Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The One Sided Cyber War

Unknown Lamer posted about a year and a half ago | from the great-firewall-of-america dept.

Government 215

Curseyoukhan writes with a skeptical perspective on the U.S. Cyberwar posturing. From the article: "The first shot was probably the release of Stuxnet sometime during or before 2009. Even though no one has officially claimed responsibility everyone knows who was behind it. Stuxnet hit with a bang and did a whole lot of damage to Iran's uranium-enrichment capabilities. We followed up Stuxnet with Flame — the Ebola virus of spyware. What did the Iranians fire back with? A series of massive, on-going and ineffective DDoS attacks on American banks. This is a disproportionate response but not in the way military experts usually mean that phrase. It's the equivalent of someone stealing your car and you throwing an ever-increasing number of eggs at his house in response. It's fascinating that Iran continues to do nothing more despite the fact that U.S. critical infrastructure currently has the defensive posture of a dog waiting for a belly rub. Keep that in mind the next time you hear that a 'cyber Pearl Harbor' is imminent."

cancel ×

215 comments

not really (4, Insightful)

phantomfive (622387) | about a year and a half ago | (#42670735)

It's fascinating that Iran continues to do nothing more despite the fact that U.S. critical infrastructure currently has the defensive posture of a dog waiting for a belly rub.

It's not surprising actually.....because attacking that infrastructure is not as easy as it sounds. It's not like any script-kiddie can pick up the stuxnet script and modify it to attack their local cell-phone tower.

Re:not really (1)

Anonymous Coward | about a year and a half ago | (#42670819)

It's not only that - it's also that Iran does not like outside help with technology, and in the current world, all that means is that you'll forever be decades behind.

Re:not really (5, Insightful)

ByOhTek (1181381) | about a year and a half ago | (#42670855)

And...

If Iran did too good of a job in a counter attack, do you think the US would keep the confrontation just "cyber", or would it escalate? That's another of their considerations.

Re:not really (5, Interesting)

SJHillman (1966756) | about a year and a half ago | (#42670955)

That's my thoughts. It's like the schoolyard bully taunting the nerd just the nerd will take a swing at him. That way, he can pound the nerd into the ground and then claim "well, he started it!"

Re:not really (1)

ToadProphet (1148333) | about a year and a half ago | (#42671011)

Stuxnet was possible because Iran was using outside (German) technology for their nuclear program which they developed with the assistance of the Russians, so I'm pretty sure they're open to outside help. Based on the results, though, I wouldn't blame them for being a little leery.

Re:not really (5, Interesting)

Anonymous Coward | about a year and a half ago | (#42671599)

Plus it's stupid to claim that Iran is doing nothing; it seems that way when you box yourself into just "cyber-warfare". IRan responds with what they have, which is a robust intelligence community based on personal relationships, used to destablize places like Iraq and the Levant. They use their ties in the Shia community to make Iraq difficult for the US, whcih is what they did for the past 10 years or so we were there. They also run advanced missiles to Hamas and let them fire them off, missiles with enough range to directly threaten Israeli population centers. They run training exercises in the Strait of Hormuz designed to make it known how they can mine the whole thing and close it off, and it sends oil prices through the roof.

Cyber-warfare is a meaningless term, because cyber-weapons are just one type of weapon, and one that Iran is not as sophisticated at. But they are sophisticated with other weapons, and they use them extensively.

Re:not really (3, Interesting)

sl4shd0rk (755837) | about a year and a half ago | (#42671939)

It's not like any script-kiddie can pick up the stuxnet script and modify it to attack their local cell-phone tower.

Umm.. actually that has already happened. Flame and Stuxnet are cousins of which Shamoon is a derivative.

"Specifically, Kaspersky believes it's the doing of script kiddies. Shamoon, like Flame, reportedly collects data on any machine it infects, then proceeds to erase the disk. "

http://gizmodo.com/5935647/is-a-script-kiddie-flame-copycat-out-to-destroy-the-worlds-power-plants [gizmodo.com]

Our Foreign Policy (2, Interesting)

Anonymous Coward | about a year and a half ago | (#42670745)

...is the equivalent of the biggest kid on the block pushing everyone on the playground over in the mud, then claiming to be the victim if they throw a clod of mud back at him. Wait, that was in the summary...

I have a theory (1, Interesting)

slashmydots (2189826) | about a year and a half ago | (#42670747)

It's been my experience that people from the middle east can't even stay connected to Dungeons and Dragons Online reliably let alone hack the US government. I don't think they quite have the technical infrastructure to mount a large scale cyber attack even if they decided to attempt it. Thus the script kiddie DDOS bullshit against banks. They'd have to buy all better routers and bury some fiber before they even had the infrastructure to make the internet work sufficiently in their country.

Re:I have a theory (4, Insightful)

Synerg1y (2169962) | about a year and a half ago | (#42670907)

Nope, that's not how cyber attacks work, do you think there was an armada of servers powering stuxnet? No... it was a self-contained program that ran on Iran's resources.

Re:I have a theory (1)

Anonymous Coward | about a year and a half ago | (#42671447)

Exactly. Our infrastructure didn't power Stuxnet. A well planned, managed, and funded project with talented members is what made it so effective.

Re:I have a theory (0)

Anonymous Coward | about a year and a half ago | (#42670917)

DDO lags/drops are not just an middle east issue...

Re:I have a theory (4, Insightful)

ZeroPly (881915) | about a year and a half ago | (#42671809)

Any nation-state, even a tiny African country, has enough resources to mount a massive attack. A bigger concern for the Libyans or Iranians is that the attack is too effective. The American public is usually lethargic about foreign policy, but when they get provoked into saying "do something, I don't fucking care what", that's when the US government gets to strap your ass to a waterboard without any consequences, or drop a Hellfire on you, your 4 wives, and your dog. And other countries realize that. They saw what happened with 9/11, and don't want a repeat.

The reason a "cyber Pearl Harbor" isn't imminent (4, Insightful)

dkleinsc (563838) | about a year and a half ago | (#42670749)

In the real Pearl Harbor, people died. Unless and until the people talking about "cyberwar" demonstrate that they're defending us against the same kind of lethal threats, there isn't a legitimate comparison.

At worst, there may be property damage. But the simple fact is that the threats presented by enemies of the United States today are not even close to being the same level of threat presented by the Germans and Japanese and Russians of the past, where if we screwed up it was quite possible that the United States wouldn't exist anymore.

So why do they continue to invoke this stuff? To scare people into putting their organization on the US DoD gravy train.

Re:The reason a "cyber Pearl Harbor" isn't imminen (1)

Forty Two Tenfold (1134125) | about a year and a half ago | (#42670809)

At worst, there may be property damage.

Optimist.

Re:The reason a "cyber Pearl Harbor" isn't imminen (4, Interesting)

ByOhTek (1181381) | about a year and a half ago | (#42670871)

Actually, depending on what kind of damage they can do to utilities and SCADA systems, people could very well die.

Re:The reason a "cyber Pearl Harbor" isn't imminen (1)

Anonymous Coward | about a year and a half ago | (#42671191)

What, like the person working on the machine and maybe the first person to run over after? You would need to target specific machines if you want to get anywhere near the death toll, like nuclear power plants or a dam. And I'm pretty sure they have non-internet connected systems in place to overflow water / cool the reactor.

Re:The reason a "cyber Pearl Harbor" isn't imminen (0)

ByOhTek (1181381) | about a year and a half ago | (#42671273)

Or a whole bunch of machines on a small scale. Traffice lights and elevators come to mind depending on how much of the systems rely on simple hard blocks for the dangerous things they can do, and how much is processed through the more complex systems.

Re:The reason a "cyber Pearl Harbor" isn't imminen (0)

ByOhTek (1181381) | about a year and a half ago | (#42671353)

well, if you really want to go with that analogy...

More like the bully and that kid who had the funny smell that nobody wanted to hang around...
The bully and funny-smell kid were exchanging words - hard to say who started it at this point, and the bully escalates and starts throwing spitwads after the smelly kid threatens to go home and grab a lead pipe for "a school project".
The bully has several, and knows exactly what kind of projects those pipes are used for, after having 'dual-wielded' them on what is now one of his best friends.

Re:The reason a "cyber Pearl Harbor" isn't imminen (1)

Anonymous Coward | about a year and a half ago | (#42671391)

Are you sure they aren't controlling the reactor cooling using an an iPhone app? Because that would be awesome!

Re:The reason a "cyber Pearl Harbor" isn't imminen (2)

dpilot (134227) | about a year and a half ago | (#42671393)

No, think back a few years to the massive blackout in the Eastern part of the US. That was an accident, but that's the kind of thing a well-run attack on SCADA could do. Then if you want to kill people, as part of the attack, attack hospital utility systems. You know, like the stuff that brings the backup generators online when the mains fail. There are all sorts of regulations about keeping patient data safe, but it wouldn't surprise me if the utility systems are just as secure as a lot of the rest of them. (not very)

Possible (1)

mu51c10rd (187182) | about a year and a half ago | (#42671411)

And I'm pretty sure they have non-internet connected systems in place

I believe Stuxnet was not delivered over the internet as well. You can target non-internet connected devices with a bit of social engineering or espionage.
Regardless, taking out critical infrastructure through cyberwar could lead to large amounts of deaths.

Re:The reason a "cyber Pearl Harbor" isn't imminen (1)

gmuslera (3436) | about a year and a half ago | (#42671125)

He is talking about imaginary property. If someone copies and modifies Stuxnet, it would be against its license?

Re:The reason a "cyber Pearl Harbor" isn't imminen (3, Insightful)

oodaloop (1229816) | about a year and a half ago | (#42670839)

So why do they continue to invoke this stuff? To scare people into putting their organization on the US DoD gravy train.

Or maybe because the professianls who do this for a living know something you don't. Imagine for a second that someone shuts down our power grid, something that is easy to do and has been demonstrated in Project Aurora. Without power, the internet is down. Without the internet, the economy grinds to a halt. No ships coming into port, no planes flying, no gasoline being delivered, no power in hospitals, no 911 calls, no critical infratructure working at all. This is the cyber 9/11 people like us (I work in the intelligence community) are worrying about.

Re:The reason a "cyber Pearl Harbor" isn't imminen (-1)

Anonymous Coward | about a year and a half ago | (#42670977)

i sinerely hope that happens, and that many people die as a result

Re:The reason a "cyber Pearl Harbor" isn't imminen (1)

Dekker3D (989692) | about a year and a half ago | (#42671083)

I don't hope for it to happen, but I've got to agree that people would finally take security a little bit more seriously if it did happen. A little bit.

Re:The reason a "cyber Pearl Harbor" isn't imminen (5, Interesting)

Ravaldy (2621787) | about a year and a half ago | (#42671037)

My brother works for a very large electricity plant and he says that the only computer controlled anything is the monitoring systems. The action of turing on/off turbines is manual. I know this isn't true of the whole electrical grid but I'm sure there are considerations made when hooking up computers to critical systems like those ones.

Re:The reason a "cyber Pearl Harbor" isn't imminen (0)

Anonymous Coward | about a year and a half ago | (#42671227)

how about the systems informing people to manualy turn valves?

Re:The reason a "cyber Pearl Harbor" isn't imminen (0)

Anonymous Coward | about a year and a half ago | (#42671453)

I know this isn't true of the whole electrical grid

Full stop; that pretty much sums up your point.

Re:The reason a "cyber Pearl Harbor" isn't imminen (1)

Anonymous Coward | about a year and a half ago | (#42671545)

And your brother's employer won't spend a time to improve the controls system on that turbine. With CIP v4 (v5 waiting for FERC approval), there's no reason to ever upgrade a manual/analog control system to anything that contains actual logic circuits... even op amp based ladder logic.

Re:The reason a "cyber Pearl Harbor" isn't imminen (1)

stymy (1223496) | about a year and a half ago | (#42672007)

The thing is, absolutely everything needs to be like that. Keep in mind that the US energy grid is vastly outdated, and so if just a small part of it is damaged or taken out of commission (like by fooling monitoring systems into thinking something broke, or hiding warnings until stuff does get damaged, for example) that could cause a domino effect as other parts of the grid are overloaded and so also go out.

Re:The reason a "cyber Pearl Harbor" isn't imminen (5, Insightful)

Zeromous (668365) | about a year and a half ago | (#42671065)

Oh not you again! Does your fallacious "intelligence" position grant you highlevel access to sources such as the telegraph and wall street journal?

Look, if you've hooked up your command/control infrastructure to the Internet, all the DHS in the world is not going to save you. Stuxnet like viruses? Sure. Maybe. Unpreventable, by anything beyond quality engaged PHYSICAL security.

As for impact, if you recall, 10 years ago, power was down for up to 3 days across the NE. This was caused by something far less insidious and delibrate than a cyber attack. It's impact beyond the first grid affected was also completely mitigable and took several MANUAL command/control failures to become as pervasive as it did.

http://en.wikipedia.org/wiki/Northeast_blackout_of_2003 [wikipedia.org]

Re:The reason a "cyber Pearl Harbor" isn't imminen (0)

Anonymous Coward | about a year and a half ago | (#42671155)

Or maybe because the professianls who do this for a living know something you don't. Imagine for a second that someone shuts down our power grid, something that is easy to do and has been demonstrated in Project Aurora. Without power, the internet is down. Without the internet, the economy grinds to a halt. No ships coming into port, no planes flying, no gasoline being delivered, no power in hospitals, no 911 calls, no critical infratructure working at all. This is the cyber 9/11 people like us (I work in the intelligence community) are worrying about.

Why are you, or the intelligence community, worried about not having Internet? The United States does not depend on Internet or electricity as much as you want us to believe. Planes will still fly, trains will still travel, cars will still work, and hospitals will still function. For the sake of humanity, please stop with your self fulfilling paranoia.

By the way, your spelling is stereotypical of the people in the un-intelligence community.

Re:The reason a "cyber Pearl Harbor" isn't imminen (-1)

Anonymous Coward | about a year and a half ago | (#42671175)

cyber 9/11

You are fucking insufferable.

Re:The reason a "cyber Pearl Harbor" isn't imminen (5, Insightful)

vlm (69642) | about a year and a half ago | (#42671235)

That's all made up scaremongering to gather $$ and enforce central authority. I work on the "other side" no, not the black hat side, I mean the infrastructure provider side. Seriously claiming that our main site backup generator which doesn't have a networked SCADA interface will magically fail? And all our POPs which have gens that barely have electronic engine computers on the diesels will be magically reprogrammed? My cousin maintains large fixed diesel gens for hospitals, you're going to reprogram his ratchet set so he can't turn bolts? Without the internet no planes fly? LOL

A grid hit would look EXACTLY like the great NYC power outage about a decade ago. In fact, seeing as no newsies really looked into it to the depth necessary, it could very well have been an external hit to send a message.

A REAL hit wouldn't look like Jericho or a survivalist fanfic, it would look like an economic hit. If every centrifugal pump VFD at the local plant instantly reversed so they get to buy new ones, that doesn't mean we're going back to worldwide feudalism, it merely means bankruptcy for one plant. Actually it would look a heck of a lot like a major aerospace jetliner manufacturer having to ground an entire worldwide fleet leading to all kinds of economic effects.

Re:The reason a "cyber Pearl Harbor" isn't imminen (0)

Anonymous Coward | about a year and a half ago | (#42671713)

Actually it would look a heck of a lot like a major aerospace jetliner manufacturer having to ground an entire worldwide fleet leading to all kinds of economic effects.

You mean that time they grounded 50 planes out of a fleet of 50,000? Yeah, earth shattering. My 401k may not survive!

Re:The reason a "cyber Pearl Harbor" isn't imminen (1)

flayzernax (1060680) | about a year and a half ago | (#42672117)

Your controllers don't need to be an actual computer terminal to be given bad chips that were bad from manufacture to installation and operation. We, have blown up stuff indirectly like this before by paying off the manufacturers of said products.

The end result is were you going to buy your micro-controllers? I don't see nuke plants spending money for their own in house ones. They probably use stuff off the market.

Oh what else happens when someone drops some in a bin who appears to have legit clearance and they get installed. Its the almost untraceable sabotage. It doesn't have to happen over the inter tubes to be hacking. Allot of the best hacks require good phishing and physical access.

Re:The reason a "cyber Pearl Harbor" isn't imminen (0)

Anonymous Coward | about a year and a half ago | (#42671251)

But without the internet you are safe from further cyber attacks. In fact, that would probably take the whole global network with you. And comparing a few days of blackout to the destruction of war is still fearmongering.

Re:The reason a "cyber Pearl Harbor" isn't imminen (4, Insightful)

FrankSchwab (675585) | about a year and a half ago | (#42671335)

Really? Someone shuts down the power grid and the entire world grinds to a halt? Maybe we should train someone who knows how to, well, turn the power grid back on?

I understand that the grid is a complex legacy systerm that isn't well understood. It's not clear, for example, how to cold-start the nationwide power grid if some catastrophe shut it all down, nor is it clear how long it would take to do so. But assuming that the economy comes to a catastrophic halt is simply fear-mongering. Every few years, winter storms shut down the Eastern seaboard for days with no lasting effects. The World Trade Center attacks shut down most of the financial industry for a week, and had severe repercussions on it for weeks thereafter; but we survived. The Sept 11, 2001 attacks shut down air traffic completely for a week - and yet, the world didn't stop.

Taking down the electrical grid would be more comprehensively catastrophic than the Sept 11 attacks, but it would still be no more than a minor blip on the Human History chart. A week later, it would be back up and running and those cunningly flexible and adaptable human beings would still be infesting this planet.

Please, for the sake of the United States and the world, get out of government service and take your paranoia with you.

Re:The reason a "cyber Pearl Harbor" isn't imminen (0)

Anonymous Coward | about a year and a half ago | (#42671911)

I think you hit the nail very much on the head. There are 300 million people covering a vast landscape; the magnitude of destruction is enormous for our country to fall into complete chaos and for us to go back to the stone age.

Re:The reason a "cyber Pearl Harbor" isn't imminen (0)

Anonymous Coward | about a year and a half ago | (#42671367)

You work in the intelligence community? Then you should gather some intelligence on a thing called "history". Because the internet has only been around for 30 years, but the economy ran just fine without it for decades. Sure it would hurt, because a large part of the economy incorporates the internet now. But I find it highly unlikely that the power grid coming down would make no ships come into port, make planes stop flying, stop gasoline from being delivered, remove power from hospitals, and remove 911 calls.

Ships are powered on their own, so they can still sail into port. The cranes to offload them are typically run on rails and powered by onboard diesel gensets. The internet connection they have is typically for records purposes.
Planes fly on thier own. POwer coming down would hurt, but the systems have backup and emergency beacons with their own generators. PLanes fly without hte internet; they won't just drop out of the sky.
Gasoline is delivered via trucks, not by the internet. Trucks run on diesel fuel using a mechanical combustion engine not powered by the power grid.
Hospitals all have emergenvy backup generators to support critical systems, all run by either diesel or natural gas fuel cells.
The 911 system has it's own back up systems and generators, and is one of the few things working in the case of a major emergency.

Really, you should get out more and not just read cheesy spy novels. How thi sis rated insightful is beyond me.

Re:The reason a "cyber Pearl Harbor" isn't imminen (2)

mu51c10rd (187182) | about a year and a half ago | (#42671417)

Someone has been watching Revolution....

Re:The reason a "cyber Pearl Harbor" isn't imminen (5, Insightful)

SirGarlon (845873) | about a year and a half ago | (#42671463)

Or maybe because the professianls who do this for a living know something you don't.

Secret evidence is indistinguishable from fabricated evidence. Maybe the professionals who do this for a living are a bunch of frauds collecting fat paychecks for nothing. I have as much proof of my assertion as you have of yours.

Re:The reason a "cyber Pearl Harbor" isn't imminen (3, Interesting)

IT.luddite (1633703) | about a year and a half ago | (#42671493)

So why do they continue to invoke this stuff? To scare people into putting their organization on the US DoD gravy train.

Or maybe because the professianls who do this for a living know something you don't. Imagine for a second that someone shuts down our power grid, something that is easy to do and has been demonstrated in Project Aurora. Without power, the internet is down. Without the internet, the economy grinds to a halt. No ships coming into port, no planes flying, no gasoline being delivered, no power in hospitals, no 911 calls, no critical infratructure working at all. This is the cyber 9/11 people like us (I work in the intelligence community) are worrying about.

Or maybe the professionals (security "consultants", sales, and everyone else in line to make a friggin buck) just wants to hammer home that the sky is falling to keep the good times rolling. And yes, that means you too, Mr I work in the intelligence community. Is the state of "cyber" security in the various critical infrastructures weak? Absolutely and they need to be improved upon. I too work "in the field" and am very familiar with the state of security for several organizations in a specific critical infrastructure. It's bad. Really bad. The risks are primarily sensitive data (commercial). The weaknesses in controls systems are organizational. That's right, organizational. When the resources are taxed to just maintain the status quo, things slip when you have to engage in new projects. Security improvements fall under new projects and completion/success is declared at some arbitrary implementation level so everyone can get their check mark and move on to the next issue. The core reason? Profits and specifically O&M numbers. Don't fool yourself, it's a business. And security doesn't show up on profit side, only the cost.

Re:The reason a "cyber Pearl Harbor" isn't imminen (1)

Soluzar (1957050) | about a year and a half ago | (#42671689)

Other than people on life support, exactly who would be killed, rather than severely inconvenienced? Serious question. I'm totally ready to admit it if you come up with something convincing which I had not thought of.

Even people on life support might not be killed if the hospitals have generators that runs on petrol (gasoline) for emergencies. Admittedly there may be problems with further petrol deliveries, but local supplies might be sufficient to ride out the worst of the crisis.

I'm willing to admit that what you describe could be a substantial crisis. To use the term 'severely inconvenienced" may softpedal the impact a little, but if you want to compare a crisis such as this to Pearl Harbor or to the 9/11 attack, then there should be actual deaths.

Otherwise it's a bit disrespectful to the memories of the people who actually did die during those crises.

Re:The reason a "cyber Pearl Harbor" isn't imminen (2)

Let's All Be Chinese (2654985) | about a year and a half ago | (#42670987)

This much ought to be painfully clear, yet government-and-industry keeps drumming the "imminent grave danger" drum like they were sitting on Iraqian WMDs or something.

Which ought to give rise to the next question: Why?

Well, we already know the answer for that, and we coulda seen it coming decades away. Back when it was coined the "military-industrial complex", these days it has a large sideshow in transport security, and the next wave of innovation is in cyber.

There's a few problems with this, of course. The American[tm] image elsewhere, though no American[tm] can be arsed to care about that, for there's nuttin' but yokels in them rest of the world, amirite or amirite? Nevermind that it regularly backfires (contras, and, oh hey, taliban, to name just a few); moving on, what else?

Well, this security thing is a large driver of big data and invasive tracking and whatnot, and starting with the civilian version is great because having to separately "militarise" the tech means a bigger market and fatter margins. Yum, fat margins. Ah, yes there's a cost but facebook, end of privacy discussion, and if not just say "terrorists" or "paedophiles" until detractors shut up, in fact use anytime to keep the pressure on. So, moving on, what else?

Well, it's overhead. As in, while fat government contracts lead to paychecks, they don't create wealth; they're overhead and slowly suck the economy dry. Ah, what the hell, the fed will QE us out.

Alright, no problems there. Carry on.

I probably should be in this business too, eh?

Re:The reason a "cyber Pearl Harbor" isn't imminen (1)

thaylin (555395) | about a year and a half ago | (#42671105)

I dont know. There are lots of critical infrastructural that can be affected in a cyber attack. This about what would happen if someone should shutdown a specific power station causing a regional outage like what happened to the north east. Now imagine if that happened in the winter, many people, particularly older folks could die.

Re:The reason a "cyber Pearl Harbor" isn't imminen (0)

Anonymous Coward | about a year and a half ago | (#42672021)

No need to imagine it, it happens frequently. Ice storms take out power to large areas for days or a week, not many (if any) people die because of it.

Re:The reason a "cyber Pearl Harbor" isn't imminen (1, Insightful)

Synerg1y (2169962) | about a year and a half ago | (#42671153)

If electricity in a city went out for a week there would be riots and looting. If gas refining stopped, your car wouldn't drive and you couldn't work.

Re:The reason a "cyber Pearl Harbor" isn't imminen (1)

Anonymous Coward | about a year and a half ago | (#42671287)

Sorry, as someone who has lived through power outages longer than a week, I can assure that doesn't happen. When Hurricane Charlie ripped through Florida, 2 MILLION people were without power. In my case it was for a week. However, if you do the math that means 12 million HAD POWER. I went to my girlfriend's house, took a hot shower and did laundry. When I was hungry I went out to eat at a restaraunt.

The infrastructure to bring gasoline into Florida was damaged also, and it was hard to get gas. What did I do? Drive less. Carpool.

And now I am in the process of getting photovoltaics installed. I'd like to see the Iranians "hack" the panels on my roof.

There were no riots. There was no looting. People coped and we moved on. You would go outside and hear the most beautiful sound in the world: chainsaws. That sound meant someone was on the job repairing the infrastructure--clearing a tree that blocked the road or clearing a tree that had taken out power lines.

Re:The reason a "cyber Pearl Harbor" isn't imminen (0)

Synerg1y (2169962) | about a year and a half ago | (#42671439)

wb Hurricane Katrina?

Re:The reason a "cyber Pearl Harbor" isn't imminen (4, Funny)

yurtinus (1590157) | about a year and a half ago | (#42671307)

Don't be naive. Right now this minute, in some top secret Iranian bunker, they are drafting elaborate plans to hit us where it will irrecoverably cripple us. They will break down the social structures upon which our civilization rests. Yes my friends, they mean to take down Facebook.

Re:The reason a "cyber Pearl Harbor" isn't imminen (4, Funny)

Capt.DrumkenBum (1173011) | about a year and a half ago | (#42671935)

Yes my friends, they mean to take down Facebook.

Do you know of any way I could get hold of these people? I would really like to assist them in achieving their goal. :)

Re:The reason a "cyber Pearl Harbor" isn't imminen (1)

yurtinus (1590157) | about a year and a half ago | (#42672001)

You fiend!! How do you expect me to see the baby pictures from people I don't remember from high school? Think of the children!!

Re:The reason a "cyber Pearl Harbor" isn't imminen (0)

Anonymous Coward | about a year and a half ago | (#42672053)

Are they also planning to lawyer up and hit the gym?

Re:The reason a "cyber Pearl Harbor" isn't imminen (1)

hilather (1079603) | about a year and a half ago | (#42671315)

In the real Pearl Harbor, people died. Unless and until the people talking about "cyberwar" demonstrate that they're defending us against the same kind of lethal threats, there isn't a legitimate comparison.

I completely agree that the "Cyberwar" term is hyped up and thrown around too much. But an attack on critical infrastructure like Water and Energy systems through SCADA attacks could easily result in the loss of lives. Just as an example, how many people depend on life support systems that require energy in hospitals?

Re:The reason a "cyber Pearl Harbor" isn't imminen (1)

dkleinsc (563838) | about a year and a half ago | (#42671737)

Just as an example, how many people depend on life support systems that require energy in hospitals?

That's why pretty much all hospitals have generators. They know how to deal with power outages and water issues.

just wait until the hack on the "Smart Grid" (1)

swschrad (312009) | about a year and a half ago | (#42671449)

which has as many holes as Swiss cheese. that would be a natural for the Talibani, Islam's TEA Party, because we'd all be back to 700 AD in a flash.

Re:The reason a "cyber Pearl Harbor" isn't imminen (0)

Anonymous Coward | about a year and a half ago | (#42671495)

The US blew up a Russian gas pipeline in 1982 using a logic bomb. I don't know if anyone died but someone could have. Messing with a bridge's control systems could probably kill a few people too. Airline sabotage could be bad. Maybe there's something that's possible that you just haven't thought of. Certainly if you hacked every vulnerable system in the entire US simultaneously and killed as many people that way as you could, you could end up killing more people than the 2500 Americans who died at Perl Harbor.

Re:The reason a "cyber Pearl Harbor" isn't imminen (1)

flayzernax (1060680) | about a year and a half ago | (#42672023)

People in Siberia without expected power... yes deaths. One of the biggest explosions recorded by seismographs of the century, Damaged property, costing money in a communist regime, yep people did not get their bread.

The CIA are assholes.

Re:The reason a "cyber Pearl Harbor" isn't imminen (1)

flayzernax (1060680) | about a year and a half ago | (#42672049)

I will quickly counter my own argument by saying maybe this contributed to the downfall of that communist regime and had a net benefit. But thats one of those simulation things, we just don't know for sure (TM) if we had to do this.

Re:The reason a "cyber Pearl Harbor" isn't imminen (0)

Anonymous Coward | about a year and a half ago | (#42672003)

if you lived in an area affected by sandy you can imagine what can happen with a cyber war with out electricity.

compulsory princess bride ref (2)

fche (36607) | about a year and a half ago | (#42670765)

"everyone knows who was behind it"

That word you keep using "knows", does not mean what you think it does.

Re:compulsory princess bride ref (1)

PPH (736903) | about a year and a half ago | (#42670859)

Its like the difference between a civil and criminal case. We know based upon a preponderance of the evidence. We may not be able to prove a case beyond a reasonable doubt.

Since this isn't an actual court case, the level of proof isn't so much an issue. If I don't trust our government, I don't have to justify that to anyone else other then myself. I can vote them out of office based on whatever evidence I like.

Re:compulsory princess bride ref (0)

Anonymous Coward | about a year and a half ago | (#42671053)

Since this isn't an actual court case, the level of proof isn't so much an issue.

Since this is a blog post, the level of proof is more of "everybody knows because I read it on another blog."

Re:compulsory princess bride ref (1)

flappinbooger (574405) | about a year and a half ago | (#42671047)

"everyone knows who was behind it"

That word you keep using "knows", does not mean what you think it does.

They were implying that everyone "knows" that Stuxnet was a cooperation between USA and Israel.

Re:compulsory princess bride ref (1)

Curseyoukhan (2601315) | about a year and a half ago | (#42671719)

and they ... I ... was wrong anyway. President Obama has claimed Stuxnet as our own.

Re:compulsory princess bride ref (1)

fche (36607) | about a year and a half ago | (#42671801)

"President Obama has claimed Stuxnet as our own."

(when / where ?)

Re:compulsory princess bride ref (1)

Curseyoukhan (2601315) | about a year and a half ago | (#42671899)

June of last year. Just google obama stuxnet for details, it was widely reported.

Re:compulsory princess bride ref (1)

fche (36607) | about a year and a half ago | (#42671919)

What was widely reported is NYT reporting on others' speculation. Any references to Obama actually admitting it?

They should retaliate by posting movies and music (5, Funny)

Anonymous Coward | about a year and a half ago | (#42670799)

They should threaten to make available copies of movies and music online for free.

Re:They should retaliate by posting movies and mus (2)

ByOhTek (1181381) | about a year and a half ago | (#42670879)

I don't think they want the Media Industry Controlled States of America to nuke them. I don't blame them on that count.

Re:They should retaliate by posting movies and mus (1)

gmuslera (3436) | about a year and a half ago | (#42671169)

They simply will disconnect them from the net. For now the connection is open so they can inject even more malware (including the ones targetting people).

So is /. a propoganda pulpit (1)

flayzernax (1060680) | about a year and a half ago | (#42670813)

For the next god damn excuse to have a pointless war?

Don't get me wrong war is a great training ground for the stupid.

But we really don't want to escalate into total war with Iran over this bullshit. It'll be really bad for business.

Re:So is /. a propoganda pulpit (2, Interesting)

Anonymous Coward | about a year and a half ago | (#42671261)

What are you talking about? What exactly are you imagining? A war on the scale of WW2? Total war? Please.

To quote von Clausewitz, "War is diplomacy by other means." By that definition, we're already at war. Iran and the US have different interests. Iran wants to become the regional hegemon of the Middle East, and the US does not want anyone being the regional hegemon. Iran has made it clear their intent to press ahead, and talking about it won't help either side come to a conclusion. So Iran has chosen to discuss the issue with the US through destablizing Iraq by supporting various factions, destabilizing the Levant by supporting Hezbollah and Hamas, developing a nuclear program which is a hair's breadth away from being a weapons program, and periodically threatening to mine the Strait of Hormuz and choke off half of the world's oil. The US has responded in kind with Stuxnet, the Green Revolution, an (likely) supporting a Mossad assassination campaign against key members of the Iranian Republican Guard. Sounds like a war to me.

Just because it's not declared does not make it a war; Vietnam was never declared as a war despite 10 years of fighting. War does not mean big armies rolling through the countryside destroying everything in their path, that's just one type of war, but there are many ways to fight a war.

Re:So is /. a propoganda pulpit (1)

flayzernax (1060680) | about a year and a half ago | (#42671551)

You make a good point. I figured we could just let Iran do whatever the fuck it wants and have a justified gentleman's war later. Rather then one about who gets to control power and territory half way around the globe from us.

I don't advocate pissing of already angry and oppressed people with further offensive action. I see the news articles like this as propaganda because its justification for our leaders actions without the clear consent of the majority of people. It is also an excuse to get that clear majority of consent when things do escalate because we (see Government) wants control over foreign lands.

Re:So is /. a propoganda pulpit (1)

flayzernax (1060680) | about a year and a half ago | (#42671609)

It also justifies Iran's leaders action so they can have even more control and make it harder for upstanding Iranians to reform from within. As I understand it Iran's president is in a rock and a hard place and must toe the party line or loose his power, this doesn't help make him think about other things like womans rights. Right now he could care less probably because he's got to deal with the evil west in the conservatives eyes.

Please... (-1)

Anonymous Coward | about a year and a half ago | (#42670821)

I for one can't wait until what_the_fuck_ever_is_going_to_happen, to happen! Until then, it's lies. We're all on this rock together, and no one in their right mind would attempt to cripple the infrastructure that's in place. I say that like there's no one that wants to, however there are many that want to, they're just as busy, or busier than you and I, just trying to get a meal, and not capable of actually doing so.

Otherwise, we're looking at rich people being little bitches about keeping their ground in the world of owning everything. And if that's the case, then our best option ("our" being the 99%) is to stay completely uninterested in these types of things. Stay interested in moving the world into a better position, and these old powers will fail by design.

Re:Please... (0)

Anonymous Coward | about a year and a half ago | (#42670985)

Ahh to be young and naive again...

Re:Please... (1)

fche (36607) | about a year and a half ago | (#42671443)

"Until then, it's lies."

Until then, it's predictions of risks."
FTFY.

Maybe (1)

d34thm0nk3y (653414) | about a year and a half ago | (#42670825)

Or maybe it is one-sided because they found ours but we can't find theirs?

Re:Maybe (1, Interesting)

flappinbooger (574405) | about a year and a half ago | (#42671129)

Or maybe it is one-sided because they found ours but we can't find theirs?

I would guess the only way they (Iran) could produce something equivalent to Stuxnet is by contracting it out to Russia or China. Would they actually do that?

And if they DID, could they successfully deploy it?

And if they could deploy it, could the manage and control it properly?

I don't know, that's why I'm asking. I would GUESS the answer isn't "no" but rather "no probably not" to all three questions.

Re:Maybe (0)

Anonymous Coward | about a year and a half ago | (#42671383)

Yeah, because Iran is full of stupid people only, incapable of writing software. Arrogant much?

Totally misleading (3, Interesting)

Anonymous Coward | about a year and a half ago | (#42670857)

All the sources and analysis on Stuxnet said it entered through a weakness in Windows (written by Microsoft, an American company) and targeted specific elements of control software written by Siemens (a German company, and thus an American ally). Stuxnet was highly sophisticated and highly targeted, and likely because those writing it had access to the design flaws and knew what to target.

None of the US or Israeli infrastructure is on software written by Iran, so the access they would have to the design of software that runs things they can target is extremely limited. I would imagine in cyber-warfare it's much like normal warfare; intelligence is key when targeting your weapon. Iran likely does not have the intelligence (meaning information, not mental capability) to target us, so they're using DDoS attacks which are somewhat untargeted. So, to expand on the car analogy, this is like someone stealing your car, and since you don't know how to pick a lock, don't know how to break the alarm, and don't know how to hot wire the ignition, all you know is where they live, so you protest by throwing eggs at them.

Uhm? (0)

Anonymous Coward | about a year and a half ago | (#42670867)

It's fascinating that Iran continues to do nothing more despite the fact that U.S. critical infrastructure currently has the defensive posture of a dog waiting for a belly rub.

It's kinda hard to not consider TFS flamebait when it goes out with shit like this.

If it's a fact, why not, you know, provide a citation?

It's not even really interesting that Iran lacks the ability to do anything to retaliate because of the fact that U.S. critical infrastructure isn't really online enough to be at risk.

Touche.

Self inflicted reasons why (0)

Anonymous Coward | about a year and a half ago | (#42670965)

The primary possible effects of cyberattacks are I think social and particularly economic. However, the US has been so successfully doing social and economic damage to itself already that nobody felt the need to do so and potentially risk distracting US from its current trajectory.

Iran isn't suicidal (1)

PPH (736903) | about a year and a half ago | (#42670981)

Escalating cyberwar to the point of doing serious damage to the USA would invite a stepped up response (probably to actual bombs and missiles warfare) that they couldn't afford. So poke us. Just hard enough to make us notice. But not so hard that we would be justified in a military response.

This is why I don't have a major problem with them having a few nukes. They'd be crazy to use them for anything other then a last resort in self defense. Iran is, after all, surrounded by 'enemy' Arab states. It is a delusion of grandeur that we are worth dropping a few missiles on in exchange for their very existence. We need to get over ourselves.

Re:Iran isn't suicidal (0)

macbeth66 (204889) | about a year and a half ago | (#42671087)

Somestimes, it isn't about the USA at all. And you might have a point, if TPTB in Iran were rational or sane. They are neither and would rather poison ther own well before they allowed Iran to be free of their clutches.

maybe because they fear a real attack (-1, Flamebait)

deodiaus2 (980169) | about a year and a half ago | (#42671025)

I am sure that Iran fears a real attack using atomic weapons on the pretext of revenge. Hitler used such an occasion before Krystal Nacht. The Gestapo managed to find out about a bunch of Jews who were planning to bomb the Ministry of Intelligence in Munich. Instead of doubling up on guards and taking additional precautions against such an attack, the Gestapo decided to withdraw all security measures for two blocks around the target. Once the Jews bombed the building, they were rounded up and paraded for all to see and blame. The follow up events became known as Krystal Nacht. This tactic quelled all dissent and allowed the Nazi's to carry on with a far greater assurance against internal rebellion. This tactic, called "Divide and conquer" was used quite often by Alexander the Great.

Re:maybe because they fear a real attack (1)

Anonymous Coward | about a year and a half ago | (#42671547)

What is your source for the bombing of the Ministry of Intelligence?

From Wikipedia:

"The pretext for the attacks was the assassination of German diplomat Ernst vom Rath..."

http://en.wikipedia.org/wiki/Kristallnacht [wikipedia.org]

Holy shit... (5, Interesting)

Shoten (260439) | about a year and a half ago | (#42671035)

This is so incredibly wrong that it's astounding to me. A whole series of declarative statements that show a total lack of knowledge, and a total lack of understanding of the background material as well. Let's count them:

"The first shot was probably the release of Stuxnet sometime during or before 2009."

No. Cyber warfare did not start with Stuxnet...and common sense bears that out. Nobody can mount a successful and incredibly complex offensive the first time they field troops on the battlefield. Chinese thought leadership on cyber warfare goes back to the early 90s, when they seized upon it as an avenue to even the odds after witnessing our performance during Desert Storm...which, quite simply, made them wet themselves with shock at how effective we were at kinetic warfare.

"Even though no one has officially claimed responsibility everyone knows who was behind it."

Um, Obama took responsibility for it. At least read the headlines of what you're talking about? He was even called out for doing so, by others.

"Stuxnet hit with a bang and did a whole lot of damage to Iran's uranium-enrichment capabilities."

AWESOME! You FINALLY said something that was factually accurate! Too bad it took three sentences to get there.

"We followed up Stuxnet with Flame — the Ebola virus of spyware."

Uh, nope. Flame/Duqu, by all assessments, was actually a predecessor to Stuxnet, and I don't get the "Ebola" reference, since it's a data stealer and not designed to brick systems.

"What did the Iranians fire back with? A series of massive, on-going and ineffective DDoS attacks on American banks."

Okay, so first off, this is not the first thing...or the only thing...the Iranians have done. They've been in the cyber business a long, long time and are viewed as one of the big three actors in offensive cyber operations. Second of all, the attacks were not at all "ineffective"; ask any Bank of America customer who uses online banking. The site was down for weeks nonstop. And the banks have gone to the NSA asking for help in fending off the attacks as well.

"It's fascinating that Iran continues to do nothing more despite the fact that U.S. critical infrastructure currently has the defensive posture of a dog waiting for a belly rub."

See again, under Iranian cyber operations and how the banks fared during the DDoS attacks. Also keep in mind that the financial industry is at the top of industry sectors, when ranked in terms of cyber security maturity.

NOW, let me add the total way in which the OP ignores anything related to Russia or China, using only his incredibly faulty understanding of one country to justify his assessment of an entire form of warfare. Forget Red October (Russia, still in play but being shut down), forget Ghost Net (China), forget Aurora (also China), right? Forget what the Russians did in Georgia and Estonia. Forget North Korean actions against South Korea. Yeah...wow, good analysis dude. I bet Fox News would love you.

Have you fucking idiots not realized... (-1)

Anonymous Coward | about a year and a half ago | (#42671347)

Have you idiots not realized how many millions of dollars Iran spent waging an insurgent war against us in Iraq? They were the ones doing the shooting, providing the bombs, training the leaders, oh, and doing the same in Syria now too.

Re:Holy shit... (2)

Curseyoukhan (2601315) | about a year and a half ago | (#42671465)

" I bet Fox News would love you." I bet you're wrong.

I like your snarky attitude. I deserve nothing less.

I am grateful to you for pointing out the things I screwed up on and will go correct them.

A) make it clear that I am referring to the first US cyber war -- not cyber war overall. B) I totally screwed up on the Flame/Stuxnet timing. C) Obama! My own friggin' fault for going for a very minor sarcasm when I should have double checked.

The Iranians being ranked among the big three when it comes to cyberwar is far too subjective a claim to take seriously. Remember when Iraq was a major threat? An earlier commenter referred to people who have secret information the rest of us don't have. As HL Mencken wrote: "The whole aim of practical politics is to keep the populace alarmed (and hence clamorous to be led to safety) by menacing it with an endless series of hobgoblins, all of them imaginary." Give me evidence or leave me alone.

"Second of all, the attacks were not at all "ineffective"; ask any Bank of America customer who uses online banking." As a matter of fact I did. I asked myself and you know what during the whole time that was going on I only had one problem getting to my account. Also, it's hard for me to equate inconveniencing some bank customers with wrecking Iran's uranium processing. Asking the NSA for help may mean the banks are being smart and anticipating problems, not that they are seeing them now. I didn't say the Iranians couldn't cause problems, just that they hadn't so far.

As to your point about the financial sector being a higher priority target. OK, but why aren't they also targeting other water/energy, etc? Why continue with one so far fruitless line of attack? Are they being lead by the Iranian equivalent of Douglas Haig?

That said, my apologies for my mistakes and very real thanks to you for pointing them out. If you send me an email with your name I will thank you in the post.

Cheers,

CvH

Re:Holy shit... (1)

Curseyoukhan (2601315) | about a year and a half ago | (#42671509)

AH HA!!! Just went back and re-read it. I never did say this was the first or only cyberwar. You were right on the other two, though.

This sounds more like a trap than a story?? (0)

Anonymous Coward | about a year and a half ago | (#42671063)

Why do I get the impression that this is a planted story designed to provoke a foreign government into action. It would seem that there is little justification for the massive waste of tax payer money and someone is looking for one. If I were really paranoid, I may feel that this provocation was actually a means of getting the old jack boots of government inside the data of the private sector.

Iran doesn't allow computers or internet (3, Funny)

crazyjj (2598719) | about a year and a half ago | (#42671101)

Muhammad said young men might use them to look at women's ankles. So their hackers are a little behind the curve compared to the non-Muslim-nutball world.

I don't get the assumption here... (2)

bwalzer (708512) | about a year and a half ago | (#42671231)

Why does everything lead to an attack? Perhaps the Iranians feel that they are above such playground level ideas. Iran hasn't attacked anyone for hundreds of years. Maybe they are a bunch of annoying pacifists...

This has long been US/Israeli military doctrine (1)

patiwat (126496) | about a year and a half ago | (#42671263)

Taking the initiative (i.e., firing the first shot to surprise the enemy) and applying overwhelmingly dominant force have long been core tenets of US and Israeli military doctrine. It's not as if they've any reason to be humble about it.

I'm just surprised that Israel hasn't yet bombed the research facilities and turned Iran into a radioactive wasteland, ala Ian McDonald's "The Dervish House." [amazon.com] . Send a loud message to all Muslims that only friends of the West can be trusted with nuclear energy.

Iran really has no 'cyber-war' capability at all. (1)

Anonymous Coward | about a year and a half ago | (#42671299)

What the facts show is that the US has a lot of people trying to start a cyber war - there's a lot of money to be made. They have developed all the complex software and attacked. ...or any interest in achieving one.

Iran as a state, as far as we know, has done nothing in response to our continual attacks. The DDOS attacks we receive are from individual hackers - who may well be Iranian, but who aren't really 'commanded and controlled' by the state.

In fact, there's precious little 'state organised' attack on the West at all. What there is is usually dreamed up by small teams of insurgents, who have often lost a family member to American bombing - almost certainly bunches of friends and acquaintances. The Iranian state may approve of their efforts, and rejoice when they succeed, but there is NO evidence of any strategic organised warfare aim.

That's a shame, because we are continually building the story up in order to justify more government control over our own citizens and increased budgets for the military......

"ineffective" DDoS attacks on American banks? (0)

Anonymous Coward | about a year and a half ago | (#42671503)

The attacks don't seem to be ineffective to BB&T.

Their website (http://www.bbt.com) has been down or unreliable for the few days.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...