraded to calling the Ukrainian government "Nazis" at this rate. Maybe you'll get some points for the Israel comments t. We all know how much Russians hate Jews.
The world's burning. Moped Jesus spotted on I50. Details at 11.
What it lacks is adequate talent to deal with the adversaries. That exceptional talent comes with a high price tag. Champagne taste, beer budget.
We'll make great pets
Nassim Nicholas Taleb is one of the most overrated of the celebrity twitter "philosophers". He's what a dumb person thinks a smart person sounds like.
You are welcome on my lawn.
Interesting how this article accumulated over 50 posts and nobody (unless I just totally missed it) has pointed out that we are in the fix of a) being under concentrated cyber-attack from Russia and b) we have a president 100% committed to the idea that there is no threat.
Hopefully the career military, spooks, and bureaucrats are on the job because it is pretty much up to them to defend us.
Ian Bremmer???? Wasn't he the dood from the Bushie Administration who helped create ISIS by firing all those Iraqi military types and allowing them to vamoose with their weaponry????
Now why would anything he had to say be of value, especially as CorporateAmerika continues to offshore jobs, techinology and investment to China, etc.????
The threat is a lot closer to home. A mouthpiece for the US state security apparatus, possibly tasked with signaling the Washington establishment as to what their policies are going to be. These leaks against Trump being an attempt to persuade him to get with the program. The program being to do exactly what he's told. America's greatest vulnerability is the backdoors inserted into the communications infrastructure and allowing a particular foreign intelligence to control of them.
...
US's Greatest Vulnerability is Ignoring the Cyber Threats From Our Advertisers ...
It little behooves the best of us to comment on the rest of us.
We’re not ignoring them – We (well, the GOP anyway) needs to somehow spin them as “false news”, attack anyone who claims it’s valid and redirect to some Clintonian BS when evidence is demonstratively contrary to the GOP story.
For the GOP to actually admit the 2016 election results were somehow manipulated, would be to validate a false President rules the throne.
As we’re now seeing, sexual escapades are hidden by shell companies, lawyers and friends, “jobs to Americans” is really just paying back the old 19th century business model of scotched earth for profit even if human life / well being hangs in the balance.
Annually more than a thousand billion U.S. dollars are lost for companies or countries due to these attacks
I wonder how they came to such a huge number. One thousand billion USD is the GDP of Mexico or Indonesia
The biggest indicator that the US is in trouble is that its leadership uses the term “cyber”.
No one who knows anything about computers says that.