I find it hard to believe that anyone was dumb enough to break into a system that is virtually certain to count as a 'protected computer' for the purposes of the CFAA, from their home and without doing even a half assed job of covering their tracks.
Even aside from any penalties that may or may not occur because of laws related to trade secrets, tortious somethingsomething, etc. and any MLB-imposed penalties, even merely cracking the system open for a look, and doing absolutely nothing with the data, across state lines gives the feds the option to come down on you like a ton of vengeful bricks. Really, really, dumb. FFS, if your stupid little pissing match was worth breaking a few laws over, you'd probably be better off burglarizing the location housing the database and dumping it in person; at least that keeps the feds away.
The trouble is that attribution is always tricky. If I knew that the guy who slipped me the virus did it deliberately and lived two blocks away, I'd be distinctly tempted to 'explore a spectrum of kinetic responses'. However, if I suspect that the odds are very good that he gave it to me because he got infected by somebody else, and it was pure happenstance, rather than malice, that his computer happened to be the one to be previously infected and write a malicious autorun file to the drive, or the like, then what do I do?
He was the proximate cause of my getting the virus; but not responsible in any useful way. For a sneakernet chain of any nontrivial length, the perp would have to be pretty dumb, pretty bold, or pretty overt to stand out from the crowd of victims just passing the pox along.
On a scale from 'good god, man, kill that vile pustulent mass with fire' to 'AOL user's emachine running win98' exactly how malware poxed do we expect this service to be?
It is possible that the low value of the target nodes offers some protection; but I still have to lean toward "so much cyber-syphilis you can feel the pus ooze out when you try to plug it in".
It's hard to imagine what those crazy green-freaks were thinking. After all, orbital launch tech is pretty much bulletproof; and delivery vehicles never have to be terminated by the range safety officer, or end up burning up in the atmosphere as part of an uncontrolled reentry. Plus, even if a spacecraft did crash, those are built on nearly unlimited mass budgets, so the RTG would definitely be encapsulated well enough to pose no hazard. Really, people do get so worked up...
Thankfully, there are engines that will run the classic Doom.wads for basically every platform large enough to run them(and a few you wouldn't expect), so True Doom will probably live longer than any of us here, hopping from host to host like some sort of immortal clonal symbiote.
It's a matter of tradition for summaries to be misleading and/or confusing!
In seriousness, though, Fallout4, while arguably the most important, was also the one that everyone knew most about going in. Dishonored 2 was only revealed by a slip of the mic just recently. Additional details were provided today about Fallout 4; but it wasn't a reveal.
India actually has some reasonably peppy militia groups(naxalites being the most prominent; but hardly the only ones). Unfortunately, the response has been less "Oh gosh, we'd better start taking the people's concerns seriously!" and more "Per the powers granted under the Unlawful Activities Prevention Act, 1967; the Terrorist and Disruptive Activities Prevention Act, 1985, and the Prevention of Terrorism Act, 2002; if you happen to 'disappear' after a run-in with the cops, or your body shows up unannounced at the morgue with signs of torture and a bullet in its head, we can just say you were a terrorist and drop the issue with impunity".
It's not like all of India is run this way, any more than all US police forces spend all their time shooting blacks and seizing assets; but there are places(Uttar Pradesh is a good candidate to be one of them) where you are liable to get some really, really, bad news about how 'rule of law' actually works if you cross the wrong local strongman.
Given that (especially once you count private outfits who are de-facto government actors, like the firms doing background checks, who obviously have a ton of juicy info in order to do their jobs) nobody even has a particularly good estimate of how many cool databases are floating around, and who has their fingers in them; and given that we've learned that de-anonymization attacks against 'anonymized' datasets or partial/incomplete datasets are often quite powerful; it might not necessarily even be that particular hack. It was a big one, and a conveniently timed one, however.
The OPM hack was enormous, and conveniently HR related; but even if it wasn't that one, the 'OMG Snowden!' document cache is, at this point, ~2 years old and(at least the parts that have been released in part or in full) largely focused on technical capabilities, sigint, and communications interception programs. How long, exactly, are we supposed to believe that Scary, Scary, Snowden; rather than one of the more-or-less-routine crackings of one system or another, is behind every intelligence failure, especially without much in the way of evidence?
Given that we just had the big story about the Office of Personnel Management getting hacked six ways from sunday by parties unknown, 'OMG Snowden' seems unlikely to be the biggest of the US spooks' problems at the moment.
The 'people from places you've heard of deciding to pay a visit to scenic Syria and fight for the caliphate' phenomenon has caused a lot of hand-wringing and talk about 'radicalization' and 'grooming' and so on(especially from the brits; but some here as well).
And I can see the reason for concern, from the perspective of a desire to see ISIS collapse sooner rather than later. The expats haven't, on the whole, been marked by particularly notable skills or anything; but unless they are out and out fuckups, they are presumably of some use.
On the other hand, though, there doesn't seem to be much attention being paid to the positive side: If going to some sandtrap hellhole to fight a meatgrinder land war in the service of the Caliph is something you'd do voluntarily; it seems fairly likely that you are not exactly liberal democracy's best buddy, or a strong candidate for 'most likely to get along just fine with the apostates and unbelievers'. Isn't having such people voluntarily decide to leave us to sin in peace and go travel far away to take substantial risks, up to and including fatal ones, rather convenient?
I've been surprised by the amount of chatter among various government talking heads about trying to prevent the would-be jihadis from traveling. Were I in their position; I'd be keeping a careful eye on anyone who tries to come back; but would be very much tempted to politely ignore anyone heading out for martyrdom and hope that they'll no longer be my problem.
Even tablet users might well not want it fullscreen(possibly while videoconferencing; but otherwise the most screen area you'd need would likely be a relatively thin vertical strip to look at a contacts list); but regardless of that, it seems like a problem that MS needs to fix at the level of the Metro windowing system and UI controls, not just by shooting the metro version of any program that users can't be expected to want fullscreen.
If they have a version of skype on Windows Phone, presumably they have a UI that at least 'works' in a relatively small amount of screen space, even with the assumption that the user will be using a touchscreen and their giant sausage-like fingers rather than a mouse. Unless the Metro windowing system is so screwed that it deserves to be taken out and burned alive, this would seem to suggest that delivering a version of skype that uses Metro but doesn't occupy much screen space shouldn't be that hard.
This seems particularly weird given that Microsoft has devices where (with, no doubt, a painful list of 'write once, port everywhere' caveats) 'Modern' is the option. Windows RT was the first stab, though it dragged along win32 for Office; but it's dead and irrelevant. Windows Phone, though, unless also headed for the chopping block, is presumably still going to have Skype, and it isn't slated to get win32 any time soon.
Is the dogfood really so dreadful that they'd terminate the metro version on every device that has full windows available, despite the presence/absence of touchscreen, design favoring conventional or tablet-style use, and so on?
What's surprising to me is not merely that; but if the calibration data are so important that the engine shuts down without them, how did the aircraft take off?
If the calibration data are nice, good for fuel economy, improve reliability, etc. you'd expect things to continue working without them, albeit possibly not as well as the manual specifies.
If the calibration data are Absolutely Vital Lest The Engine Throw A Propellor Right Through The Cockpit, or something of that nature, how did the aircraft allow you to take off with 75% of the data missing? An actual error handling arrrangement would, of course, be in good taste; but even without one I would have (naively, apparently) expected the situation to take one of two courses: if the data are semi-optional, things would work, if perhaps not well. If they are Vital, attempting to get off the ground would have failed. Successful takeoff, followed by shutdown and fiery death, though, seems weird.
Not because of 'apps' of course; but because no self-respecting consumer OS would fail to cryptographically verify the execution environment(lest some precious 'premium content' be absconded with by pirates) and an entire missing file probably would have caused the aircraft to refuse to move until taken back to Airbus HQ for re-blessing by the vender.
They don't succeed against motivated pirates, of course; but this is one area where consumer software vendors do actually give a fuck. If people believed that a sabotaged voting machine or a defective ECU could pirate Blu-rays, we'd live in a safer world.
And here I used to think that Uber was dead-set on being as aggressively disrespectful to local cultural practices as possible in every market except its native valley 'disruption' fetishists. I guess I was wrong, if they have in fact embraced counterfeiting in the Chinese market.
Wasn't there a story some time back about an (unidentified, never caught) perp who simply did things the easy, all-American way by taking a rifle to some transformers from a distance? No giant fireballs or anything; but some damage to the outer parts of the wire coil structure; and the holes in the transformer housing allowed the coolant/dielectric fluid to leak out.
A deeply unsexy sort of attack, no terror value whatsoever; but repairs probably cost a hell of a lot more than a magazine or two of totally undistinguished plinking ammo.
Is it really worth taking the things that come out of the mouths of ego-tripping.com kiddies whose entire startup could be being sold off for the value of its office chairs within a few years all that seriously?
"Social justice elite"? This sounds like a conspiracy theory even more fun than the reptilians, if perhaps not up to the truly classic standards of the Illuminati.
I'm assuming that their ever-so-coy stance on whether or not the stingrays are their stingrays would evaporate rather quickly if somebody were to climb up, cut one down, and make off with it...
Feds have this funny habit of suddenly getting really possessive of things that previously didn't exist if you start touching them.
In this case, though, that's arguably part of the point: the idea isn't to drive the heretics into the sea and expunge utterly their untruths(in which case you'd be worried about the 'routing around it' effect); It's to get the insufferable assholes to go be insufferable somewhere else. The fact that it's relatively easy to take your ball and go home, or elsewhere, is arguably an advantage, since it reduces the incentive for your obnoxious users to stick around and fight to the death, rather than just going somewhere else.
Of course, Reddit is being somewhat cautious about the process because they are caught between the desire not to be publicly associated more or less entirely with their deeply sleazy underbelly; and the memory of just how fast they eviscerated Digg, and the concern that the same thing could happen to them if they can't figure out how to keep the targeting fairly precise.
Unless I had a real hard on for cold war nostalgia, I would definitely be exploring the possibility of attempting to develop a hard-to-attribute limited strike capability; rather than thinking about doing a full scale launch. Those are splashy; but there's nobody so obnoxious that it is worth your own society's existence to take down theirs.
A full scale nuclear exchange isn't in the interests of any rational actor, they'd be MAD to try. Obfuscating attribution, though, is probably technologically easier than effective missile defense, and a great deal cheaper; as well as opening up the possibility of actually getting to use your nukes, rather than just spending your time polishing them.
Even if it doesn't make things worse, the trouble with retaliation, 'second strike', MAD, 'deterrence', etc. is that it relies on attribution of warheads being relatively easy.
If the adversary knows that you'll know it was him if he tries anything, your big huge second strike infrastructure is pretty scary. If you can obfuscate attribution(or, worse, successfully pin it on some innocent party) the theory of deterrence becomes effectively useless.
EMPs are probably a moderately favorable case, since you need to do a reasonably visible launch to high altitude to get the best effect; but if somebody just puts a nuke in a cargo container that was supposed to contain xboxes and it levels one of the world's larger container ports, who exactly are you going to retaliate against?
The trouble is that, especially with just-in-time logistics and similar developments, there are a lot of areas where disruption of relatively boring commercial systems will mean substantial disruptions of supplies to population centers in fairly short order, as well as breakdown in the production chains for the various replacement parts that a post-EMP society might want.
If the only activity that a post-apocalyptic society need be capable of is firing zee missiles, then yeah, it's not such a hard problem. If you'd prefer not to have all your urban centers start eating themselves, though, it gets a bit trickier.
Pretty much any explosive(with the possible exception of some really dreadful low-density ones) can be made to generate an EMP. It's just that, as in most other respects, Nukes Do It Bigger. If you are toasting a very localized target(especially if it's something like a radar system, which is conveniently designed to efficiently collect RF, you might even be able to get away with one of the purely electrical systems that don't rely on explosives at all.
The issue with nukes is that they offer, by far, the largest area of effect per unit mass sent up(and you need to get some real altitude, so it's not necessarily a car/truck bomb type situation where you can use crap explosives and just make it up in volume.)
But defending against terrorists and rogue states with EMP weapons is so sexy compared to boring civil engineering that would improve infrastructure quality and resilience against tedious and soggy natural disasters!
Plus, EMP is fairly exotic, so we can probably spin it into a bunch of more or less open-ended R&D contracts, while most civil engineering is comparatively mature; and the biggest challenge is providing decades of solid, reliable, governance and room for qualified engineers to work without constant political interference. Where's the fun in that?
Slashdot Mirror
I find it hard to believe that anyone was dumb enough to break into a system that is virtually certain to count as a 'protected computer' for the purposes of the CFAA, from their home and without doing even a half assed job of covering their tracks.
Even aside from any penalties that may or may not occur because of laws related to trade secrets, tortious somethingsomething, etc. and any MLB-imposed penalties, even merely cracking the system open for a look, and doing absolutely nothing with the data, across state lines gives the feds the option to come down on you like a ton of vengeful bricks. Really, really, dumb. FFS, if your stupid little pissing match was worth breaking a few laws over, you'd probably be better off burglarizing the location housing the database and dumping it in person; at least that keeps the feds away.
The trouble is that attribution is always tricky. If I knew that the guy who slipped me the virus did it deliberately and lived two blocks away, I'd be distinctly tempted to 'explore a spectrum of kinetic responses'. However, if I suspect that the odds are very good that he gave it to me because he got infected by somebody else, and it was pure happenstance, rather than malice, that his computer happened to be the one to be previously infected and write a malicious autorun file to the drive, or the like, then what do I do?
He was the proximate cause of my getting the virus; but not responsible in any useful way. For a sneakernet chain of any nontrivial length, the perp would have to be pretty dumb, pretty bold, or pretty overt to stand out from the crowd of victims just passing the pox along.
On a scale from 'good god, man, kill that vile pustulent mass with fire' to 'AOL user's emachine running win98' exactly how malware poxed do we expect this service to be?
It is possible that the low value of the target nodes offers some protection; but I still have to lean toward "so much cyber-syphilis you can feel the pus ooze out when you try to plug it in".
It's hard to imagine what those crazy green-freaks were thinking. After all, orbital launch tech is pretty much bulletproof; and delivery vehicles never have to be terminated by the range safety officer, or end up burning up in the atmosphere as part of an uncontrolled reentry. Plus, even if a spacecraft did crash, those are built on nearly unlimited mass budgets, so the RTG would definitely be encapsulated well enough to pose no hazard. Really, people do get so worked up...
Thankfully, there are engines that will run the classic Doom .wads for basically every platform large enough to run them(and a few you wouldn't expect), so True Doom will probably live longer than any of us here, hopping from host to host like some sort of immortal clonal symbiote.
It's a matter of tradition for summaries to be misleading and/or confusing!
In seriousness, though, Fallout4, while arguably the most important, was also the one that everyone knew most about going in. Dishonored 2 was only revealed by a slip of the mic just recently. Additional details were provided today about Fallout 4; but it wasn't a reveal.
India actually has some reasonably peppy militia groups(naxalites being the most prominent; but hardly the only ones). Unfortunately, the response has been less "Oh gosh, we'd better start taking the people's concerns seriously!" and more "Per the powers granted under the Unlawful Activities Prevention Act, 1967; the Terrorist and Disruptive Activities Prevention Act, 1985, and the Prevention of Terrorism Act, 2002; if you happen to 'disappear' after a run-in with the cops, or your body shows up unannounced at the morgue with signs of torture and a bullet in its head, we can just say you were a terrorist and drop the issue with impunity".
It's not like all of India is run this way, any more than all US police forces spend all their time shooting blacks and seizing assets; but there are places(Uttar Pradesh is a good candidate to be one of them) where you are liable to get some really, really, bad news about how 'rule of law' actually works if you cross the wrong local strongman.
Given that (especially once you count private outfits who are de-facto government actors, like the firms doing background checks, who obviously have a ton of juicy info in order to do their jobs) nobody even has a particularly good estimate of how many cool databases are floating around, and who has their fingers in them; and given that we've learned that de-anonymization attacks against 'anonymized' datasets or partial/incomplete datasets are often quite powerful; it might not necessarily even be that particular hack. It was a big one, and a conveniently timed one, however.
The OPM hack was enormous, and conveniently HR related; but even if it wasn't that one, the 'OMG Snowden!' document cache is, at this point, ~2 years old and(at least the parts that have been released in part or in full) largely focused on technical capabilities, sigint, and communications interception programs. How long, exactly, are we supposed to believe that Scary, Scary, Snowden; rather than one of the more-or-less-routine crackings of one system or another, is behind every intelligence failure, especially without much in the way of evidence?
Given that we just had the big story about the Office of Personnel Management getting hacked six ways from sunday by parties unknown, 'OMG Snowden' seems unlikely to be the biggest of the US spooks' problems at the moment.
The 'people from places you've heard of deciding to pay a visit to scenic Syria and fight for the caliphate' phenomenon has caused a lot of hand-wringing and talk about 'radicalization' and 'grooming' and so on(especially from the brits; but some here as well).
And I can see the reason for concern, from the perspective of a desire to see ISIS collapse sooner rather than later. The expats haven't, on the whole, been marked by particularly notable skills or anything; but unless they are out and out fuckups, they are presumably of some use.
On the other hand, though, there doesn't seem to be much attention being paid to the positive side: If going to some sandtrap hellhole to fight a meatgrinder land war in the service of the Caliph is something you'd do voluntarily; it seems fairly likely that you are not exactly liberal democracy's best buddy, or a strong candidate for 'most likely to get along just fine with the apostates and unbelievers'. Isn't having such people voluntarily decide to leave us to sin in peace and go travel far away to take substantial risks, up to and including fatal ones, rather convenient?
I've been surprised by the amount of chatter among various government talking heads about trying to prevent the would-be jihadis from traveling. Were I in their position; I'd be keeping a careful eye on anyone who tries to come back; but would be very much tempted to politely ignore anyone heading out for martyrdom and hope that they'll no longer be my problem.
Even tablet users might well not want it fullscreen(possibly while videoconferencing; but otherwise the most screen area you'd need would likely be a relatively thin vertical strip to look at a contacts list); but regardless of that, it seems like a problem that MS needs to fix at the level of the Metro windowing system and UI controls, not just by shooting the metro version of any program that users can't be expected to want fullscreen.
If they have a version of skype on Windows Phone, presumably they have a UI that at least 'works' in a relatively small amount of screen space, even with the assumption that the user will be using a touchscreen and their giant sausage-like fingers rather than a mouse. Unless the Metro windowing system is so screwed that it deserves to be taken out and burned alive, this would seem to suggest that delivering a version of skype that uses Metro but doesn't occupy much screen space shouldn't be that hard.
This seems particularly weird given that Microsoft has devices where (with, no doubt, a painful list of 'write once, port everywhere' caveats) 'Modern' is the option. Windows RT was the first stab, though it dragged along win32 for Office; but it's dead and irrelevant. Windows Phone, though, unless also headed for the chopping block, is presumably still going to have Skype, and it isn't slated to get win32 any time soon.
Is the dogfood really so dreadful that they'd terminate the metro version on every device that has full windows available, despite the presence/absence of touchscreen, design favoring conventional or tablet-style use, and so on?
What's surprising to me is not merely that; but if the calibration data are so important that the engine shuts down without them, how did the aircraft take off?
If the calibration data are nice, good for fuel economy, improve reliability, etc. you'd expect things to continue working without them, albeit possibly not as well as the manual specifies.
If the calibration data are Absolutely Vital Lest The Engine Throw A Propellor Right Through The Cockpit, or something of that nature, how did the aircraft allow you to take off with 75% of the data missing? An actual error handling arrrangement would, of course, be in good taste; but even without one I would have (naively, apparently) expected the situation to take one of two courses: if the data are semi-optional, things would work, if perhaps not well. If they are Vital, attempting to get off the ground would have failed. Successful takeoff, followed by shutdown and fiery death, though, seems weird.
Depressingly, that might actually be true.
Not because of 'apps' of course; but because no self-respecting consumer OS would fail to cryptographically verify the execution environment(lest some precious 'premium content' be absconded with by pirates) and an entire missing file probably would have caused the aircraft to refuse to move until taken back to Airbus HQ for re-blessing by the vender.
They don't succeed against motivated pirates, of course; but this is one area where consumer software vendors do actually give a fuck. If people believed that a sabotaged voting machine or a defective ECU could pirate Blu-rays, we'd live in a safer world.
And here I used to think that Uber was dead-set on being as aggressively disrespectful to local cultural practices as possible in every market except its native valley 'disruption' fetishists. I guess I was wrong, if they have in fact embraced counterfeiting in the Chinese market.
Wasn't there a story some time back about an (unidentified, never caught) perp who simply did things the easy, all-American way by taking a rifle to some transformers from a distance? No giant fireballs or anything; but some damage to the outer parts of the wire coil structure; and the holes in the transformer housing allowed the coolant/dielectric fluid to leak out.
A deeply unsexy sort of attack, no terror value whatsoever; but repairs probably cost a hell of a lot more than a magazine or two of totally undistinguished plinking ammo.
Is it really worth taking the things that come out of the mouths of ego-tripping .com kiddies whose entire startup could be being sold off for the value of its office chairs within a few years all that seriously?
"Social justice elite"? This sounds like a conspiracy theory even more fun than the reptilians, if perhaps not up to the truly classic standards of the Illuminati.
I'm assuming that their ever-so-coy stance on whether or not the stingrays are their stingrays would evaporate rather quickly if somebody were to climb up, cut one down, and make off with it...
Feds have this funny habit of suddenly getting really possessive of things that previously didn't exist if you start touching them.
In this case, though, that's arguably part of the point: the idea isn't to drive the heretics into the sea and expunge utterly their untruths(in which case you'd be worried about the 'routing around it' effect); It's to get the insufferable assholes to go be insufferable somewhere else. The fact that it's relatively easy to take your ball and go home, or elsewhere, is arguably an advantage, since it reduces the incentive for your obnoxious users to stick around and fight to the death, rather than just going somewhere else.
Of course, Reddit is being somewhat cautious about the process because they are caught between the desire not to be publicly associated more or less entirely with their deeply sleazy underbelly; and the memory of just how fast they eviscerated Digg, and the concern that the same thing could happen to them if they can't figure out how to keep the targeting fairly precise.
Unless I had a real hard on for cold war nostalgia, I would definitely be exploring the possibility of attempting to develop a hard-to-attribute limited strike capability; rather than thinking about doing a full scale launch. Those are splashy; but there's nobody so obnoxious that it is worth your own society's existence to take down theirs.
A full scale nuclear exchange isn't in the interests of any rational actor, they'd be MAD to try. Obfuscating attribution, though, is probably technologically easier than effective missile defense, and a great deal cheaper; as well as opening up the possibility of actually getting to use your nukes, rather than just spending your time polishing them.
Even if it doesn't make things worse, the trouble with retaliation, 'second strike', MAD, 'deterrence', etc. is that it relies on attribution of warheads being relatively easy.
If the adversary knows that you'll know it was him if he tries anything, your big huge second strike infrastructure is pretty scary. If you can obfuscate attribution(or, worse, successfully pin it on some innocent party) the theory of deterrence becomes effectively useless.
EMPs are probably a moderately favorable case, since you need to do a reasonably visible launch to high altitude to get the best effect; but if somebody just puts a nuke in a cargo container that was supposed to contain xboxes and it levels one of the world's larger container ports, who exactly are you going to retaliate against?
The trouble is that, especially with just-in-time logistics and similar developments, there are a lot of areas where disruption of relatively boring commercial systems will mean substantial disruptions of supplies to population centers in fairly short order, as well as breakdown in the production chains for the various replacement parts that a post-EMP society might want.
If the only activity that a post-apocalyptic society need be capable of is firing zee missiles, then yeah, it's not such a hard problem. If you'd prefer not to have all your urban centers start eating themselves, though, it gets a bit trickier.
Pretty much any explosive(with the possible exception of some really dreadful low-density ones) can be made to generate an EMP. It's just that, as in most other respects, Nukes Do It Bigger. If you are toasting a very localized target(especially if it's something like a radar system, which is conveniently designed to efficiently collect RF, you might even be able to get away with one of the purely electrical systems that don't rely on explosives at all.
The issue with nukes is that they offer, by far, the largest area of effect per unit mass sent up(and you need to get some real altitude, so it's not necessarily a car/truck bomb type situation where you can use crap explosives and just make it up in volume.)
But defending against terrorists and rogue states with EMP weapons is so sexy compared to boring civil engineering that would improve infrastructure quality and resilience against tedious and soggy natural disasters!
Plus, EMP is fairly exotic, so we can probably spin it into a bunch of more or less open-ended R&D contracts, while most civil engineering is comparatively mature; and the biggest challenge is providing decades of solid, reliable, governance and room for qualified engineers to work without constant political interference. Where's the fun in that?