Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Cyberterror Not Yet a Credible Threat, Says Policy Thinktank

timothy posted more than 4 years ago | from the got-to-be-right-all-the-time-though dept.

Security 165

Trailrunner7 writes "A new report by a Washington policy think tank dismisses out of hand the idea that terrorist groups are currently launching cyber attacks and says that the recent attacks against US and South Korean networks were not damaging enough to be considered serious incidents. The report, written by James Lewis of the Center for Strategic and International Studies, looks at cyberwar through the prism of the Korean attacks, and calls the idea that terrorists have attack capabilities and just aren't using them 'nonsensical.' 'A very rough estimate would say that there is a lag of three and eight years between the capabilities developed by advanced intelligence agencies and the capabilities available for purchase or rental in the cybercrime black market. The evidence for this is partial and anecdotal, but the trend has been consistent for more two decades,' Lewis writes."

cancel ×

165 comments

We need more first posts! (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#29867309)

lest the cyber terrorists win!

The net was designed to survive a nuke attack (0, Redundant)

phonewebcam (446772) | more than 4 years ago | (#29867311)

Lets hope it never gets tested!

Re:The net was designed to survive a nuke attack (1)

icebike (68054) | more than 4 years ago | (#29868267)

Is this the Same Think tank that George Bush used when he announced that Iran had discontinued its Nuclear enrichment program in 2003?

I mean eve if this is a head-fake, its a pretty dumb one.

bring back the pr0n! (0, Offtopic)

thhamm (764787) | more than 4 years ago | (#29867349)

cyberterror? someone posted something about 'What If They Turned Off the Internet? [slashdot.org] '. now that's a threat!
let me share somethin' special with you, which i call perry's perspective. [youtube.com] .

Re:bring back the pr0n! (5, Interesting)

sopssa (1498795) | more than 4 years ago | (#29867421)

Well I think this whole "cyberterror" idea is pretty funny. I even remember that back in 2000 in school we had to write about some article where they described "cyber attacks from China goverment". Has anyone actually proven that China as a goverment is doing those? It still seems like a myth. Considering world is filled with script kiddies, and China+India together have half of the population on Earth, it's not surprising that many percentage of them could be from there.

Another thing is that it's quite hard to launch such a catastrophic, large-scale attack against the internet. Yeah, you can cause some minor annoyance or accidentally route traffic elsewhere like what happened with YouTube for ~30 mins a few years ago, but those are quickly fixed when upstream ISP's responsible notice.

Also isn't terror's one meaning to cause, well, terror? What are you going to on the internet, put a scary picture on google.com (if you even could hack it - I bet there have been many that have tried)? It just doesn't sum up.

Re:bring back the pr0n! (0, Interesting)

Anonymous Coward | more than 4 years ago | (#29867541)

actually fear is easily caused online. you could do something virtual like download the entire customer database of some bank and put it up as a file on main page of google.com, you've just scared shitless the entire bank's customer base. or you could do something physical like hack google's data center, override all the security there, disable the cooling for servers, turn up all the processors to 100%, and watch as the entire server room exploded. or you could overload a nuclear power plant or something, the specifics dont really matter.
the point is that actions online are the same as actions in real life, except theres an extra layer of technology between you and the target.
terrorism has really redefined warfare in the sense that there's no more concrete enemy. therefore conventional tactics don't work against terrorists. you can't, for instance, go to some country and kill people and expect that to stop terrorism. there's really no simple solution, but what you have to do to combat terrorism is to figure out why the terrorism is happening, and try to fix that. every action has a stimulus, and if you dug deep enough, you could figure out what the initial stimulus for the terrorist was.

Re:bring back the pr0n! (1)

Penguinisto (415985) | more than 4 years ago | (#29867547)

A lot of it depends on what's being attacked, and how.

A concerted effort to blow up / corrupt / poison the DNS root servers? Could be considered as something to worry about. A DDoS against any IP belonging to $targetNation, or even just all major banks belonging to $targetNation? Probably not as much (mostly due to the sheer size of the target, the bandwidth soaking that doing so would require, etc).

Re:bring back the pr0n! (4, Insightful)

sopssa (1498795) | more than 4 years ago | (#29867571)

But if we consider that usually terrorism tries to get some point across (with inhuman ways) and get people to hear them, causing disturbance for the Internet would be quite stupid, as it's actually the first worldwide medium to get your word across without goverment control like with radio and tv. Terrorism doesn't do terror just for the fun of it, but there's always some reasoning behind it - sometimes rational, sometimes more irrational. However script kiddies do it just for the fun of it, to gain that small time period of fame for randomly hacking something.

Re:bring back the pr0n! (4, Insightful)

uuddlrlrab (1617237) | more than 4 years ago | (#29868389)

I think you're hitting the nail on the head with your post. Bothering Google, or various other sites, even if it's for a day or two, would likely cause nothing more than a lot of annoyed muttering and sighs. However, there are still some things to consider.
As you say, the main goal of terror groups will be to intimidate and cause widespread panic and lasting fear. Now, how that's done depends largely on the environment. If we're talking domestically, e.g. in the US, and I'm going to assume we are, the greatest threats online IMHO are things like identity theft, financial fraud (they're always looking to fund their activities), target profiling, and causing temporary disruptions of service (power, emergency services, telecom, transportation, etc) just before an attack. Those are all places where vulnerabilities are definitely present, and where we could and should definitely make changes for the better. Such a glib assessment that there is no threat smacks of the same arrogance/ignorance that led a certain ship to be called "unsinkable."

Re:bring back the pr0n! (1)

graffitirock (1481313) | more than 4 years ago | (#29868463)

% echo $targetNation
Nepal

Why, man?

Re:bring back the pr0n! (4, Insightful)

MichaelSmith (789609) | more than 4 years ago | (#29867555)

A guy I work with likes to point out that we always protect against the last terrorist attack, not the next one. You have listed a bunch of things which probably won't work and are not a concern. We should try to think about the things which we are outside our idea of the scope of terrorist operations. Prior to 911 we didn't consider suicide hijackings to be a threat.

Creative thinking ahead (4, Interesting)

HomelessInLaJolla (1026842) | more than 4 years ago | (#29867645)

Once you start down that route then your hypothetical ideas go three places: people who do not care, government investigative agencies, and actual terrorist groups.

The people who don't really care are probably the people with which you discuss these things.

The government investigative agencies, depending upon the quality of your hypothetical ideas, may begin to monitor or make inquiries about you. Many people are not comfortable with vague gray fuzzy inquiries from vague gray fuzzy characters. Look for the conditions in your workplace and the public places which you frequent to become more and more odd, discomforting, or passively hostile. Additionally, once investigative agencies begin to take notice of you because of your hypothetical musings you may find that the number of speeding tickets you receive goes up, or applications/resumes for employment are ignored or denied with vague and meaningless responses, or applications for apartment or condo rentals are similarly ignored or denied with vague and meaningless responses. Consider that paranoia does not begin with full light of black helicopters and an entourage or marked police cars. It begins with vague fuzzy gray inquiries made to your HR department, your bank manager, your insurance company, the local police department, your ISPs cybercrime response department, etc. Those things add up to create a negative stress in your life.

If actual terrorist groups take notice of your musings then they might adapt your ideas and act on them. If you have been covertly monitored, as above, you may become the object of deeper and harsher scrutiny.

Unless you are deliberately and specifically sanctioned by the government and on someone's official payroll then being brilliant, creative, and novel is not welcome in today's society of thought police and preemptive military invasion. Iraq had some things that US leaders were uncomfortable with, therefore they deserve to be invaded. A particular citizen has ideas or musings which the local chamber of commerce members are uncomfortable with, therefore they deserve to lose their job, their home, and be forced to leave town.

It all follows along perfectly from having a big brother government with unlimited financial resource and unchecked under-the-table influence.

Re:Creative thinking ahead (1)

xenn (148389) | more than 4 years ago | (#29868003)

Hmm. Your ideas are intriguing to me and I wish to subscribe to your newsletter.

Re:bring back the pr0n! (1)

Jah-Wren Ryel (80510) | more than 4 years ago | (#29867703)

We should try to think about the things which we are outside our idea of the scope of terrorist operations. Prior to 911 we didn't consider suicide hijackings to be a threat.

I disagree. While it may be entertaining to worry about new and innovative ways to cause mass hysteria and panic, we should only give minor attention to potential attacks because, frankly, the field is so wide open that we could spend all our money and not protect us from 1% of it.

For example, even if we had taken suicide hijackers seriously before 911, what would we have done about it? Even after 911 99% of the effort is a total waste - the only useful measures taken have been reinforcing the cockpit doors, everything else has been a huge waste of money. Would we have been smart enough to do the cockpit doors before 911? Maybe, or maybe we would have spent the money somewhere else in that 99% of useless crap.

I think that attention and money should be spent primarily on making society robust, so that for any kind of failure, we can recover from it fairly quickly. Making sure first responders are well trained and well equipped with good communications ability is probably the best place to spend money because it covers almost all bases. Considering that acts of nature/god are orders of magnitude more frequent than acts of terrorism we get the added bonus of having our money spent on resources that make a difference in the both rare and the common case.

After first responders I think the best place to spend money is in the design phases of public systems, a stronger emphasis on fault tolerance and flexibility - in other words, simply good engineering. Sure, part of that design work should include considering concerted attacks, but we should assume that eventually an attack will succeed and then the question becomes "what are we going to do about it?" Some remote attack that causes a nuke power plant to shut down, or a generator to burn itself out is going to have the same consequences as any other reason for those events to occur for like an earthquake or even operator error. So the bulk of the engineering needs to go into efficiently recovering from those kinds of events regardless of cause - better failsafes and more redundancy for example.

Re:bring back the pr0n! (2, Informative)

maxume (22995) | more than 4 years ago | (#29868079)

Not to belabor the point, as he is already rather overexposed, but Bruce Schneier repeatedly makes the point that funding good investigative police work is also an effective measure (because it is often the case that the bad guys are making mistakes, regardless of the particular vector they have chosen to focus on).

Re:bring back the pr0n! (3, Interesting)

demachina (71715) | more than 4 years ago | (#29867597)

"What are you going to on the internet,"

The classic examples are hacking in to the computers that control the power grid(s) and causing a widespread blackout, taking down the air traffic control system, opening flood gates on a dam, or causing a wide spread phone/cell phone outage. Its open to debate how feasible these are but they are certainly plausible and the systems involved may all interact with the Internet now in one form or another.

I find this statement amusing to no end:

"A very rough estimate would say that there is a lag of three and eight years between the capabilities developed by advanced intelligence agencies and the capabilities available for purchase or rental in the cybercrime black market."

It basically implies that advanced intelligence agencies are years ahead in developing the tools for Cyberterrorism. If that were actually true, which I doubt, then why wouldn't you still be "afraid" some advanced intelligence agency will launch a cyber terror attack, or is this submission implying that just because a nation state does it, its not terrorism?

Re:bring back the pr0n! (1)

sopssa (1498795) | more than 4 years ago | (#29867639)

The classic examples are hacking in to the computers that control the power grid(s) and causing a widespread blackout, taking down the air traffic control system, opening flood gates on a dam, or causing a wide spread phone/cell phone outage.

Except the last one, I dont think those systems should be running on the internet anyway. Even if some terrorist group isn't going to hit them, some script kiddie will.

Re:bring back the pr0n! (2, Interesting)

demachina (71715) | more than 4 years ago | (#29867977)

Air traffic control and power grids are inherently networked operations. You need to transfer planes from one control center to another, and to report loads or faults on the grid to various control centers, or turn generators on and off to balance load across wide areas. Only way you wouldn't have these functions on the Internet is if you go back to using phones to call people which is brutally inefficient and error prone. One hopes these networks are very secure VPN's but who knows.

Not sure if big dams have their flood gates under computer control but I know for a fact some smaller ones have some gates under computer control, especially ones with irrigation canals hooked to them.

Re:bring back the pr0n! (2, Insightful)

maxume (22995) | more than 4 years ago | (#29868097)

'only' is a pretty strong word in that particular statement. For instance, imagine if someone ran a network very similar to the internet, except for all of the pesky public access.

Re:bring back the pr0n! (1)

demachina (71715) | more than 4 years ago | (#29868211)

Building an isolated network covering the entire nation is very expensive. Just about all network activity is running over the same backbone. I think by saying virtual private network I was saying what you are saying. But, when you have hundreds of thousands of computers on a private network its exceptionally easy for someone to hang one of them on their LAN too and open the whole thing up to the Internet. If completely private networks were so easy I don't think you would read so many stories of defense contractors and the military getting hacked and losing huge quantities of sensitive, though not highly classifed, weapons design information.

Re:bring back the pr0n! (1)

maxume (22995) | more than 4 years ago | (#29868229)

No, I was merely sniping at your overly categorical statement. It may well be that the internet is far more economic than the alternatives, but it certainly doesn't preclude them.

(The problem with using intrusions as an argument about the problems of running a private network is that the companies in question don't seem to face any consequences for the intrusions, so they have little or no incentive to actually work to prevent them...)

Re:bring back the pr0n! (1)

Runaway1956 (1322357) | more than 4 years ago | (#29867601)

"Also isn't terror's one meaning to cause, well, terror? What are you going to on the internet, put a scary picture on google.com (if you even could hack it - I bet there have been many that have tried)? It just doesn't sum up."

A list of possible targets:
banking transactions being disrupted tends to terrorize people with money
taking down the power grid can be scary
disrupting mass transit can be scary
actually causing crashes of mass transit would be outright terroristic
publishing false news stories ranks somewhere between scary and terroristic
disrupting news services is at least mildly scary
disrupting or taking over Department of Defense networks can contribute to terror
actually STEALING Department of Defense secrets is REALLY scary
disrupting critical health care services - hospitals primarily, ambulances secondarily
disrupting police communications

While there aren't many ways to actually kill people with the intartubez, the potential for terror does exist. I've probably not exhausted all the means to spread confusion and/or terror - but those should be enough to cause concern.

Re:bring back the pr0n! (1)

dkf (304284) | more than 4 years ago | (#29867779)

A list of possible targets:

Get real...

banking transactions being disrupted tends to terrorize people with money

Terrorizing bankers? That's likely to win them a medal from everyone else...

disrupting mass transit can be scary

Except the safety-critical parts of mass transit systems are designed to fail safe. Disrupt them and all you get is a bunch of cross people on a stopped train; hardly terror.

actually causing crashes of mass transit would be outright terroristic

And also highly unlikely.

publishing false news stories ranks somewhere between scary and terroristic

Quick everyone! We've got to arrest the "journalists" at Fox News as terrorists!

disrupting news services is at least mildly scary

But disrupting all news sources is really difficult because they are a diverse bunch.

disrupting or taking over Department of Defense networks can contribute to terror

Are we talking about delaying the email of low-level folks (a way to boost productivity) or impacting a secure network? The DOD doesn't mix the internet with the properly secured stuff.

actually STEALING Department of Defense secrets is REALLY scary

And they take measures to try to prevent that, yes? That's why they have real counter-intelligence people.

disrupting critical health care services - hospitals primarily, ambulances secondarily
disrupting police communications

But emergency response doesn't go over the internet. There's just too many ways it can go wrong when it matters, even without malicious "hacker terrorists" in the mix. Non-emergency communications can usually wait, or switch to other channels (e.g., sending invoices by post).

Mostly disrupting the net means that people communicate more slowly (often not a disaster) or stops them goofing off on youtube at work; a lack of such things doesn't contribute to terror, but rather to boredom and irritation.

"How goes the great cyberterror attack?"
"Excellent! We've raised their productivity by 15% and encouraged a renaissance in the writing of letters!"
"Any actual terror?"
"Well... no. But we've made a vast number of middle manager put down their blackberries in frustration. That's got to count for something, yes?"

To be fair, you do have at least one reasonable point in your list (which I've broken out of your original order):

taking down the power grid can be scary

And apparently some power suppliers and grid operators are very exposed this way; this is Bad and needs to be fixed. (There's also what happens if a Smart Grid is implemented with lots of people being small providers of power at some times of the way through, say, solar or wind power. That's where things become a headache, because it will be really hard to make that many people properly secure their systems...)

Re:bring back the pr0n! (1)

Monsuco (998964) | more than 4 years ago | (#29868495)

To reply to two people at once

Terrorizing bankers? That's likely to win them a medal from everyone else...

Yes, I would sure love the person who stole my 401K.

publishing false news stories ranks somewhere between scary and terroristic

Gasp your right. In that case all bloggers should be shot. Markos Moulitsas should be shot twice, or at the very least made into even more of a laughing stock then he already is. All readers of blogs are guilty of aiding the enemy and should be punished by being forced to move out of their parent's basement.

actually STEALING Department of Defense secrets is REALLY scary

That's more cyber-spying than cyber-terror. That being said the NSA and CIA spend millions here.

Re:bring back the pr0n! (1)

Dorsai65 (804760) | more than 4 years ago | (#29868575)

Terrorising banks: Sure, no biggie -- right up until it happens for the eleventy-seventh time this year at YOUR bank, and you can't use your ATM/debit card/credit card...

Disrupting transit: Similar to above, but add in the perceived risk of actual physical harm.

Deliberately wrecking transit: "Highly unlikely"... like, say, crunching an airplane into a building on purpose?

Publishing false stories: Good thing bogus stories don't get spread by word of mouth as rumors...

Disrupting news sources: Unless, of course, one (or more) of them happens to be one you've come to use.

Penetrating Govt systems: Maybe not DoD, but how about something less "critical", like all the HEW records going into the bitbucket? Or hurricane predictions at the start of the season?

Actually GETTING secret govt data: Trusting soul, aren't you? What if Tim McVeigh and buddies had known where to steal some radioactive trash to add to their ANFO bomb?

Health services, et al: a hospital in England had to shut down for a while just from getting the Conficker worm; how much worse if somebody started screwing with meds? On a wide-spread basis? Or even just Operating Room scheduling, or billing? Hell, just patient admissions records?

Power grid: Hell with taking it down -- how about just borking it with unscheduled rolling brownouts, overvoltages, intermittently tripping random control relays, and so forth? Or just pushing supplies to borderline with a DDoS against the CoOps and the like?

Telecom systems: How happy would YOU be with a phone system that intermittently connected you to someone OTHER than the person you called? Or cell towers that randomly went out of service for varying periods of time? And if neither the phone company NOR the government or law enforcement could do anything about it?

TFA said that cyberterrorism isn't a credible threat yet -- which implies that it IS some threat, now. Me, I'm hoping they're not just whistling in the dark...

Re:bring back the pr0n! (1)

darthwader (130012) | more than 4 years ago | (#29867835)

I disagree. None of those situations you describe are terrifying. They are annoying. Disrupting the banking system means people don't get access to their assets for days or even weeks until it's straightened out. But it is eventually straightened out, and rational people know that. They also know that losing their money is not the same as literally losing an arm and a leg (as happens when you stand too close to an exploding bomb).

Even things like shutting down power or communications can cause deaths, but they are secondary deaths (e.g. people freeze to death because of no power, or preventable deaths happen because first responders didn't get there in time), and that just doesn't have the same emotional impact.

Causing crashes of mass transit is the only situation you described which I think qualify as terrorism, since it involves blood, gore, flames and people who are obviously and undeniably dead because of this action.

The thing we forget is that terrorism is NOT about killing the maximum number of people. It is about terrifying people so much that they lose all hope and stop wanting to fight back. Annoying people (even if it does cause some deaths) makes people want to fight more, and thus goes against the purpose.

Re:bring back the pr0n! (0)

Anonymous Coward | more than 4 years ago | (#29868445)

Disrupting the banking system means people don't get access to their assets for days or even weeks until it's straightened out.

So I'll be able to send you invoices for all my missed mortgage, utility and other bills when I can't get to my accounts?

Banks will always have ways to get money moved for their own purposes, but who cares if I miss payments. Just the penalties and hits on my credit score could be devastating if I'm already on the edge.

We're often told to keep a reasonable stash of cash at home in case the banks are unavailable. But even that is useless if the electric pump at the gas station is out and the electric cash registers at the grocery stores don't operate. Even if the cash drawer can be opened (and it likely can so cash can be put in a safe), no store will let their clerks run on paper. First off, without the computer, no one would know what the prices are. And no owner will trust kids to correctly add up a bill and make change.

Re:bring back the pr0n! (4, Interesting)

Anonymous Coward | more than 4 years ago | (#29867615)

Having worked for three letter agencies, let me say that yes, China is engaged in this activity. Certainly the Russians, French, US, British, and any other country with a foreign intelligence service. In China's case, it's very hard to officially link it to the government because the PLA owns so many companies in the country they can have one of those entities engage in the action with plausible deniability.

As far as it not being a "real" threat, I'd ask the Estonians what they think about that....

Re:bring back the pr0n! (1)

gmhowell (26755) | more than 4 years ago | (#29867723)

And your post gets today's award for being a truffle amongst the shit that makes up slashdot.

Re:bring back the pr0n! (1)

smoker2 (750216) | more than 4 years ago | (#29868343)

Having worked for three letter agencies, let me say that yes, China is engaged in this activity

PLO, IRA and ETA ?

This is digg, not slashdot (1, Interesting)

Anonymous Coward | more than 4 years ago | (#29868637)

This is digg, not slashdot. Facts are not welcome here. Yes, I work for another such agency. Yup, we've even seen hostile code in silicon. The chinese are a real threat.

Re:bring back the pr0n! (0)

Anonymous Coward | more than 4 years ago | (#29867693)

Wow, I'm kind of amazed at people being so casual given the history of individual hackers doing damage back in the days before security got semi tight. Exploits are found everyday. Cyber terrorism would be fairly cheap so the thought that no governments are pursuing it including ours is pretty naive. How expensive would it to be to outfit a hundred college students with computers and internet connections just to see what is possible? The CIA spends more than that on coffee. The terrorist have been using web sites already for years to get information out. Can they launch a major attack? Probably not but the Chinese likely can and there have been suspect events. Assuming the terrorist are ignoring the internet is bizarre. Our best defense has been how few actual terrorists there are and that they aren't exactly rocket scientists. Will they one day have the capability? I'd say it's a 100% like them eventually getting a nuclear weapon. We've got to stop attacking countries because of "possible" terrorist ties but we can't ignore likely scenarios simply because they haven't happened yet. Just one talented hacker siding with the terrorists could do a lot of damage. Is it possible to take the whole web itself down? I've heard both sides and I'm not convinced by either so I assume it's probably possible with enough preparation and resources. The simplest attack is just overloading the web. Can't be done? Nothing is infinite.

Re:bring back the pr0n! (0)

Anonymous Coward | more than 4 years ago | (#29867719)

Don't confuse "Cyberterrorism" with information warfare which is something that is really truly studied and implemented efficiently by the Chinese, Korean, Israeli, Russian militaries, with the US only now catching up. Terrorists blow things up for graphic shock value and because they believe in martyrdom, something computer hackers would (usually) be philosophically opposed to. On the other hand, computer hacking and military tactics go hand in hand: objective, resources, recon, planning, execution, extraction, and so on.

Also, don't confuse large scale attacks against "The Internet" with anything resembling cyberwar, which is something that involves discrete targets, objectives, and so forth. Cyberwar exercises performed by the US just this year showed it was possible to blow up electrical generators remotely via network attack. Imagine this on a large scale and you can easily see the possibility for real human/financial loss due to information-based attacks, especially against the US critical infrastructure which is well known for using lax security measures in its computer networking.

Re:bring back the pr0n! (2, Interesting)

iamsolidsnk (862065) | more than 4 years ago | (#29867731)

Terrorism is meant to cause terror while performing everyday activities or a general sense of fear and paranoia in the general population. General public != internet-using public, and I find it hard to believe that any type of act committed in cyberspace would cause such feelings in any average internet-using person. Until cyber-activity gets to a point where such activity causes personal harm, whether psychologically or physically, I would say the term cyber-terrorism has no relevancy to the general public.

Re: (0)

Anonymous Coward | more than 4 years ago | (#29868083)

you simply dont understand.

Re:bring back the pr0n! (1)

blueg3 (192743) | more than 4 years ago | (#29868197)

Another thing is that it's quite hard to launch such a catastrophic, large-scale attack against the internet.

That's not the attack of interest.

Also isn't terror's one meaning to cause, well, terror? What are you going to on the internet, put a scary picture on google.com (if you even could hack it - I bet there have been many that have tried)? It just doesn't sum up.

While stealing, destroying, or maliciously altering important data -- financial or medical records, for example, or military technology -- are interesting attacks, most of the interesting cyberterrorism scenarios involve disabling or damaging non-Internet infrastructure, such as power generation.

Re:bring back the pr0n! (3, Funny)

Monsuco (998964) | more than 4 years ago | (#29868303)

Also isn't terror's one meaning to cause, well, terror? What are you going to on the internet, put a scary picture on google.com

You have gravely underestimated the power of goatse.

Re:bring back the pr0n! (1)

Herkum01 (592704) | more than 4 years ago | (#29868657)

Yeah, well what if they take away all your internet games [slashdot.org] , that would be something to be scared about.

"not yet credible" (0)

Anonymous Coward | more than 4 years ago | (#29867363)

You haven't seen the amount of probing foreign governments do to our defense networks. I'm amazed DoD networks function at all. The bulk of the attacks are, of course, script kiddies worldwide. However many national governments are putting very brilliant work into attacking our networks. Right now the focus is on extracting data, but given the compromised silicon I've seen, anything is possible.

anon for a reason.

Re:"not yet credible" (4, Interesting)

siddesu (698447) | more than 4 years ago | (#29867459)

I am not worried about some scary foreign governments.

I am worried by something I really suffer from -- a permanent attack going on 24 hours a day, 7 days a week, 365 days in a normal year, 366 in a leap year, indistinguishable in nature from this "cyber-terror" scare talk, except it is real and harmful.

For no other recourse, I participate in a complex voluntary international network, and employ significant resources internally to mitigate this cyber attack. And all I can do is keep some part of it away, barely. Sometimes I suffer from the complexities of this very same mitigation system, when my services are denied by mistake.

And the governments, who btw also suffer from it, just keep tolerating it.

What I am talking about is called spam, and with the government of the largest spamming country being a bit more pro-active, it would decrease significantly. But the government does nothing, spending money on bullshit, instead of focusing on real problems.

My guess is, solving real problems is hard, and because of that less money are left for graft, so the interest of the politicians in solving them is significantly lower.

Re:"not yet credible" (1)

demachina (71715) | more than 4 years ago | (#29867621)

Maybe you should just try switching to GMail. They seem to have completely beaten spam, at least I sure never get any since I switched.

Re:"not yet credible" (0)

Anonymous Coward | more than 4 years ago | (#29867815)

Maybe they should, maybe they shouldn't. What has that to do with GP's topic of government doing shit to prevent it from happening?

Re:"not yet credible" (1)

demachina (71715) | more than 4 years ago | (#29867941)

What exactly are you proposing "government" do about it. Even if the U.S. "government" did something about it that leaves about a hundred other countries where it can originate. Its kind of sad when people want the nanny state to solve all their problems for them. Like I said Google solved the problem so there is no reason any other big email service can't, and if you are an admin running your own email server and you can't solve it then that is probably the most compelling argument I've heard for moving your email to the cloud.

Re:"not yet credible" (2, Insightful)

siddesu (698447) | more than 4 years ago | (#29868235)

Google (or anybody) hasn't solved any spam problem, they keep doing what I do - spend money/resources to filter it on the server side. Everyone else who is running an email server does the same. The effort and resources are still wasted, whether the clueless lusers see it or not.

The "government" (especially that of the US, which is still the top spammer, accounting for more spam than the next 9 in the top list) can do many things -- like hitting the spammers and their customers hard, and press other governments to the same. They do it very well for a lot of things (including "intellectual property" rights) already.

Instead, we see large budgets spent on "cyber terror", tons of spam, and people with their heads up in the cloud, or darker places.

Re:"not yet credible" (0)

Anonymous Coward | more than 4 years ago | (#29868323)

Rubbish.

Now that it's common knowledge that Google filters spam with a near 100% success rate, how many spammers do you think still waste their time and resources trying to send additional spam that will never get through? It's not exactly rocket science for spammers to filter all the gmail addresses from their list to focus on their remaining genuine addresses.

Result - google has far less spam to bother with compared to other email providers, and their server side money/resources can be reduced accordingly.

Now what happens if everybody gets as good as google? Spam is dead, there would be no economic incentive to carry on producing it.

Re:"not yet credible" (1)

siddesu (698447) | more than 4 years ago | (#29868383)

You post assumptions you pulled out of your ass, but that doesn't mean real world works the way you think it does.

Here is a post to get you started, from the horse's mouth. This is for their "enterprise" filtering system, there are links for the gmail one as well. Notice how "total volume of spam" they get keeps increasing, just like everyone else's.

Your perspective is the luser perspective, you're content with a problem as long as you don't see it.

Re:"not yet credible" (1)

mister_playboy (1474163) | more than 4 years ago | (#29868397)

I am not worried about some scary foreign governments.

I am worried by something I really suffer from -- a permanent attack going on 24 hours a day, 7 days a week, 365 days in a normal year, 366 in a leap year, indistinguishable in nature from this "cyber-terror" scare talk, except it is real and harmful

I actually thought you were going to say "the erosion of our civil liberties in the name of fighting terrorism".

Re:"not yet credible" (1)

Monsuco (998964) | more than 4 years ago | (#29868419)

What I am talking about is called spam, and with the government of the largest spamming country being a bit more pro-active, it would decrease significantly. But the government does nothing, spending money on bullshit, instead of focusing on real problems.

Dude, we are in the middle of 2 wars, facing nuclear threats from Iran and North Korea, in a deep recession, facing constant terrorist threats, and facing the eventual collapse of Social Security and Medicare threatening everyone's retirement future. I suspect this is a much bigger problem then messages in your inbox saying "EnL@Rge y0r P3n1$".

Re:"not yet credible" (0)

Anonymous Coward | more than 4 years ago | (#29868541)

You're facing nuclear threats from Iran and North Korea? You're delusional, my friend, better see a doctor or something.

I shirley hope you can pay for it.

Re:"not yet credible" (1)

AllynM (600515) | more than 4 years ago | (#29868565)

Did said think tank read this?

http://www.foreignaffairs.com/articles/65499/wesley-k-clark-and-peter-l-levin/securing-the-information-highway [foreignaffairs.com]

This little tidbit is available in the full version of the article text:

In 1982, a three-kiloton explosion tore apart a natural gas pipeline in Siberia; the detonation was so large it was visible from outer space. Two decades later, the New York Times columnist William Safire reported that the blast was caused by a cyber-operation planned and executed by the CIA. Safire's insider sources claimed that the United States carefully placed faulty chips and tainted software into the Soviet supply chain, causing the chips to fail in the field. More recently, unconfirmed reports in IEEE Spectrum, a mainstream technical magazine, attributed the success of Israel's September 2007 bombing raid on a suspected Syrian nuclear facility to a carefully planted "kill switch" that remotely turned off Syrian surveillance radar.

Yup. No Cyberterrorism to see here. Riiiight.

Re:"not yet credible" (0)

Anonymous Coward | more than 4 years ago | (#29868615)

the United States carefully placed faulty chips and tainted software into the Soviet supply chain,

Yeah, this is totally the same as hacking yr networks over teh internets.

Thank god. (0, Redundant)

mirix (1649853) | more than 4 years ago | (#29867373)

I was having a hard time sleeping, waking up with cold sweats, worried sick.

Looks like i can finally get some rest.

Re:Thank god. (1)

sopssa (1498795) | more than 4 years ago | (#29867385)

Beer/Vodka is always helpful.

Re:Thank god. (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#29867447)

Fuck off, TripMaster Monkey.

That's Why We Must Be Proactive now (2, Interesting)

Anonymous Coward | more than 4 years ago | (#29867377)

It seems to me that even if this report was accurate, we shouldn't be resting on our laurels until the threats become credible and too late to stop.

Its clear the best way to stop and prevent terrorism is at the point of planning or in the initial stages, not when the have assembled and planted the bomb. Cyberterrorism should be no different.

We wouldn't want the smoking gun to be a complete breach and shutdown of our networks would we. I favor a more proactive and preemptive approach. Attack them now before they can attack us. The best defense is a good offense.

Re:That's Why We Must Be Proactive now (1)

thhamm (764787) | more than 4 years ago | (#29867399)

Its clear the best way to stop and prevent terrorism is at the point of planning or in the initial stages

yes exactly, because changing things so that noone will have to resort to terrorism is just too easy. and expensive. and inconvenient.

Re:That's Why We Must Be Proactive now (0)

Anonymous Coward | more than 4 years ago | (#29867501)

well what do they hate about us? it isnt exactly that we have religious freedom to choose any religion we like, it is more that we use that religious freedom to choose any religion including ones that arent islam. it is that they have what we want and we are not necessarily using it to promote islam if we trade with them. the problem is that they dont want you to exist, if you would be willing to die or at least agree with them on everything they would be happy. so feel free to make them happy. the problem with irrational people is they are irrational and often the product of an irrational environment. yeah we would couldve not invaded iraq, supported israel, tortured their terrorists etc but in the end they want you to believe in the one true god and that they are falling short of his will if they dont fight every non believer where ever he may stand to the best of their ability, for how can you love all of man kind like the true god wants if you dont do every thing to save his immortal sole which lasting much longer than any material goods he may have in this life is much more important.

Re:That's Why We Must Be Proactive now (2, Informative)

sopssa (1498795) | more than 4 years ago | (#29867549)

It's not only what's happening with Middle-East. For example IRA [wikipedia.org] , which is considered as terrorism group in the UK, "sought to remove Northern Ireland from the United Kingdom and bring about a united Ireland by force of arms and political persuasion.". Not knowing fully whats behind it, but it seems they have a clear purpose that isn't so irrational (and didn't the area used to belong to Ireland people before?). Obviously even you must understand that they're not causing "terror" just for the fun of it, but have some agenda do so (usually so they can get people to hear their agenda, what the goverment doesn't allow)

Re:That's Why We Must Be Proactive now (1)

bertoelcon (1557907) | more than 4 years ago | (#29867567)

Obviously even you must understand that they're not causing "terror" just for the fun of it, but have some agenda do so (usually so they can get people to hear their agenda, what the goverment doesn't allow)

But online you get groups or cyber-terrorist script kiddies that do it for the lulz because the repercussions don't really exist.

Re:That's Why We Must Be Proactive now (1)

Korin43 (881732) | more than 4 years ago | (#29867729)

But the internet hate machine is limited to harassing kids who like Twilight and making TIME polls say funny things. They're hardly a serious threat to anyone.

Re:That's Why We Must Be Proactive now (1)

rtb61 (674572) | more than 4 years ago | (#29868735)

Of course to create the whole threat of 'cyber terror' they always claim, script kiddies taking over digitally controlled infrastructure. You know, take over the power plant and cause a melt down, disable traffic lights or even take control of air traffic control systems. The ultimate defeat of that crazy crap, has always been the same, if it doesn't need to be connected to the internet, then don't connect it to the internet.

Now if it is a system that lives depend on and some greedy idiot connected it to the internet, improperly secured, just to save a few bucks regardless of the risks and consequences, then they are criminally negligent and it is a toss up of who is more guilty of a crime in those circumstances then negligent admin or the script kiddie.

With the low cost of network infrastructure, creating parallel networks is the only sensible choice, internal secure and locked down hardwired and an 'external' network for email and internet access.

Re:That's Why We Must Be Proactive now (2, Insightful)

John Hasler (414242) | more than 4 years ago | (#29867523)

On the contrary. It's too inexpensive and too convenient. Worst of all, it might actually work (though not with politicians in charge).

Re:That's Why We Must Be Proactive now (0)

Anonymous Coward | more than 4 years ago | (#29868291)

yes exactly, because changing things so that noone will have to resort to terrorism is just too easy. and expensive. and inconvenient.

The terrorists' main grievance is that they have not yet killed or converted everyone in the world to their loopy, insane version of Islam. To "change things so that no one will have to resort to terrorism" means to kill or convert everyone who is not a terrorist.

Re:That's Why We Must Be Proactive now (1)

Sylos (1073710) | more than 4 years ago | (#29868353)

If I had mod points...I'd mod you up.

Of course they would say that (2, Funny)

SilverHatHacker (1381259) | more than 4 years ago | (#29867381)

Hy-Brasil is not sinking...nope, not happening. No need to panic, we are NOT sinking...

Re:Of course they would say that (0)

Anonymous Coward | more than 4 years ago | (#29867461)

well the alternative if they are wrong is that all these thoughtfull cyber terrorists are sitting out there with the awesome attacks ready but just not using them. Personally I don't think terrorists are the sort of people that sit around twiddling there fingers when they have a viable means to attack, especially in an area where a viable means of attack is in constant flux.

Re:Of course they would say that (4, Insightful)

SilverHatHacker (1381259) | more than 4 years ago | (#29867641)

Or, in the words of Captain Jack Sparrow, "When you've only got one shot, it's best to wait for the opportune moment." If I were going to take down a government network, I would wait until my country was poised to take advantage of the confusion and disorder (either by military means or otherwise), not just launch it whenever I felt like it.
Keep in mind that terrorist is a buzzword now, and means 'generic enemy' rather than 'psychological warrior'. Just like 'Commie' during the Cold War, or 'Nazi' during WWII.

Re:Of course they would say that (1, Insightful)

Anonymous Coward | more than 4 years ago | (#29867811)

You are dealing with the IT world now, opportunities and vulnerablities are constantly changing, sitting on attack vectors is not like sitting on a nuke waiting for the best opportunity to use it, most vectors have used by dates. Most attack vectors, unless you have found some new and innovative type that no one has considered, could be closed to the attacker at anytime through patches, upgrades or changing tech. while Terrorist is a buzzword now, there are definable real terrorist groups that would love to hurt america as america is responsible for the existence of many of these groups in the first place.

Sticking head in sand 101 (0)

Anonymous Coward | more than 4 years ago | (#29867445)

This is not a good attitude to take. As any decent sysadmin knows, there is a lot a blackhat who manages to obtain root or Administrator can do to damage a company:

There are the easy things an attacker can do. Trash files, copy off data to sell in the black market or competitors, use the boxes as a grounds for an attack, or for P2P servers for unsavory things.

Then, there are the more subtle things that can be done. Editing of E-mail, impersonation of people's identities in order to screw up sales, or cause lawsuits, even things that can get a company and its officers in deep trouble with the SEC. If a blackhat is good, there wouldn't be any evidence left behind of the intrusion, so people could face prison terms and juries are not going to believe "that email was forged" when it came from the right Exchange server and so on.

A good hacker can cause untold amounts of subtle damage, all it takes is taking time, learning how a target company might function, and what clients. Then, if there is a large bid being taken, perhaps edit the Word document and change the bid to be so low that it realistically cannot be done, or just high enough that the bidder doesn't take it.

Anyone who things "cyberterror" is not a credible threat is naiive, or completely clueless. Yes, terrorists use the Internet, and know how to get around being traced.

Re:Sticking head in sand 101 (2, Insightful)

Fluffeh (1273756) | more than 4 years ago | (#29867753)

Anyone who things "cyberterror" is not a credible threat is naiive, or completely clueless. Yes, terrorists use the Internet, and know how to get around being traced.

Everything that you described in your post is criminal action, not terrorist action.

Not yet - shouldn't we still care? (3, Insightful)

DeadPixels (1391907) | more than 4 years ago | (#29867507)

Sure, I agree that we might not see cyberterror attacks for years yet. Does that mean we should turn a blind eye to our infrastructure and ignore the issue of proper security?

Re:Not yet - shouldn't we still care? (-1, Troll)

Anonymous Coward | more than 4 years ago | (#29867741)

When your infrastructure contains Windows, even just a single system, you've already turned a blind eye to security.

Given that most networks in the US contain many, many systems running Windows, there's little that can be done.

If we want a reasonable level of security, we'll need to switch to a diverse, heterogeneous network using Linux, Mac OS X, Solaris, FreeBSD, OpenBSD, NetBSD, HP-UX, AiX, UnixWare, OpenServer, OpenVMS, z/OS and a variety of other non-Microsoft operating systems.

Re:Not yet - shouldn't we still care? (0)

Anonymous Coward | more than 4 years ago | (#29868571)

Why is Windows any less secure than any other OS? I'd say that Windows 7 run without access to Administrator, MSE (licensed at no charge), and some basic sanity is just as secure as any other UNIX.

Please cite something showing that Windows is obviously less secure than other operating systems. Windows has ASLR, multiple privilige reduction mechanisms, the ability to separate executable code from non executable data, ACLs, and many other security features.

Windows managed by poor sysadmins can mean compromise, but any OS managed by lousy admins is an easy target for blackhats. This was true when Solaris was the primary Internet based OS in the mid 1990s, and holds true now.

Re:Not yet - shouldn't we still care? (1)

phantomfive (622387) | more than 4 years ago | (#29867765)

That would go along with the strategy of the US government for the last while now. Ignore the threat of a housing meltdown for nearly a decade until it is too late and nothing can be done about it. Ignore the national deficit and ballooning budget until it is too late and there is nothing we can do about it (actually there is still time on that one, just not much). Ignore the levees until it is too late and an entire city is under water. Ignoring the real problems while instead focusing on things that seem more exciting is a long habit among government elected officials. California is it's own case study of this.

On the other hand, you don't want to go overboard....as Eisenhower said, "We will bankrupt ourselves in the vain search for absolute security." There has to be balance.

Re:Not yet - shouldn't we still care? (1)

awc (1656865) | more than 4 years ago | (#29867795)

just use linux, then we'll be good to go.

Re:Not yet - shouldn't we still care? (1)

Monsuco (998964) | more than 4 years ago | (#29868377)

Sure, I agree that we might not see cyberterror attacks for years yet. Does that mean we should turn a blind eye to our infrastructure and ignore the issue of proper security?

No but societies have scarce resources with alternative uses and realizing how big a risk this presents versus how big a risk other potential problems present helps us assign priorities. If you are worried about someone breaking in to your house, priority number one should be to get in the habit of locking your doors when not using them. Looking at things like motion lights are good, but locking doors is the best problem to solve first. It is all about relative risk.

terror? (0, Redundant)

Fuzzums (250400) | more than 4 years ago | (#29867529)

my spambox is fullfilled with cyber terror

Depends on the definition. (5, Insightful)

Hurricane78 (562437) | more than 4 years ago | (#29867577)

To me, all that fearmongering of "terrorists" (that don't exist) is creating terror itself. So all the censorship and surveillance on the net would be the actual "cyberterror". If there were a point in adding "cyber-" in front of everything. It's just plain terrorizing the people. For the usual reasons: To gain control over them.

Re:Depends on the definition. (1)

wizardforce (1005805) | more than 4 years ago | (#29867877)

Even if these terrorists did exist, it wouldn't be worth throwing our freedoms away to stop them.

4chan? ... (-1, Redundant)

Anonymous Coward | more than 4 years ago | (#29867623)

writer must not have met anon yet...

Cyber Terror and BOTnets (0, Offtopic)

nulled (1169845) | more than 4 years ago | (#29867665)

The main stream news STILL does not want to admit that cyber 'terror' (like the attacks on twitter, facebook and in S. Korea) were conducted via WINDOWS zombie computers, as part of a segment of the greater BOTNET.

There is only ONE reason why they may not want to admit Microsoft Windows allows BOTNETS and that is MONEY.

If the mainstream media where to announce that all of Microsoft Windows computers have a major security flaw that can only be fix properly by rewritting the Kernel and File system permission design, would potentially seriously hurt the Economy. Think about all the people that would stop shopping Online... it is actually better 'economically' to just let cyber criminals phish away and get all our credit card numbers and steal some poor souls identity, than to cause mass hysteria.

Security through obscurity. (0)

Anonymous Coward | more than 4 years ago | (#29867743)

Why does it have to be Windows? There is at least one botnet on Macs.

Re:Security through obscurity. (1)

sopssa (1498795) | more than 4 years ago | (#29867875)

And even on ordinary DSL modems and routers [zdnet.com]

Re:Cyber Terror and BOTnets (1)

im_thatoneguy (819432) | more than 4 years ago | (#29868123)

The main stream news STILL does not want to admit that cyber 'terror' (like the attacks on twitter, facebook and in S. Korea) were conducted via WINDOWS zombie computers, as part of a segment of the greater BOTNET.

There is only ONE reason why they may not want to admit Microsoft Windows allows BOTNETS and that is MONEY.

If the mainstream media where to announce that all of Microsoft Windows computers have a major security flaw that can only be fix properly by rewritting the Kernel and File system permission design, would potentially seriously hurt the Economy. Think about all the people that would stop shopping Online... it is actually better 'economically' to just let cyber criminals phish away and get all our credit card numbers and steal some poor souls identity, than to cause mass hysteria.

Let's identify the real culprit. COMPUTERS! There is ONE... No TWO REASONS we have BOTNETS. COMPUTERS! and HIGHSPEED INTERNET! Clearly these two threats need to be removed and we will be safe from BOTNETS. Also ELECTRICITY! We should stop producing ELECTRICITY because it facilitates BOTNETS.

If the mainstream media were to reveal that COMPUTERS and ELECTRICITY were behind BOTNETS we would realize teh only way to stop the BOTNETS was to redesign all the USERS to not be SUSCEPTIBLE to PERSUASION and SOCIAL ENGINEERING. But then we would have an apocalypse on our HANDS. And then if we told them that their FAMILY MEMBERS were the most likely PEOPLE to STEAL THEIR IDENTITIES families would fall APART under paranoia and suspicion. Think of all the PEOPLE who would stop leaving their HOMES because they were too AFRAID that their AUNT would steal their IDENTITY.

Cyberterrorism is a silly concept (4, Insightful)

darthwader (130012) | more than 4 years ago | (#29867761)

"Terrorism" requires terror, not inconvenience or annoyance.

A few years back, we had an accidental shutdown of the power supply of most of the eastern North America. It was very inconvenient, and it cost a huge amount of money, and it even resulted in the loss of some lives. But it wasn't terrifying. It was just annoying.

It's not about the amount of damage, it's about the effect. A cyberterror event like a power or communications failure could result in hundreds of deaths, but there's nothing to focus on. A car exploding next to a bistro may only kill two or three people, but it is far more effective terrorism.

For terrorism to be effective, it has to produce terror. That's an emotional reaction, not an intellectual one. And to get that emotional reaction, there has to be real tangible threats, like flames, blood and gore, falling rocks, etc.

Re:Cyberterrorism is a silly concept (0)

Anonymous Coward | more than 4 years ago | (#29867903)

I'm with ya, pal. I get annoyed when people die too.

Re:Cyberterrorism is a silly concept (1)

icegreentea (974342) | more than 4 years ago | (#29868013)

If New York lost power for more than a week (especially in the middle of winter or summer), there would be real terror. By day four, you'll have fucking retarded amounts of looting. Plus all the deaths from exposure. Maybe the thought of it won't induce terror in us now. But if it did happen, the very idea of shit like that happening in your city would very much induce a terror response. Seriously.

Re:Cyberterrorism is a silly concept (1)

Zerth (26112) | more than 4 years ago | (#29868233)

And that's why I have a generator and half a dead animal in the freezer.

Stupid power company spends more on advertising than they do on maintenance around here, went a week without winter before last and didn't much care for it.

Re:Cyberterrorism is a silly concept (1)

Monsuco (998964) | more than 4 years ago | (#29868345)

If New York lost power for more than a week (especially in the middle of winter or summer), there would be real terror. By day four, you'll have fucking retarded amounts of looting. Plus all the deaths from exposure. Maybe the thought of it won't induce terror in us now. But if it did happen, the very idea of shit like that happening in your city would very much induce a terror response. Seriously.

Loss of power does not in any way mean law enforcement would simply abandon the city. I suspect more property damage would occur in a sports riot than in an overloaded power grid. It would be a problem, but police would still be there, and they have probably trained for such scenarios.

Re:Cyberterrorism is a silly concept (0)

Anonymous Coward | more than 4 years ago | (#29868025)

...real tangible threats, like flames, blood and gore, falling rocks...

Dick Cheney with a shotgun.. I kid! I kid! I love Dick...

Re:Cyberterrorism is a silly concept (1)

turkeydance (1266624) | more than 4 years ago | (#29868175)

yes....go ahead and cut off my grandchildren's twitter. show that air traffic controllers are really human. and...please make my doctor actually talk face-to-face with my nurse. go ahead. dare ya.

Re:Cyberterrorism is a silly concept (1)

TubeSteak (669689) | more than 4 years ago | (#29868545)

A few years back, we had an accidental shutdown of the power supply of most of the eastern North America. It was very inconvenient, and it cost a huge amount of money, and it even resulted in the loss of some lives. But it wasn't terrifying. It was just annoying.

Now imagine if N. Korea or Iran had caused it.
Would it still be annoying or would it be a tangible threat?

Personally: I'm betting a large portion of the populace would call it an Act of War.

Re:Cyberterrorism is a silly concept (0)

Anonymous Coward | more than 4 years ago | (#29868561)

A few years back, we had an accidental shutdown of the power supply of most of the eastern North America. It was very inconvenient, and it cost a huge amount of money, and it even resulted in the loss of some lives. But it wasn't terrifying. It was just annoying.

That's an interesting example you bring up.

It happened due to a design or operational flaw, according to later reports. But what if it had been intentional, cyber-based or just some guy hitting the right switches.

Assuming humpty dumpty got put together again, with no further "incidents", what would have been the difference?

Same effect, different cause.

Well, in one case, we call it terrorism and script the next level of security theater. In the other case, we investigate and shaft the low-level people and put the high-rollers on TV to say "measures have been taken to avoid this in future.".

The best cyber security (0)

Anonymous Coward | more than 4 years ago | (#29867829)

When a company detects an intrusion, instead of trying to prevent it, divert it ....

Send them to an area full of porn. That will disrupt their concentration and make the careless and easy to detect.

Remember, most of the cyber-terrorist are sexually frustrated people who are technology smart, but not common sense smart.

cyborterror is a hollywood myth (0)

Anonymous Coward | more than 4 years ago | (#29867963)

it makes for silly movies, and sillier reality. enough said.

Need to move to mutual security model (1)

Paul Fernhout (109597) | more than 4 years ago | (#29867971)

This three to eight year lag is the spread of cyberweapons is supposed to reassure us? :-( What other weapons have three to eight year lags in being available to everyone?

We need to move beyond war, in part because it is too terrible to contemplate at this point:
http://educationanddemocracy.org/FSCfiles/C_CC2a_TripleRevolution.htm [educationa...ocracy.org]

We need to transition to "intrinsically secure" infrastructure:
  http://en.wikipedia.org/wiki/Brittle_Power [wikipedia.org]
that we protect by means of "mutual security":
    http://www.beyondintractability.org/audio/morton_deutsch/?nid=2430 [beyondintractability.org]

We need to move beyond current defense ideology in the USA based on competitive profit-maximizing centralized brittle infrastructure that we try to defend by unilateral dominance (at a cost of about a trillion dollars a year in the USA).

They'll change their mind soon (1)

bursch-X (458146) | more than 4 years ago | (#29868223)

Once the terrorists have taken down all their pr0n sites, we'll probably get red alert.

The Saving Grace (1)

Toonol (1057698) | more than 4 years ago | (#29868339)

Cyberterror could do some nasty things, such as stealing financial information; but as far as disrupting vital systems, we're pretty safe... because computers and software are so damn unreliable that nobody EXPECTS them to work all the time. Every business and organization should KNOW, from experience, that their computer system could go belly up at any time, and have backup methods and redundancies ready to go.

I'd wager that lots of cyber-terrorist attacks would just seem like a normal Monday. If a computer glitch could kill a million people... well, that's probably going to happy terrorist or not.

Re:The Saving Grace (1)

Valdrax (32670) | more than 4 years ago | (#29868499)

Every business and organization SHOULD know, from experience, that their computer system could go belly up at any time, and have backup methods and redundancies ready to go.

Fixed that for you. Unfortunately, many don't.

Cyber "terror"? (2, Insightful)

Sloppy (14984) | more than 4 years ago | (#29868681)

"Not yet?" Maybe "not ever." Cyber-sabotage? Sure. But people are pretty jaded about computers. Windows still has huge marketshare. Bring all of society crashing down and I'm still not sure it'll be "terror." People will be pissed, but will they feel the safe has become unsafe? Either they already think that, or they never will.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...