Chertoff Advocates Cyber Cold War 115
Jack Spine writes "The US and allied countries should formulate a doctrine to apply the principles of nuclear deterrence to cyber attacks and cyber espionage, according to former US Homeland Security secretary Michael Chertoff. No matter that it's very difficult to attribute the source of cyber attacks — just take punitive action against the platform being used to attack, says Chertoff."
Leak more cyber spy data (Score:3, Interesting)
So! Skeletor Advocates Drinking of Human Blood? (Score:4, Informative)
No big surprise.
Chertoff was the head of DHS who hired Stasi officers - like Markus Wolf - to design plans fro a mandatory ID programme, like that used to control freedom of movement in the former East Germany.
"Chertoff is credited with authoring the Patriot Act, the 300-plus page blueprint for the modern National Security State; patterned to great extent on the successes of the KGB in the Soviet system. He's admired among his Bush cadres for making sure that government surveillance operates at maximum efficiency. Under his stewardship at the Dept of Justice, the 4th amendment has withered like summer grass. The long-held belief that citizens, have a right to a "reasonable expectation of privacy" has buckled under the demands of
"Big Brother" and the new "intrusive" security paradigm."
And: "Chertoff's record of failure at Justice is second only to that of Ashcroft. His 4 year tenure hasn't produced even one identifiable success. (Check out his "obstruction of justice" in the John Walker Lindh case on Democracy Now)
Instead, his personal ineptitude and his palpable contempt for the law have only showered more disgrace on the institution of American justice. That probably explains why he's being moved up the bureaucratic dog-pile to the top rung of Homeland Security. In Bush-world "failing upwards" is more commonplace than cowboy boots at a Crawford tent-show."
Falliing Upwards: The Rise of Michael Chertoff [counterpunch.org]
Before this? He was an Assistant Attorney General - who enabled Chiquita to escape prosecution for hiring private, right-wing death squads - to suppress fair-trade practices from emerging in the banana plantations of Colombia.
"Chiquita, [company officials told Chertoff], would have to pull out of the country if it could not continue to pay the violent right-wing group to secure its Colombian banana plantations. Chertoff...affirmed that the payments were illegal but said to wait for more feedback, according to five sources familiar with the meeting...Sources close to Chiquita say that Chertoff never did get back to the company or its lawyers. Neither did Larry D. Thompson, the deputy attorney general, whom Chiquita officials sought out after Chertoff left his job for a federal judgeship in June 2003. And Chiquita kept making payments for nearly another year."
Chertoff, Chiquita and Death Squads [counterpunch.org]
Now, this Mossad-tool wants to escalate the idea - absurd to those with a deep, functional knowledge of IP switched networking - of Cyber Cold War.
This is another part of the steady drumbeat to get a CCOIA type law passed - so the US gets its own "Great Firewall of China".
Chertoff DOES have a real enemy that he wants to damage in his cyberwar: the enemy is YOU.
Re: (Score:2)
Obviously, he understood the purpose of the program and wanted to hire people with a record of success in implementing similar programs. The logic is unassailable, though the morality may be flawed.
Re:So! Skeletor Advocates Drinking of Human Blood? (Score:4, Insightful)
the morality may be flawed.
"May be?" Saying the morality of this "may be flawed" is like saying my pet unicorn "may be flawed". There is no morality in it, period. It's completely immoral, plain and simple. The Stasi are evil, and so is Chertov. But it is logical to hire a man without morals to head an immoral agency that should never have existed in the first place.
Re: (Score:2)
Ironic [wikipedia.org] Understatement [wikipedia.org] . [urbandictionary.com]
Re: (Score:2)
Ironic distancing rhetoric, in the face of such uncompromising evil, is a form of unconscious minimising behaviour. It is the equivalent of taking a psychological anaesthetic.
Re: (Score:2)
The name "Chertoff" is Russian. It is a family name that can be translated quite succinctly to English as "of the Devil".
Excellent idea (Score:2)
Re:Excellent idea (Score:4, Funny)
Re: (Score:1, Interesting)
It was, for the US. It was the US outspending the USSR in military buildup that led to their destabilization and collapse. Mission accomplished. Sad thing is that is what the current world situation is doing to the US now.
Re: (Score:3, Insightful)
The other sad thing is that we still haven't paid for it.
There is no way it was successfull for the US, it was a stupid and unnecessary pissing match from day one. An embarassment for the country. I am still against having a standing army. We have no need to have forces outside of our borders. Its a shameful waste.
-Steve
Re: (Score:2, Interesting)
The worst part about a standing army is that it creates two functional classes of citizens that do not share the same fundamental need.
Those that have signed their right of refusal over to the government should not be permitted to vote or participate in political events or debates until the right of self-determination is legally returned to them.
During their period of service they must be treated as exactly what they signed up to be - fleshbots for whoever comes to power during their tour.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Actually, taxes kind of are theft. I have little problem with this as long as they are not used for things that I find absolutely abhorrent... like military buildups, massive surveillance, and wars.
Re: (Score:2)
Re: (Score:2)
I don't see how that logically follows. You make the assumption that the only way to pay for these things is through taxes.
When is the last time the government tried a telethon? Seems to me they just like to tell people "You pay us, for whatever the hell we want to do, whether you like it or not".
I am all for roads, libraries,.... um I don't see where commercial airlines come into this since the government really has little place there except where they have forced themselves in...
I would gladly pay for the
Re: (Score:2)
Commercial airlines come in because the government hugely subsidizes the commercial airline industry in the US, running everything from air traffic control to airport security at little to no cost to the airlines involved because having cheap, functional air transportation in this country is in the best interest of US businesses.
Your opposion to 'all of it' until everything is run the way you want is incredibly childish and is the
Re: (Score:2)
Well thats how I feel about a war on the citizenry. Honestly, I don't consider this my country so much as the country I was born inside of, and which is run by an entirely different economic class. I openly state my preference for breaking up the union, and see little real benefit to the common people in keeping it together any longer. Its pretty outdated and no longer needed.
Re: (Score:1)
Re: (Score:2)
Its such a great idea. The first cold war was so successful, lets have another...
Not only that, but now there are some other specific differences to make this a piss-poor idea:
Act against technologies? (Score:5, Insightful)
...nation states should be able to act against technologies in countries being used as a platform for attack...
So, nuke Redmond?
Re:Act against technologies? (Score:4, Insightful)
Nah, someone will just root some of the US militarise own shitty, poorly patched windows NT boxes and use them as a platform for attack.
The US military will then MAD it's own network into the ground to show them who's boss.
Or even better.
If I want to take down some website, I don't have to do the hard work any more.
Just find any insecure app or server in the same server farm and use it to launch some trivial attack against the US government.
The US government then does my attack for me, DDoSing or blackholeing the entire datacentre and my target.
I've heard enough silly ideas over the years for systems of actively attacking machines which attack a network, sometimes in an automated fashion.
Most automated ones are trivially subverted to use against third parties and the non-automated ones depend on the people in charge being able to find their arse with both hands... unfortunately it's the military.
Re: (Score:1)
You have a bright future at the CIA. ;-)
Re: (Score:2)
...nation states should be able to act against technologies in countries being used as a platform for attack...
So, nuke Redmond?
Don't let them escape beforehand, either.
I don't necessarily see a problem (Score:3, Interesting)
So long as they don't respond to a DDoS with one of their own, but with a targeted attack designed to silence the particular nodes in question, then it's probably a good thing. It's not like it's not possible to keep logs to see if these guys are operating outside their mandate.
As a former BOFH... (Score:2)
I say that anyone who's system is being used for DDoS attacks can't complain about such treatment. They should have secured their systems.
Re: (Score:1)
Re: (Score:3, Interesting)
Re: (Score:3, Insightful)
You're right. An eye for an eye, a tooth for a tooth, and soon you need seeing-eye dogs and dentures.
With two million botted machines in the US alone (a conservative estimate), you could piss off a lot of homies, too. I don't think Chartoff realizes just how many pawns there are, ready to march, and give him a bad day. That we don't consider those pawns as attackers-in-waiting is a fool's blindness.
False flags abound (Score:1, Insightful)
Soon even the smallest of countries can wield the destructive force of a superpower: Just make it look like your opponent attacked the USA and the USA will do your dirty work.
Re:False flags abound (Score:5, Insightful)
For once, this is a proposal from the security theater industry that isn't batshit insane. You DDOS us, we null-route the offending nodes, or we politely ask whoever supplies your country with connectivity to do it on our behalf. You DDOS an airline reservation system, stranding millions, and we null-route your country until its uncooperative ISPs learn to play nice. You DDOS an air traffic control system so hard that you actually start killing people, and we not only null-route the country until the dust settles, but we also reserve the right to shut down the offending data center with a LART, presumably in the form of an earth-penetrating mallet. (And we expect that you will do the same to us, if our roles are reversed.)
The present situation is that we run around like chickens with our heads cut off, make vague fearmongering sounds about "what if", and apply for increased funding. That'll happen too, but at least this way there'll be some ground rules as to what sort of retaliation is permissible. Go ahead and spy on us (if we catch you, we'll block you). Try to poke at us (but don't do much damage) and we'll get annoyed. Break our toys, and we'll break your toys. Do collateral damage, and the gloves come off.
Re:False flags abound (Score:5, Interesting)
The problem is collateral damage. What is more likely the nation of Elbonia is attacking the United States by DOSing an airport reservation system? or a competing airline hired some crackers to harm the competition, and those crackers have rooted some machines at the national ISP of Elbonia, that they do it with?
So we respond by routing the entire nation via 127.0.0.1, which is great in that it solves the problem but it probably denies all sorts of services to innocent people, and I am not talking about Mohamed's Netflix subscription, what about that X-Ray the surgeons there wanted a consult on, and the nations telephone system which is IP based at least for international calls. Oh and hey the assembly plant GM is trying to operate there, etc etc. All this is going to do is make small problems big ones.
Re: (Score:3, Interesting)
Perhaps. The operating theory here, I think, is that at some point, a government will stop doing such idiotic things as cyber warfare because the costs are too high. Just like the threat of economic sanctions.
Part of the problem, however, is that for all the "control" we might have over the internet, it's a global network that by design can't just be turned off like that. Personally, I think that good old fashioned, "Oh, you shutdown our air traffic control system? Here, we'll shut down your airspace by
Re: (Score:2)
Re: (Score:2)
Did I miss something? AFAIK the costs of nuclear MAD are in the "somewhat high" category, yet no-one has yet gone "you know what, we'll get rid of them all because it just isn't worth it - it'll all go wrong, no-one wins and it is an expense we just can't manage".
If you meant the financial cost of daily ops and overheads, who said it even needed to be of
Re: (Score:2)
Unless of course all ISPs in that country will submit to whatever the American government says based on the promise that American ISPs will cater to every whim of every foreign government. Well, every whim that involves shutting down arbitrary network nodes.
Re: (Score:1)
You sign on to ACTA or we'll say you DDOSed an airline reservation system and null-route your entire country until you do.
Re: (Score:2)
And that'd be different from the current situation... how?
For once, this is a proposal from the security theater industry that isn't batshit insane. You DDOS us, we null-route the offending nodes, or we politely ask whoever supplies your country with connectivity to do it on our behalf. ....
Dr Julius No here: I'm about to set up a botnet. Once I'm done I'll send a command to all the zombies in US to DDoS and I'll shut down my command center. Good luck, America, in null-routing in your own network and/or sending LART-s on your own soil (crazy laugh).
Re: (Score:1)
Stupid, stupid, stupid. (Score:2, Insightful)
If you've spent 2.3 billion to construct another power plant and you are too lazy to actually staff it, something tells me an extra $150,000 to run dedicated lines from it to your main of
Re: (Score:1)
If we can lay a direct telephone line between Washington DC and Moscow to prevent a nuclear war, something tells me we can afford to lay some cable 10 miles to prevent some "cyber cold war"
The /. "air gap" theory is crap. I don't think you appreciate the complexity of the problem. Critical systems aren't just SCADA systems. What about financial transactions? Should we have a separate banker's internet that contains all redundant equipment? How about DoD unclassified? For that matter, what about systems that are secured, but utilize existing routers, lines, etc because it would cost millions to build an entirely separate transcontinental backbone just to keep the infrastructure separate
Re: (Score:1)
For larger banks, financial transactions absolutely DO use dedicated lines.
But not for all transactions. Also not true for many stock brokers, traders, etc.
air traffic control etc should be directly controlled by a human on-site.
ATC consists of a nationwide network of radar sites that share data across the network. Controllers are responsible for a large region [wikipedia.org], and flights have to be handed off from one region to another. It used to be that all of this was done via proprietary radio and terrestial links, but the FAA found out it was much cheaper to use existing internet connectivity.
There's absolutely no need whatsoever to have public infrastructure connected to the internet short, of saving a small amount of money on maintenance.
I don't have the numbers available for this, but long-haul netwo
Re: (Score:2)
shooting the messenger (Score:5, Insightful)
Just like we took punitive action against Logan Airport and United Airlines for 9/11? Oh, right.
When "our adversary" uses the likes of Google or Akamai or British Telecom against us in a cyberattack, we're going to return fire on those platforms?
Hey, I'm putting a scheme together about the RIAA...
Re: (Score:2)
Given the D- and F grades our government usually gets for security its more likely the platform used to attack will have a .gov or .mil extension; and hey the terrorists might figure gee if we look to rooting those boxes we might get some collateral damage from friendly fire.
Seriously I thought this whole retaliatory stuff got dropped by the computer security professions years ago once they realized that to be effective the systems would mostly need to be automatic because whatever you do is time critical,
Re: (Score:2)
Well, we certainly considered taking action against the specific airliners being used by the attackers. If a certain IP is being used by an attacker, why not null-route it where possible, or DoS it where not possible? It sounds like an easier decision than shooting down a hijacked passenger plane.
One would hope that there are some checks and balances in the process to reduce the chances of abuse by authorities, of course.
"Cyber" (Score:5, Insightful)
"Cyber" is the vague sort of word that Government Management uses in an attempt to sound technologically astute. As soon as you hear a phrase such as "cyber war", you know you are dealing with a management automaton paddling beyond its depth.
It's interesting to note that this term is a back-formation made from "cybernetics":
"From Greek kubernts, governor, from kubernn, to govern."
Makes it sound as though this is another war that being invented by the government to spend the people's money to take the people's freedom away.
Of course it is. (Score:4, Insightful)
Terrorism is only scary to people who shouldn't have been let past the third grade. Even irrational people understand their risk of death by terrorism is pretty much nil, compared to say their risk of horrible death involving decapitation and other hilarious ends while driving.
"Cybersecurity", though?
Computers are strange, wondrous magic boxes for the vast majority of the population. Even for the supposed tech whiz 'next generation'. Oh, sure, kids these days understand Twitter. They sure as hell don't understand TCP/IP. What better platform, then, to force Americans to do what we do best? Wet our pants in baseless fear and beg our government to strip us of our freedom.
OH NOES OSAMA IS WHISTLIN' INTO A PHONE AND LAUNCHING NOOKS FROM SATELLITES! :O SAVE ME, GOVERNMENT!
*sigh*
Re: (Score:1, Insightful)
I've met perfectly well-educated people who think that the new rules for liquids on airliners are a great enhancement of their safety. There are lots of brilliant people who can't do arithmetic.
Re: (Score:1)
Pardon my humor:
General "Buck" Turgidson: Mr. President, we must not allow a mineshaft gap!
Replace "mineshaft" with "cyber". Violla! A new cold war with lots of funding! Such a deal!
Re: (Score:1)
DHS will save us from cyber terrorists! (Score:2, Interesting)
Maybe we should all take our shoes off for inspection before we get online. Or make us wait in an unguarded corral area for half an hour before we can enter the secured area. Or randomly pull users aside for full system scans. Or force users to their own drink breast milk before logging in.
I sure as hell don't want them "attacking" computers online.
Re: (Score:1)
I always take my shoes off when I get online - penny loafers look funny when you aren't wearing any pants.
Now where is that post anonymously button... Hold on, should be on the submit page.
who is jack spine? (Score:1)
jack spine writes; the US and allied countries should....
jack spine should realize he is NOTHING
Re: (Score:1)
Re: (Score:2)
At least his last name's not "Golf".
Internet don't work like that. (Score:3, Insightful)
Anyone can fake the origin of a attack, so the basic rule about this is: never attack the attackers. If you do this, you can be used as a means to attack others!.. like your cpu power be used as part of a DDoS against a third party.
Internet just don't work like that.
Re: (Score:3, Informative)
Indeed, it's like he's never heard the term Joe Job [wikipedia.org].
Ahahahah! Fools! (Score:5, Insightful)
Seems to me these people still do not understand the threat. This is not warfare. It is vandalism, petty theft, corporate espionage and maybe some extortion. You cannot fight crime of this sort with a cold-war strategy. Several reasons:
This strikes me as basically an over-aggressive, "bully"-type strategy by people that like to employ violence, but are not very bright. It is doomed to fail from the onset. The situation is a bit similar to the "war on terror", but more like a "war on (petty) Internet crime". Fighting crime with military means has never worked and will never work. The way to fight crime is by I) better securing your property (but especially the government and military seems to be hugely incompetent in that area) and II) standard police work. The added complication is that this is an international problem, something the US is notoriously bad at tackling, since they do not understand the rest of the world at all. But bombing shoplifters is not something that is going to work, ever, and even not very bright people should be able to understand that.
Re:Ahahahah! Fools! (death by irony?) (Score:2)
Not only is it doomed to fail, it is ironic, too: http://www.pdfernhout.net/recognizing-irony-is-a-key-to-transcending-militarism.html [pdfernhout.net]
As I wrote on that page: "There is a fundamental mismatch between 21st century reality and 20th century security thinking. Those "security" agencies are using those tools of abundance, cooperation, and sharing mainly from a mindset of scarcity, competition, and secrecy. Given the power of 21st century technology as an amplifier (including as weapons of mass destruction), a sc
Re:Ahahahah! Fools! (Score:4, Interesting)
Yep, that'll work (Score:2)
That was the solution to the balance of power pre-WW1 if anyone remembers a bit of history. We all saw how that ended up.
Meh, basing the entire future of the internet on "Go on, do it, I dare you" will not end well for anyone. I can already see an RIAA/MPAA sponsored 'attack' taking down most of the internet (and them meddlin` filesharers!) for a few weeks.
Re: (Score:2)
I like how you ignore the 60+ years after WWII. MAD absolutely does work. There have been dozens of near world-ending situations where fingers were literally on the actual buttons to send nuclear weapons at other countries.
It doesn't matter what got us into those situations (political turmoil, technical glitches), it was MAD that prevented us from pushing the button.
Oh, really? [wikipedia.org]
Re: (Score:2)
This is a declaration of war (Score:1)
Frame somebody!!! (Score:2)
why the US uses smart bombs instead of nukes (Score:4, Insightful)
For example, in the absence of any intelligence, other than that "bad guy" insurgents are hiding in a certain city, then a nuclear bomb would be more effective than a smart bomb for causing harm to the enemy. The drawbacks of such a brutal and lazy strategy are pretty obvious, from huge loss of innocent life to the possibility that most of the bad guys survive the nuclear attack (maybe they're in a bunker or spread out so that a nuclear burst takes out only a few at a time). A smart bomb would be useless, a bad guy is more likely to die from traffic accidents.
OTOH, intelligence on where exactly the "bad guys" are leads to the smart bomb being much more effective. A smart bomb delivered right to the basement is more effective than a nuclear bomb blindly lofted a dozen miles away.
That sums up what I see as the first problem with Chertoff's proposals. Since the force is not focused nor based on decent intelligence, it doesn't harm the foe and harms innocents instead.
Second, unfocused harm has the tendency to warn the enemy that you know something before you get a chance to significant damage to them. A worst case here would be a rigid retaliation procedure that a foe could use to map out the sensitivity of your defenses and deliberately trigger unpopular retaliation attacks on innocent targets.
As it stands, there apparently is a large scale, systematic looting of US (and developed world) knowledge by unknown parties (often thought to be the Chinese government or Russian underworld). There should be a price paid for trying to steal millions or billions of dollars of information. I think that Chertoff's suggested approach is a losing strategy that doesn't help the US mitigate the loss from such activities.
Re: (Score:1)
Bad joke ... (Score:2)
Anyone with the name "shirt off" doesn't need to be commenting on the use of the internet.
Why not just unplug the router? (Score:2)
No reason, no logic, just blabbering (Score:2)
The person in the TFA goes on some random blabbering about "attacks on infrastructure" and "thousands at risk", proposes "cold-war, nuclear deterrence"-like strategy, then contradicts itself by saying "then ... incapacitating the platform used to attack is something that you have to do", then goes again to talk about "overwhelming force" and what not.
There's no logic in that, and, if anything, it is the opposite of MAD, the dominating war strategy of the Cold war.
The premises of MAD were clear -- a few powe
Maybe he was misquoted. (Score:2)
Maybe he said "nuclear due process" and the interviewer mistakenly wrote down "nuclear deterrence." He'd certainly never advocate destroying a US Citizen's computer without any due process! That would be just wrong! Chertoff's a former Assistant U.S. Attorney! I'm sure he respects the Constitution and would never advocate something so awful.
Let's have zero tolerance for zero tolerance! (Score:2, Insightful)
Destroying the countries where attacks originate is a broken doctrine, IMO. Use of force should always be measured, and focused, lest history revile us. The ease of false flag operations in "cyberspace" make the nature of our responses to attacks even more important. I would dismiss Chertoff out of hand were it not for the possibility that, rather than harmless BS, talk like this may encourage a doctrine that will allow our government to start wars and engage in various intrigues, to evil ends. Chertoff co-
My Proposal (Score:5, Funny)
I propose ignoring Chertoff.
Re: (Score:1, Insightful)
I second that. Chertoff was the idiot that claimed in the days afterward that the devastation Katrina caused to New Orleans was unexpected. Which is a load of crap given that people had been warning for decades that a major hurricane rolling over New Orleans would indeed be a complete disaster, the preparations for the possibility were inadequate, and there were several close calls that made it obvious (e.g., hurricane Ivan in 2004). What kind of head of the "Department of Homeland Security" wouldn't kno
Re: (Score:2)
I propose ignoring Chertoff.
Sorry, bub, there's significant prior art on that one.
Good thing it's Michael... (Score:2)
... because when I saw TF title I wondered why the hell Melanie Chertoff would even have an opinion on the subject.
Shocking! (Score:1)
In other shock news today the American military-industrial complex suggested that the world become more paranoid and adversarial.
Contrary advice from the UK (Score:2)
It's unusual to see open disagreement between such statements, which are usually carefully orchestrated; I wonder whether it reflects an underlying conflict between DHS and the new Cyber Command, with GCHQ siding with Cyber Command?
Chertoff is an idiot (Score:3, Interesting)
Chertoff was behind the preposterous program on CNN where a collection of lawyers sat around trying to play techies on TV. Most of them were probably technology challenged, and they focused on legal nonsense to deal with a weird technical scenario (a malicious cell phone app goes wild and shuts down the power grid).
His crazy ideas led to the proposal to shut down the Internet in the event of national emergency.
When he was in office he was behind a stunt where a cybersecurity attack was assumed and a piece of equipment was misused and rigged to tear itself apart -- on TV -- by doing something that has been known for decades to be a no-no.
The only value of Chertoff's nonsense is publicity for the issue. Everything beyond that is idiocy.
Cybersecurity is clearly a serious concern and work needs to be done to improve it for critical infrastructure. But off-the-wall ideas coming from Chertoff are not the way to move forward. Instead, we should have people who know what they are doing lead the effort.
Terrible Idea (Score:2)
LOOK AT THIS PAPER (Score:2)
No, really look at this:
http://csrc.nist.gov/publications/history/myer80.pdf [nist.gov]
I had a fellow Researcher send this to me this morning - it blows the lid off of what I've been speaking (LOUDLY) and writing about for years - here and other places, basically Subversionhack:
http://subversionhack.livejournal.com/ [livejournal.com]
https://tagmeme.com/subhack/a/ [tagmeme.com]
^ 2nd site has Certificate Expiration problem ^
Chertoff article:
"Chertoff told ZDNet UK at the conference that cyberattacks on critical national infrastructure could put thousa
Re:LOOK AT THIS PAPER - Addendum (Score:2)
This, previously mentioned fellow Researcher is on a hot trail - an update:
The paper was re-done in 2001.
http://www.dtic.mil/cgi-bin/GetTRDoc?Location=U2&doc=GetTRDoc.pdf&AD=ADA417629 [dtic.mil]
Now, from a completely different team Researcher, same trail:
Another paper on that same line from the Navel Post Graduate School.
It makes reference to the Myers' thesis.
"A Demonstration of the Subversion Threat" by Emory A. Anderson
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.149.5898&rep=rep1&type= [psu.edu]