Forgot your password?
typodupeerror
Government Security The Internet The Military News

Schneier Recommends Nuclear-Style Cyberwar Hotlines, Treaties 123

Posted by Soulskill
from the mr-president-tear-down-that-firewall dept.
strawberryshakes writes "Cyberwar is the new nuclear war. Bruce Schneier says governments should establish hotlines and treaties outlining the protocol surrounding cyberwar, just as they would for any other war. He wrote in the Financial Times (paywalled, but available through Google), 'A first step would be a hotline between the world’s cyber commands, modelled after similar hotlines among nuclear commands. This would at least allow governments to talk to each other, rather than guess where an attack came from. More difficult, but more important, are new cyberwar treaties. These could stipulate a no first use policy, outlaw unaimed weapons, or mandate weapons that self-destruct at the end of hostilities. The Geneva Conventions need to be updated too. Cyber weapons beg to be used, so limits on stockpiles, and restrictions on tactics, are a logical end point. International banking, for instance, could be declared off-limits. Whatever the specifics, such agreements are badly needed.'"
This discussion has been archived. No new comments can be posted.

Schneier Recommends Nuclear-Style Cyberwar Hotlines, Treaties

Comments Filter:
  • Oh boo hoo... (Score:2, Insightful)

    by moosehooey (953907)

    So what if the Chinese DDoS the internet for a while? OMG, twitter might go down!!~!eleventy!

    I think the ISP's will be much more effective in fixing any problems, possibly by blocking all traffic from the offending country, if it comes down to that.

    • by 0racle (667029)
      How would you prove it was the Chinese government? Unlike nuclear war, you don't have to be a government to carry out a 'cyber attack.'
    • by Chapter80 (926879)

      So what if the Chinese DDoS the internet for a while? OMG, twitter might go down!!~!eleventy!

      Since most bank-to-fed and fed-to-bank transactions are via electronic networks, and much of the telephone communications go over electronic networks, and a huge segment of our economy is conducted via the internet, and email between customers and vendors is very common, I think the impact would be bigger than just twitter going down.

      But Schneier (as much as anyone) should recognize that politicians are reactionary. This will get attention after the first cyber-attack.

    • Re:Oh boo hoo... (Score:4, Interesting)

      by plover (150551) * on Friday December 03, 2010 @05:24PM (#34437482) Homepage Journal

      I think the ISP's will be much more effective in fixing any problems, possibly by blocking all traffic from the offending country, if it comes down to that.

      This is "cyberwar" (their word, not mine) we're talking about. General Hayden, the former Director of the NSA, spoke at Blackhat on the topic this summer. He said that the Internet today resembles a vast indefensible plain, and that an enemy attack can come from anywhere. He thought (hoped?) a kind of "geography" would eventually evolve on the internet, allowing for tactical maneuvering, permitting the kind of strategies warriors like to fight and defend from. You're alluding to a similar type of thinking, where if the attack comes from China, you pull the cable on the back of your router marked "From China".

      It's that kind of thinking that's unfortunately going to fail at cyberwar.

      If I'm attacking your country's systems, I'm not coming from China. I'm hopping hacked servers and networks from China to Estonia to Russia to France to London to New York. If it's a DDoS attack, I'm not commanding a million Chinese PCs to send you SYN packets, I'm sending one instruction to a command and control network to tell an army of zombies across the country and globe to send you SYN packets. Or I'm activating the hostile commands buried in my counterfeit Cisco routers spread across your country by cheapo eBay resellers.

      The best defense against info-warfare is to have a good alternate strategy. Twitter may not need backups, but Wall Street does. Industrial plants and the electrical grid need air gaps (and obviously a lot more protection than they have today.) The armed services need an isolated network. So does the intelligence community. The first, second, and third jobs of cybercommand should be creation of these defense plans.

      • by HTH NE1 (675604)

        General Hayden, the former Director of the NSA, spoke at Blackhat on the topic this summer. He said that the Internet today resembles a vast indefensible plain, and that an enemy attack can come from anywhere. He thought (hoped?) a kind of "geography" would eventually evolve on the internet, allowing for tactical maneuvering, permitting the kind of strategies warriors like to fight and defend from.

        Basically the Princes and Tribesmen want the Dwellers to plant a Forest in which they can fight their battles. It's only reasonable [aikiweb.com].

      • He's usually a LOT more intelligent than that.

        2nd - be proactive. Pass a law that requires that each ISP check the packets on their network and do NOT forward any packets that do not match the addresses they control. There, spoofing is pretty much dead.

        3rd - whitelists, not blacklists. Know who you absolutely must have an Internet connection to and why. If someone is flooding your network, block everyone else. (yeah, this won't work for Amazon or eBay)

        4th - it's the GOVERNMENT. Use your purchasing power to

      • by fishexe (168879)

        The best defense against info-warfare is to have a good alternate strategy. Twitter may not need backups, but Wall Street does. Industrial plants and the electrical grid need air gaps (and obviously a lot more protection than they have today.) The armed services need an isolated network. So does the intelligence community. The first, second, and third jobs of cybercommand should be creation of these defense plans.

        They need all those things and also a good, well-enforced policy to keep defense/intelligence employees' ad hoc sneakernet from de-isolating the isolated networks. Witness the recent near-destruction of Iran's nuclear program at the hands of Stuxnet, which is believed to have been brought into the nuclear facility's isolated network by a scientist using a thumb drive to take work home with him.

  • by Last_Available_Usern (756093) on Friday December 03, 2010 @04:38PM (#34436732)
    What exactly is a stockpile of cyber weapons? A room full of nerds and a case of Mountain Dew?
    • If this is going to go on for a few days, they'd better stock up on the Dew!

    • by Sarten-X (1102295) on Friday December 03, 2010 @04:43PM (#34436832) Homepage

      Probably something along the lines of a number of botnets, zombies, secret 0-days vulnerabilities, etc.

      It's pretty easy to picture governments building up large botnets of their own machines, ready to tear down any site they want. Limits on that would be good, I think.

      • Right, but that's still silly.

        What's a botnet? What's a zombie? A botnet is, typically, a bunch of zombies. A zombie is simply a machine that can be remotely controlled using a some piece of software that's installed on it, which is typically injected by a Trojan horse, drive-by-download, e-mail virus, whatever.

        Now if the government says "we'll take down 300,000 of our 1 million botnet nodes," how are you going to know they did it? How do you know they have a million botnet nodes? With nuclear missiles,

    • That was my question.

      Would the stockpile be counted MAFIAA-style, with each copy, download, and upload counting as a 'unit'?

      Or would the stockpile be counted in lines of code? Perhaps in terms of algorithms used? Type of weapon?

      Given the rate of development that "cyberweapons" undergo, I think that 'stockpiling' would, in reality, mostly refer to the archive room with a bunch of obselete software cluttering up DVDs.
      • by HTH NE1 (675604)

        Limits on stockpiling that which can be infinitely replicated, would that not be DRMs on war?

        • Oh, now wouldn't that be hilarious.

          "I'm sorry, Sir, I can't launch the weapons. The licensing server's gone down again."
    • The stockpiles are electrons to be limited by credits Countries with lots of electrons have to share them with countries that have fewer electrons.

      Substitute smoke for electrons if that makes it more understandable and gives a better visual for the hotline idea.

      Someone forgot to make a rule, that everybody will follow of course, not to mess with the IP phones used for the hotline. Can't mess with the networks they run on either!

    • by Zeek40 (1017978)
      A stack of 5 1/4" floppies. Those things were the perfect combination of a Frisbee and a ninja throwing star.
    • by Xugumad (39311)

      Presumable a variety of different cracking tools, worms, and related pieces of software. As much as the film/TV idea of people frantically tapping on keyboards during an attack is exciting, in reality it's normally about semi-automated systems attacking automated systems. A "cyberattack" from a government is most likely to involve pulling something suitable out of storage, giving it target details and clicking "Go", rather than trying to code something from scratch on demand.

    • I find it interesting that Bruce, who is a pretty savvy guy, would suggest treaties for 'cyber warfare' that are analogous to those employed in conventional warfare. The problem is, as illustrated by the snarky remarks in this thread, is that the internet is so unlike anything else that such treaties would be pointless.

      How are you going to verify that someone else is complying? Its one thing to be able to count missile silos or uranium mining operations, but how do you make sure that someone isn't resea
      • Or maybe Bruce is thinking ahead at what the Internet might be like a few years down the road.

        If the governments had as much control over the internet as they wanted to, these treaties might be made under the assumption that each country keeps its house in order. Much like if a bunch of Canadians took up arms and started marching on American the Canadian Government would be in hot water trying to explain that one.

        Same thing here - if you can't keep your own hackers and crackers in line than you pay the cons

        • They keep bringing up this idea of an "Internet Killswitch" in the states. That could be used to stop both incoming and outgoing attacks.

          An Internet killswitch is about as viable as a perpetual motion machine. Assuming that you could round up all the possible avenues into and out of the united states (and there are a LOT of them, not just a few major landlines), and get the collective owners to agree that a killswtich is a good idea, you can only realistically kill all traffic, since filtering is unreali
    • by fishexe (168879)

      What exactly is a stockpile of cyber weapons? A room full of nerds and a case of Mountain Dew?

      Yes. Although with only one case, that qualifies as a "small stockpile".

  • by Anonymous Coward

    Cyberwar is the new nuclear war.

    Gimme a break. When I see a hacker kill off 100,000 people, then I'll take that statement seriously.

    Jesus Christ, hyperbole is becoming the norm these days.

    • by Altus (1034)

      hyperbole is the new understatement!

    • Re: (Score:3, Interesting)

      Gimme a break. When I see a hacker kill off 100,000 people, then I'll take that statement seriously.

      Jesus Christ, hyperbole is becoming the norm these days.

      QFT! Last time I checked a DDOS isn't capable of evaporating several hundred square miles like an ICBM with 6x600kT warheads. I think our leaders and 'thinkers' need to play around with a google maps mashup here [carloslabs.com], and see some friggin' clarity!

  • How else could you trust the caller? Phones are just another form of IT.

    • A worldwide certification system would be useful for many things besides cyberwarfare.

      And, o'course, if universal encryption (and thus resistance to governmental or corporate eavesdropping) became practical as a result...
    • by Suki I (1546431)
      I like the idea that the IP phone will keep working during the attack.
    • by maxume (22995)

      A charitable definition of hotline includes some assurance as to the party it is connecting you to.

  • My first reading of the headline was "Schneier recommends nuclear war." Would have been a more interesting article...
  • Or (Score:4, Insightful)

    by 0123456 (636235) on Friday December 03, 2010 @04:41PM (#34436790)

    We could just ban the use of Windows in critical IT infrastructure.

    • That would just move the problem.

      No OS is secure. There is -always- a way in, even if it's just social-engineering the guy with the passwords.

      Moving to a non-Windows OS without addressing everything else at the same time would, in the end, have no real effect. ...besides, who uses windows on a router, anyway?
      • by mangu (126918)

        No OS is secure. There is -always- a way in, even if it's just social-engineering the guy with the passwords.

        True. But I'd bet that the lock in the safe in my bank is more secure than the lock in my suitcase.

        To say "No OS is secure" is very different than saying all OSes are equally insecure.

        • True enough--but the point is that the sole action of switching OSs will not cause any real gains in security.

          Gains in security can only be made with an organizational dedication to security from the top down--everyone involved must be made to realize the risks involved, and mitigations of these risks must be performed (and checked) at every level.

          So if you switch over to Linux, great, good job. But if your secretary still opens every funny email that shows up, sooner or later you're going to get hit.
        • by hairyfeet (841228)

          Uhhh...friend? You DO realize that by switching ALL of them from Windows to Linux you be bringing huge masses of dumbasses along for the ride, yes? Windows can actually be a pretty damned secure OS, especially Windows 7 with ASLR, registry and file virtualization, DEP, and low rights browser, but as a guy that fixes them all day I can tell you it is the PEBKAC that bites you in the ass every damned time.

          So unless your master plan comes with a couple of hundred billion to train all the stupid users, or to hi

    • You seem to be a bit out-of-date in your thinking. Most of the bugs today are in the applications, on the platforms. SQL injection doesn't care about the operating system.

    • We could just ban the use of Windows in critical IT infrastructure.

      Brilliant! That would make critical IT infrastructure less diverse, and make it even more likely everything could be taken out with a single zero day attack.

  • bad analogy ! (Score:5, Insightful)

    by JonySuede (1908576) on Friday December 03, 2010 @04:42PM (#34436824) Journal

    Cyberwar is the new nuclear war.

    No it's not. it used to be that nuclear weapons were out of reach for a private entity. It is not the case with cyberweapons. How do you regulate the action of the mafia or the triads ? How do you apply a treaty onto an individual ? Treaty and regulation works for limited availability weapon but for something as easy to produce, I dont see how it could work.

    • by Chapter80 (926879)

      Cyberwar is the new nuclear war.

      No it's not. it used to be that nuclear weapons were out of reach for a private entity. It is not the case with cyberweapons. How do you regulate the action of the mafia or the triads ? How do you apply a treaty onto an individual ? Treaty and regulation works for limited availability weapon but for something as easy to produce, I dont see how it could work.

      If the world powers join to "pinch off" the threat, and the treaties and hotlines are in place to address that, then it has a chance of working.

      • by plover (150551) *

        If the world powers join to "pinch off" the threat, and the treaties and hotlines are in place to address that, then it has a chance of working.

        So the US, China and Russia all agree to not hack electrical power plants? BFD. Who's going to convince Iran, Iraq, North Korea, Israel, Nigeria, Chechnya, Lichtenstein and Morocco to not make secret plans? Who's going to convince the various organized criminal entities? Who's going to stop J. Random Hacker, who can download and modify a copy of Stuxnet from the comfort of his mother's basement?

        Think about it: the best (most experienced) people to ask for advice on how to be effective at stopping hacker

        • by maxume (22995)

          The proposition in your second paragraph is insane.

          I'm pretty sure that the group of serious hacker stoppers excludes purveyors of DRM simply by definition.

          • by plover (150551) *

            It was intended to be laughable, but insane works for me, too. But the point is valid. Trying to defend stuff with DRM from determined hackers is similar in many ways to trying to defend anything else that can be found in the hands of determined hackers -- useless.

    • by Xugumad (39311)

      Essentially, in agreeing a line that will not be crossed, with well reasoned arguments for not doing so, anyone crossing that line makes an enemy of a lot of people at once. It might be harder to regulate worm/cracking tool development, but that doesn't mean there's nothing that can be done.

    • Cyberwar is the new nuclear war.

      No it's not. it used to be that nuclear weapons were out of reach for a private entity.

      That posed an interesting Google search for me, probably put me at the top of the US Watchlist. "Is it illegal to Own Nuclear Weapons?"

      Which hasn't given me anything like what I'm looking for. Its more like everyone asking if Iran has nuclear weapons, new policies set forth by treaties and such... Nothing about a regular joe citizen owning a nuclear warhead, something I'm now curious about.

      So I go next down the list, its gotta be like other weapons of the same classification. I google "Is it illegal to own

      • It is illegal and regulated by BATF to own unlicensed explosives, such as c4. It is, however, legal to own materials that do not explode but defligrate, such as black powder, so I suppose you could own a 'dirty' bomb that burns instead of exploding. But I know you are also not allowed to own unlicensed radioactive sources over a certain, minuscule, vasltly smaller than the critical mass of uranium or plutonium isotopes.

        So without any citation of specific laws that reads "no person shall be allowed to own

        • I know you are also not allowed to own unlicensed radioactive sources over a certain, minuscule, vastly smaller than the critical mass of uranium or plutonium isotopes.

          What about materials in the ground? Building materials?

          I know this is nitpicking, but there is uranium in many rocks. If you own a big quarry, there could be a lot of uranium, certainly above the limit you are theoretically allowed to own, in those rocks.

          Or what about real estate? In some places there's no distinction between soil and underground for ownership purposes. If you own a tract of land you own all that's between the surface and the center of the earth. There's certainly enough uranium to build a

      • by maxume (22995)

        There are restrictions on the possession of radioactive materials.

      • I'm pretty sure if you owned a nuclear bomb you'd be able to negotiate to keep it.

    • Re:bad analogy ! (Score:4, Insightful)

      by N0Man74 (1620447) on Friday December 03, 2010 @05:29PM (#34437558)

      Exactly. Such an idea is rather worthless.

      Threats to networks could come from governments, but they can also come from extremists, corporations, hobbyists, or a legion of meme-spewing 4-channers.

      The targets can be just as varied. They might target corporate networks, government networks, utility infrastructures, or a website that happens to of highly political interest.

      Even if governments agree to such treaties, how do we know that they won't operate secretly anyway, and just blame cyber criminals or rogue groups if they do launch an attack? It's not like data packets in cyber attacks carry flags.

    • by fahlesr1 (1910982)

      How do you regulate the action of the mafia or the triads ? How do you apply a treaty onto an individual ?

      Perhaps a clause guaranteeing the extradition of a private entity who engages in an activity that falls under whatever the parties to the treaty define as "cyber-warfare" would solve that problem. Perhaps not. Its definitely something that nations should be discussing.

    • by blair1q (305137)

      No, it's not, but you missed the obvious reasons:

      A cyber-attack won't kill hundreds of thousands of people in a flash of light, then kill millions more from cancers and other after-effects of the blast and fallout.

      It won't obliterate acres of infrastructure and render the area uninhabitable for decades or centuries.

      It won't scare the shit out of an entire range of humanity from the simplest of folk to the most-informed on the subject.

      Frankly, anyone who compares cyber-war to nuclear war is blowing smoke up

  • Look at the stuxnet attack on Iran last month. If that country had a more developed nuke program a hostile neighbor (country X) could have had the opportunity to co-opt their systems and launch against Israel. Israel would immediately engage in a retaliatory strike and country X would be the winner (assuming they are anti Iran and at least neutral in their relations with Israel).

    Country X in this case just became a nuclear power without ever facing embargoes, or hostility from the US.

    • Look at the stuxnet attack on Iran last month. If that country had a more developed nuke program a hostile neighbor (country X) could have had the opportunity to co-opt their systems and launch against Israel.

      And fingers=bullets by the same logic. A cyber attack is not a nuclear attack, and a cyber attack that results in nuclear weapons exchange is still not a nuclear attack. An exchange of nuclear weapons is a nuclear attack. There have been fears of falsely attributed nuclear weapons launches since Russia's first nuclear test. The fact that spies could have (possibly) done the same thing doesn't make spying nuclear warfare. Neither is cyber warfare=nuclear warfare.

  • Quick! pick up the red emergency phone and dial the 16 year old 3l33t hax0r general in charge so he can fire the scripts! For great lols!

    • by Ltap (1572175)
      16 years old? He's over the hill! Fire him and replace him with his 13-year-old subordinate!
  • Exaggeration (Score:4, Insightful)

    by flyingfsck (986395) on Friday December 03, 2010 @04:50PM (#34436948)
    Hmm, he seems to be seriously exaggerating the threat. Network attacks are very easy to defend against and the damage is negligible compared to a real military attack. So this is plain stupid.
    • by Ltap (1572175)
      This seems to me like an attempt to head off intra-national attempts to regulate "cyber-weapons", applying rules to citizens that they don't apply to themselves. By drafting rules for countries they prevent (to some degree) the stopping of individuals and the ignoring of countries. By bringing it to the level of an international treaty, it gives it a level of seriousness that would stop countries from simply DDoS'ing each other on a whim or to put on political pressure, which would make Internet access in s
    • by N0Man74 (1620447)

      Tell that to those who have lost family members due to cyber attacks...

    • Network attacks are very easy to defend against

      Not really, not if you're not talking about just pulling the plug. And in any case you still need to take the measures necessary to do so. Remember that McKinnon got access to a subcontractor's (I think it was) internal network by using a password cracker and a public RAT. That's incompetence, you say. Fine, but regardless of it's form or shape it's still a security problem, period.

    • by hellkyng (1920978)

      You assume that a network or "cyber" attack is negligible compared to a real military attack. What about when those attacks steal or reveal sensitive military information, compromise troop movements, or even better silently alter or changes plans? Or how about if malicious software were to cripple a nations infrastructure such as power and water? Or steal the information regarding the whereabouts of critical personnel in military branches? What if a nation were to conduct economic warfare, such as targeted

      • by mangu (126918)

        What about when those attacks steal or reveal sensitive military information, compromise troop movements, or even better silently alter or changes plans? Or how about if malicious software were to cripple a nations infrastructure such as power and water? Or steal the information regarding the whereabouts of critical personnel in military branches?

        You mean like when a spy watches the troops with binoculars and writes down what he sees? Like when someone follows a key military officer by foot?

        What shall be subject to treaties and have hotlines next: binoculars, paper, pencil, or shoes?

        • by hellkyng (1920978)

          There are already established guidelines for the things you describe ie rules of ware etc. The online equivalent of those items can have substantially more impact and scope then the in person. Hence it makes complete sense to at least establish some guidelines for how to go about those things. Right now online there is nothing to dictate what form warfare over the internet might take. If we have an opportunity to take proactive steps to limit those things in a sensible manner, we should do so.

  • see: a taste of armageddon
  • It's another case of doing everything but locking and securing a sufficiently resistant cockpit door.

  • Can we make facebook a civilian target?
  • Will it mean hackers and the like will be considered enemy combatants if taken prisoners? Won't they have to wear uniforms to distinguish themselves from 'terrorists'?
    Too bad the black berets are already taken by the USAF. How about black hoodies?
    I'm also pretty sure some will insist on including dice, wands or xkcd quotes...

  • by HTH NE1 (675604) on Friday December 03, 2010 @05:01PM (#34437126)

    "Hello, cyberwar hotline. Have you tried turning it off and back on again?"

  • Aren't these just fancy encrypted telephones between superpowers? Why do they need different hotlines for different crises?
    • VOIP phones between the responce centers ;-)

      The actual hot line was originally a teletype machine. It was a red phone only in the movies and on TV. Probably upgraded by now.

  • all your FaceBook are belong to us
  • by Haedrian (1676506) on Friday December 03, 2010 @05:12PM (#34437302)
    "These could stipulate a no first use policy, outlaw unaimed weapons, or mandate weapons that self-destruct at the end of hostilities."

    There are tons of major differences between a nuclear weapon and cyber-'weapons' .

    Firstly, how do you work out who sent it? A nuclear warhead is pretty easy to track - but what about Stuxnet?

    Also, civilians aren't generally capable enough to create their own nuclear weapons, they can make cyber-'weapons'.

    What it'll end up with is everyone agreeing that cyber-weapons are bad and banned, then doing stuff in secret.

    The solution is better security. Yes, its an impossible goal - but its still more realistic than having the president going- "Dammit! My facebook has been DDOSed. Someone get me the Kremlin!"
  • by strangelovian (1559111) on Friday December 03, 2010 @05:16PM (#34437370) Homepage
    Schneier is assuming that in cyberwar the main actors are going to be nation-states. Look at Wikileaks; that's a form of cyberwarfare and I don't see how a hotline between the US president and the Chinese premier is going to help. We're entering a post-nation-state era, but Schneier sounds like he's using models from the 1960's.
    • by glwtta (532858)
      Schneier is assuming that in cyberwar the main actors are going to be nation-states.

      Actual cyberwar is a matter for nation-states. That whole "autistic 14 year old super hacker from Ukraine brings down all of US infrastructure with a push of a button" scenario should stay where it began: crappy 90s sci-fi.

      And calling WikiLeaks "cyberwarfare" is just, well, Palinesque.
      • Wikileaks uses the power of the internet to undermine authoritarian or non-transparent governments around the world. I'd say that qualifies it as one of the most powerful cyber-attack we've seen so far. As Julian Assange and Osama bin Laden understand, the war for your mind is by far the most important kind of warfare -- taking down infrastructure is pretty trivial by comparison. And neither of these guys is going to be deterred by treaties or hotlines!
        • by glwtta (532858)
          Wikileaks uses the power of the internet to undermine authoritarian or non-transparent governments around the world.

          Really? So far all I've seen are some mildly embarrassing and entirely inconsequential internal communications. Why must geeks always blow everything out of all proportion?

          That's not even the point though, "cyberwarfare" refers to the "actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption" (from Cyber War, via WP),
  • Do you think the cyber-guerrillas will respect the Geneva convention? The international cyber-banks will be the first to go in a world-wide-cyber-war!
    The cyber-dead will be strewn about the cyber-fields, and cyber-children will run in terror from cyber-napalm. WE'LL REVERT TO PRE-CYBER CIVILIZATION!
    So... like today, but instead of cyber-dot, to complain about greedy corporations we'll have to go talk to our neighbors.
  • Tell me that the attacks both visible (from idiots like Lieberman) and less visible (from so-called "hackers") are not the signs of cyberwarfare being directed against the power of free information via Wikileaks.

  • by Securityemo (1407943) on Friday December 03, 2010 @06:08PM (#34438122) Journal
    *calls FSB major*

    Yo! You don't know who I am, and I'm not sure how I got your number, but there's this thing going down in the internal networks of a few dozen hospitals here, and we're tracing it back to a site in your country. Our expert will soon be on it (god willing, assuming we can find them and brief them and give them access to the binaries) but the code obfuscation and anti-reversing features are like acts of god almighty, and amusingly treated as such by the insurance companies. Could you please help us catch these crazy bastards for interrogation about the stopping key... pulling the plug? That won't work, it's a self-contained virus, bricking shit like a startled soviet-era comedian. Talk to my boss? Well, I'm not sure he knows how to deal with this... or for that matter which one of my bosses I'm supposed to call...

    As (potentially) opposed to:

    *calls the kr3ml1n h4x0r bünk3r (actual official name) from the American Cyber Command (actual official name)*:
    Hello, we've got a massive self-replicating attack on our internal networked hospital equipment, much like the scenario we discussed a few months ago. We can't break the obfuscation, and IDA Pro gets eaten up from the inside by trying to analyze it, but you guys might have more luck with the binaries we've managed to capture. Also, some versions of the code communicates with a site in Russia - it's probably botnet nodes, but the "scary men in helicopters" protocol you spoke about using internally might work anyway.

    Not to talk about the difference in reaction speed between the two.
    • by fishexe (168879)

      *calls FSB major* Yo! You don't know who I am, and I'm not sure how I got your number, but there's this thing going down in the internal networks of a few dozen hospitals here, and we're tracing it back to a site in your country. Our expert will soon be on it (god willing, assuming we can find them and brief them and give them access to the binaries) but the code obfuscation and anti-reversing features are like acts of god almighty, and amusingly treated as such by the insurance companies. Could you please help us catch these crazy bastards for interrogation about the stopping key... pulling the plug? That won't work, it's a self-contained virus, bricking shit like a startled soviet-era comedian. Talk to my boss? Well, I'm not sure he knows how to deal with this... or for that matter which one of my bosses I'm supposed to call... As (potentially) opposed to: *calls the kr3ml1n h4x0r bünk3r (actual official name) from the American Cyber Command (actual official name)*: Hello, we've got a massive self-replicating attack on our internal networked hospital equipment, much like the scenario we discussed a few months ago. We can't break the obfuscation, and IDA Pro gets eaten up from the inside by trying to analyze it, but you guys might have more luck with the binaries we've managed to capture. Also, some versions of the code communicates with a site in Russia - it's probably botnet nodes, but the "scary men in helicopters" protocol you spoke about using internally might work anyway. Not to talk about the difference in reaction speed between the two.

      So you're the guy they hire to fill in where the script says [tech]!

  • Back in the day... who really could launch nukes? Hell even today how many people could build a nuke... friggen governments cant even do it. So yes you could get your dozen groups communicating and that stops it from happening. You are able to talk to everyone who can do it. Very diplomatic Today on the otherhand 23 year old guys control 500,000 zombie botnets. Computer security itself is terrible to the point basically a huge number of independants have the power to do the job. So what are governments do
  • Richard Clarke in his book Cyber War calls for some of the same kinds of controls. He calls for banning attacks on civilians, especially the banking system. He also calls for arms inspectors and an obligation of nations to assist in finding the source of attacks that come from within their borders. He calls for a "Cyber War Limitation Treaty" that would also ban putting logic bombs in civilian infrastructure. I really liked this part of the book.

    peace,

        isaac

If you think the system is working, ask someone who's waiting for a prompt.

Working...