A Cyber-Attack On an American City 461
Bruce Perens writes "Just after midnight on Thursday, April 9, unidentified attackers climbed down four manholes in the Northern California city of Morgan Hill and cut eight fiber cables in what appears to have been an organized attack on the electronic infrastructure of an American city. Its implications, though startling, have gone almost un-reported.
So I decided to change that."
Redundancy, redundancy, redundancy... (Score:5, Insightful)
Always assume the enemy knows the system. Hardening wouldn't hurt, but redundancy is the most important thing. Hardening a system tends to make it that much more vulnerable to a single insider. Redundancy mitigates this effect. Having such a small group be able cause so much disruption from such a relatively simple act makes it obvious that the city placed way too much on a single point of failure remaining in tact. Have redundant fiber. Have auxiliary wireless setups. Maintain a base of ham volunteers. Multiply your points of failure.
Personally, I think this sort of lax infrastructure security has become endemic. The 'war on terror' rhetoric we were fed for so long has us looking for the next suicide jet-liner attack or what have you, completely distorting any real conception the public had of real-world modern security risks.
Hams FTW (Score:5, Insightful)
Terrorists? Probably not. (Score:5, Insightful)
Lets not all go blaming terrorist organizations on this one.
My money is on unionized workers facing layoffs or payroll cuts. They would best know how to hurt the system and this sort of sabotage being linked to unions is not exactly unheard of.
Re:Terrorists? Probably not. (Score:3, Insightful)
Define terrorism.
Now define terrorist organization.
If an organized group of people orchestrated this attack in order to bring attention to some goal, wouldn't that make them a terrorist group?
Admittedly, an attack on property is not the same as an attack on people, but yet... to me this seems textbook.
Cyber(?) Attack (Score:5, Insightful)
So now a "cyber" attack includes the physical destruction of hardware/infrastructure without any exploitation of any programming logic?
Re:Terrorists? Probably not. (Score:5, Insightful)
Well, I'd certainlly concede that this could be classified as terrorism but I was refering more to the "ZOMG TALIBAN" kind of terrorists. Modern media interpretation of the word. ;)
Re:Redundancy, redundancy, redundancy... (Score:5, Insightful)
I'm not sure that means what you think it means :)
Reducing single points of failure is what is needed, which is not the same thing as multiplying the places it is possible to have failure.
But all the methods you describe have merit, but they also have a huge drawback -- cost. It's hard to get private entities to absorb the cost of redundant fiber, etc, since they will see very little gain from them.
So is the answer to nationalize our fiber infrastructure? Is that the only way we can make our systems secure?
Re:Redundancy, redundancy, redundancy... (Score:2, Insightful)
Re:Terrorists? Probably not. (Score:5, Insightful)
wouldn't that make them a terrorist group?
I'd presume that some amount of "terror" would need to be created for one to be considered a terrorist. But maybe I'm old-fashioned.
Re:Terrorists? Definitely not. (Score:5, Insightful)
If an organized group of people orchestrated this attack in order to bring attention to some goal, wouldn't that make them a terrorist group?
No.
What makes a terrorist group a terrorist group, is that they inflict, you know, terror .
Cutting some cables isn't going to (and, in fact, didn't) send the general populace into a panic.
Yes, it's an inconvenience, but unless they are trying to instill terror in the general populace, they're not terrorists.
Re:Redundancy, redundancy, redundancy... (Score:5, Insightful)
Redundancy of means, not just points. That means not just relying on the wired communications infrastructure or things that depend on it like cellular, for your emergency services.
Redundancy isn't always economically efficient, but we have to do it anyway, and what is worse we have to keep testing it so that it keeps working. This is hard to do if you are a private company with your stockholders baying at your feet for more efficiency.
Re:Hams (Score:3, Insightful)
But please, seriously, shut the fuck up. On the Internet. Feel free to blather on your radios.
Quoth the slashbot. On the Internet.
+1 Ironic (and not in the Morissette sense)
Hell, there's no sane reason amateur radio shouldn't be a low-capacity emergency part of the Internet [wikipedia.org].
You should probably work out your deep-seated issues with your daddy someplace else. Rather than on the Internet.
Not a cyber attack (Score:4, Insightful)
Re:Redundancy, redundancy, redundancy... (Score:5, Insightful)
"Personally, I think this sort of lax infrastructure security has become endemic."
That's why the incident under discussion is a good thing in the way that cracker threats and viruses are good.
Without attacks there is little incentive to build robust systems.
Re:Terrorists? Probably not. (Score:3, Insightful)
Um.. That article explicitly refutes that rumor. Although they used weasel words to deny the suspicions in such a way that the suspicion seems more plausible to a casual reader. E.g. AT&T has not identified any suspects and does not believe Bruce Perens sabotaged their fiber like others have suggested. Although he did post a slashdot article about it two weeks after the incident...
Blaming those damn commie unions sure is popular.
Re:Terrorists? Probably not. (Score:5, Insightful)
My money is on unionized workers...
I think it was management, upset that so few people wore Hawaiian shirts on casual Friday.
Re:Terrorists? Probably not. (Score:5, Insightful)
""ZOMG TALIBAN" kind of terrorists. Modern media interpretation of the word. ;)"
Shortly to turn into "ZOMG Wobbly Anarchist Union Menace to be cleansed with fire and legislation" if formerly-gruntled union workers are found to be the cause...
Re:Hams (Score:3, Insightful)
It's really weird that you interpreted what I said as daddy issues. Was the association of, "A was a B. Bs are awesome." lost on you?
What I was trying to convey, in fact, is that I respect amateur operators. I just find the obligatory self-congratulations every time there's an article that has anything to do with ham radio annoying.
I also find it fascinating that you dismiss me as a "slashbot", since I regularly go against the grain here. Come to think of it, you accuse me of being a slashbot when I complain about the prevailing view of hams on slashdot. I think we're tied in the irony department.
-Peter
Re:Cyber(?) Attack (Score:5, Insightful)
Four words: Denial of Service Attack. You want the hospital's network cut off from the outside world for 8 hours? Congrats. Done. This was Indiana Jones vs. the Scimitar-wielding Arab. I'd like to this this whole situation has encouraged people to start thinking a little bit more outside the box when it comes to infrastructure planning and what "mission critical" really means.
For example, my last employer took mission critical to heart. They were the regional blood bank, so that mentality was infused (tee hee. I made a pun.) into every aspect of the organization. Microwave links between our sites (and several customer sites. If need be we had the capacity to route traffic in and out through locations that were physically 5-10 miles away), generator power up the wazoo (including written contracts that put us second in line behind the hospital for diesel fuel. on top of the ample reserves we kept on site. Don't know why we weren't natural gas, though I assume that was more capacity than anything else), redundant external power connections to independent grids (which paid off handsomely one day), pneumatic tube connections to two hospitals and a couple other local sites, and a disaster preparedness plan that could have been leather bound and used for Law Office commercials if it wasn't being updated so often.
Infrastructure and disaster planning require some in depth "disaster porn" level of thought. It's hard to excuse civic services for not being ready to handle this sort of outage. Between that job and working in SE Michigan during the '04 blackout, I've learned a lot about just how ready some places think they are vs. how ready they really are to handle a disaster, be it man made or otherwise.
Re:Redundancy, redundancy, redundancy... (Score:4, Insightful)
Oh, Bruce (Score:5, Insightful)
Bruce makes some good points, but he consistently undercuts himself "information" that is poorly sourced, poorly explained, or just plain wrong.
The question I'm most interested in is why the "internal only" network at Dominican Hospital went down. Bruce doesn't explain this, and I can't find a reference to it elsewhere. I suspect that he just has his facts wrong — Dominican is part of Catholic Healthcare West, and I'd be very surprised if the computers at Dominican didn't rely on servers in a central CHW facility.
That's still a dangerous vulnerability, just like Bruce says it is. But he'd be more persuasive if he checked his facts.
And dude, everybody but you knows that that internet technology research was funded by DARPA. Some DARPA personnel are in the Army, but DARPA has never been part of the Army.
And can we please stop repeating that idiotic myth about the Internet being designed to survive a nuclear attack? It isn't and it wasn't designed to be. The basis of the myth is that early proposals harped on the superior survival characteristic of a decentralized network versus the star topology networks of the time. Not quite the same thing.
Re:Terrorists? Probably not. (Score:3, Insightful)
I'd presume that some amount of "terror" would need to be created for one to be considered a terrorist. But maybe I'm old-fashioned.
Terrorist acts need not generate terror.
Part of the definition is that the acts can be designed to intimidate or cause fear.
Actions that don't fit your 9/11 definition of terrorism are still considered terrorism.
Ultimately, unless some ideological motivation is discovered, this isn't terrorism, just sabotage.
Re:Define terrorism (Score:2, Insightful)
Does that make all wars acts of terrorism? Where does that leave the war on terror?
Violence shouldn't be a necessary requirement to define an act as an act of terrorism.
Re:Redundancy, redundancy, redundancy... (Score:3, Insightful)
You need some sort of hardening and security as well as redundancy, and those are even more expensive.
Sorry, that was kinda my point: redundancy is a minimal effort to defend against attackers, and if they're not even doing *that*, then somebody (government, most likely) is going to have to lean on them to make sure our infrastructure isn't wide open to attack from people with just a little bit of knowledge.
Re:Hams (Score:3, Insightful)
I wouldnt label the guardians of the ultimate backup communications system as luddites...
Re:Define terrorism (Score:3, Insightful)
Well, any kind of warfare would then be terrorism, wouldn't it, at least according to Clausewitz, who famously called war "the continuation of policy by other means."
The difference between a terrorist and a freedom fighter is often in the eye of the beholder. My wife was on a boy scout leader forum the other day in which one participant claimed that trade unions and the National Organization of Women were terrorist organizations.
The salient features of terrorism are that
(1) it is violently intimidating, either causing or threatening civilian casualties as its primary effect.
(2) it falls outside the internationally recognized norms for conducting warfare.
(3) is not justifiable in terms of attacking a nation's war fighting or military operational capabilities. i.e. it does not target military units or civilian infrastructure critical to those units' operations.
Even so, it's not always possible to draw a bright line. For example, there is still debate as to whether the WW2 firebombing of Dresden was justifiable. "They deserve it because they're at war with us" isn't a justification. You could use the same justification for the 9/11 attacks; certainly of the Pentagon, and probably of the WTC too. They're both part of a system which helps keep regimes that Al Qaeda doesn't like in power, for example the Saudi monarchy.
Likewise the American Revolution included non-uniformed militia who could attack British units then fade back into the population, e.g. in the NJ Forage War. These militia operated outside the norms of warfare during their day. In fact some of the arguments advanced to show that Taliban fighters are terrorists would serve for US Revolutionary minutemen as well.
While it is possible to argue that those Taliban fighters are "illegal combatants", they aren't necessarily terrorists.
Yeah I don't buy it. (Score:5, Insightful)
I guess it's kinda reasonable to use the term for an attack on the "cyber" domain (by going after its physical substrate) as well as for attacks that occur within that domain. Either way, it screws up people's access to comms.
I don't think it's reasonable, at least not enough that we should accept it and start using "Cyber Attack" to refer to the target of the attack rather than the means. The reason basically boils down to the opposite of attack, which would be Cyber Defense, and what was mentioned earlier on /., the Pentagon Cyber Command.
If we accept this meaning of Cyber Attack, then that means that an airplane that drops a bomb on an ISP is a "Cyber Attack", while bombing any other form of infrastructure would be a "regular attack". Logically this would also mean that an anti-aircraft gun that is placed near an ISP is a form of "Cyber Defense". Except that isn't logical, it makes no sense. Anti-aircraft defenses should not be under the purview of Cyber Command regardless of where they are located.
No. I insist that the adjective "Cyber" before the word "Attack" should indicate the means, not the target, in the same way that Cyber Defense should mean securing computer networks, not preventing physical assaults that may or may not happen to hit internet infrastructure.
This was nothing more than plain ol' sabotage. It's the same as them destroying a sewage line, except the impact was different. If it was a power line, that too would have cut off many forms of communication, is that a cyber attack? No. It's an attack.
Re:Terrorists? Definitely not. (Score:3, Insightful)
Note that the attack did knock out emergency response in several cities, and there were reports of increased armed robberies during the communication outage in affected areas. While defining this as terrorism is unwarranted, as it is unlikely that the attack was meant to physically harm anyone directly, it does go beyond mere vandalism when you put people's lives at risk, by preventing them from reaching the hospital, fire department or police in case of emergency.
Re:Redundancy, redundancy, redundancy... (Score:1, Insightful)
This was an inside job by a disgruntled CWA worker, so all the hardening in the world wouldn't help... as they are the keeper of the keys.
Re:Hams FTW (Score:1, Insightful)
Re:Redundancy, redundancy, redundancy... (Score:3, Insightful)
When I was still working and installed VoIP at my locations across the country each one remained capable of basic independent operation and each site maintained at least one POTS system for emergency services.
That said, central communication infrastructure will NEVER have the redundancies necessary to provide 100 percent proof against terror-by-backhoe. To expect such is folly.
Re:The UK centralised electronic medical records.. (Score:3, Insightful)
The logical technological response to this is to have a central record repository with local caches at each hospital.
That way, if the central database is not accessable there is still a chance that your records are cached locally.
Society is cooperative in nature (Score:5, Insightful)
Sure, you can do things like reducing single-points-of-failure, beefing up security, but you can do this only to a point. At some point, you realize that society is, by nature, cooperative, and if you remove that basic assumption of cooperation, society will fail.
There aren't any exceptions to this. There are just too many possible things that can be destroyed by people who desire a society or civilization to perish.
You can salt fields. The Romans did this thousands of years ago, and the areas they ravaged are, to this day, incapable of meaningful agriculture.
You can poison drinking water. LSD is pretty easy to make cheaply, and a single pound of it thrown into a public water system would cause mass insanity.
This list is infinite: You can destroy power lines, you can cut fiber cables, you can make a bomb out of fertilizer and destroy a building or the Golden Gate Bridge or any of a quintillion other things that are both easily done and highly destructive.
A society is secure when its population are generally happy with it continuing. When a society reaches the point where enough of its population are disenfranchised with it, it will becomes incapable of maintaining the critical infrastructure necessary for a complex civilization. Adding security measures such as multiple points of failure quickly become reasons NOT to fix why anyone would want the civilization to perish in the first place - and thus actually make the civilization LESS secure.
And that's just the simple truth of it. So, if we want to be secure, we need to clear up the reasons why people would want our culture to fail. These include things like
A) Not torturing people.
B) Allowing other countries to be sovereign in their own affairs.
C) Not being overly greedy with our wealth. Exploitation is only good for the short term - it's a long-term destabilizing force and that's bad for everyone.
Really, I don't get it. You get people who swear by our Constitution yet somehow think that torturing is OK. Perhaps they should read the 4th and 5th ammendments? This issue is a deep, dark stain on the freedoms we are otherwise so quick to espouse.
Re:Thanks for bringing this to our attention but.. (Score:2, Insightful)
I don't know how old you were on January 1, 2000, but I probably wouldn't be far off is I guessed you weren't old enough to have worked on Y2K stuff, old enough to vote, old enough to drive, or maybe not even old enough to get dressed by yourself for school in the morning. You're certainly far too ignorant of Y2K to be talking about it.
The reason Y2K was pretty much a non-event (I say pretty much because there were some failures, but they were generally of the minor/hahaha variety) is because of all the fixing stuff that went on during 1999. I was a sysadmin at the time, and even though we were pretty sure all our systems were properly patched, my entire department spent the night of December 31, 1999, until the wee hours of the morning, in our office. Pizza, snacks (and once we were sure nothing was going to go wrong, other refreshments) were provided by our CTO. To his credit, he also spent the night at the office. Not because he expected to be needed, but because if he was requiring us to do it, he was going to put in the hours, too. And besides, somebody had to pay for all that stuff :)
Re:Redundancy, redundancy, redundancy... (Score:5, Insightful)
As with any infrastructure that has national security implications
There should not be national security implications, because there shouldn't be anything on the internet or attached to it that could threaten national security.
Wireless Backup (Score:2, Insightful)
The moral seems to be that if you want your internet to reliably stay up, but can't be bothered to protect the infrastructure (and fair enough to some extent, since it would be a tough job) then you need a wireless backup for every community. Something that can bypass the cut and provide a trickle of internet.
Assuming we only think we'll have this problem occasionally in one place at a time, maybe a mobile solution would be appropriate. A pair of vehicles, wirelessly linked, that hook up to either side of the cut and bridge it seamlessly.
In other words, our only problem is that the internet isn't a truck.
Re:Oh, Bruce (Score:3, Insightful)
The way I said it was right. DARPA had Army and other DoD sponsorship.
That's nonsense. DARPA isn't "sponsored" by anybody. It's an arm of the DoD with it's own director and funding sources, completely separate from the army.
I said the scientists involved designed it to be militarily redundant.
Which is simply not true, though it's a popular myth.
The absence of a central node in this kind of network has nothing to do with military requirements. The creators of the technology simply observed that existing networks all had a finite capacity for growth because of their reliance on a master system that supervised all the other systems. The master system can only scale so far, and that's the limit of growth for any centralized network. Their solution was a network that had no master nodes, in which record-keeping was distributed.
This distributed record-keeping is strong evidence that the inventors of this technology were not thinking in military terms. Look at all the security problems we've had as a result. It worked fine when the Internet was a research resource maintained by a very informal (and very unmilitary!) cadre of computer scientists. But its current maintainers are constantly putting out fires that wouldn't have started if the designers had designed in security at the start.
Oh yeah, that's real John Wayne type security. Try Gomer Pyle!
Unfortunately, the main reference on the hospital is the ham coordinator, as quoted on ARRL's site:
In other words, you don't really know exactly why the Dominican network went down.
Now, you're going to say that the important thing is that the hospital network did go down. And you're right, it is. But if you're going to play cybernetic Paul Revere, try to get the part about "one if by land and two if by sea" right. Because yeah, the British are indeed coming. But if you keep confusing General Cornwalis with Darth Vader, your warnings are no use to anybody.
Public Safety Nets (Score:4, Insightful)
In my city the repeaters are on telephone poles. Just punch a hole through the feedline. If the repeater designer knew their shit they'll detect the high SWR an shut down the oscillator and amplifiers. But I can tell you, I've seen lots of gear that has no such SWR protection.
You don't even have to go that far. A little conductive grease, or even water in a connector will also reflect lots of RF power back to the emitter.
It is virtually impossible to protect any given communication medium. You must have several independent means of communication.
Re:Society is cooperative in nature (Score:3, Insightful)
There aren't any exceptions to this. There are just too many possible things that can be destroyed by people who desire a society or civilization to perish.
And that's just the simple truth of it. So, if we want to be secure, we need to clear up the reasons why people would want our culture to fail. These include things like
A) Not torturing people.
B) Allowing other countries to be sovereign in their own affairs.
C) Not being overly greedy with our wealth. Exploitation is only good for the short term - it's a long-term destabilizing force and that's bad for everyone.
This could be summed up as "Everyone should just get along with each other." Well, duh.
I'm sure you realize that these only work if you could get everybody to do them. That is the actual problem, you cannot rely on EVERYONE AKWAYS doing what's best for EVERYONE ELSE. You've got to think about the problem differently.. how do you make people behave more predictably, in a somewhat controlled manner? Sorry, truth sucks.
Re:Society is cooperative in nature (Score:5, Insightful)
Re:Redundancy, redundancy, redundancy... (Score:5, Insightful)
Re:Society is cooperative in nature (Score:2, Insightful)
Irrelevant. The main wealth that was destroyed was the ability to grow comparatively cheap food from the land. Hydroponics doesn't bring that back, has no direct relation to the land in question (why put a hydro-farm THERE?) and as a technology it's orders of magnitude more expensive.
"Well, he chopped off your arm and there's no way to attack a prosthetic, but... Ever hear about virtual reality?"
Re:Redundancy, redundancy, redundancy... (Score:3, Insightful)
Major impact on commerce in a major American city is in fact an issue of national security, and anyone who doesn't think so either has his head in the sand, or doesn't read enough Tom Clancy.
Re:Redundancy, redundancy, redundancy... (Score:3, Insightful)
Tax money doesn't make things cheaper, it makes things that aren't profitable to private industry happen at all. Telcos have no incentive to provide redundancy which costs far more than it will ever reap in profits. Governments, spending tax dollars, do have an incentive to do so - it prevents total collapse of communications infrastructure in various sorts of emergency.
Re:Redundancy, redundancy, redundancy... (Score:4, Insightful)
Right there you hit the nail on the head, and did not notice it! I emphasized it for in the quote above — the government distorts the market with its grants and subsidies, which ought to stop — providing telecommunication services has long ago stopped being about good service, and became about winning government grants.
This needs to change, but you, instead, want more government meddling... Yes, you want small town government to take over, what federal government is doing, but there is no difference in principle. Business ought to compete for the customers, not for government subsidies. That's the point.
Re:Who are you? (Score:3, Insightful)