Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Government-Sponsored Cyberattacks on the Rise

Zonk posted more than 6 years ago | from the less-of-a-pr-disaster-too dept.

Security 96

jbrodkin writes "A new McAfee report finds that 120 countries, notably the United States and China, are regularly launching Web-based espionage campaigns. Government-sponsored cyber attacks against enemy countries are becoming more common, targeting critical systems including electricity, air traffic control, financial markets and government computer networks. This year, Russia allegedly attacked Estonian government news and bank servers, while China was accused of hacking into the Pentagon. A McAfee researcher says this trend will accelerate, noting 'it's easier to attack government X's database than it is to nuke their troops.'"

cancel ×

96 comments

Sorry! There are no comments related to the filter you selected.

They've been on the rise for years (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21535507)

since most of them indirectly come from the microsoft world. (Yeah, troll I know, go ahead...but it is true)

Re:They've been on the rise for years (1, Insightful)

Bearhouse (1034238) | more than 6 years ago | (#21535899)

Well, you got what you asked for!

Silly, really, since many people here think that rootkitted non-win servers play a key role in controlling botnets.

They are the 'Generals', whilst the windows boxes are he expendable 'troops'

only now? (1)

phsdv (596873) | more than 6 years ago | (#21535517)

I am amazed that it is only happening now. Years ago I was already thinking that it would happen a lot. Maybe it did, but that only now people are reporting about it?

Re:only now? (1)

LanMan04 (790429) | more than 6 years ago | (#21535965)

These kind of attacks have been going on for years and years. Nothing new.

SCADA attacks are as old as the hills.

Re:only now? (1)

sgt_doom (655561) | more than 6 years ago | (#21545377)

Gee Whiz, phsdv, do you think it might just be happening now because Micro$oft sold their OS source code to China several years back? Or possibly because EVERY FRIGGING tech company in America (and many in Euroland and Japan and Taiwan) has offshored tons and tons of ever increasing tons of tech and manufacturing jobs to China? Or maybe it has to do with the tooth fairy?

Not just that... (4, Funny)

AltGrendel (175092) | more than 6 years ago | (#21535527)

...noting 'it's easier to attack government X's database than it is to nuke their troops.'

But it's easier on the environment, too!!

In Soviet Russia... (0)

Anonymous Coward | more than 6 years ago | (#21536819)

government hacks you!

Governments Engage in Cyber Warfare! (0, Flamebait)

chuckymonkey (1059244) | more than 6 years ago | (#21535537)

That's amazing , I just hope that it doesn't affect my internet usage. As long as that's the case I don't really care if governments hack each other's computer systems to bits.

Re:Governments Engage in Cyber Warfare! (1)

chuckymonkey (1059244) | more than 6 years ago | (#21535831)

There was supposed to be a in there, but I forgot to turn off HTML formatting.

Re:Governments Engage in Cyber Warfare! (4, Insightful)

link-error (143838) | more than 6 years ago | (#21535841)


    Yeah, thats great, who cares, until your Social Security check doesn't come or your bank account drops to zero.

Re:Governments Engage in Cyber Warfare! (1)

kryten250 (1177211) | more than 6 years ago | (#21536315)

You forgot welfare check.

Re:Governments Engage in Cyber Warfare! (0)

Anonymous Coward | more than 6 years ago | (#21536391)

who cares, my account is already at zero and Social what??

Re:Governments Engage in Cyber Warfare! (1)

ishpeck (160581) | more than 6 years ago | (#21536835)

You're expecting a social security check?

MOD PARENT UP Re:Governments Engage in Cyber Warfa (2, Insightful)

triffidsting (594096) | more than 6 years ago | (#21537427)

"Never attribute to malice that which is adequately explained by stupidity."

Re:Governments Engage in Cyber Warfare! (1)

chuckymonkey (1059244) | more than 6 years ago | (#21539593)

Man, nobody here can catch a pun. Hack each other's computers to BITS ?

My biggest concern (3, Interesting)

Enlarged to Show Tex (911413) | more than 6 years ago | (#21535923)

I think it's quite likely that the threat of these sorts of attacks will be used as justification by the governments of more and more countries to try to wall off their part of the internet, the erection of things like the Great Firewall of China, and so forth.

Gotta stop those so-called terrorists, after all.

Re:My biggest concern (1)

Chas (5144) | more than 6 years ago | (#21537703)

"the erection of things like the Great Firewall of China"

You're saying the GFC is a boner? ;-)

Sorry...sorry...couldn't help meself.

Re:Governments Engage in Cyber Warfare! (1)

cromar (1103585) | more than 6 years ago | (#21536081)

This is the real reason 'Net Neutrality is having so much trouble in Congress ;)

THE INTERNET (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#21535541)

IS REAL GUYS.

How ironic... (2, Insightful)

feepness (543479) | more than 6 years ago | (#21535545)

That something designed to protect communication infrastructure in time of war has instead become "easier to attack" than the target itself.

Re:How ironic... (2, Insightful)

megaditto (982598) | more than 6 years ago | (#21535629)

It's not easier, it's just less likely to provoke an all-out nuke exchange.

Re:How ironic... (1)

gurps_npc (621217) | more than 6 years ago | (#21535917)

Iron? No.

It is easier to attack. But it is not easier to shut down.

Of course it is easier to attack, it is the ARMOR the country's communication system wears. It is what is exposed to attack, so it is easier to attack.

Re:How ironic... (1)

FauxReal (653820) | more than 6 years ago | (#21543155)

I dunno, since it's designed to protect, wouldn't it be the first target? Then again it's not DarpaNet anymore... it's gone way beyond that and carries so much more information. Sections of which, BTW are always breaking and causing minor problems. It's no longer the tightly controlled and standardized network that it once was.

In other news.. (1)

goldaryn (834427) | more than 6 years ago | (#21535571)

jbrodkin is launching an attack on the networkworld.com website; slashdotting is inevitable

Re:In other news.. (1)

pryoplasm (809342) | more than 6 years ago | (#21535617)

Would you like to play Global Themal Nuclear War?

Not exactly surprising! (2, Insightful)

QuantumFTL (197300) | more than 6 years ago | (#21535637)

Is anyone really surprised by this? As long as there is something to gain, and there are not suitable deterrents, governments tend to do these kinds of things. Indeed the United States would be foolish to sit back as others engage in cyberespionage.

Yet another good reason to keep your computers secure!

Re:Not exactly surprising! (1)

calebt3 (1098475) | more than 6 years ago | (#21535729)

I doubt even the majority of /.ers could keep a government hacker out of their systems.

Re:Not exactly surprising! (1)

crowbarsarefornerdyg (1021537) | more than 6 years ago | (#21536017)

I thought it was the other way around.... :/

Re:Not exactly surprising! (1)

rucs_hack (784150) | more than 6 years ago | (#21536573)

I doubt even the majority of /.ers could keep a government hacker out of their systems.

I could. It's called 'unplugging your computer from the internet'.

Re:Not exactly surprising! (1)

calebt3 (1098475) | more than 6 years ago | (#21536655)

Touché.

Re:Not exactly surprising! (3, Insightful)

cumin (1141433) | more than 6 years ago | (#21537193)

I think this is exactly the point I haven't seen anybody making, but that we're all feeling. If governments are actively engaging in hacking, assuming they find competent hackers, what is to stop somebody from using the tools to hit innocent civilians? Of course they could, of course they might, and maybe planting a little evidence? How would you prove it?

It goes toward that mentality of finding evidence, then getting a warrant. If you think John Citizen might be doing something wrong, you simply use the official tool, "classified cracker" and log into his computer and watch him off and on for a couple days. Maybe you get your evidence, maybe not. If you do, then you know where to look for evidence you can use to get a warrant, and if not, nobody is the wiser.

Of course it would be a huge invasion of privacy, but if it's not possible to prove it, and not submitted as primary evidence, then it can be ends justifying means. John Citizen suffers, maybe never knowing his expectation of privacy has been shredded.

Re:Not exactly surprising! (1)

TheVelvetFlamebait (986083) | more than 6 years ago | (#21540175)

John Citizen suffers, maybe never knowing his expectation of privacy has been shredded.
So let me get this straight: John Citizen gets spied upon because he is in the unusual position of being suspected (mistakenly) for a crime that warrants cyber-snooping from the government, who look at his files, find he's not the one they're after, John has no idea this has gone on? OK, fair enough, but how does he suffer?

Re:Not exactly surprising! (1)

cumin (1141433) | more than 6 years ago | (#21544909)

You got some of it exactly straight, but I wouldn't say that it is unusual to be in a position of being mistakenly suspected for a crime. I didn't say it warrants cyber-snooping, because the point is that it doesn't have to.

Suffer: 3. To be injured; to sustain loss or damage. (dictionary.net)

I'd say that John clearly 'suffers' the loss of privacy and his rights under the Fourth Amendment:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

This warrant-less search is made easy and without repercussion due to the tools made available by the government's tools.

Hypothetically of course.

Re:Not exactly surprising! (1)

Firethorn (177587) | more than 6 years ago | (#21537289)

That's where more traditional methods come into your place. IE agents pick the lock on your place, enter your house and place a keylogger in your keyboard.

Or open your computer and copy your HD.

They want it badly enough, they're going to get it.

I'm just surprised to see this now, I mean, it's been months since the news that the USAF is forming a command to conduct cyberwarfare.

no internet, no /. (1)

iowannaski (766150) | more than 6 years ago | (#21540059)

You would no longer be a /.er at that point, however.

I called this yesterday - sort of (1)

zappepcs (820751) | more than 6 years ago | (#21535733)

http://slashdot.org/comments.pl?sid=374805&cid=21522989 [slashdot.org]

Yes, foolish to let other governments have all the totalitarian fun. I'm reasonably certain that the current administration has been using their toys to spy on us all.

It's our fault (1)

QuantumFTL (197300) | more than 6 years ago | (#21536189)

Can you blame a governing institution for taking what their constituents give them?! We live in a democracy, and our voters have proven they are willing to do little or nothing to prevent the loss of their natural rights.

Worst excuse in the world, (2, Insightful)

rodentia (102779) | more than 6 years ago | (#21535847)

to quote Lynval Golding. What did your mother teach you about everyone jumping off a bridge, anyway?

Indeed the United States would be foolish to sit back as others engage in cyberespionage.

I think the activity is more at punking than espionage, in any case.

Finally, a bad analogy on slashdot! (4, Insightful)

QuantumFTL (197300) | more than 6 years ago | (#21536107)

What did your mother teach you about everyone jumping off a bridge, anyway?

This isn't like jumping off of a bridge. There's a breal, tangible benefit here, and if the situation is assymetric, our country would be best off if it were asymmetric in our favor.

Part of our "evil" plan to control the entire world involves us performing acts of espionage against just about every other country.

Every country does it, because that's how a country survives. If there was no such thing as war and terrorism (whatever the cause) maybe that would not be the case. But as long as other countries threaten our position, our livelihood, and even our very existence (and in the nuclear age, yes they do) we're gonna have to collect information through just about every available means. It may not be "nice" but it is a smart move.

+1, Funny (2, Interesting)

rodentia (102779) | more than 6 years ago | (#21536525)

Part of our "evil" plan to control the entire world involves us performing acts of espionage against just about every other country.

Nothing *evil* about our plans or anyone elses.

because that's how a country survives.

I consider rather that countries survive by learning how to evade history, the hysterical story of global capitalism. See another of my replies to TFA.

Your primary mistake is not to overstate the risk, but to misplace it. *Nations* do not function as discrete moral units in social interaction with each other. The accidents that constitute *nations* are acting in accordance with the collective expression of their political class's historical imaginary.

The only thing that threatens our national accident is the realization on the part of its constituents that the formalism is a parasitic drag upon our potential as individuals and as elective political groups, that is: history itself.

It is not a matter of *nice* [sic--ethics] but of ignorance.

national accident? (1)

statemachine (840641) | more than 6 years ago | (#21539919)

How is the USA a "national accident"? According to my history lessons, documentaries I've watched, and books and articles I've read, there was nothing accidental about the formation of the USA. It is my understanding that the colonial rebels laid out political boundaries and fought off the UK. Subsequent states with set political boundaries agreed to join the union through a democratic process.

Germany, France, and Italy, just to name a few examples, are nations where political boundaries are more or less geographic or where the last boundary war left off. In those nations, a central government happened with time as control crept toward the edges. I tend to think of these circumstances as what creates a "national accident".

Or were you referring to another country? I suppose my USA-colored glasses could be interfering, but the thread definitely seemed to be referring to the USA.

Re:national accident? (1)

greenbird (859670) | more than 6 years ago | (#21541177)

Germany, France, and Italy, just to name a few examples, are nations where political boundaries are more or less geographic or where the last boundary war left off.

You do realize that Italy and Germany didn't exist until 1866 and 1870 respectively. What geographic magic happened in those years to suddenly establish those geographic political boundaries?

That aside I'm guessing that the GP was referring to the concept of nations as a whole as an artificial grouping that serves no real purpose other than supporting a "political class" that serves no purpose other than restricting the individual potential as a whole. Or something along those lines anyway. It wasn't very clear.

Hopefully, (1)

rodentia (102779) | more than 6 years ago | (#21535659)

. . . we'll all soon recognize the degree to which these *nations* are practically indistinguishable from criminal cartels, but with priviledged access to hysteria, er, history.

Re:Hopefully, (1)

foobsr (693224) | more than 6 years ago | (#21536421)

. . . we'll all soon recognize the degree to which these *nations* are practically indistinguishable from criminal cartels, but with priviledged access to hysteria, er, history.

"... for us physicists believe the separation between past, present, and future is only an illusion, although a convincing one." -Albert Einstein

Along this path, 'soon' passes.

CC.

quantum truth effects (2, Funny)

rodentia (102779) | more than 6 years ago | (#21536659)

Theoretical physics has that luxury, dealing in pure abstraction. All reality may be ineffable, indeed, but human communication is diachronic, as is human attention.

We are dealing in the interactions of collections of particles called beings; rather, collections of those collections.

Your comment floored me, but on second glance it is at once right as rain and false as a wooden nickel.

Re:quantum truth effects (1)

foobsr (693224) | more than 6 years ago | (#21542847)

at once right as rain and false as a wooden nickel

Like 'eternal truth', showing the 'nonsense' in the concept of 'truth' as well.

Your comment floored me

More like: 'I floored myself'.

CC.

News? (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21535697)

Come on, this has been happening for a very long time! [enyara.net] We all had a suspicon at least.

which is better? (5, Insightful)

pak9rabid (1011935) | more than 6 years ago | (#21535721)

What do people here think is better...a physical attack (with guns, bombs, etc) where live are being lost, or cyber attacks where lives are not being lost (to the best of my knowledge..please correct me if I'm overlooking something).

Re:which is better? (1)

krazytekn0 (1069802) | more than 6 years ago | (#21535915)

This is not about warfare, this is about espionage, so that when warfare is upon us we can better conduct a physical attack. It's not like "Oh shit you broke into my computer, I guess we'll stop building these missles now". It's more like "Hey China has a foo weapon! I found it in their database!", "Oh shit! Let's tell someone to go blow it up!"

It's too bad we can't be like the Native Central Americans of yesteryear and just play lacrosse instead of have war (granted people got killed, but not near as many per capita).

Re:which is better? (1)

Torvaun (1040898) | more than 6 years ago | (#21536147)

It depends. Are any of the cyberattacks going to shut down power grids? If so, are there any hospitals on those power grids? Cyberattacks can kill too.

Re:which is better? (1)

sa1lnr (669048) | more than 6 years ago | (#21536195)

"targeting critical systems including electricity, air traffic control"

Those two have some potential.

Re:which is better? (2, Interesting)

l4m3z0r (799504) | more than 6 years ago | (#21536615)

Completely not joking, a physical attack is better and heres why. Physical destruction of lives and things pisses off the populace. People will get up in arms about ending the war and making peace. If its "just" some cyber attacks people will be apt to let it go on a long time or indefinitely being a constant strain on the economy. The economy as you know is what feeds us. If cyberwar destroys the economy to the point where unemployment is riding high thats much worse off than a few thousand killed before we get upset about the conflict.

Re:which is better? (2, Interesting)

aztektum (170569) | more than 6 years ago | (#21537583)

Yes I'd much rather have hundreds/thousands of people killed, hundreds/thousands/millions maimed, and hundreds/thousands/millions of survivors grieving and scarred for life than face up to the fact that "Oh shit, the economy is swirling the drain. My money is now worthless and I can't buy that $SHINY_GIZMO."

Economies are far more easily rebuilt. Placing an economic system above lives is utterly naive and shows a complete lack of self-sufficiency, IMO.

If the concern over economic collapse through hack attacks, maybe businesses, banks, the Feds should keep that shit on networks that are in no way reachable through the regular Internet.

Re:which is better? (1)

TheSeer2 (949925) | more than 6 years ago | (#21539479)

They call it... hyperinflation.

Re:which is better? (1)

Cosmic AC (1094985) | more than 6 years ago | (#21540681)

Yes I'd much rather have hundreds/thousands of people killed, hundreds/thousands/millions maimed, and hundreds/thousands/millions of survivors grieving and scarred for life than face up to the fact that "Oh shit, the economy is swirling the drain. My money is now worthless and I can't buy that $SHINY_GIZMO."
Yes, because money is only for buying shiny gizmos, not food/clothing/shelter/medicine. Would you rather have thousands of people killed outright, or millions starving to death?

Re:which is better? (1)

aztektum (170569) | more than 6 years ago | (#21541449)

See the part about inability to be self sufficient. Go out and kill a rabbit or plant some damn vegetables. If for some reason money is suddenly worth jack shit, you think society would really rip itself apart? Some people, maybe, would be fucked. Anyone who knows more than what the TV tells them will figure it out.

Re:which is better? (1)

stinkybob(2) (704940) | more than 6 years ago | (#21538341)

Most cyber attacks are designed to acquire actionable intelligence. And in a lot of cases that intelligence, when put into the wrong hands, can cost lives. I don't think that anyone would like to see either kind of attack. Both are harmful and both can kill.

Re:which is better? (1)

Isaac-Lew (623) | more than 6 years ago | (#21538685)

You do realize that attacking certain infrastructure components could lead to injury and/or loss of life? Examples: air traffic control, traffic lights in a city during rush hour, a computerized railway system, even a water treatment plant (oops, too much bacteria was left in the water).

Re:which is better? (0)

Anonymous Coward | more than 6 years ago | (#21537475)

The fact that you even have to ask that question demonstrates the power of long-term propaganda. Growing up knowning nothing but huge, overly complex, insanely powerful government, the average individual can't even imagine that life without the welfare-warfare state is possible. The god-like "right" to choose for another man whether he lives or dies -- an integral part of the welfare-warfare state -- barely raises an eyebrow when it is exercised. Even as airstrikes [guardian.co.uk] slaughter [alertnet.org] women and children in far-away lands, most still cling on to the fairytale that human morality somehow permits one man to choose for another whether he lives or dies.

To even consider that there can be a worse violation of human rights than murder itself just isn't human, if you ask me.

Re:which is better? (0)

Anonymous Coward | more than 6 years ago | (#21540961)

Shades of the Star Trek episode where wars were fought only through computers, and people were randomly selected to be liquidated, according to cyberwar scenarios on computer...what was the name of that episode?

Perhaps it is coming to pass...

Re:which is better? (1)

LeonardsLiver (885268) | more than 6 years ago | (#21541577)

With the US, the idea is to use a cyber attack as a precursor to a physical attack. At least that's what we did prior to gulf war 1 (probably 2 also). China is just doing a bit of digital reconnaissance.

Huh? (2, Interesting)

Otter (3800) | more than 6 years ago | (#21535753)

"Cyber assaults have become more sophisticated in their nature, designed to specifically slip under the radar of government cyber defenses," McAfee states. "Attacks have progressed from initial curiosity probes to well-funded and well-organized operations for political, military, economic and technical espionage."

I'm completely not understanding how the linked article is derived from this "McAfee's Virtual Criminology Report". The version I'm seeing has nothing to do with "government-sponsored cyberattacks" and doesn't contain this quote.

Re:Huh? (1)

jbrodkin (1054964) | more than 6 years ago | (#21537239)

the quote comes from a McAfee press release issued in conjunction with the report

Storm Worm (1)

phantomcircuit (938963) | more than 6 years ago | (#21535759)

Wasn't the attack on Estonia actually conducted by the Storm botnet?

Re:Storm Worm (1)

NeutronCowboy (896098) | more than 6 years ago | (#21537231)

As far as I understand, the attack was instigated by various pro-Kremlin organizations like Nashi. While they're officially independent, they regularly get discreet support from high-level Kremlin politicians and bureaucrats. Considering the amount of thuggery and shady operations that are consistently tied to these organizations, it wouldn't surprise me that one or other botnet was used in the process. However, this in no way diminishes the support that this attack has had from the Kremlin. On the contrary, it exemplifies how Putin and his KGB cohorts are running domestic and foreign operations.

No comment (1)

xannash (861526) | more than 6 years ago | (#21535901)

This really doesn't even call for a comment...The fact that any country that has use of computers is in some way shape or form using cyber espionage isn't something new. I believe the simple use of codebreakers in WWII was the beginning of this and it will become more prevelant as the information super highway grows and more and more countries put there servers on the net to exchange information between bases and so forth. This is nothing new and will continue to grow.

Fedora Core 5 is questionable (0)

Anonymous Coward | more than 6 years ago | (#21535925)

What an appropo subject. I downloaded the FC5 isos recently, and noted that the sha1 checksums don't match with the PGP signed file. This is off of http://download.fedora.redhat.com/pub/fedora/linux/core/5/x86_64/iso/ [redhat.com]

So, either someone is messing with the isos, or Redhat screwed up. If anyone has some specific info here, it would be appreciated.

No (5, Insightful)

Yvanhoe (564877) | more than 6 years ago | (#21536089)

Sorry to be nitpicking, but it *IS* easier to drop a nuke than to attack a correctly set-up network.

Hollywood managed to persuade everyone that with a few million dollars and a rock-star hacker it is possible to break into the most secure systems. The fact is that when sysadmins have been doing their jobs, it is easier to conduct a physical attack than a networked one. Do you think that electronic money could exist otherwise ?

Re:No (4, Interesting)

Vanden (103995) | more than 6 years ago | (#21536277)

Given your assumptions of "correctly set-up network" and "sysadmins have been doing their jobs", I would agree.

However, most of us know that many networks are vulnerable to attack because they're neither correctly set-up nor are their admins doing their jobs. In these cases, even a no-talent script kiddie could break in easier than a government could launch a nuclear attack.

Re:No (0)

Anonymous Coward | more than 6 years ago | (#21536687)

There are fewer repercussions associated with a cyber attack.

No (1)

Bri3D (584578) | more than 6 years ago | (#21536893)

It's easier to attack the network no matter what, for two reasons:
1) If you fail, you don't die.
2) Nobody notices when you succeed, and you're free to do whatever with the information you've got.

If someone notices you've failed (or succeeded), you're likely to be prosecuted in your country of residence. Unless you're hacking for the government, in which case... exactly nothing happens.

Wheras if you fail at dropping a nuke (i.e. the nuke somehow gets destroyed by a "missile defense system") you die. Quickly. And if you succeed, you probably die, slowly, as whatever country you attacked or their allies retaliate in kind.

However, comma ... (1)

PhxBlue (562201) | more than 6 years ago | (#21537515)

Sorry to be nitpicking, but it *IS* easier to drop a nuke than to attack a correctly set-up network.

How many government networks do you suppose are correctly set up? Nevermind commercial networks, which don't even have the benefit of government standards on securing their systems.

RTFR! (3, Informative)

cfulmer (3166) | more than 6 years ago | (#21536149)

Argh. The report [mcafee.com] (possible sign-in required) DOES NOT say that the US is conduction cyber-espionage activities. (Note: the linked-to article in the parent points to the 2005 report) It does say that there are an "estimated 120 countries working on their cyberattack commands," which is quite different from actually being involved in espionage.

(Note that I'm not asserting that the US is not conducting electronic espionage. I would hope that we are. Heck, we did electronic espionage long before the internet; why should we stop now?)

Re:RTFR! (2, Informative)

jbrodkin (1054964) | more than 6 years ago | (#21538455)

I am the author of the story and I interviewed McAfee researchers who told me the United States is one of the 120.

Indeed, this is not new... (3, Insightful)

rickb928 (945187) | more than 6 years ago | (#21536215)

And it's not even very much a secret now.

Estonia got hammered, probably by Russia. That Russia contracted a stormbot net merely qualifies it as a mercenary attack. Think Bay of Pigs, with a lot more deniability.

China-based machines have been spotted trying all sorts of hijinks against targets worldwide. Not that China-based machines are alone in this, but they seem to be pretty aggressive.

When I was younger, I dreamt up interesting warfare. Why use Anthrax when a decent influenza mutant gave you deniability and a very debilitating attack. Use something like Salmonella, and give the population diarreah. A cleanup of fairly massive proportions. As part of the strategy, hit Atlanta with the Salmonella, and Phoenix, and watch the water problems escalate. Influenza would be best used in metropolitan areas, since it would be indistiguishable from a genuine pandemic.

Cyberwar offers states deniability, subterfuge, and targeted attacks at economic and industrial resources. Wonderful way to cripple your opponent on their own soil, and then run circles around them snarfing up territory, influence, or just plain good press while the losers suffer in every other way.

Once upon a time, you knew who your enemy was - they were slashing, shooting, or bombing you. then it got harder to figure out where they were. Then it got harder to figure out WHO they were.

From now on, it will be harder to figure out if you're really under attack, until it's too late.

I suspect our military will be taking more and more systems off-Net, to completely prevent attacks. Then our adversaries will go after the softest parts of the military systems: Communications - satellites for instance. Logistics - civilian systems the military depends on. Political Systems - including the media, elections.

We are close to fighting an invisble enemy, with uncertain targets, in a neverending low-grade conflict that saps our resources and diverts our attention from greater threats and opportunities.

Time to start giving tax breaks to onshore manufacturers again. We cannot continue to import most of our critical technology from our avowed and hostile enemies.

Re:Indeed, this is not new... (4, Insightful)

NeutronCowboy (896098) | more than 6 years ago | (#21537395)

I agree with pretty much your entire post, except for the last paragraph. If you do not even know who your enemy is and whether anyone is attacking you, the only way to ensure your safety is to tie everyone's well-being to yours. This requires deep economic and social ties between individuals and corporations in the different countries. If cutting into American GDP by releasing various pandemics on its soil backfires because people in your country don't have jobs anymore, you're gonna think twice about doing that.

Low-grade, untraceable and deniable attacks are a fact of life with electronic communications. We can either make sure that everyone has a stake in the overall health of the world economy, or we can start a wonderful cycle of isolationism, paranoia and "us vs them" attitude. Personally, I know which way I tend.

Re:Indeed, this is not new... (1)

rickb928 (945187) | more than 6 years ago | (#21562351)

I'm not sure I can agree with your premise that you (us) tie your security to the well-being of others. In a global economy, your friends easily find new friends that are worth more to them than you were, the emphasis on 'were'.

China, for instance, is a pretty attractive partner to OPEC, certainly at least as attractive as the US is. Japan is less attractive to OPEC in many ways. Suddenly, we are not the best friend of Japan, unless we can help them with their petroleum needs, if OPEC decides to favor China over Japan. This plays out mostly when Venuzuela, for instance, decides to ship to China more, and Japan less. Does Japan pay more for oil as it is shipped from the Middle East, costing more possibly?

China is everyone's favorite trading partner, it seems. Cost is a big part of that, and the relative lack of environmental controls there. But we may be neglecting the reality that China has an enormous doemstic market. In time, and perhaps soon, they will reach the tipping point where their domestic demand is sufficient, and their domestic income adequate, to fuel their own consumer production. Then they need us a lot less than now, perhaps hardly at all. If China can choose its partners, do we get chosen? And do we want to be 'chosen'? Perhaps they choose based on which partner they can extract the most from, leaving that partner as empty a wallet as possible...

When we are not worth as much to China as a market as we are a threat to them, them expect trouble. And I think that day is a lot closer than we hope. Right now, today, what whould happen to China's economy if we reduced imports by half? Probably pretty damaging. What about 5 years from now? 10?

The Chinese seem to take a long view of the inevitable conflict between us. We must also. Keeping onshore manufacturing for critical needs will be an issue for us soon, if not immediately. If you think it's fun to fend off the worms, trojans, viruses, and other disguised but overt attacks on our information systems, imagine the joy of having to mistrust your BIOS, hard drive firmware, even RAM. Imagine a concerted effort by a non-US manufacturer to insert 'spyware' in systems at the hardware level. I don't think I'm describing anything new here, either, just in scale. For example, http://lib.nmsu.edu/instruction/lsc311/textbook/information&society.pdf [nmsu.edu] describes the persistent rumor of such a tactic used on a very limited scale in Operation Desert Storm. Didn't get much press back then, did it...

We're on the cusp of proving something well known and fairly true. Technology will be exploited to its fullest in warfare.

And we will not always be able to choose our friends, nor keep them, when well-being is the test. Our friends must look further than their dinner plates, sometimes, to choose the right path. Even we will have to do that soon.

Re:Indeed, this is not new... (1)

NeutronCowboy (896098) | more than 6 years ago | (#21563469)

I think your point can be summarized as such: there are certain industries so vital to a nation's survival that they should always exist within the national borders. The classic case for this was always the machine tool industry, and as such, has been heavily subsidized by a number of nations. I do think we can add manufacturers of BIOS, networking equipment and other IT-related industries to it.

I don't think that it is a bad idea to watch for potential worst case scenarios, and to quietly prepare for them. At the same time, minimizing the likelihood of those worst case scenarios should be at the forefront - and yes, it is going to be difficult to reduce them to zero, or even keep them stable. I realize that my comment completely oversimplifies the task, but I do think that in terms of priorities and advertisement, the "make friends" approach needs to be at the forefront. Its payoffs alone necessitate that.

Live Free or Die Hard (0)

Anonymous Coward | more than 6 years ago | (#21536305)

So is this right out of Live Free or Die Hard? Oh no the east coast power backbone is going to overload

Here's a thought (2)

di0s (582680) | more than 6 years ago | (#21536399)

Don't connect critical infrastructure to public networks?? Seriously, what use could Pentagon users possibly have for the public internet? Granted if they *did* introduce a virus or trojan into Pentagon computers, at least it would be a little harder to get information back out.

Re:Here's a thought (1)

bhmit1 (2270) | more than 6 years ago | (#21536563)

Don't connect critical infrastructure to public networks?? Seriously, what use could Pentagon users possibly have for the public internet?
You mean like the SIPRNet [wikipedia.org] ? And just because you're working on military computers doesn't mean you aren't working with COTS software and hardware. There are far too many reasons to list why they'd need the public internet, but with government spending, it's easier to buy two of everything to keep one away from the public.

Re:Here's a thought (0)

Anonymous Coward | more than 6 years ago | (#21536901)

Believe it or not our Top Secret network ISN'T connected to public networks. It's not connected to the internet at all. Hollywood's probably pissed to find that one out.

Re:Here's a thought (1)

cumin (1141433) | more than 6 years ago | (#21537375)

Dang. Guess it's time to ask for a refund on my macbook.

But hang on a second, are we assuming that only networks connected to the Internet can be compromised? Are we forgetting that viruses can be loaded on *any* media?

Lets say China wants to get a big chunk of data off of a network not connected to the Internet. Maybe they break into the home computer of Sam Gov Lacky who is fond of downloading iTunes and putting them on CD. Sam takes it to work, slips it in, his supervisor wouldn't care if they noticed, and now everything Sam's computer touches is trying to bundle information into an invisible location on the hard drive. Now all they have to do is bribe for or luck into the hard drive with the information they want and decrypt.

<sarcasm>I'm sure nobody with high level access is technically stupid or lax in enforcing the rules. I'm sure that nobody could be bribed to forget to wipe a hard drive, that *shouldn't* have any important information on it.</sarcasm>

Re:Here's a thought (2, Interesting)

bhmit1 (2270) | more than 6 years ago | (#21539971)

Maybe they break into the home computer of Sam Gov Lacky who is fond of downloading iTunes and putting them on CD. Sam takes it to work, slips it in, his supervisor wouldn't care if they noticed, and now everything Sam's computer touches is trying to bundle information into an invisible location on the hard drive. Now all they have to do is bribe for or luck into the hard drive with the information they want and decrypt.
Not that this is impossible, but it's a lot more difficult than that. Friends that work there in secure places like the pentagon don't even take in their cell phone, let alone a laptop. When a vendor wants to see logs to troubleshoot an issue, there's a month lag while the logs are de-classified. And if you aren't cleared for a machine, you aren't allowed to physically touch the keyboard or mouse, someone else is assigned to type everything for you. Back in the old days, floppies were color coded which made for some interesting stories about non-cleared people picking the wrong color from a store bought rainbow pack.

Don't forget that these people tend to be very in demand as long as they keep their clearance, they've gone through their share of background checks and polygraphs, and that all goes away and replaced with a treason charge if they decide to do something that puts national secrets at risk. This isn't to say it's impossible, just not as likely as it would be if the geek squad was their model employee.

oi! (0)

Anonymous Coward | more than 6 years ago | (#21536427)

Hot war. nuke winter. Cold war. E-war.
So let me guess... some dude gets flamed and a bunch of l337 kiddies run to the rescue to pound said flamer. Flamewar on. Onlookers from a distant node wait a few years for the internet to crumble before using fresh servers to save the day and convince selves of heroism. Salty penguin dog says "mind the flame kiddies, they are coming and they are packing spam" 50 year mutually assured spamming mentality defines the society and perceptions of confused morons everywhere.

(Yes, it does make sense)

What do you expect? Governments do their job... (0)

rhalbheer (1196639) | more than 6 years ago | (#21536555)

I am amazed how much attention and comments this article gets. What do you expect the government to do? Every government is running it's intelligence service and we expect our government to do that, don't we (well our government is part of the nice guys anyway, therefore it is good ;-)). Now, you do not expect them to use today's technology? Hey, come on, in which world do you live? I saw comments like "as long as they spy on each other, I do not care" - where do you live my friends? It is part of the governments' job to do industrial espionage (at least most of them do as a matter of fact). And you do not expect them to use today's technology? Come on... The world out there is not nice - it is darn bad! Roger Chief Security Advisor Microsoft EMEA

Re:What do you expect? Governments do their job... (2, Insightful)

geekoid (135745) | more than 6 years ago | (#21537797)

No, in fact a large part of the world is nice.Probably well over 90% of the people will leave you alone.

Infiltrating other government networks is an act of war. So I don't expect them to actually attack them, any more then I expect a military exercise to actually attack 'enemy' targets.

People like you are exactly the kind of people who are fucking up security.

Re:What do you expect? Governments do their job... (1)

aminorex (141494) | more than 6 years ago | (#21545673)

Firstly, I question your notion of "act of war". The laws of nations are slow to change, and while I am certainly no expert in the area, I doubt very much whether there is an unequivocal case to the effect that mere packet transmissions can consitute an act of war.

Secondly, if it were an "act of war", this would only be a practical impediment to nations which had a credible deterrent threat imposed upon them.

Thirdly, it is not at all unheard of for military exercises to involve provocations at widely varying scales, including firing on military emplacements in foreign territory across borders or during a territorial incursion, often disclaimed as accidental.

I understand the feeling of contempt that one may feel when the glaring flaws in your correspondent's position seem evident, while their strengths and your own weaknesses may be less apparent to you at the moment, but I've found that it is not to my own benefit, nor to the support of my position in a public forum, if I allow that feeling to tempt me into sneering insults. Usually, thinking through the issues to the point where one is making a truly supportable point requires enough qualification and nuance so that the brutal impulse is largely wasted before 'post' is pressed. Some people are truly idiots, but usually their position is beneath contempt. The great danger is that you will behave with contempt because you face a truly contemptible adversary, and thus grant victory to the contemptible position.

Where does it say the US is doing it. (1)

GigG (887839) | more than 6 years ago | (#21537235)

The summary and TFA both claim that the US is carrying out attacks but I can't find any cite for that in TFA. Not that I don't think the US would do this against an enemy or in retaliation but I kind of doubt that it is going to be discussed in a report that the FBI was involved in producing.

your tax dollars at work? (2, Insightful)

keithjr (1091829) | more than 6 years ago | (#21537323)

This might generate an interesting new source of revenue for the Storm botnet. Lease out DDOS horsepower, as it currently being done, to the highest bidding government. Scary.

And ... (1)

vtcodger (957785) | more than 6 years ago | (#21537359)

Surely any country that didn't investigate just how vulnerable it and other countries are to attacks from the internet would be pretty foolish. Even if your country is someplace like Iceland or New Zealand that has few enemies and is unlikely to be attacked, you'd probably like to know what Denmark or Fiji could do to your information infrastructure if they chose to .. and how you could retaliate if you chose to.

Countries -- no names -- who think their national identity requires them to be the world's biggest bully have even more reason to be looking into cyber war. Never can tell when the perceived need to push someone around will come up. And it might not be a bad idea to find out how pushees might retaliate.

Great, another ISP excuse (2, Funny)

Grandiloquence (1180099) | more than 6 years ago | (#21537887)

Me: So, why is my internet out this time?

Tech Support: Um, let me check. (spins the wheel of random technical failures) Looks like acid rain. Sorry.

Me: That's what you told me last time! I think you're lying to me!

Tech Support: Ok, let me check it again. (spins the wheel) Ok, it's actually a government sponsored cyber attack.

Me: Gah.

Yeats said it best: (1)

FranklinDelanoBluth (1041504) | more than 6 years ago | (#21537893)

The best lack all conviction, while the worst Are full of passionate intensity.

So that's what causes (1)

boogahboogah (310475) | more than 6 years ago | (#21537999)

all of those Chinese ISP IP's to show up in my connection attempted logs...

The US gov't is circling the wagons (0)

Anonymous Coward | more than 6 years ago | (#21544835)

The OMB has just directed the entire US Govamint to reduce itself to 50 connections to the internet. This has to be complete by June 2008! The fed probably has hundreds of such connections currently. I know this is going to be a major undertaking, to say the least. The memo ( http://www.whitehouse.gov/omb/memoranda/fy2008/m08-05.pdf [whitehouse.gov] ) requires planning to be complete by January. The memo further instructs those with questions to contact Karen Evans at OMB...
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>