Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Four Threats For '09 You Haven't Heard of

ScuttleMonkey posted more than 5 years ago | from the fear-mongering dept.

Security 126

ancientribe writes "Security experts are cautiously on the lookout for some lesser-known but potentially lethal threats that could be more difficult to prepare for and defend against in 2009. These aren't your typical enterprise hack attacks. They're mainly large-scale Internet threats — attacks that knock out sections of the Internet infrastructure, radical extremist hackers, Web attacks that adversely affect online ad revenue, and even the unthinkable: human casualties as a result of a cyberattack." Also known as the new group of things the fear mongers will use to make you do their bidding.

cancel ×

126 comments

Sorry! There are no comments related to the filter you selected.

Sorry (5, Funny)

Anonymous Coward | more than 5 years ago | (#26303563)

But we've heard of them all. What about that super volcano in Yellowstone? Now that is something that no one has heard of and it would be cool if Slashdot posted an article about that.

How to Falsify Evolution (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26303611)

Any theory that does not provide a method to falsify and validate its claims is a useless theory.

Example; if someone said a watermelon is blue on the inside, but turns red when you cut it open, how could you prove them wrong? How could they prove they're right?

You couldn't and they can't. There is no method available to confirm or disprove what was said about the watermelon. Therefore we can dismiss the theory of the blue interior of watermelons as being pure speculation and guess work, not science. You can not say something is true without demonstrating how it is not false, and you can not say something is not true without demonstrating how it is false. Any theory that can not explain how to both validate and falsify its claims in this manner can not be taken seriously. If one could demonstrate clearly that the watermelon appears to indeed be blue inside, without being able to demonstrate what colors it is not, we still have no absolute confirmation of its color. That is to say asserting something is the way it is, without being able to assert what it is not, is a useless claim. Therefore, in order for any theory to be confirmed to be true, it must be shown how to both validate and falsify its claims. It is circular reasoning to be able to validate something, without saying how to falsify it, or vice versa. This is the nature of verification and falsification. Both must be clearly demonstrated in order for a theory to be confirmed to be true or false. Something can not be proven to be true without showing that it is not false, and something can not be proven to be not true, unless it can be proven to be false.

Unfortunately, Darwin never properly demonstrated how to falsify his theory, which means evolution has not properly been proven, since it has never been demonstrated what the evidence does not suggest. In the event that evolution is not true, there should be a clear and defined method of reasoning to prove such by demonstrating through evidence that one could not possibly make any alternative conclussions based on said evidence. It is for this reason we must be extremely skeptical of how the evidence has been used to support evolution for lack of proper method of falsification, especially when the actual evidence directly contradicts the theory. If it can be demonstrated how to properly falsify evolution, regardless if evolution is true or not, only then can evolution ever be proven or disproved.

It will now be demonstrated that Darwin never told us how to properly falsify evolution, which will also show why no one can claim to have disproved or proven the theory, until now. It must be able to be demonstrated that if evolution were false, how to go about proving that, and while Darwin indeed made a few statements on this issue, his statements were not adequate or honest. In order to show Darwin's own falsification ideas are inadequate, rather than discussing them and disproving them individually, all that needs to be done is demonstrate a proper falsification argument for evolution theory. That is to say if the following falsification is valid, and can not show evolution to be false, then evolution theory would be proven true by way of deductive reasoning. That is the essence of falsification; if it can be shown that something is not false, it must therefore be true.

So the following falsification method must be the perfect counter to Darwin's validation method, and would therefore prove evolution to be true in the event this falsification method can not show evolution to be false. As said before; if something is not false, it must therefore be true. This would confirm the accuracy of this falsification method, which all theories must have, and show that Darwin did not properly show how evolution could be falsified, in the event that evolution was not true. In order to show evolution is not false (thereby proving it to be true), we must be able to show how it would be false, if it were. Without being able to falsify evolution in this manner, you can not validate it either. If something can not be shown to be false, yet it is said to be true, this is circular reasoning, since you have no way of confirming this conclusion. Example; If we told a blind person our car is red, and they agreed we were telling the truth, the blind person could not tell another blind person accurate information regarding the true color of the car. While he has evidence that the car is red by way of personal testimony, he has no way of confirming if this is true or false, since he might have been lied to, regardless if he was or not.

So one must demonstrate a method to prove beyond any doubt that in the event that evolution is not true, it can be shown to be such. To say evolution is true, without a way to show it is false, means evolution has never been proven to be true. If evolution be true, and this method of falsification be valid, then by demonstrating the falsification method to be unable to disprove evolution, we would confirm evolution to be right. Alternatively, if the falsification method is valid and demonstrates that Darwin's validation method does not prove evolution, then evolution is false indeed.

Firstly, the hypothesis. If evolution is incorrect, then it can be demonstrated to be so by using both living and dead plants and animals. The following is the way to do so and the logical alternative to the theory. The fossil record can be used as well, but not as evolution theory would have us believe. In order to properly falsify something, all biases must be removed, since assuming something is correct without knowing how to prove its false is akin to the blind person who can not confirm the color of someones car. Since evolution has not correctly been shown how to be falsified, as will be demonstrated, we must be open to other possibilities by way of logic, and ultimately reject evolution by way of evidence, should the evidence lead us in such a direction.

If evolution be not true, the only explanation for the appearance of varied life on the planet is intelligent design. This would predict that all life since the initial creation has been in a state of entropy since their initial creation, which is the opposite of evolution. If this be true, then animals and plants are not increasing in genetic complexity or new traits as evolution theory would have us believe, but are in fact losing information. This would explain why humans no longer have room for their wisdom teeth and why the human appendix is decreasing in functionality. The only objection to this claim that evolution theory would propose is that evolution does not always increase the genetic complexity and traits of an organism, but rather, sometimes decreases them as well. This objection is only made because we have only ever actually observed entropy in living creatures, which suits the creation model far better than evolution, which shall be demonstrated.

If the creation model is true, we can make verifiable predictions that disprove evolution. For example; the creation model states that life was created diversified to begin with, with distinct "kinds" of animals, by a supernatural Creator that did not evolve Himself, but rather always existed. Without going into the debate on how such a being is possible to exist, it must be said that either everything came from nothing, or something always existed. To those who say the universe always existed; the claim of this hypothesis is that the Creator always existed, which is equally as viable for the previous logic.

In order to demonstrate that the Creator is responsible for life and created life diversified to begin with, the word "kind" must be defined. A kind is the original prototype of any ancestral line; that is to say if God created two lions, and two cheetahs, these are distinct kinds. In this scenario, these two cats do not share a common ancestor, as they were created separately, and therefore are not the same kind despite similar appearance and design. If this is the case, evolution theory is guilty of using homogeneous structures as evidence of common ancestry, and then using homogeneous structures to prove common ancestry; this is circular reasoning!

The idea of kinds is in direct contrast to evolution theory which says all cats share a common ancestor, which the creation model does not hold to be true. If evolution theory is true, the word kind is a superficial label that does not exist, because beyond our classifications, there would be no clear identifiable division among animals or plants, since all plants and animals would therefore share a common ancestor. The word kind can only be applied in the context of the creation model, but can not be dismissed as impossible due to the evolutionary bias, simply because evolution has not been properly validated nor can it be held to be true until it can correctly be shown to be impossible to falsify.

One must look at the evidence without bias and conclude based on contemporary evidence (not speculation) if indeed evolution is the cause of the diversity of species, or not. It must also been demonstrated if the clear and distinct species do or do not share a common ancestor with each other, regardless that they may appear to be of the same family or design. In order to verify this, all that needs to be done is to demonstrate that a lion and cheetah do or do not have a common ancestor; if it can be demonstrated that any animal or plant within a family (cats in this case) do not share a common ancestor with each other, this would disprove evolution immediately and prove supernatural creation of kinds.

However, since lions and cheetahs are both clearly of the same family or design, and can potentially interbreed, we must be careful not to overlook the possibility of a very recent common ancestor If such is the case, this does not exclude the possibility that the two are originally from two separate kinds that do not share a common ancestor previous to them having one. It is therefore necessary to build an ancestral history based on verifiable evidence (not homogeneous structures in the fossil record) that can clearly demonstrate where exactly the cheetah and the lion had a common ancestor. If no such common ancestor can be found and confirmed without bias, and this test is performed between two or more of any plant or animal life without ever finding anything to the contrary, we can confirm with certainty evolution did not happen, and that kinds do exist.

In the event that fossils are too elusive (compounded with the fact that they can not be used as evidence of common descent due to circular reasoning e.g. homogeneous structures), then there is a superior and far more effective way to falsify evolution. Evolution states by addition of new traits (new organs, new anatomy) that the first lifeforms increased in complexity and size by introduction of new traits, slowly increasing step by step to more complex life forms. Notice that the addition of such traits can not be attributed to the alteration of old ones, for obvious reasons, since detrimental or beneficial mutations are only alterations of already existing traits, and can not account for an increase in the number of traits any given life form possesses.

That means a bacteria becoming able to digest nylon is a mere mutation of already existing digestive capabilities, and can not be classified as an increase in traits. Evolution theory would predict that the process of gradual change and increase in traits is an ongoing process, and therefore should be observable in todays living animals and plants through new emerging traits that any given plant or animal did not possess in its ancestry. Those who say such changes take millions of years and can not be observed today only say so because no such trait has ever been observed to emerge or be in the process of emerging in contemporary history, which is what the creation model predicts. If evolution theory be true, we would expect that at least one animal or plant would contain a new trait or be in the process of growing such a triat over its known common ancestors (that is not simply a multiplication or alteration of a trait it already had).

At this point, the fossil record can not be used as evidence to prove that evolution can produce new traits due to the fact that two animals that appear to be of the same family (T-rex and Brontosaurus, dinosaurs), while they do indeed exhibit distinct trait differences, may not have a common ancestor, but rather were created differently with all their different traits. It is therefore of paramount importance to show a single instance of such an increase of traits exists within a provable ancestry (stress provable) in contemporary times, and not assume anything concerning where the traits in the fossil record owe their origin. If it can not be shown that any animal or plant living today (or very recently deceased) exhibits any trait variance that can clearly and thoroughly be proven to be a new addition over its (stress) provable ancestors, compounded with the reasoning that two similar animals (such as a penguin and a woodpecker) do not necessarily or provably share a common ancestor, then evolution is clearly absent entirely, and supernatural intelligent design and creation is thereby proven beyond all reasonable doubt.

In conclusion, should any two animals or plants within a family (a palm tree and a coconut tree) be proven to not share a common ancestor, or if no provable increase of traits can be demonstrated to be in its beginnings or actively present in the animals and plants living today over their provable ancestry, then The Bible is correct when it says God created all the animals and plants as distinct kinds with their traits to begin with. This is the only way to falsify evolution, and it is amazing (and convenient) that Darwin never encouraged people to attempt to falsify his theory in this manner.

Re:How to Falsify Evolution (4, Funny)

Anonymous Coward | more than 5 years ago | (#26303827)

Stop talking. Please. You're going to kill us all.

Re:How to Falsify Evolution (3, Funny)

Alarindris (1253418) | more than 5 years ago | (#26306009)

No! He needs to keep typing at 55 WPM to prevent the bomH9^%$^}NO CARRIER

Re:How to Falsify Evolution (3, Funny)

Slightly Askew (638918) | more than 5 years ago | (#26304227)

And being herded into endless Hotel Miramars and Bellvueses and Continentales with their modern international luxury roomettes and draught Red Barrel and swimming pools full of fat German businessmen pretending they're acrobats forming pyramids and frightening the children and barging into queues and if you're not at your table spot on seven you miss the bowl of Campbell's Cream of Mushroom soup, the first item on the menu of International Cuisine, and every Thursday night the hotel has a bloody cabaret in the bar, featuring a tiny emaciated dago with nine-inch hips and some bloated fat tart with her hair brylcreemed down and a big arse presenting Flamenco for Foreigners.

Re:How to Falsify Evolution (1)

jefu (53450) | more than 5 years ago | (#26304653)

Ah, for mod points for this.

Re:How to Falsify Evolution (3, Funny)

Anonymous Coward | more than 5 years ago | (#26304259)

Recommendation: more tinfoil, less coffee.

Re:How to Falsify Evolution (2, Funny)

Anonymous Coward | more than 5 years ago | (#26304287)

tldr

Re:How to Falsify Evolution (4, Insightful)

mlwmohawk (801821) | more than 5 years ago | (#26304923)

Because of your post, I think we need a "Billy Madison" moderation.

What you wrote wasn't flamebait or over rated, it was stupid.

"Mr. Madison, what you've just said is one of the most insanely idiotic things I have ever heard. At no point in your rambling, incoherent response were you even close to anything that could be considered a rational thought. Everyone in this room is now dumber for having listened to it. I award you no points, and may God have mercy on your soul."

Re:How to Falsify Evolution (1)

Wooloomooloo (902011) | more than 5 years ago | (#26305183)

Either that or a TL;DR moderation.

Re:How to Falsify Evolution (1)

mlwmohawk (801821) | more than 5 years ago | (#26305405)

Either that or a TL;DR moderation.

Unfortunately I did read it, he was trying to make a point and I was trying to give him the benefit of the doubt, but in the it was just trying.

Re:How to Falsify Evolution (1)

Dolphinzilla (199489) | more than 5 years ago | (#26305717)

inconceivable !!

Re:Sorry (1)

Subverted (1436551) | more than 5 years ago | (#26303797)

Indeed, but that is also something everyone has heard about... How about one involving the possibility of "Nemesis" [wikipedia.org] existing? I would even settle for an article about a look back at 2008 in viruses/malware...

Screw that (2, Insightful)

djupedal (584558) | more than 5 years ago | (#26303897)

...forget the 'un-. What say we start looking out for some of the thinkable, such as the cables that keep getting slashed in the Med, eh?

Only if it is an iVolcano. (4, Insightful)

khasim (1285) | more than 5 years ago | (#26303915)

From TFA:
e-bomb
Middle Eastern cybercartels

And so forth. Lots of technobabble, not much factual information.

BE AFRAID! (2, Insightful)

Anonymous Coward | more than 5 years ago | (#26304207)

Be very afraid!

Good.

Now I will lead you back to safety if you do whatever I say...

Re:Only if it is an iVolcano. (1)

twistah (194990) | more than 5 years ago | (#26304479)

What do you expect from DarkReading, especially when the quotes are coming from firms trying to sell their various cure-all security offerings?

"The Unthinkable" (4, Insightful)

Knara (9377) | more than 5 years ago | (#26303565)

Why is "human causalities as the result of cyberattack" supposedly unthinkable?

Re:"The Unthinkable" (5, Funny)

spazdor (902907) | more than 5 years ago | (#26303597)

I tried to formulate a response to your question but my mind just won't go there. I'm having trouble figuring out why.

Re:"The Unthinkable" (5, Funny)

SBrach (1073190) | more than 5 years ago | (#26303633)

Maybe you're already a casualty?

Re:"The Unthinkable" (4, Interesting)

betterunixthanunix (980855) | more than 5 years ago | (#26303691)

People often forget that many real world, physical system have internet connections, and therefore many people cannot even fathom the idea of a cyberattack resulting in human death. I read about a hack a few years ago that nearly resulting in a man being shot and killed by a SWAT team: somebody had spoofed the phone system and issued a call to 911 indicating that he was holding a family hostage, and the SWAT team arrived and very nearly shot the father in that house. The kid who executed the hack never even considered the possibility that a SWAT team with automatic weapons might actually fire their guns during the confusion (or so he said when he was arrested by the FBI). TFA indicates that a malware attack hit a UK hospital and shut down the computer systems, forcing doctors and nurses to search for paper records.

Re:"The Unthinkable" (2)

enharmonix (988983) | more than 5 years ago | (#26303707)

Why is "human causalities as the result of cyberattack" supposedly unthinkable?

It's unthinkable the way physically bombing a hospital is unthinkable. It doesn't mean somebody might not think to do it, just that you have to question the perpetrator's humanity if they were to actually go through with it.

Wiktionary definition: incapable of being believed; incredible; inconceivable or unimaginable; extremely improbable in a way that goes against common sense

(Of course, if you are using the same definition I am and are still asking that question, I believe that makes you a sociopath...)

Re:"The Unthinkable" (1)

ZygnuX (1365897) | more than 5 years ago | (#26303807)

But then again, cyberattacks are of a completely different nature than bombing a hospital.+Ã

The one danger of malware and viruses, is that they can really get out of hand. Call me alarmist, but i think there are more chances of critical equipment of an hospital causing deaths because of a malware attack that got out of hand (you really dont know how much USB thumbdrives get into places they shouldnt), than say a terrorist bombing the place a-là Joker.

PS: Why the hell is the preview function so goddamn slow!

Re:"The Unthinkable" (1)

enharmonix (988983) | more than 5 years ago | (#26304105)

But then again, cyberattacks are of a completely different nature than bombing a hospital.+Ã

Don't read too much into my original statement, now! My point was just to define how it was unthinkable, not to try to equate two very different kinds of attack.

The one danger of malware and viruses, is that they can really get out of hand. Call me alarmist, but i think there are more chances of critical equipment of an hospital causing deaths because of a malware attack that got out of hand (you really dont know how much USB thumbdrives get into places they shouldnt), than say a terrorist bombing the place a-là Joker.

This is a very realistic scenario, but I wouldn't consider it an attack; the word epidemic comes to mind. The idea of malware going haywire, though, is hardly "unthinkable," so I agree with you there.

Note that the article did describe exactly this scenario as an attack, so perhaps they have a different definition of "unthinkable" than I do.

PS: Why the hell is the preview function so goddamn slow!

I dunno, it's been acting up for me today, too.

Re:"The Unthinkable" (2, Funny)

plover (150551) | more than 5 years ago | (#26304333)

"He didn't fall? Inconceivable!"

"You keep using that word. I do not think it means what you think it means."

Re:"The Unthinkable" (2, Interesting)

Myrddin Wyllt (1188671) | more than 5 years ago | (#26304157)

It's unthinkable the way physically bombing a hospital is unthinkable. It doesn't mean somebody might not think to do it, just that you have to question the perpetrator's humanity if they were to actually go through with it.

How right you are. [guardian.co.uk]

Re:"The Unthinkable" (1)

jonbryce (703250) | more than 5 years ago | (#26304759)

Two things:

When you are sitting in front of a computer, there doesn't feel like much difference between playing a computer game and doing it for real

Secondly, I don't think the malware outbreak at the hospital was intentionally directed at the hospital. They try to infect as many people as possible and don't think that some of their victims might be hospitals.

Re:"The Unthinkable" (1)

Brandybuck (704397) | more than 5 years ago | (#26303717)

It's unthinkable because the IT industry as a whole seems incapable of comprehending the possibility of such an attack. Cities are installing muni-wifis without encryption, military branches are standardizing on Windows, commercial broadband routers/modems continue to be shipped with security off by default, etc.

Re:"The Unthinkable" (2, Insightful)

rev_sanchez (691443) | more than 5 years ago | (#26303813)

I'm pretty sure this is the plot for nearly every movie involving hackers. I'd say that it's overly thinkable.

Re:"The Unthinkable" (1)

Torodung (31985) | more than 5 years ago | (#26303895)

Because it has been proven beyond a shadow of doubt that the "cyberworld" literally can't impinge upon "real life."

There is a time-tested firewall (of lack of imagination) between the two. For instance: This message I've posted cannot affect "real life" in any way, shape, or form. ;^)

--
Toro

Re:"The Unthinkable" (1)

Thelasko (1196535) | more than 5 years ago | (#26303913)

Why is "human causalities as the result of cyberattack" supposedly unthinkable?

I think it should be [wikipedia.org] clear [wikipedia.org] by now that our government officials have never seen any of the Terminator [wikipedia.org] movies.

Re:"The Unthinkable" (1)

Thelasko (1196535) | more than 5 years ago | (#26304009)

I think it should be clear by now that our government officials have never seen any of the Terminator movies.

Even Governor Schwarzenegger?

Re:"The Unthinkable" (4, Funny)

SnarfASnack (1443633) | more than 5 years ago | (#26304205)

He's seen it, he just didn't get it.

Re:"The Unthinkable" (0)

Anonymous Coward | more than 5 years ago | (#26305033)

Nah, most actors don't watch the films they are in, else they would try to stop more of them from being released.

Re:"The Unthinkable" (1)

Sloppy (14984) | more than 5 years ago | (#26305651)

Perhaps it's a joke [dagonbytes.com] .

human casualties as a result of a cyberattack .. (3, Insightful)

rs232 (849320) | more than 5 years ago | (#26303631)

'Three U.K. hospitals were forced to shut down their networks last month after a malware outbreak infiltrated their systems .. Prince says he worries that eventually, human lives could be affected by a cyberattack like that of those hospitals or attacks on national infrastructures such as utilities. "It will happen at some point," he says'

Have these security professionals ever considered using computers that don't get malware ?

Anti-virus, Anti-phishing, Spyware [perimeterusa.com]

Re:human casualties as a result of a cyberattack . (2, Insightful)

TheRealMindChild (743925) | more than 5 years ago | (#26303819)

In the scheme of things, while windows malware (I assume this is what you speak of) is an easy vector, it isn't the only vector. Plain and simple fact is, not everyone who uses a computer is competent, even when they should be (The same goes for car mechanics, doctors, etc).

Here is a really easy way to root a few Unix(like) boxes. Scan for some FTP servers. Log in and spider the directories. Can you make a file that has the executable bit set? Great! Do some fingerprinting to figure out what OS it is (this may not be necessary), upload an executable, then run it. You will be surprised at what said process can now access.

Re:human casualties as a result of a cyberattack . (2, Insightful)

Anonymous Coward | more than 5 years ago | (#26304035)

Last time i checked FTP didn't have an EXEC method.

I'm guessing you mean pray it has a directory inside a website (then why bother fingerprinting the OS) or you have shell access which just brings up the question of why you bothered ftping a file in the first place your more than halfway there!!

Re:human casualties as a result of a cyberattack . (1)

Carnildo (712617) | more than 5 years ago | (#26304351)

then run it

This step is the hard part: I'm not aware of any FTP server that provides the ability to run arbitrary executables.

Re:human casualties as a result of a cyberattack . (2, Funny)

Anonymous Coward | more than 5 years ago | (#26304743)

  Here's a way to root a box:

  FTP a file to the box
  login as root
  run it

Re:human casualties as a result of a cyberattack . (1)

Nebu (566313) | more than 5 years ago | (#26305339)

Here's a way to root a box:

  1. FTP a file to the box
  2. login as root
  3. run it

We now know what the ever-mysterious step 2 (formally known only as "???") is!

Re:human casualties as a result of a cyberattack . (3, Insightful)

betterunixthanunix (980855) | more than 5 years ago | (#26303877)

That may not be as simple as it sounds. Sure, it is technologically feasible to lock down a computer system, but there are matters of money and politics to consider. Consider the expense of hiring a full time security team that can tune ACLs and security policies and monitor the hospital network for intrusions. Here in America, hospitals, especially public hospitals, often have to fight for every dollar just to afford medical equipment, and there is constant political wrangling about paying for healthcare. Investing millions of dollars per hospital to create a secure IT infrastructure is a difficult move to justify when you are engaged in a battle for money for other equipment, and a lot of people either do not understand or do not care about the risks patients face from IT failures.

There is also the matter of commercialization of healthcare software. Gone are the days when a hospital's IT staff would roll their own middle tier and front end systems -- healthcare software systems are now purchased from companies that "specialize" in such products. Those companies often market proprietary software, compile it for the world's most popular desktop OS, and send shrink-wrapped copies to hospitals. That software can force choices upon the hospital, like requiring a certain database that only runs on a certain server OS or preventing certain ACLs from being in place because of the manner in which the software utilizes system resources. It is neither malice nor incompetence, it is just a byproduct of the system we have in place for managing our healthcare centers.

Personally, I have never understood how utilities might wind up in a situation where their systems may be vulnerable to a malware attack. I would think that the critical systems in utilities would be offline and running some sort of highly application-specific software, but I could be wrong.

Re:human casualties as a result of a cyberattack . (1)

Don_dumb (927108) | more than 5 years ago | (#26305287)

Personally, I have never understood how utilities might wind up in a situation where their systems may be vulnerable to a malware attack. I would think that the critical systems in utilities would be offline and running some sort of highly application-specific software, but I could be wrong.

Even our (the UK's) national electricity grid (and supergrid) are administered remotely by control centres. A control centre monitors the monitoring stations and controls the various control switches around the country from afar. For this to happen everything has to be online. Although perhaps just not TCP/IP using the phone network, they still need to be online. However I must admit that the control software I saw was on Unix systems and only running the control software (apparently because it had to be real time).

Re:human casualties as a result of a cyberattack . (1)

mrphoton (1349555) | more than 5 years ago | (#26303987)

i.e. ones which don't run windows.......

Re:human casualties as a result of a cyberattack . (0)

Anonymous Coward | more than 5 years ago | (#26304023)

Those are all fallible. How about NOT CONNECTING CRITICAL SYSTEMS TO THE INTERNET? And if they have to receive information, force people to manually insert it.

Re:human casualties as a result of a cyberattack . (1)

Culture20 (968837) | more than 5 years ago | (#26304309)

I know a few medical doctors, including one who went through Computer Science undergraduate with me. They like their Microsoft products.

Re:human casualties as a result of a cyberattack . (0)

Anonymous Coward | more than 5 years ago | (#26304347)

What, like abacuses?

Re:human casualties as a result of a cyberattack . (3, Interesting)

Gordo_1 (256312) | more than 5 years ago | (#26304359)

It's not that simple. You forgot about embedded systems. For example, a few years ago as an employee of a security software company, I had a conversation with the head of IT at one of the largest healthcare providers in the U.S. The conversation went something like this (I'm paraphrasing):

Him: We have a had a heck of a time dealing with systems ping-ponging the Blaster worm at each other. Rebooting them fixes the problem temporarily, but eventually they just get reinfected.

Me: Sounds pretty straight forward, we can help you remove malware from infected systems.

Him: Well, a lot of our "Windows systems" are actually portable medical devices like kidney dialysis, heart monitors and life support machines running embedded Windows NT. They are built by the manufacturer with a particular software load and certified by the Department of Health. I can't change so much as a registry key on them or they will no longer be certified for use in a hospital.

Me: So let me get this straight, you're saying that you have life support systems that are infected with worms and you can't disinfect them because the procedure would make the life support system less safe than it is with active malware on it?

Him: Beyond rebooting and using external firewalls to block worm packets, my hands are tied so long as the system continues to perform its primary function.

Me: Have you considered just disconnecting them from the network?

Him: No can do. We need to monitor status and administer remotely.

Now, I'm not saying that this situation is still true today or even that it was representative of the state of the healthcare industry at the time, but I find it highly believable that a virus/malware/worm outbreak somewhere *has* had an impact on someone's life.

Re:human casualties as a result of a cyberattack . (3, Insightful)

segra (867730) | more than 5 years ago | (#26304869)

so who certified the malware ??

Re:human casualties as a result of a cyberattack . (0)

Anonymous Coward | more than 5 years ago | (#26305917)

Probably the same one who certified your sanity.

Re:human casualties as a result of a cyberattack . (1)

tekrat (242117) | more than 5 years ago | (#26305697)

That sounds like an absolutely plausible conversation. It's not an issue with malware, it's an issue of pointy-headed-bosses and sheer beaurocracy. The tech was right. If he changes ANYTHING on the embedded box, he'll be fired because the device will no longer be certified.

That's the way this stuff works. In a hospital, proper paperwork is more important than actually saving lives. That's why I have to laugh every time I watch "House" and that doctor does something that no hospital would allow him to do.

I know a vascular tech and he tells me the most amazing stories about how "procedures" actually get in the way of healthcare.

If he wants to get the malware removed, he'd have to send the device back to the manufacturer, they would wipe it and then recertify it, and send it back. He has no authority to change the system himself since he's incapable of recertifying it. The problem is, sending the unit back to have it cleaned of malware and recertified would probably take months.

Welcome to the health care system. Leave your logic at the door.

Re:human casualties as a result of a cyberattack . (0)

Anonymous Coward | more than 5 years ago | (#26305283)

Have these security professionals ever considered using computers that don't get malware ?

The One that REALLY has me scared... (4, Funny)

Cornwallis (1188489) | more than 5 years ago | (#26303655)

The new self-parking Ford to be powered by Microsoft Sync!

Re:The One that REALLY has me scared... (0)

Anonymous Coward | more than 5 years ago | (#26305235)

The Blue Screen of Death would finally be aptly named.

Another security threat is.... (2, Informative)

Seakip18 (1106315) | more than 5 years ago | (#26303677)

Reader's clicking on infected links because they're articles are so full of ads, they can't tell where the "Next Page" link is anymore.

My solution is thus. [darkreading.com]

I think the biggest threat is our own idiocy, rather than some ominous force.

The greatest threats to the internet (1)

dpilot (134227) | more than 5 years ago | (#26303679)

are government and corporate interests that don't like the "leveling" effects of the internet. In eventual effect, how different is a DDOS attack from a Great Firewall. (not necessarily "of China") I know DDOS and filtering have different immediate effects, but I'm thinking of the social and political utility here, as well.

YAWN........ (0)

Anonymous Coward | more than 5 years ago | (#26303683)

We've pretty much had it with all your full blown paranoia.

Power off, Move your *ss out and GO GET A LIFE!

Don't forget to look left and right for cybermonsters just before you get off the door.

Unlikely (5, Funny)

Crudely_Indecent (739699) | more than 5 years ago | (#26303689)

the unthinkable: human casualties as a result of a cyberattack.

My daughter tries to play this card. She says "If I can't get on myspace and talk to my friends, I'll just die." (She never dies)

Re:Unlikely (0)

Anonymous Coward | more than 5 years ago | (#26303865)

(She never dies)

Maybe she indirectly asks you to help her?

Re:Unlikely (0)

Anonymous Coward | more than 5 years ago | (#26303867)

Your daughter never dies!? Does she have a cool Egyptian sword or anything like that?

Re:Unlikely (0, Informative)

Anonymous Coward | more than 5 years ago | (#26304049)

Tell that to Megan Meier.

mod do3n (-1, Troll)

Anonymous Coward | more than 5 years ago | (#26303759)

Shouts To the project faces a set hooby. It was aal join in. It can be unpleasant

Sounds like a sales job to me. (3, Insightful)

Samschnooks (1415697) | more than 5 years ago | (#26303803)

One U.S. hospital was recently hit with a denial-of-service attack that knocked its critical services offline temporarily. "There have been several close calls" including that one, notes Perimeter eSecurity's Prince, who couldn't reveal details about the attack on the hospital. Prince says the hospital was able to deploy some redundant power sources to keep its operations going during the attack on its network. But Prince says he worries that eventually, human lives could be affected by a cyberattack like that of those hospitals or attacks on national infrastructures such as utilities. "It will happen at some point," he says.

Of course you do. Got to keep those customers coming in.

The hospital I'm familiar with has an internal LAN with the Life or Death systems on it. The Docs that have access to it go through their gateway. In other words, a DOS attack would keep folks from seeing the hospital's website that has their marketing stuff, job listings, location, etc... nothing that would kill anyone.

See, the IT folks there are actually pretty smart and read the security journals and some even come from defense contractors. Imagine that. This hyperbole is just a PR statement to get the suits and their lawyers all worked up to hire people like that for very large fees.

Re:Sounds like a sales job to me. (1)

betterunixthanunix (980855) | more than 5 years ago | (#26303971)

A malware attack on a hospital may very well affect life-or-death systems, if it is carried into the hospital on a USB key. Some doctor is reviewing patient records, brings it all home on his USB key for some reason, and brings that key back into the office -- now the malware is inside, on that internal LAN. It may not infect the life critical systems, but it may clog the network and prevent those hosts from communicating with whatever other systems they need to communicate with. My hope would be that those systems are on a separate LAN altogether from every other system, but I would doubt that the budget allowed for doubling up on LAN cabling like that.

Re:Sounds like a sales job to me. (2, Interesting)

plover (150551) | more than 5 years ago | (#26304543)

Actually, it probably wasn't as expensive as you might think. Hang Wi-Fi access points around the place and let those get to the "untrustworthy" network. Use the physical Ethernet jacks installed 10 years ago to access the critical network. Pile the rules into the routers to permit only the business ports to and from the business machines. And set IDS systems to keep watch for suspicious traffic there, too.

If data transfer to and from the critical network is a requirement, such as exchanging X-rays with a partner clinic or whatever, a bastion host would be the only way to pass data between them.

Then you can go after the desktops with physical access to the critical network, and make sure they're running an absolutely stripped down installation -- no USB ports, no autorun, no unneeded services, one-minute timeouts on screen saver activation, etc. If I were configuring them, I'd even remove Explorer as the shell, and restrict them to a custom menu of blessed applications.

It really just takes time, money, and planning, but it's doable. And it's something they can't afford to get wrong.

Oooh...a.... GATEWAY...That _must_ be secure then. (0)

Anonymous Coward | more than 5 years ago | (#26305119)

Layered security and defense in depth are good principles, but are no magic bullet.

Security is an ongoing process, a war that will never be won. The first battle in that war is complacency.

I'm glad your hospital's IT folks are smart. I hope they're smart enough to realise that they can't afford to maintain internal 24x7x365 expertise in network security and have retained some additional help.

Those aren't attacks (2)

PingXao (153057) | more than 5 years ago | (#26303811)

First and foremost they're someone's push to get a .gov contract. Second, the scenarios outlined represent sensationalized what-if's that, if they ever happened, would be just as much the responsibility of the people who got hacked. You just can't put things on the internet and expect them to be secure. You can't. If you do, you're an idiot and you deserve to lose your job, get sued, and even go to prison for monumental stupidity.

Need to stop treating computer crime as separate (3, Insightful)

Anonymous Coward | more than 5 years ago | (#26303831)

There is precious little new in this story, just a little present-day Nostradamus mixed in with a conspiracy theory, alarmism, and an admission that the enemies of the western world are not stupid and know how to use computers.

If we want to go beyond panic stories, we have to start treating such attacks, any attacks, as real crimes. That means FBI needs to get involved, and there must be a serious effort at apprehension. Once apprehended, those folks must be treated like criminals, that means orange jumpsuites (not three-piece suites) and long prison terms. This must be publicized.

As far as foreign threats, we need to work with local authorities. If those actitivites are conducted from within war zones, they need to be treated as enemy saboteurs and shot.

It's time to stop distinguishing between "computer crime" and regular crime. The consequences are the same, the victims are the same, the costs are the same. Therefore, the penalties must also be the same.

Re:Need to stop treating computer crime as separat (1)

hwyhobo (1420503) | more than 5 years ago | (#26303861)

Bloody hell. Why does /. sometime mark posts as Anonymous when I am clearly logged in? Anyway, the above "Need to stop treating computer crime as separate" post is by 'hwyhobo'. I don't waste my time posting anonymously.

Re:Need to stop treating computer crime as separat (0)

Anonymous Coward | more than 5 years ago | (#26304119)

just kidding, I love posting anonymously! It makes my balls all a-tingle.

signed, hwyhobo

Re:Need to stop treating computer crime as separat (0)

Anonymous Coward | more than 5 years ago | (#26304675)

I don't waste my time posting anonymously.

Neither do I.

Re:Need to stop treating computer crime as separat (0)

Anonymous Coward | more than 5 years ago | (#26305109)

Oh sure. Clearly this is your attempt to hijack AC's hard-earned and richly deserved +1 Insightful mod rating to claim for yourself, hwyhobo. SHAME! SHAME! Stealing from a poor AC, tsk. Why don't you go copy and reword some member's +5 Insightful comment to satisfy your lust for ill-gotten karma, and stop stealing from my AC brothers.

Karma hijacking from Anonymous Cowards must stop now!

Mytob? (2, Insightful)

jav1231 (539129) | more than 5 years ago | (#26303859)

Okay so Mytob shuts down a hospital. Frankly, hospitals and other public health entities shouldn't be running Windows. It's vulnerable and proven so time and again. Had they been on any *NIX-based system the spread of such a worm would have been mitigated.

I know, a tired old point but I'm frankly sick of hearing about government entities and public works entities being brought down because they've bought into the Windows-everywhere philosophy.

Re:Mytob? (1, Insightful)

Anonymous Coward | more than 5 years ago | (#26304057)

And I'm tired of lunix trolls claiming that everything open source is 100% secure out of the box with no configuration required. All unix based systems are completely invulnerable to every attack ever conceived huh? Fucking delusion morons.

Re:Mytob? (2, Insightful)

Lord Jester (88423) | more than 5 years ago | (#26304907)

It was not stated that it would be immune to attacks, rather the worm threat would be mitigating the threat of this worm.

Also, he did not say Linux, he said a *nix based system. Which, until NT, most systems in such entities were.

*nix based systems are not invulnerable, but it takes a lot more than a script-kiddie with a script generator to penetrate and subvert than in *nix based systems.

But, regardless of your OS predilection, you should be able to admit that Windows based systems have an extremely higher rate of penetration and subversion.

Re:Mytob? (2, Informative)

rev_sanchez (691443) | more than 5 years ago | (#26304059)

In modern health care IT systems you have multiple pieces of fairly complicated software generally coming from 1/2 a dozen vendors or so and a user population that is not that technically savvy but is familiar with Windows. Those vendors won't retool their software for market share that currently doesn't exist. It's easy to say that they should use something that isn't as susceptible to malware but that's the only part that's easy.

Re:Mytob? (1)

AngelofDeath-02 (550129) | more than 5 years ago | (#26305195)

Ok - so that Might spare it from being collateral damage of whatever the latest worm might be, but that does nothing to prevent the hospital from being compromised when targeted. Since such a change would likely be wide spread (To create sufficient demand for software customizations) you aren't even getting much more diversity than you get now ...

Re:Mytob? (1)

Spad (470073) | more than 5 years ago | (#26305855)

Correction, they were brought down because they had underfunded and/or under-qualified IT departments.

I know of 2 NHS trusts in my local area that were hit by worms (Blaster and Mytob); the former because they weren't running any edge firewalls - left alone internal ones - and believed that the NHS N3 network was secure (It really, really isn't) and the latter because they didn't check to make sure that their AV software was actually updating itself.

A lot of IT "departments" in the NHS are actually made up of one of two guys in a broom cupboard with £75 a year to spend on new kit. I'm lucky in that the NHS trust I'm contracting for at the moment has a Finance director who understands the importance of having a properly financed and staffed IT department, but most aren't that lucky.

Windows is really not an issue if you have a competent and well funded IT department to manage it, just as Linux can be an issue if you don't.

Use Macs and worry not (0, Funny)

Anonymous Coward | more than 5 years ago | (#26303919)

Easy fix. Move clients to OS X, a platform which is completely immune to these types of attacks.

Having an OS that is virtually 100% secure gives peace of mind.

Re:Use Macs and worry not (1)

jmauro (32523) | more than 5 years ago | (#26304567)

Well, until your hard drive fails [slashdot.org]

What is WITH the BGP issue? (1)

GPLDAN (732269) | more than 5 years ago | (#26303937)

Here is a quote from the article:

David Maynor, CTO with Errata Security, says '09 could be the year when the first large-scale and widespread attack occurs on the Internet's infrastructure. "I think with the [hacking] work being done on Cisco and routing gear in general we'll see the first wide-scale 'e-bomb' that will break peering between ISPs and make large portions of the Internet unreachable," Maynor says.

Obama's IT security plan (seen here: http://www.csis.org/media/csis/pubs/081208_securingcyberspace_44.pdf [csis.org] ) also spends several pages talking about a worldwide attack against BGP, or perhaps against something inherent in Cisco or Juniper gear that is attackable.

Other than the attack earlier this year where Pakistan accidently blackholed Youtube worldwide when they injected bogus routes and PCCI stupidly forwarded them on, what exactly do they think can be done? In case they don't know, BGP peers are usually in access lists. And ACLs are fast or ASIC switched, so they are extremely resistant to DDOS attacks (i.e. sending a bunch of packets against a router interface violating an ACL isn't going to do much to a big router), and the rest of BGP is pretty strong based on the trust relationships. I have more confidence in the operators on Nanog fixing any storm than I do sysadmins worldwide.

If they think BGPv5 with PKI is the answer, they have another thing coming. Did you see the root CA spoof this week? Trust via ACLs is monitored and refined with peers and operators, trust via a certificate? A mess waiting to happen.

It sounds to me like David Maynor is just looking to short some Cisco and Juniper stock, and doesn't know anything about how the internet actually works.

Re:What is WITH the BGP issue? (1)

IamTheRealMike (537420) | more than 5 years ago | (#26304525)

Yeah it's not well thought out. Why would the owner of a large botnet try and knock out peering when that'd just interfere with the flow of highly profitable spam?

Re:What is WITH the BGP issue? (1)

jonbryce (703250) | more than 5 years ago | (#26304877)

Perhaps as part of a blackmail threat? A while back, botnet owners were blackmailing gambling site owners into paying them money to prevent a DDOS attack on their servers.

Pathetic. (2, Informative)

fuzzyfuzzyfungus (1223518) | more than 5 years ago | (#26304021)

Even by the (low) standards of fear-mongering this is utter drivel. Pop-up blockers are an apocalyptic threat to the internet now?

classic transferance (1)

petes_PoV (912422) | more than 5 years ago | (#26304065)

This sounds like the "normal" threats that governments have been telling us all to be scared of for years. All this bunch have done is put an internet "spin" on them.
  • e-bombs? yeah - right
  • extremists: (yawn!)
  • economic downturn: puh-leeze
  • casualties: huh?

Now, I'm all for taking sensible precautions, such as keeping my wallet in an inside pocket and locking the house before going out. However, I refuse to be bullied into changing my lifestyle just in case the one-in-a-billion chance that something bad, but foreseeable, might just happen to me.

Even more, I resent other people, who can't tell the difference between the possible and the probable laying down all sorts of restrictions, with the force of law and punishment, on the pretext that "it's for my own good".

These guys are the biggest threat to the internet (and everything else) today. --- There, I feel better now.

Re:classic transferance (1)

plover (150551) | more than 5 years ago | (#26305533)

You're mixing physical threats with electronic threats, and not properly sorting out the risk differences between them.

Anything connected to a network can be "attacked" by another node on the network, if proper precautions aren't taken. On the bare Internet, malware attacks come knocking about once a minute as all the botnets come around probing for weaknesses. That's not a one-in-a-billion chance, it's a demonstrable fact. Sensible precautions there include firewalls, fully patched machines, intrusion detection systems, and laying down restrictions on people to not bring outside stuff inside the firewall. At least they're sensible to people who have to deal with these problems. But they probably seem like outlandish paranoia to Joe Sixpack, and they're expensive precautions in these days of reduced income. And inevitably, some hospital / clinic / fire station / public safety organization is going to fall down on the security job, and some sleazeball is going to take advantage of them, making headlines. It's an easy prediction to make: that one out of 11,000 hospitals will make a security mistake is not even a long shot.

Is malware going to lead to an increased incidence of adblocking? It's an interesting concept, and one worth considering if you're in the business, (even if you personally think the idea is far fetched.) Will extremists try targeting Western sites? They already are, they just suck at it today, and I seriously doubt they'll get any better (although I'd laugh if CNN.com came up demanding jihad against the West.) Will some global exploit really lead to a giant security hole? We already call it "spam" or "phishing", although it hasn't led to mass panic.

Same ppl that say Linux virus everywhere? (1)

WindBourne (631190) | more than 5 years ago | (#26304153)

It seems like for the last decade, that security ppl scream that Linux virus are everywhere. I am guessing that they are now screaming the same for new items.

Potential "kick in the ass" that we need? (1)

KovaaK (1347019) | more than 5 years ago | (#26304199)

Could an event like this be the potential kick in the ass that we need to receive to make people realize that security on the internet needs to be taken seriously? Think about how many credit card #'s are stolen/year, and how common it is to hear about identity theft. Despite this, little is being done to prevent these rampant crimes outside of gimmicky solutions that are little more than band-aids.

I almost feel like if something occurred and caught the attention of the news for a few days, it may make companies take security more seriously.

Re:Potential "kick in the ass" that we need? (0)

Anonymous Coward | more than 5 years ago | (#26304397)

It may not what we need. I'm sure some lawmakers have a draft of a bill somewhere ready for introduction that will further hamstring privacy, and its just waiting for a large event to occur.

I'm almost certain if a big attack does occur, you will see those drafted bills coming out to the floor of Congress to further force ISPs to log every single packet and its contents and said database would be able to be searched without warrants (similar to how DMCA takedowns don't require a judge.) End result would be honest citizens losing privacy and anonymity, but the true people who did the event would be completely unaffected, and would have more data they can use and sell when they break into the log servers and start doing queries, selling the juicy info (like selling logs of the fact that Joe Schmoe visiting pr0nsite.com in the wee morning hours to his wife.)

Of course, you will see other bills too, from forcing every connected computer to have some type of backdoor, to banning crypto unless it is done with a Clipper-like chip (with a backdoor for "lawful" access.)

Re:Potential "kick in the ass" that we need? (1)

KovaaK (1347019) | more than 5 years ago | (#26304695)

Hrm. I hadn't thought about the drafted bills thing, but that's a good point. I'll disagree with you on bills outlawing cryptography though - intelligent people would be able to argue too strongly against such measures.

Re:Potential "kick in the ass" that we need? (1)

plover (150551) | more than 5 years ago | (#26305585)

Hrm. I hadn't thought about the drafted bills thing, but that's a good point. I'll disagree with you on bills outlawing cryptography though - intelligent people would be able to argue too strongly against such measures.

Dude, reread what you just wrote. You seriously think intelligent discourse is going to sway votes in Congress? It's going to take a lot more than that: it's going to take some serious campaign donations or some other greased palms to avert a crisis of stupidity.

Cutting Cables (2, Insightful)

Jafar00 (673457) | more than 5 years ago | (#26304299)

I wanna know who keeps cutting the cables to Egypt and the rest of the Middle East. Talk about knocking out sections of infrastructure.

Re:Cutting Cables (1)

rubycodez (864176) | more than 5 years ago | (#26304639)

that's easy, most were done by anchors of willfully ignorant ship's crew. Quite common. Just think what someone with actual hostile intent could do with the nav charts those ships are supposed to be using.

Oh noes muslims with computers! (4, Insightful)

thetoadwarrior (1268702) | more than 5 years ago | (#26304587)

The biggest threat facing the internet in 2009 is pointless scaremongering laid out on more pages than it should be to get more ad revenue.

Anchors.... (2, Funny)

cbiltcliffe (186293) | more than 5 years ago | (#26304825)

They're mainly large-scale Internet threats â" attacks that knock out sections of the Internet infrastructure,

Otherwise known as "anchors".....

Yeah yeah you laugh now... (1)

ZarathustraDK (1291688) | more than 5 years ago | (#26305163)

...just wait until that terrorist with a load of Sony laptop-batteries strapped around his waist come calling in a populated area near you.

New Years Fool! (1)

redelm (54142) | more than 5 years ago | (#26305731)

It is as predictable as April Fools -- media content-fillers try to fill the newsvoid with non-news. The press is a giant maw that needs feeding daily. Nevermind the quality of the feed. Ink and photons must be sold on sched!

The web is _slightly_ kinder since it does not have press- or airtime deadlines. The hits just drop off. Yet electrons need to be sold too!

Ads (0)

Anonymous Coward | more than 5 years ago | (#26305979)

> Web attacks that adversely affect online ad revenue

Oh noes! Teh revenue.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>