Governments Prepare for Cyber Cold War

superglaze writes "ZDNet UK has an analysis piece on the growing threat of a "cyber cold war". It's got some interesting examples and it seems everyone is up to something. "...attacks are not limited to any particular countries, or by alliances between countries, according to cyberwarfare watchers. In the McAfee report, Johannes Ullrich, chief technology officer for research organization the Sans Internet Storm Center, said that most countries hack each other regardless of any supposed allegiances. Alan Paller, director of research at security training organization the Sans Institute, concurred. "All nations are doing it to each other. I don't know of any country not doing it," he said. "If it's not for normal espionage, it's for economic espionage. It's a very broad set of countries [involved].""

Maybe It's Time for a Cyber-Treaty

[Apple Acolyte (517892)]

It can be signed using an EULA!

Re:

[TheMeuge (645043)]

It can be signed using an EULA!

But then it could be bypassed with an application of a black permanent marker!

Then again, lots of things can be fixed with a black marker - military intelligence, prisoner records, global warming reports...

Attention Cyber Cold War Armies:

[morgan_greywolf (835522)]

1 h4v3 A /-r4d u83r m41nf4@m3 th4tz R1P3 4 4tt4c/! pwn d1s n u w1ll pwn d4 w0r|d! H3r3 i5 th3 s3cr3t 1p 4ddr3ss:

127.0.0.1

thx!

war ...

[thrillseeker (518224)]

is the continuation of politics.

War kill, maims and physically destroys cities.

[shis-ka-bob (595298)]

This doesn't happen with 'hacking' by government agents. This is not war, this is espionage. Especially in the US, we must avoid labeling anything 'serious' as a war. There is a bright line distinction between the widespread killing that accompanies a war and the economic losses that could be inflicted by espionage over the internet or the chaos that could follow a deliberate 'cyber attack'. Espionage is also a continuation of politics, but that doesn't make it war.

Re:

[Bearhouse (1034238)]

I agree. I'm waiting for the 'war on dandruff' to be declared - bound to happen soon.

Back on topic, espionage can lead to loss of life, both in times of war and peace.

Re:

[calebt3 (1098475)]

On a much smaller scale.

Re:War kill, maims and physically destroys cities.

[rucs_hack (784150)]

I met a spy once. Well a guy who'd been a spy in the second world war, fascinating stuff.
Alas he was bcoming senile, hence why I met him, he was a client of mine (used to be a nurse you see).

What was really funny is all through the war, and right up till the mid nineties, his wife had beleved he was a truck driver with some very long postings abroad on convoy duty or somesuch. Once she thought he was up in scotland for six months when he was actually in Africa. He only talked when he started to realise his mind was going.

Great stuff I thought.

Re:

[glindsey (73730)]

I have to ask, though... isn't it possible that his senility caused him to believe he had been a spy during WWII? Or was he nowhere near far gone enough for that? I'm not trying to troll here, just seriously wondering...

Re:

[thrillseeker (518224)]

By your definition then, the use of a large-scale EMP "weapon" at high altitude over a country, such as the US, rendering useless all the non-hardened electrical devices in the country, would not qualify as war - after all it doesn't cross your "bright-line" requirement of widespread killing. Disregard the incredible chaos and economic loss that would follow - no one died from the pulse - other than a few unlucky pacemaker wearers.

Death that accompanies violent[1] action is incidental to a military obj

Re:War kill, maims and physically destroys cities.

[Elemenope (905108)]

Right, because economic jamming is ultimately just about money. Nobody has ever been killed for just money.

Please. In the 21st century, economic hegemony is shaping up to be much, much more important than simple military dominance, as military actions follow from economic imperatives, not the other way around. From the United Fruit Company to the Iraq Wars, blood runs when money stops flowing.

The bright line you describe doesn't exist; economic warfare, whatever the form, has real human cost in actual human lives. The person who dies of Cholera in Bolivia because their water supply is privatized (and devastated as a result) after heavy foreign pressure is just as dead as the Iraqi killed by an American bullet. At least one has a prayer of getting on the evening news.

Incidentally, while I generally agree that calling something a "war" does not make it so, if you are referring to the US War on Drugs, it resembles a war in every legitimate sense of the term. People in Putumayo and neighboring Columbian states see at the center of Cocaine traffic a fully militarized operation, while here in the US we have armed our local police offices with semi-automatic weapons, no-knock warrants, and a healthy disrespect for human life. (If on the other hand you were talking about the 'War on terror' or the 'War on poverty', you might be on to something. ;)

Wars On Abstract Concepts

[EgoWumpus (638704)]

Any war on an {insert your chosen abstract concept here} is ridiculous. The War on Drugs resembles a war, and perhaps even is a war, but it's not a war 'on drugs'. It's a war against particular drug cartels. It may even be several separate wars. But by calling it an abstract war, you confuse yourself. Note that the Allies declared war on the Axis countries in World War II, not on Invaders. Fighting Invaders might be a good idea. Having a War on Invaders, on the other hand, is a really bad idea, because your objectives are entirely unclear.

It just goes to show you should never confuse people with concepts. You'll be way off.

Re:Wars On Abstract Concepts

[Elemenope (905108)]

An interesting point. I disagree, only because the "War on Drugs" has had a relatively coherent approach and consistent goals for a while now. That the militarization of the conflict has led to an unmitigated loss, and placed the "war goals", so to speak, almost completely out of reach, does not make it any less legitimate. Lost wars are still wars. The war was never against "Colombia" or "Mexico", but in the DEA office they had real targets (complete with red 'x's through the pictures of the targets that were eliminated or neutralized) and quantifiable goals.

Likewise, a "War on Invaders" seems to be eminently reasonable, if stupidly duplicative. The Westphalian system makes every country de facto at war against any territorial invader anyway, so "War on Invaders" is more of a standing international policy than it is a war on an idea.

The problem I have with using the rhetoric of 'War', whether it is associated with an actual military conflict that approaches the reality of warfare or not, is that it destroys the succinct and specific legal meaning that the word "War" had. That same international system of sovereign states depends a great deal upon the notion that only sovereign entities may declare war on sovereign entities, that such a declaration meant specific responses and held specific expectations of the parties involved, and that at least in the US it required a legislature to legitimate by vote in order to execute. Blurring the textbook definition of "War" between sovereign states with "War" that states only a goal, whether it be concrete or ephemeral one, and not a sovereign state, damages the integrity of the system that is designed to moderate the use of force internationally.

Re:

[QuantumFTL (197300)]

Any war on an {insert your chosen abstract concept here} is ridiculous.

I don't know, the War on Reason seems to be pretty alive and well here in the States.

Re:

[blahplusplus (757119)]

War kill, maims and physically destroys cities.

"Thus those skilled in war subdue the enemy's army without battle .... They conquer by strategy."--Sun Tzu

I know who to blame now.

[Kranfer (620510)]

Well, at least with all countries going after eachother's economies and such, I will start off by saying that at least I know who to blame when my Interest rates to up. You Bastards! But in related news, i did see that the Chinese Government attempted to hack into the Rolls Royce data center in Texas. The news article said everything was fine and dandy though so at least thats good.

http://infotech.indiatimes.com/articleshow/2591293.cms [indiatimes.com]

I guess they want real engine technology or something.

Re:

[cp.tar (871488)]

But in related news, i did see that the Chinese Government attempted to hack into the Rolls Royce data center in Texas. The news article said everything was fine and dandy though so at least thats good.

Oh, right.
And if everything wasn't fine and dandy, they'd tell that to the public.

<borat>Pause not.</borat>

When war started in Croatia some 15 years ago, there were so many bombings, air raids and so on and so forth -- yet every single time there was an engagement, our national television broadcasted minimum losses on our side (most commonly, no casualties save for one wounded) and heavy losses on the opposite side.

I was but a kid then, but even then I found it... odd.

Likewise, I'm quite

Not so Cold

[explosivejared (1186049)]

Apparently [slashdot.org] it's not so cold after all. Maybe insane paranoia we will reap some benefits from increasing tech R&D. All it takes is one congressman talking about "an decryption gap" to get about 10^588484 billion dollars for this stuff.
 
  Last time the Soviet's spent themselves into exinction, so let's just hope it's not us this time.

Re:

[El_Muerte_TDS (592157)]

All it takes is one congressman talking about "an decryption gap" to get about 10^588484 billion dollars for this stuff.

I think you need a little bit more money than $65534

Re:

[TubeSteak (669689)]

All it takes is one congressman talking about "an decryption gap" to get about 10^588484 billion dollars for this stuff.

I don't know about "10^588484 billion dollars" but the NSA has been receiving funding because of their antiquated energy infrastructure. Because nobody bothered to do any long range planning, they reached the max their local grid can handle, leaving no room for new super computers, etc. It might not exactly be "a decryption gap," but they're getting money to upgrade their facilities.

http://www.prisonplanet.com/articles/August2006/070806NSA.htm [prisonplanet.com]

Re:

[legoburner (702695)]

Not to mention how much this will help us defend against the cylons!

I am Cyber Special Forces

[by Anonymous Coward]

I probably shouldn't be posting this, but I'm Cyber Special Forces, a US Cyber Seal. We have a motto - "the only easy day was yesterday". People think it's glamorous, but I'm out there risking my life every single day.

Here's something you might not have heard before - Freedom isn't Free.

If not me, then who?

Re:I am Cyber Special Forces

[ObsessiveMathsFreak (773371)]

If not me, then who?

Some outsourcing guys in China! ...oh wait.

Worst Article Ever.

[moogied (1175879)]

A cyber cold war? How is this going to work? Are we building servers right now that spam "STFU NUB, AMERICA #1 B1A+CH"?

It's not a bad thing in itself.

[Bragador (1036480)]

Of course it can make people angry to get their own information stolen by other governments but on the other hand this happens only when the playing field is not leveled.

When all governments have similar technologies and ressources it forces the market to compete more and get new ideas on the market as soon as possible. Also, when military technologies are similar amongst nations, it forces them to negociate and talk instead of bullying the weaker ones.

Having a small advantage is all right but when some nat

Firewalls?

[Burlynerd (535250)]

OK, so how long will it take for them to start building national firewalls? BN

Re:

[calebt3 (1098475)]

There is no reason in my mind for a "national" firewall. Maybe one to shelter the entire government's systems, but there is no reason to extend this to civilians, except for the fact that a local botnet will be able to DDoS more effectively than a distant one.

Re:

[farkus888 (1103903)]

This is a very very good point in a humorous tone some might miss. there is a lot of discussion about the privacy/access to knowledge aspects of the great firewall of China. no one seems to be drawing the correlation that much of this "cyber cold war" traffic is coming from or going to China, makes one wonder if those aspects of this firewall are really strawmen to keep people from talking about it really being a defense from other governments trying to track and retaliate against Chinas outgoing "cyber col

I know it's part of what they do

[techpawn (969834)]

But I always take Security warning from software vendors with a grain of salt. It's like the wolf telling you about the fox watching your chickens.

How to strengthen your country's defences

[Ed Avis (5917)]

With attempted 'hacking' from other countries, we see that domestic laws prohibiting unauthorized computer access are not much use. Of course they don't deter the Chinese army or any other government agency. They do deter domestic hackers, but have unpleasant side-effects like criminalizing viewing a page on a website to make sure it's not a phishing site [theregister.co.uk]. And if your computer security is oriented more towards tracking down individuals and bringing them to trial, you will be relatively defenceless against foreign agencies. Children brought up in an artificially clean and disinfected environment can suffer more infections when later exposed to the real world. It might be a better idea to legalize hacking, provided no damage is done, in order to strengthen your country's immune system.

So what ?

[alexhs (877055)]

Espionnage agencies are using new technologies to achieve their goals. So what ?

Spying/Intelligence (gathering information) is as old as wars are (already Sun Tzu was talking about that). It's in no way specific to a "cold war".

Re:

[techpawn (969834)]

already Sun Tzu was talking about that

Chapter XIII was interesting and talked about the importance of spies during war. But if you remember that chapter well THIS should scare the ever living hell out of you unless you really think the information being fed to them is false or that they are so well rewarded that they won't defect.

Sun Tzu spoke of gathering information for attack before it happens, not info about the people/leaders.

No Duh

[MM_LONEWOLF (994599)]

Alliances aren't being followed? Next thing you know, they're going to tell us that there were spies operating in Russia during the real cold war.

Not really a dupe, but recently well-discussed

[Bearhouse (1034238)]

Here:

http://yro.slashdot.org/article.pl?sid=07/11/29/1936220 [slashdot.org]

Not a Cold War

[Doc Ruby (173196)]

That scenario isn't a "Cold War". It's just the normal state of international relations, which has always been based on political and economic espionage, as well as "sustainable sabotage", for thousands of years among all nations. Even during every "hot war" (shooting involved), this is the norm. Even among allies, looking for advantage and testing for weakness that makes the entire alliance vulnerable.

People really ought to go check into one of these actual wars once in a while. The ones where states work to destroy each other, where lots of people are killed, where entire ideologies, religions, cities, landscapes get trashed and owned. People who think this kind of thing is a "war" really have it soft, and lose the proper respect for real war.

OMG they don't bother to hide any more?

[hellfire (86129)]

I'm not disputing the accuracy one way or another, but c'mon. Not only does the article clearly reference McAfee as the author of the report, a corporation with a vested interest in scaring governments into buying more software, so does the summary! The moment a corporation starts posting fearmongering, I'm immediately skeptical. The immediate aim I see is to get the government to be scared and buy more software from McAfee. Maybe I'm wrong but I doubt it.

Government and corporations have been in bed for years, but my god it's gotten so bad that it's practically a daily public porn show where they don't care what you see any more.

Re:

[farkus888 (1103903)]

if mcaffee is the only thing we have protecting us we might as well just give them an email address they can send their requests to and hire a team of people to promptly respond with whatever they want to know.

Re:

[CodeBuster (516420)]

Yes, but you will continue to pay your taxes and "vote" for the other guy and you will like it that way.

Cyber War

[MM_LONEWOLF (994599)]

I've got an idea. If two countries are arguing, each cultivates their best cyber warriors for 1 year. After one year, they have a giant multiplayer team death match in a mutually chosen FPS. At the end of the day, winner takes all. The only problem is that Japan and/or China will become the new super-powers.

Re:

[nonsequitor (893813)]

I've got an idea. If two countries are arguing, each cultivates their best cyber warriors for 1 year. After one year, they have a giant multiplayer team death match in a mutually chosen FPS. At the end of the day, winner takes all. The only problem is that Japan and/or China will become the new super-powers.

Good idea, but instead of an FPS, it will be more like DefCon's Capture the Flag competition. The game is already being played and the only side we'll ever hear about scoring is the Chinese, so us civ

Let's hope ...

[Bearpaw (13080)]

Let's hope these idiots don't trigger a "Cyber Winter".

The world economy is becoming more and more dependent -- and interdependent -- on complicated electronic infrastructures. A nasty enough attack could hurt far more than the intended target.

Staggering incompetence

[QuickFox (311231)]

Apparently the incompetence reaches staggering proportions. FTA:

According to a source close to the situation, the chief information security officer of the US Department of Commerce learned this summer that his home computer was being used to send data to computers in China. He found his family had been the victim of a spear-phishing attack, in which his child had been encouraged by an email to unwittingly download malware onto the family's home computer. Once it was compromised, the attackers used the security officer's personal computer as a tunnel into the Department of Commerce's systems.

The family of the chief information security officer of the Department of Commerce can't afford to have one computer for the family and another for high-security work? And the nation can't afford a separate computer for this apparently impoverished officer?

No way. It can't be lack of funds. It can only be staggering, incredible incompetence. And it's not the local burger flipper. It's the chief information security officer. The top boss in charge of keeping information safe.

Amazing.

Re:

[blahplusplus (757119)]

"The family of the chief information security officer of the Department of Commerce can't afford to have one computer for the family and another for high-security work?"

I doubt he was thinking about a random event where his kid replies to an email and downloads spyware, I mean really. Most people wouldn't think such things would occur, that is pretty damn random, and most importantly most people have tonnes of things on their minds, they are not obsessed with their job, he has a family, he has to shower, h

Re:

[jdjbuffalo (318589)]

Being part of the IT organization in the DoC means he should have at least been aware of the generic problems that plague almost everyones computers--namely spyware, keyloggers and viruses. These things, especially keyloggers, could lead a hacker to gain access to his sensitive information on the computer and access to any place he logs into.

Even though I don't have a wife and kids yet, when I do you better believe everyone is going to have separate computers (especially if I use one of them for work). Th

Re:Staggering incompetence

[ceoyoyo (59147)]

The chief information security officer should be well aware that his work computer with sensitive data on it and a direct line into the department of commerce should be both physically secured and completely separate from the computer his kids (or he) check their myspace accounts on. Not only that, he's in charge of initiating and enforcing that requirement for everyone else.

Re:

[Detritus (11846)]

You've obviously never worked for the government. Just because the government, in an abstract sense, has a trillion dollars, does not mean that you can spend any of it. You can be working on a billion dollar spy satellite program, and not have any money available for basic office supplies like pens, pencils, notebooks and stamps. I know people who built their own office PCs by scrounging parts from the surplus equipment warehouse. That was the only way for them to get a computer, since their was never any m

Makes me think of the Three Stooges ...

[HW_Hack (1031622)]

each one slapping around one of the others:

wub-wub-wub-wub-wub!

Ow !

Oh Yeah ! ...

Only now countries can do this to each other digitally - guess thats progress. Its all fun and games until someone's hard drive gets formatted

War ?

[Yvanhoe (564877)]

A cold war is a war that doesn't happen.
A cyber war is a war that doesn't happen physically.
A Cyber Cold War is a scam to get government funding.

The big switch

[HalAtWork (926717)]

So does that mean all countries besides US will be switching to non-US software?

Yet Another Unsafe Redirect

[sethstorm (512897)]

Unsafe redirect on link.