This example of attacking an election indirectly by targeting its support network reminded me of a Feb 2018 report from the Center for Strategic and International Studies and their hypothetical scenario shared by Bruce Schneier on Aug 27th:
The scope and detail of the attack, not to mention its sheer audacity, had earned the grudging respect of the secretary. Years of worry about a possible Chinese "Assassin's Mace" -- a silver bullet super-weapon capable of disabling key parts of the American military -- turned out to be focused on the wrong thing.
The cyber attacks varied. Sailors stationed at the 7th Fleet' s homeport in Japan awoke one day to find their financial accounts, and those of their dependents, empty. Checking, savings, retirement funds: simply gone. The Marines based on Okinawa were under virtual siege by the populace, whose simmering resentment at their presence had boiled over after a YouTube video posted under the account of a Marine stationed there had gone viral. The video featured a dozen Marines drunkenly gang-raping two teenaged Okinawan girls. The video was vivid, the girls' cries heart-wrenching the cheers of Marines sickening And all of it fake. The National Security Agency's initial analysis of the video had uncovered digital fingerprints showing that it was a computer-assisted lie, and could prove that the Marine's account under which it had been posted was hacked. But the damage had been done.
There was the commanding officer of Edwards Air Force Base whose Internet browser history had been posted on the squadron's Facebook page. His command turned on him as a pervert; his weak protestations that he had not visited most of the posted links could not counter his admission that he had, in fact, trafficked some of them. Lies mixed with the truth. Soldiers at Fort Sill were at each other's throats thanks to a series of text messages that allegedly unearthed an adultery ring on base.
The variations elsewhere were endless. Marines suddenly owed hundreds of thousands of dollars on credit lines they had never opened; sailors received death threats on their Twitter feeds; spouses and female service members had private pictures of themselves plastered across the Internet; older service members received notifications about cancerous conditions discovered in their latest physical.
Leadership was not exempt. Under the hashtag # PACOMMUSTGO a dozen women allegedly described harassment by the commander of Pacific command. Editorial writers demanded that, under the administration's "zero tolerance" policy, he step aside while Congress held hearings.
There was not an American service member or dependent whose life had not been digitally turned upside down. In response, the secretary had declared "an operational pause," directing units to stand down until things were sorted out.
Then, China had made its move, flooding the South China Sea with its conventional forces, enforcing a sea and air identification zone there, and blockading Taiwan. But the secretary could only respond weakly with a few air patrols and diversions of ships already at sea. Word was coming in through back channels that the Taiwanese government, suddenly stripped of its most ardent defender, was already considering capitulation.
So we're throwing out the "better" in search for the "perfect?" Until tokens gain the ubiquity of phones (which seems unlikely), doing away with SMS-based two-factor authentication may just force many users back to the password-only era.
The author has a point about the limited effectiveness of audits and drills, as it's nearly impossible (or at least really expensive and time-consuming) to execute one that's both realistic and safe. He missed the mark on the other two faults (reliance on tech and use of contractors), since people fail more often than tech and contractors are no worse than impossible-to-fire civil servants. The article carries echoes of the "profit is evil and government is good" mantra so popular lately.
Slashdot Mirror
This example of attacking an election indirectly by targeting its support network reminded me of a Feb 2018 report from the Center for Strategic and International Studies and their hypothetical scenario shared by Bruce Schneier on Aug 27th:
The scope and detail of the attack, not to mention its sheer audacity, had earned the grudging respect of the secretary. Years of worry about a possible Chinese "Assassin's Mace" -- a silver bullet super-weapon capable of disabling key parts of the American military -- turned out to be focused on the wrong thing. The cyber attacks varied. Sailors stationed at the 7th Fleet' s homeport in Japan awoke one day to find their financial accounts, and those of their dependents, empty. Checking, savings, retirement funds: simply gone. The Marines based on Okinawa were under virtual siege by the populace, whose simmering resentment at their presence had boiled over after a YouTube video posted under the account of a Marine stationed there had gone viral. The video featured a dozen Marines drunkenly gang-raping two teenaged Okinawan girls. The video was vivid, the girls' cries heart-wrenching the cheers of Marines sickening And all of it fake. The National Security Agency's initial analysis of the video had uncovered digital fingerprints showing that it was a computer-assisted lie, and could prove that the Marine's account under which it had been posted was hacked. But the damage had been done. There was the commanding officer of Edwards Air Force Base whose Internet browser history had been posted on the squadron's Facebook page. His command turned on him as a pervert; his weak protestations that he had not visited most of the posted links could not counter his admission that he had, in fact, trafficked some of them. Lies mixed with the truth. Soldiers at Fort Sill were at each other's throats thanks to a series of text messages that allegedly unearthed an adultery ring on base. The variations elsewhere were endless. Marines suddenly owed hundreds of thousands of dollars on credit lines they had never opened; sailors received death threats on their Twitter feeds; spouses and female service members had private pictures of themselves plastered across the Internet; older service members received notifications about cancerous conditions discovered in their latest physical. Leadership was not exempt. Under the hashtag # PACOMMUSTGO a dozen women allegedly described harassment by the commander of Pacific command. Editorial writers demanded that, under the administration's "zero tolerance" policy, he step aside while Congress held hearings. There was not an American service member or dependent whose life had not been digitally turned upside down. In response, the secretary had declared "an operational pause," directing units to stand down until things were sorted out. Then, China had made its move, flooding the South China Sea with its conventional forces, enforcing a sea and air identification zone there, and blockading Taiwan. But the secretary could only respond weakly with a few air patrols and diversions of ships already at sea. Word was coming in through back channels that the Taiwanese government, suddenly stripped of its most ardent defender, was already considering capitulation.
So we're throwing out the "better" in search for the "perfect?" Until tokens gain the ubiquity of phones (which seems unlikely), doing away with SMS-based two-factor authentication may just force many users back to the password-only era.
The author has a point about the limited effectiveness of audits and drills, as it's nearly impossible (or at least really expensive and time-consuming) to execute one that's both realistic and safe. He missed the mark on the other two faults (reliance on tech and use of contractors), since people fail more often than tech and contractors are no worse than impossible-to-fire civil servants. The article carries echoes of the "profit is evil and government is good" mantra so popular lately.