Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Is Cyberwarfare Fiction?

CmdrTaco posted more than 4 years ago | from the hands-off-my-grid dept.

The Internet 205

An anonymous reader writes "In response to calls by Russia and the UN for a 'cyberwarfare arms limitation treaty,' this article explains that 'cyberwar' and 'cyberweapons' are fiction. The conflicts between nation states in cyberspace are nothing like warfare, and the tools hackers use are nothing like weapons. Putting 'cyber' in front of something is just a way for people to grasp technical concepts. The analogies quickly break down, and are useless when taken too far (such as a 'cyber disarmament treaty').'"

cancel ×

205 comments

Sorry! There are no comments related to the filter you selected.

The only new thing is the UN (0)

Anonymous Coward | more than 4 years ago | (#32483868)

We gotta do it before the cyberterrorists cybernuke our cybernets! Think of the children!

I guess the news here is that this isn't just one or two US Senators saying this now.

Re:The only new thing is the UN (4, Funny)

happy_place (632005) | more than 4 years ago | (#32483904)

'Think of the cyberchildren.' that and the cybercitizens who elect cybersenators...

Re:The only new thing is the UN (2, Insightful)

Monkeedude1212 (1560403) | more than 4 years ago | (#32483922)

They are all FBI Agents.

Re:The only new thing is the UN (0)

Anonymous Coward | more than 4 years ago | (#32484380)

They are all FBI Agents.

What about the furries?

Re:The only new thing is the UN (3, Funny)

Opportunist (166417) | more than 4 years ago | (#32484710)

Hmm... an incoherent, constantly squabbling group of people who spend more time fighting amongst themselves than getting their act together and working for the common goal, self absorbed and hardly in touch with reality, dreaming up pipe dreams of greatness while at the same time accomplishing nothing...

Call me a conspiration crackpot, but could it be that they're sitting in congress?

Everything will be internet connected. (1)

elucido (870205) | more than 4 years ago | (#32484006)

And in a world where everything is connected, and everything is nanotechnology, and everything can be hacked, the dangerous are entirely different.

don't forget.. (2, Funny)

formfeed (703859) | more than 4 years ago | (#32484636)

..cyber veterans day!

Re:The only new thing is the UN (1)

jeffmeden (135043) | more than 4 years ago | (#32484116)

They ARE thinking of the children... didn't you read the summary? Russia wants to give out "cyberwarfare arms limitation treats" to all the good little girls and boys who do their homework, listen to their parents, and most importantly do *not* start DDOS attacks or run password guessers against random hosts in the .mil domain.

What better way to make the world a peaceful place than to start with the children? Here's hoping they haven't fixed that typo by the time my comment hits!

Re:The only new thing is the UN (1)

Jazz-Masta (240659) | more than 4 years ago | (#32484352)

We gotta do it before the cyberterrorists cybernuke our cybernets!

Think of the cyberfallout! Cybercancer, cyberbirthdefects...we better sink some cybermoney into our cyberdefences!

First blood! (-1, Offtopic)

somersault (912633) | more than 4 years ago | (#32483876)

I mean, first post!

... or Trick? (2, Funny)

syntap (242090) | more than 4 years ago | (#32483900)

In response to calls by Russia and the UN for a "cyberwarfare arms limitation treat"

And then we can all dress up as h4x0r3z, maybe call the event Geek-o-Ween.

Re:... or Trick? (1)

jbeaupre (752124) | more than 4 years ago | (#32483948)

No, they just want more Easter Eggs embedded in software.

Cyber warfare: FUD for vendors. (1, Insightful)

AnonymousClown (1788472) | more than 4 years ago | (#32483910)

I can disable the national power grids of half the countries in the world using nothing more than an iPhone

And you need a guy there to knock out the backup generator.

Please, knocking out the power grid or making all the red lights turn green or whatever they're afraid of is nothing like having a bullet penetrate someone or a bomb going off - it's almost impossible, if not impossible to kill someone by hacking into a computer.

Shut something life threatening down or screw it up by hacking into it? There's backup or work around.

"Cyber warfare" is a small threat and not worth all the time and money spent on it. We should be spending the effort on ground surveillance and other means to reducing life threatening issues.

Re:Cyber warfare: FUD for vendors. (4, Insightful)

jofny (540291) | more than 4 years ago | (#32483952)

Please, knocking out the power grid or making all the red lights turn green or whatever they're afraid of is nothing like having a bullet penetrate someone or a bomb going off - it's almost impossible, if not impossible to kill someone by hacking into a computer.

You're flat out incorrect here. First, not only can the power be shut off, but generators can be made to explode. Second, if you mess with the supply chain electronically, it's possible to do some really interesting stuff with medical supplies, parts for just in time manufacturing, etc. Could go on - but the overall effect is direct, substantial life threatening consequences.

Re:Cyber warfare: FUD for vendors. (0)

jeffmeden (135043) | more than 4 years ago | (#32484160)

Yes, direct and life-altering consequences for the 30 or so seconds it takes for them to figure out that aspirin bottles are being filled with Zoloft and generators are randomly exploding left and right. Then, they send a military team to kill you (in the name of antiterrorism) and they plug the holes at whatever price is necessary (in the name of antiterrorism) and then, if anyone outside the government HAD even noticed, they would be back to life as usual.

Re:Cyber warfare: FUD for vendors. (1)

Raven42rac (448205) | more than 4 years ago | (#32484196)

Those power plant generators have a ridiculously high cost and lead time, and if they do it right, you won't know who did it, so you'd be impotently waggling your spear at no one in particular.

Re:Cyber warfare: FUD for vendors. (2, Interesting)

Compholio (770966) | more than 4 years ago | (#32484284)

Those power plant generators have a ridiculously high cost and lead time, and if they do it right, you won't know who did it, so you'd be impotently waggling your spear at no one in particular.

They also run on their own closed-circuit network, so good luck causing trouble without physical access or making yourself pretty obvious digging up the cables.

Re:Cyber warfare: FUD for vendors. (2, Insightful)

AtomicJake (795218) | more than 4 years ago | (#32484488)

Those power plant generators have a ridiculously high cost and lead time, and if they do it right, you won't know who did it, so you'd be impotently waggling your spear at no one in particular.

They also run on their own closed-circuit network, so good luck causing trouble without physical access or making yourself pretty obvious digging up the cables.

Or find out that the closed-circuit network was not that close as you thought...

Re:Cyber warfare: FUD for vendors. (2, Insightful)

PeterBrett (780946) | more than 4 years ago | (#32484622)

They also run on their own closed-circuit network, so good luck causing trouble without physical access or making yourself pretty obvious digging up the cables.

They also have fixed electromechanical failsafes. I think that most electrical engineers are sufficiently aware of the fact that computers go wrong not to put protection solely in the hands of software.

Re:Cyber warfare: FUD for vendors. (1)

Lumpy (12016) | more than 4 years ago | (#32484748)

No they dont. Most of these idiots put the SCADA systems on the internet.

I know of two water filtration plants that the SCADA system is protected by "PC anywhere" they have a PC that bridges both the private network and the internet.. and it's a FRICKING WINDOWS PC running PC anywhere.

This is not uncommon. and usually due to complete idiots that make up the management of the operation wanting to dial in and monitor employees.

Re:Cyber warfare: FUD for vendors. (1)

coaxial (28297) | more than 4 years ago | (#32484640)

You're flat out incorrect here. First, not only can the power be shut off, but generators can be made to explode.

Not if they're designed correctly.

Second, if you mess with the supply chain electronically, it's possible to do some really interesting stuff with medical supplies, parts for just in time manufacturing, etc. Could go on - but the overall effect is direct, substantial life threatening consequences.

And you know what? People are resilient, and it's people not machines that make the system. You place a few calls, and everything is fixed. This is just the Military-Industrual Complex getting its y2k on. The tried to scare us by saying bills would go unpaid, people would be charged exorbitant amounts of interest, computers would turn into steam engines, and dogs and cats would live together. Well one, it didn't happen. And two, it hinges on people not paying attention to the obvious. For as much as people want to say that everyone else is stupid except them, we live in a world where grocery stores continue to make sales when the cash registers are broken. As long as we have waitresses that say, "$4000 for a cheeseburger? That's not right," we'll be just fine.

Re:Cyber warfare: FUD for vendors. (1)

Culture20 (968837) | more than 4 years ago | (#32484762)

You're flat out incorrect here. First, not only can the power be shut off, but generators can be made to explode.

Not if they're designed correctly.

Which is why you need to buy latest, greatest, cyber-warfare-proof generator from Safe-Generators, Inc. Seek out your nearest vendor.

Re:Cyber warfare: FUD for vendors. (1)

Lumpy (12016) | more than 4 years ago | (#32484716)

Disable the safetys and feed line power to a generator out of sync. It will blow up quite spectacularly. I saw this happen to a old Civil Defense 2000KW generator.... the safety systems failed and the generator kept drifting away from the line because the motor was trying like hell to turn at more than 60 cycles. the boom was heard for nearly 1/4 mile in every direction and is ripped open the Semi trailer like it was tinfoil.

Re:Cyber warfare: FUD for vendors. (4, Insightful)

qortra (591818) | more than 4 years ago | (#32484050)

whatever they're afraid of is nothing like having a bullet penetrate someone or a bomb going off

I'm not confident that you fully understand the perceived danger on the part of world leaders. The issue is that people with an inordinately high ability to compromise computer systems might have access to information. Consider information like troop movements, secret bomb/nuclear supply facilities, infrastructure weak points, and financial information (account balances, passwords, etc). While compromising a system with this information may not kill somebody directly, the information could most certainly be used to kill many people, or perhaps to temporarily stunt or even cripple entire economies.

Re:Cyber warfare: FUD for vendors. (3, Interesting)

Maximum Prophet (716608) | more than 4 years ago | (#32484172)

And yet, the CIA was able to explode a Soviet natural gas pipeline simply by inserting some code into the pipeline control software the Soviets were stealing from the Canadians. "The result was the most monumental non-nuclear explosion and fire ever seen from space,..."

Re:Cyber warfare: FUD for vendors. (3, Funny)

Opportunist (166417) | more than 4 years ago | (#32484474)

But that was just possible because the Soviets were stupid enough to use something that was created in the western world. We'd never be so stupid to use electronics made in... oh... umm... well...

Next question?

Re:Cyber warfare: FUD for vendors. (0)

Anonymous Coward | more than 4 years ago | (#32484496)

Stop parroting that hoax.

Re:Cyber warfare: FUD for vendors. (2, Funny)

ubrgeek (679399) | more than 4 years ago | (#32484268)

> Shut something life threatening down or screw it up by hacking into it?

I was really hoping you were going to end that sentence with, "There's an app for that."

Re:Cyber warfare: FUD for vendors. (4, Insightful)

ThunderBird89 (1293256) | more than 4 years ago | (#32484390)

Cyber-warfare is not about killing people, it's about killing the country.

Think: no mains power, the backup generators can only sustain so much equipment for so long. Since the fuel pumps don't function either, you can't hop down to the gas station to buy some more fuel, and it will eventually run out. Then what? Production grinds to a halt, administration is disabled, communication services non-functional.
All you need then is one act of terrorism. No ambulances, no firefighters, as nobody can call for help. If someone does make it to the hospital, no X-ray, no life-support, no vital monitors, no defibrillator.

And this is just one scenario. Use your imagination!

Re:Cyber warfare: FUD for vendors. (3, Insightful)

rickb928 (945187) | more than 4 years ago | (#32484442)

"Please, knocking out the power grid or making all the red lights turn green or whatever they're afraid of is nothing like having a bullet penetrate someone or a bomb going off - it's almost impossible, if not impossible to kill someone by hacking into a computer."

What the hell are you doing on Slashdot?

Turn all the traffic lights green in even a small part of Los Angeles, and I think it's likely someone will die in an accident caused, proximately, by the hacking of the traffic control system. Simple enough.

Crippling a cell system might result in the failure of any number of people to make contact and deliver critical information, resulting in accidents, mistakes, lack of care, and those could result in needless deaths.

If your definition of 'warfare' must include deadly force, then much of what we think of as 'cyberwarfare' doesn't meet that definition. Emptying bank accounts, DDOS attacks, defacing websites, etc. probably don't quite rise to the definition of deadly force. But I have only the one example of traffic control. Oh, another one - disabling at least some of the electrical grid seems to be possible, and blackouts can easily result in deaths.

There's plenty of hype around 'cyberwarfare'. Now to listen to the hype around 'smart grids', and how people will feel when their refirgerators get turned off during the day, or the furnace runs continuously on 103 days. Or any number of interesting nuisances that aren't fatal (except for your plants, pets, and bed-ridden grandmother) but are sure a pain.

Oh yeah. Grandma. She might not think it's to hot until she's too faint to reach the phone.

Food for thought. Go smart grids, go!

Re:Cyber warfare: FUD for vendors. (1)

Lumpy (12016) | more than 4 years ago | (#32484774)

dont need them to all go green. just turn them off. 99% of the population has no clue as to what to do when approaching a dead traffic light.

Re:Cyber warfare: FUD for vendors. (1)

Lumpy (12016) | more than 4 years ago | (#32484668)

Yup.

So remember that the day they charge some 16 year old from Kentucky with high treason for having and deploying a Weapon Of Mass Destruction because his toy virus got loose and deleted every *.doc and *.xls file on windows computers across most of the globe.

Warning, noobish question ahead. (5, Insightful)

Pojut (1027544) | more than 4 years ago | (#32483928)

One of the common claims regarding "cyber warfare" are attacks against the power grid. What I'd like to know is this: why is the power grid accessible to any outside system?

Re:Warning, noobish question ahead. (5, Interesting)

Monkeedude1212 (1560403) | more than 4 years ago | (#32483962)

So that someone somewhere (probably higher up) can work from home.

Probably, anyways. You know how it is.

Re:Warning, noobish question ahead. (3, Insightful)

PolygamousRanchKid (1290638) | more than 4 years ago | (#32484142)

why is the power grid accessible to any outside system?

Because using the Internet is way cheaper than building your own intranet.

Re:Warning, noobish question ahead. (4, Interesting)

captainpanic (1173915) | more than 4 years ago | (#32484174)

I think it is because there are remote installations that need to be operated from a single location.

The power grid is a lot of generators (scaling from enormous powerplants to small scale wind/solar and other types of production, including stuff that can be switched on and off all the time such as gas engines).
Someone has to control the whole lot of it in order to balance power production and consumption.

I see no way that we can do that without actually connecting the whole lot to a network. It would be awesome if it was a completely independent network - but the internet is there anyway... why no use it in a secure way?

(Note: I am no expert - I just expressed my opinion, which happens to contain a lot of technical assumptions)

Re:Warning, noobish question ahead. (2, Interesting)

rtfa-troll (1340807) | more than 4 years ago | (#32484628)

the internet is there anyway... why no use it in a secure way?

Simply put because there isn't really yet such a thing as a "secure" way. Our current systems are too new, too complex and put together too quickly to make them anything approaching what you would mean by "secure". First let's start by defining secure. I'll put it as "you would have to invest 10% of the cost of the network in order to destroy it". That's an arbitrary and quite low value. I should probably have used about 30% and talked about the value of the dependent systems, but it's still a good start. I can't find a good place to start, but given that wind power is projected at around 150 Billion [247wallst.com] , let's use a Trillion dollars as the value. So to be secure, you want to make a person invest at least 100Billion dollars to attack the system.

100Billion dollars buys you a whole load of programmers. The kind that can actually analyse a VPN system and work out how to get into it. The ones that can work out how to tell passively which VPN system you are using.

Another analysis would be "weakest link" analysis. In this case, you say "what would it cost to do a physical attack" and make sure that a "cyber" attack costs more. However, a cyber attack can give you almost guaranteed anonymity, so you have to factor in the reduced risk of discovery which makes the attack more valuable. You will still find that an anonymous, whole grid surprise physical attack is almost impossibly expensive and unreliable. Again, you are probably talking billions of dollars. Doing the same thing with an attack via a VPN is likely to be much cheaper.

Fundamentally, by the time you are making your system secure enough to work on the intenet, it's probably cheaper to just start off with dedicated interconnections anyway. This is especially true for people like power grids who own a whole load of fibre optic cable (twisted together with their power lines) in any case.

Overall, whats clear is that currently not enough redundancy, stability and security are being put into the electric (or other) infrastructiure. You can't treat an electric grid as something that can be run purely by private industry because that means optimal use of resources, which means lack of redundancy. For stability and security there needs to be serious state / self defence interest in keeping it stable.

Re:Warning, noobish question ahead. (1)

fuzzyfuzzyfungus (1223518) | more than 4 years ago | (#32484740)

As you note, the logic behind some sort of networked control for power stuff is more or less impeccable.

On the other hand, given that any part of the power grid is part of the power grid because somebody laid big fat power cables between it and something else, one suspects that a matching data network could be added(at least whenever a line is replaced/upgraded/added) for relatively low cost. My understanding is that, already, a nontrivial amount of "power line" actually includes a strand or strands of fiber, which is sensible enough, given that the additional cost of including a few fiber strands is pretty low, if you are already running a big, fat, weatherproof cable.

It wouldn't surprise me if a number of the links between SCADA systems and the public internet are for basically stupid reasons(No, you don't actually need to be able to check your email and access your GridAdmin(tm) console on the same computer... It won't kill you to deal with having two, on physically distinct networks).

Re:Warning, noobish question ahead. (1)

Anon1072 (1444945) | more than 4 years ago | (#32484758)

Note: I am no expert - I just expressed my opinion, which happens to contain a lot of technical assumptions

I generally assume this when reading a comment on a blog, but thanks for the heads up.

Re:Warning, noobish question ahead. (1)

networkconsultant (1224452) | more than 4 years ago | (#32484810)

Well,
Supply and demand are part of it; but if you are dealing with Hydro you also need to manage the water levels both up and downstream which means ultimately your electricity is depenant upon the weather; which means more automated management for things like flood gates to prevent peoples cottages from washing away or getting submerged in artificial lakes.

Re:Warning, noobish question ahead. (1)

DeadPixels (1391907) | more than 4 years ago | (#32484254)

I wish I could clarify, but I've honestly never gotten a satisfactory explanation for this either. I've talked to former and current government employees with knowledge in this area, but none of them have really been able to give me a good answer as to why this is even possible.

Re:Warning, noobish question ahead. (1)

rtfa-troll (1340807) | more than 4 years ago | (#32484708)

Because it's cheaper. Because the "anti-big-government" people (the ones with the big private contracts) make sure it's all run for maximum profit. The people that run the system don't risk that much personally (a few months wages? nothing?) for getting caught being stupid. Most of the risk is all externalised onto people who have no say in the matter (the rest of us).

Re:Warning, noobish question ahead. (0)

Anonymous Coward | more than 4 years ago | (#32484332)

There are many components to a power company's network design. Keeping things simple, there are things like Plant Management networks, transmission networks, and grid management networks. Obviously there is also always some kind of office/administrative network. People who work on these more critical networks need to do their jobs and still do mundane things like print, check email, post documents on fileservers, etc. Rather than have two dedicated machines and have an air gap between the office LAN and the critical LANs, their primary workstations are generally given access through whatever firewalls may exist. Thus: generic exploit comes in over the internet, attacker gains access to O/A, becomes domain administrator, takes over workstations, finds path to critical networks. This is just one way to do things. Many major components of the networks have connections to external facing "networks" as well. Some I have seen: modem-based out of band management for substations, management of telemetry devices using CDPD, SCADA networks with PLCs using modbus over tcp with wireless LAN protocols to bridge networks, etc. It is rare (within the US) that there are direct paths to things like the Internet from, let's say, the Windows NT system doing process control at a coal burning power plant. However, that has been seen in foreign countries. Also, the "power grid" is something of a misnomer. There are many power grids. Some are interconnected. Most have connections to outside entities. Take what I said above about traversing from an O/A network into a grid management network and extrapolate it.

Re:Warning, noobish question ahead. (0)

Anonymous Coward | more than 4 years ago | (#32484334)

I've read that these systems are accessible from the internet so that support staff can remotely diagnose problems.

Re:Warning, noobish question ahead. (0)

Anonymous Coward | more than 4 years ago | (#32484454)

I'd change that to:
Why is the power grid, which is connected to the internet, not using strong encryption on it's VPN?

Re:Warning, noobish question ahead. (1)

wjousts (1529427) | more than 4 years ago | (#32484550)

Well, my local power company is now into selling broadband over power lines. They use the same technology to connect my power meter back to the power company so they don't need to send out meter readers and they can monitor outages.

Re:Warning, noobish question ahead. (1)

lymond01 (314120) | more than 4 years ago | (#32484648)

According the the Apple Guy in Live Free or Die Hard (not a porn, but an action movie with Bruce Willis), the power grid isn't on the internet which is why the bad guys had to fly a helicopter, kill all the guards, and hardwire into the system to cause problems.

It's all right there in the screenplay...

Re:Warning, noobish question ahead. (1)

Peach Rings (1782482) | more than 4 years ago | (#32484654)

Do you suggest that all important electrical equipment be monitored and controlled physically by an operator? Any kind of remote control can make the grid vulnerable to a serious enough security breach.

Maybe not today but in the future. (4, Insightful)

elucido (870205) | more than 4 years ago | (#32483958)

When millions of people in key positions have artificial hearts, limbs, microchips in their body, nanotechnology with RFID in their clothes, then cyberwarfare becomes something physical.

If hackers can stop the artificial heart of somebody important, this is no different than assassinating the person.

Re:Maybe not today but in the future. (1)

Brett Buck (811747) | more than 4 years ago | (#32483986)

Hmm, how many people are walking around with artificial hearts, again?

Re:Maybe not today but in the future. (2, Informative)

Anonymous Coward | more than 4 years ago | (#32484068)

Dick Cheney for one. The only real hearts he has are the ones hes eaten.

Re:Maybe not today but in the future. (5, Funny)

gyrogeerloose (849181) | more than 4 years ago | (#32484294)

Dick Cheney for one. The only real hearts he has are the ones hes eaten.

I am very offended by this remark. Dick Cheney has never eaten a human heart. He's cut them out, certainly, but the only hearts he's eaten are puppy hearts.

Please retract your statement.

Re:Maybe not today but in the future. (1)

AndersOSU (873247) | more than 4 years ago | (#32484292)

With artificial hearts - 0
With VADs - hundreds
With pacemakers or internal defibrillators - tens or hundreds of thousands

I don't think any of these are accessible via the internet (yet), but most newer pacemakers are accessible wirelessly.

Re:Maybe not today but in the future. (0)

Anonymous Coward | more than 4 years ago | (#32484102)

So, it wouldn't be assassination if they stopped the articificial heart of someone unimportant?

Re:Maybe not today but in the future. (2, Insightful)

easterberry (1826250) | more than 4 years ago | (#32484220)

No, it would be murder. I'm not sure how important you have to be to get 'assassinated' instead of just 'killed' but the line seems to be somewhere around viscount.

Re:Maybe not today but in the future. (1)

ElectricTurtle (1171201) | more than 4 years ago | (#32484234)

Nope, then it would be murder. "Assassination" connotes that killing somebody would accomplish some kind of (political, economic, social) goal that is larger than the person individually. Killing John Q. Public isn't going to mean anything more than some people who knew him will be rightly upset, but if somebody kills the Pope, that will have repercussions throughout the world beyond any personal level.

Re:Maybe not today but in the future. (0)

Anonymous Coward | more than 4 years ago | (#32484346)

i think that is just murder then.

i'm not sure on the distinction between assassination and murder but when a man murders his wife (in cold blood) they never say he assassinated her. likewise if a member of a gang is targeted and killed by a rival gang member they don't say he was assassinated. i think it has to be someone pretty prominent and planned and possibly carried out by a third party or lower member of a team to be assassination.

Re:Maybe not today but in the future. (2, Informative)

Tetsujin (103070) | more than 4 years ago | (#32484120)

When millions of people in key positions have artificial hearts, limbs, microchips in their body, nanotechnology with RFID in their clothes, then cyberwarfare becomes something physical.

It's times like this that I really wish I hadn't spent all that money in the 1990s on Internet-enabled toasters... My bagel came out overcooked this morning and I just know it was because of cyber-warfare!

Re:Maybe not today but in the future. (1, Informative)

Stregano (1285764) | more than 4 years ago | (#32484320)

Mwahahahaha!

Take That!!!

Re:Maybe not today but in the future. (1)

thewiz (24994) | more than 4 years ago | (#32484378)

If someone is stupid enough to get an artificial heart/pacemaker/defibrillator with a built-in webserver, they should be given an instant Darwin Award.

There are somethings that don't belong on the Internet now or in the future.

Re:Maybe not today but in the future. (2, Insightful)

Opportunist (166417) | more than 4 years ago | (#32484512)

You are aware that you're talking about people who put their private life in the hands of Facebook and the like, yes.

But hey, maybe that's the cyber version of Mendelian selection.

Re:Maybe not today but in the future. (4, Informative)

Buelldozer (713671) | more than 4 years ago | (#32484530)

You are years behind. Pacemakers with remote connectivity began being installed in 1999 and DefCon addressed the issue back in '08.

http://venturebeat.com/2008/08/08/defcon-excuse-me-while-i-turn-off-your-pacemaker/ [venturebeat.com]

Welcome to a brave new world, one where your pacemaker can be disabled or instructed to deliver a fatal shock to your heart...remotely.

Re:Maybe not today but in the future. (2, Interesting)

mcgrew (92797) | more than 4 years ago | (#32484460)

People already have artificial body parts; the lens in my left eye is artificial, and is on struts so it can focus (I wrote about it here) [slashdot.org] . I know people with artificial knees and hips, and there are people with heart pacemakers. There is an RFID chip in my work's security card. However, these implanted devices aren't connected to the internet, and I can't see them being connected to the internet in the future.

I found Down and Out in the Magic Kingdom a good read, but I just don't see optical implants to connect to the internet ever happening.

Re:Maybe not today but in the future. (1)

networkconsultant (1224452) | more than 4 years ago | (#32484838)

Anyone here ever watch Gost In the Shell, man I can't wait for my Cyborg Upgrades, just be damn sure your wetware is made by BSD folk, because if Microsoft starts making people parts we are all screwed.

Nanotech weaponry. (2, Funny)

elucido (870205) | more than 4 years ago | (#32483988)

Anyone who does not take cyberwarfare seriously is not envisioning a world where nanotechnology is everywhere in everything. Where the enemy can create a bomb that you shallow in a pill, or that is sprinkled on your food. Where the enemy can use nano bots too small to see to kill people, or hack into or reprogram, etc.

It's definitely not fiction, it's reality. The technology to do this already exists and for all we know governments could be launching their attacks as we speak. Whoever controls the nanotech weapons will control the future.

Re:Nanotech weaponry. (0, Offtopic)

Tetsujin (103070) | more than 4 years ago | (#32484132)

Anyone who does not take cyberwarfare seriously is not envisioning a world where nanotechnology is everywhere in everything.

Oh, not to worry... I've read Ghost in the Shell...

Re:Nanotech weaponry. (1)

FeepingCreature (1132265) | more than 4 years ago | (#32484276)

Today's issues today.

Tomorrow's issues tomorrow.

Nano bots too small to see? What , like bacteria? (1)

Viol8 (599362) | more than 4 years ago | (#32484448)

"you shallow in a pill, or that is sprinkled on your food"

Newsflash - thats been around since people first figured out how to poison others.
Take your pick from poisons, bacteria or viruses. You've been reading too much sci-fi
because biology got there a few hundred million years before William Gibson.

Nothing to see here, move along please.

Re:Nanotech weaponry. (1)

coaxial (28297) | more than 4 years ago | (#32484468)

Get thee to an atomic powered flying car!

WTF? (0)

Anonymous Coward | more than 4 years ago | (#32484000)

Postmodern Slashdot?

cyberwarfare arms limitation treat? (0, Offtopic)

tnk1 (899206) | more than 4 years ago | (#32484004)

A "cyberwarfare arms limitation treat"? Yum! Does that come in cherry flavor?

Does this mean... (0)

Anonymous Coward | more than 4 years ago | (#32484018)

Does this mean that I also don't need a drivers license to drive around on the Information Highway?!

Hmm (0)

Anonymous Coward | more than 4 years ago | (#32484042)

It seems the author commits his own offense, assuming that warfare is limited to organised military efforts. How many Americans killed British soldiers during the Revolutionary War, of their own volition?

Re:Hmm (0)

Anonymous Coward | more than 4 years ago | (#32484076)

That wasn't "warfare", those were unlawful combatants in an insurgency!

There is a difference between "war" and "terror" (5, Interesting)

rtfa-troll (1340807) | more than 4 years ago | (#32484074)

As ever, this post has so many things wrong with it that it's stupid.

a) I've had my finger on the "off" switch for an entire country's power grid from a mobile phone

No you haven't; at least not in the sense that matters. Even if there is a country stupid enough to connect it's "off switch" to the internet, all they have to do is pull the ethernet cable and switch it on again. Even if you can break a small proportion of power stations, the rest will come on again. You are a "cybervandal" not a "cyberwarrior".

The real serious cyberwarfare people would do both. A disable the off switch (force it on) and b) drop a graphite bomb at a key place to do weeks worth of damage. That's proper "cyber" warfare.

Cyber"warriors" know the exploit for the radar station and disable the air defences as they fly in with real bombs.

Cyber"guerilla"s mess with account numbers in the fund transfer excels of most of the big companies in the place they target.

There's a whole load of resources which are needed for this stuff. Real test suites where you actually have the control systems of your enemies nuclear power plants; actual buildings where you can try messing up the air conditioning system, people who can actually write serious, fully EAL7 compliant defence systems. People who can write EAL7 compliant versions of exploits (have you seen the state of security software????). etc. etc. etc.

If you think your country's military doesn't have a valid role to play in a "cyberwar" then you haven't understood the difference between a "cyberterrorist" putting an "easter egg" into a flight control system and a "cyberwarrior" diverting all your civilians into the area where his nukes can strike them most effectively.

Re:There is a difference between "war" and "terror (2, Interesting)

daid303 (843777) | more than 4 years ago | (#32484298)

Even if you can break a small proportion of power stations, the rest will come on again.

Many large power plants need quite a bit of energy to jump start from an 'off' condition (normally they never go 'off' just in lower power mode). Turning off all power plants at once would be a much bigger mess then you think. I don't think you ever could do it because of fail-safes, but if you could you would start a big mess.

Re:There is a difference between "war" and "terror (2, Informative)

Viol8 (599362) | more than 4 years ago | (#32484500)

"Many large power plants need quite a bit of energy to jump start from an 'off' condition"

Coal fired plants maybe. Pretty much everything else just requires someone to press an on button. Gas turbines are easy to start, nuclear never really goes off even with the rods in and hydro is as simple as opening the sluice gates.

Re:There is a difference between "war" and "terror (1)

rtfa-troll (1340807) | more than 4 years ago | (#32484808)

I think both you and daid303 are a bit right. In the case of a nuke plant, there's often a safety trigger which fires damping rods into the station and takes weeks to recover from. If you just take the station off the grid (as our hacker guru was proposing) then they can probably come back on again pretty quickly. If you are a serious "cyberwarrior", then you take a proper model of the control system and you work out a way to get the emergency systems to trigger.

This is where I call bullshit on Mr Graham. Unless you have an copy of the power station control system, you can't test and be sure your attack on it will properly trigger the emergency systems. That's why proper "cyberwar" takes more resources than just a little bit of "cybervandalism". You are actually aiming to reliably destroy or disable large amounts of infrastructure in a very short amount of time. This is not something you do with just a single guy and a mobile phone.

Re:There is a difference between "war" and "terror (1)

networkconsultant (1224452) | more than 4 years ago | (#32484858)

How about dropping a Pinch over southern California let's say right above Google and Intel's head quarters? Remember Pakistan is the world leader in that technology; no colleateral damage and nothing but sheer chaos on the ground. These are real BCP senarios; outlined by various standards such as the ISO.

no different from other metaphors (2, Insightful)

csrjjsmp (819838) | more than 4 years ago | (#32484078)

It is warfare in the same sense that computers think or ships swim. In other words, it really isn't, but it's a convenient metaphor to use because the truth is too complicated for the average person.

Don't you mean Information Warfare? (2, Interesting)

Anonymous Coward | more than 4 years ago | (#32484122)

Anyone who puts the word 'cyber' in front of something should probably be shot.

Moving along to more immediate activities, we are actively seeing 'Information Warfare' being executed on the Internet. The latest widely heard event was the Israeli-flotiilla debacle, and subsequent dis-information campaign from every possibly side. Ask someone who has stated they have been following it, and see what factual information they can give you, and have them list multiple non-governmental independent investigatory sources for validation. It isn't possible.

Re:Don't you mean Information Warfare? (1, Funny)

Anonymous Coward | more than 4 years ago | (#32484226)

Maybe they meant cyborg-warfare. Terminators and bleached human skulls as far as the eye can see.

Russian government with a foot in the mouth (3, Interesting)

mapkinase (958129) | more than 4 years ago | (#32484140)

This is not the first time Russian government reveals its unique idiotic approach to technology. As a former Russian citizen I am following the drama of Russian government politics in technology, which, synthetically speaking, is a laughing stock of Russian technoblogging community.

Basically, the technology policy of the Russian government does not differ much from:

1. New exciting promising technology discovered!!
2. ???
3. Profit (get recognition, re-establish mother Russia as a world superpower, look wise, etc)

Replace ??? with "flood zillions of roubles into this technology without any sense of balanced budget" (which was the case of "nanotechnologies") or in this case "propose a treaty to curb technology".

One would think that smartass KGB spy would do better than idiot Khruschev, but no... the result is the same: embarrassment and ostracism of Russia on the international level.

Re:Russian government with a foot in the mouth (0)

Anonymous Coward | more than 4 years ago | (#32484348)

I don't think anyone can ever take Russia seriously, especially after the Buran [wikipedia.org] . That catastrophic joke of a space program solidified Russia's standing as the nation of no innovative or original thought whatsoever.

Even the hangar that housed it was a poorly engineered disaster that was waiting to happen (and eventually did).

Re:Russian government with a foot in the mouth (1)

gblackwo (1087063) | more than 4 years ago | (#32484458)

Seriously? You needed to start the Buran is worse/better than the Shuttle debate on slashdot again? Cue the fanboys on how completely different the two programs really were. Secondly, it's not as though the retired shuttle program was spotless.

Re:Russian government with a foot in the mouth (0)

Anonymous Coward | more than 4 years ago | (#32484632)

The STS Shuttle program wasn't exactly spotless, I will agree with you, but the Buran was the most expensive space project the Soviet Union had ever undertaken. (Why? How much money does it cost to blatantly copy a design?) It flew once, never carried a single soul, and was immediately mothballed.

To an American capitalist like myself, that's just fucking hilarious.

it's real (2, Interesting)

Lord Ender (156273) | more than 4 years ago | (#32484156)

In the same sense that nuclear war is real, cyberwar is real. We've seen both only in limited fashion. We know the technology exists and works. We've just never seen two well-armed adversaries thoroughly go at it.

There's a lot of fiction about full-scale nuclear war. That doesn't mean nuclear war itself is fiction.

Re:it's real (1)

delinear (991444) | more than 4 years ago | (#32484358)

The difference is that we've seen the effects of large scale nuclear attacks agains populated areas - we can make a reasonable extrapolation from that or what it would be like if two superpowers with nuclear weapons were to use them against each other. We've never seen what a "cyberwarfare" attack of the same magnitude could accomplish outside of a movie. Would it really bring society to its knees, or, more likely, would there be a few isolated incidents resulting in us taking some systems offline until exploits and security flaws were patched and then business as normal? The only way I can see cyberwarfare alone having much of an impact is if you can use it to trigger some kind of physical event while making it more difficult for the emergency services to respond, but it still seems the scale wouldn't be anywhere near so great as even conventional long range bombing. Possibly there is a place for such an attack alongside a conventional invasion, to knock out communications and make logistics, warning systems and intel gathering more difficult. On its own I can't imagine it ever being effective, for one thing you'd leave a society largely unaffected, if they're more powerful militarily than you you'd better hope they can't trace the attack, because you just gave them the perfect excuse to wipe you off the face of the planet in "self defence".

Re:it's real (1)

Lord Ender (156273) | more than 4 years ago | (#32484568)

There was not "large scale" nuclear exchange in WWII. There never has been. That was small-scale one-sided, as the Estonian cyberwarfare was small-scale, one-sided.

Oh please (1)

Viol8 (599362) | more than 4 years ago | (#32484556)

Nuclear war: Large area are vapourised, even larger areas poisoned for centuries. Result - everyone and everything larger than a bacteria dies.

"Cyber" war: Someone deletes some files on some computers and causes others to crash. Result - ethernet cables are unplugged and machines are restored from backups.

Get a sense of perspective.

Yes, it is all fiction and ... (0)

Anonymous Coward | more than 4 years ago | (#32484208)

... and no printers have ever been delivered to unfriendly nations that contained complete cyber warfare ready code. That code wasn't used in the beginning of a drop-bomb, send-tanks-in war to bring down central parts of the network of the unfriendly government either. It is all fiction.

I suspect there are many Asian made routers with some "extra code" in them too and I wouldn't put it beyond some "friendly" governments to be working with manufacturers to insert special code inside equipment destined for unfriendly or known-to-sell-to-unfriendly-nations either.

Of course, all of this is fiction and not public knowledge.

It's a very useful fiction... (5, Insightful)

fuzzyfuzzyfungus (1223518) | more than 4 years ago | (#32484222)

The convenient thing about "cyberwar" as a slogan is how it allows you to extend the notions of "wartime" into virtually every nook and cranny of life and infrastructure.

The term "cyberwar" quietly implies that virtually any net-connected system is a potential or actual combatant. From here, it's just a hop, skip, and a jump to applying military/wartime standards for such niceties as atttacking systems, or requisitioning access. Even better, since "cyberwar" is, for suitably nebulous definitions, something that occurs pretty much constantly, among a wide variety of state and nonestate actors, with various levels of covertness, the mandate covers basically everybody, everywhere, and is of unlimited duration(See also: "Global war on terror").

Who needs bullshit like "warrants" or "due process" when any computer system can simply be declared to be an "enemy combatant" or "materially supporting an enemy combatant"? If you think the notion of charging an object in order to avoid procedural restrictions is absurd, be aware that it is already standard practice in the context of "asset forfeiture". (which makes for some rather ridiculous case names [wikipedia.org] ...)

Analogy (-1, Offtopic)

handy_vandal (606174) | more than 4 years ago | (#32484304)

Fill in the blank:

"Cyber-" is to technology

as "Green" is to __________

Mod author "Overrated" (1)

BobMcD (601576) | more than 4 years ago | (#32484364)

Point 1, "Hacking is opportunistic."

For civilians, yes, it certainly is. When you have operational forces at your command, however, it can get notably less-so. You could, for example, develop a virus and compel Microsoft to include it as a Windows Update. Or get a CIA operative to smuggle it in, conduct a raid on a connected node and have the soldiers upload it, duplicate the hard drive of a dignitary and implant it there, etc, etc, etc.

This point is basically saying that because small arms don't have killing capacity against tanks, we don't ever have to worry about governments attacking us. It is bizarre and limits governments to powers that only civilians would use.

Point 2, "Cyber-warriors aren't military"

Yeah, and neither was Osama Bin Laden. Yet we recruited him and gave him weapons to use against the Soviets in Afghanistan. If you think we just hinted at what we wanted him to do, you're absolutely insane. He was even on the payroll, as I understand it.

Governments have these people called 'operatives' that infiltrate organizations like the ones described by the author. These poor souls get burned if they get caught, but they knew that going in. Don't wax poetic about the cost of keeping clean hands without acknowledging that intelligence operations exist. Even in the civilian world we have 'social attacks', so who is going to believe that the government does not? What about 'youth groups' fundamentally changes this in any way?

Point 3, "Indeed, in America, such youths are more concerned about attacking our own government and corporations ("fighting the Man") than they are about fighting foreign adversaries."

So in America, there are only one type of youths, the anti-government type, and elsewhere they're all the opposite.

This is so weak I'm simply not going to waste time rebutting it.

There is no cyberwar... (0)

Anonymous Coward | more than 4 years ago | (#32484366)

... but there is cyber-security. Keeping a barrier between your systems and the potentially malicious or perhaps just curious outsiders.

Lines of power on the internet are not under the control of governments. A system that is not safe can be just as successfully or better attacked by a single individual or a whole army.

Numbers only mater in DDOS attacks. And the nature of these attacks, most effective to date, is in essence a shouting match, only conducted on the internet. And no botnet does it better than an idea that resonates among the people. There is no other defense than being prepared to serve faster and to filter the noise. Sometimes, the idea is national, like it was during the outfall of the Bronze Solder move. More often it is not. and its not certainly under any governments direct control.

cyber is a dumb name but it is real (4, Insightful)

jollyreaper (513215) | more than 4 years ago | (#32484382)

Sticking a stupid name on something and overblowing what it means isn't the same thing as it not existing to begin with. Computers are vulnerable. People who don't like us can exploit those vulnerabilities. But this is really just another arena of non-shooting conflict, all under cloak and dagger.

The CIA has a long history of trying this sort of thing, sometimes successfully, many times not. There's directly funding revolutionaries, slipping agents into countries, running guns, sponsoring assassination attempts, economic sabotage, infrastructure sabotage, spying with human intelligence, electronic intelligence, satellite intelligence, etc. The CIA has a history of over-promising and under-delivering but this doesn't mean they won't still try.

The Russians have traditionally been much better at running spy rings. The beauty of hacking is you don't even have to put your own assets in-country and risk their capture.

On one hand, I don't think we'll ever get to the point where it can be Die Hard 4 info-Armageddon with hackers blowing up power plants at will. I think that public screwups will force a higher level of security and more rigorous design so that we are less vulnerable to external attacks. On the other hand, the BP fuckup shows that reason and logic are poor tools for explaining the behavior of large organizations. BP should have taken drilling seriously. They should have realized that they had no good plans for capping an uncontrolled well so if they were going to drill, the only option would be making sure they would never, ever, ever have an uncontrolled well. All the internal warnings they had in the months leading up to the disaster should have been their opportunities to stop the disaster before it happened. And we can see how it turned out.

Is it a fiction? (-1, Redundant)

Anonymous Coward | more than 4 years ago | (#32484452)

Yes

Let's be serious... (1)

whackedspinach (1703780) | more than 4 years ago | (#32484820)

Cyberwarfare is very, very real. If anyone disagrees with me, google "Skynet".

This is serious (1)

redconfetti (1786894) | more than 4 years ago | (#32484864)

This is a very serious matter! You might not be old enough to remember this, but it caused quite a stir back in 1979, and almost started a war, when some kid logged into the WOPR at Norad and started simulating a Soviet attack. Luckily they were able to stop the systems from a real attack by throwing the computer system into a tic-tac-toe loop. Then of course there was the Da Vinci virus that almost sunk that oil tanker. Something needs to be done about this!
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>