A Cyber-Attack On an American City 461
Bruce Perens writes "Just after midnight on Thursday, April 9, unidentified attackers climbed down four manholes in the Northern California city of Morgan Hill and cut eight fiber cables in what appears to have been an organized attack on the electronic infrastructure of an American city. Its implications, though startling, have gone almost un-reported.
So I decided to change that."
Well this is something (Score:1, Interesting)
Re:Terrorists? Probably not. (Score:5, Interesting)
Indeed, that's very possible: the contract between the Communication Workers of America and AT&T expired on April 11th [morganhilltimes.com].
Eye Opener (Score:5, Interesting)
Re:Hams FTW (Score:3, Interesting)
You know, I've always wondered what it would take to get into Ham radios. Any links or info for someone looking at picking it up?
this is interesting (Score:5, Interesting)
We had a similar cyber attack here in columbus, ohio. A disgruntled employee (it is thought) shot the fiber backbone for Time Warner with a .22. I don't believe they ever caught the guy who did this. This one action disrupted the internet for hundreds of companies and thousands of users. It took around 3 days to get the internet back up for everyone.
This was just one fiber cable, imagine if someone had purposely cut lines downtown?
The stuff is very centralized and not well protected.
There needs to be better protection against these sorts of actions, and there needs to be a backup plan in place in case something like this does happen.
Re:Cyber(?) Attack (Score:3, Interesting)
Re:Terrorists? Probably not. (Score:2, Interesting)
Re:Terrorists? Probably not. (Score:3, Interesting)
Re:Redundancy, ARCO OIL & GAS (Score:5, Interesting)
Thirty years ago Arco Oil and Gas had full data center backup. Where is this thought today in our attention deficit management world?
ARCO did NOT depend on their local Plano TX data center. ARCO had a building prepared in Independence KS on top of pipelines that was an empty data center. They had a contract with IBM to get the next big iron off the production lines. That combined with their backup tapes means quick switch over.
ARCO also never allowed all top executives to travel on the same jet. They flew TWO jets with passengers selected for functional redundancy. Two jets to the same location by the way.
I like the idea, if possible, of local redundancy. Like hospitals have generators.
I would appreciate examples of backup and redundancy today. These quiet things are often unnoticed.
Cheers,
Jim
FYI (Score:2, Interesting)
Bruce was one of the main ramrods getting the requirements eased so that more folks would get Ham licenses.
I was voting for the CWA as well... (Score:3, Interesting)
I was voting for the CWA as well...
This happened the same day the CWA was reported as saying "contract talks with AT&T are not going well", 5 days after most of the employment contracts in California expired and AT&T tried to low-ball the healthcare benefits they'd be giving union workers in the future, and force a series of job cuts. One imagines that, in a down economy, AT&T felt they had their workers over a barrel, since job prospects are tighter these days.
Here's a telecom industry rags take on the whole thing: http://www.fiercetelecom.com/special-reports/cwa-strike [fiercetelecom.com].
-- Terry
Re:Redundancy, ARCO OIL & GAS (Score:3, Interesting)
hospitals have generators.
In addition, resources that should not have failed, like the local hospital's internal computer network, proved to be dependent on external resources, leaving the hospital with a "paper system" for the day.
Hospitals have generators, true. But I know of one hospital that keeps all of it's patient records via remote Windows terminal sessions to a datacenter in the next state.
Not a small hospital either. A huge one. And it sounds like that is the norm.
Windows terminal sessions. Not a remote database for redundancy. Not something that can be cached. A hospital, with complete dependence on a single real-time data link across hundreds of miles. Let that sink in.
Redundancy vs Expert Attacks (Score:5, Interesting)
It's not hard to get private entities to build redundant systems as long as they get paid for it - they're trying to sell reliable service to customers, and many kinds of customers need redundancy, and it's very hard to provide even regular reliability without it. If they had had better geographical diversity down there, then the vandals would have had to cut two different manholes in south county to do the job instead of cutting one down there and one up in the location they vandalized. Post-2001, it _is_ harder for businesses to get information on what redundancy is available, because while they all are much more aware that they need it, the governments have pushed the never-tell-anybody-real-locations paranoia - and realistically, while everybody can tell that the large building downtown with no windows and a faded bell logo on the wall is a telco office, the only way they can tell where fibers are is to look for the "Don't Dig Here - Fiber" signs which don't tell you which ones are critical.
What's hard to get is Right of Way, and governments can sometimes help that but often interfere - highway departments can be really difficult to deal with, compared to railroads which are usually much more helpful because they're in business and you're paying them. It's especially a problem in the area south of San Jose, because the government regulators constrain ex-monopoly-telcos to operating in LATA boundaries, and they're near several LATA boundaries down there (because it used to be mostly empty farmland, and a lot of it has hills that aren't stable enough to put significant housing on, so most of the area is either reservoir watersheds or cattle ranches on one side of the freeway.) It used to be that the only industry down there was one railroad company, some farmers, and biker bars, and it was 30-40 miles from Watsonville up to the San Jose POP, a frequently-flooding river between them and Santa Cruz, and a LATA boundary between them and Monterey. Even so, I found it surprising that one well-placed cable cut was enough - usually there's one direct connection available and if a business customer needs redundancy, you can find them a second connection but it'll cost a lot more because it has to go a lot longer.
But even in northern Silicon Valley and the peninsula, there are a number of areas that don't have as much redundancy as they'd like because the locations where telcos can cross freeways are limited. From a nationwide carrier perspective, things are better - while there are some constraints, like a limited number of railroads and highways crossing the Rockies, and a few major cities that have limited numbers of bridges and tunnels, so cable cuts out west will cost you a bunch of extra milliseconds, but the carriers do have alternate routes, and the growth of Microsoft and the Phoenix-area financial and high-tech data centers has meant that everybody's got extra capacity on the northern and southern routes as well as I-80.
The one other source of right-of-way I'm familiar with was a gas pipeline company that ran lots of fiber along their routes. They had a certain advantage over the rest of the industry, because while Bubba the Backhoe Driver might ignore a "telco fiber - don't dig here" sign, a "Gas Pipeline! Explosive! Flammable! Don't Dig Here or You'll Blow Up and Die" sign generally got its point across better.
Disclaimer: This is entirely my personal opinion, not that of any current or past employer.
Re:Redundancy, redundancy, redundancy... (Score:1, Interesting)
I want a pony (Score:3, Interesting)
Everyone should get ice cream.
But seriously, why should there be nothing on the internet or attached to it that could threaten national security?
The obvious answer to that is because it increases the risk.
Consider that any radio communication between soldiers in war can potentially be a risk because there is the possibility of interception. Does that mean that radio should not be used? no!
The more subtle answer to that is that the internet isn't yet perfectly secure or maybe 'secure enough'. The answer to that is to be educated and use encryption. Don't forget the original purpose of the internet.
Even addressing security questions, you might say "if there are alternatives that work, just let the government use those." Well, fine, but that may sacrifice efficiency.
Maybe I'm wrong, but there seems to be a very compartmentalized attitude in such an objection. The government..should do whatever it does and just leave me alone. *I* should not have to pay attention to the safety of the people around me since that is not my job. Everything must be cut and dried. There is a hierarchy and I will do as told and no more and I expect everyone to follow rules to the letter.
Re:FYI (Score:4, Interesting)
"Ramrod" is an interesting way to refer to me :-)
Although I would like to see more folks become hams, I did not work to eliminate the Morse test just for quantity, but because having Morse on the test didn't make sense for the (then) next century's amateur radio. The survival of Amateur Radio was a goal. Some hams asked me to let it "die with dignity". To heck with them.
I would be happy to see a more intensive technical exam.
As it happens, U.S. ham numbers are around 8000 higher this year than last, but about 20,000 down since 2002. We still have yet to see if we can achieve stability or increase, or if the service is still declining in numbers. Some of us still wonder if we will see it die in our lifetime. That would be really sad.
Who are you? (Score:1, Interesting)
Um, unreported? (Score:2, Interesting)
Re:Society is cooperative in nature (Score:3, Interesting)
"You can salt fields. The Romans did this thousands of years ago, and the areas they ravaged are, to this day, incapable of meaningful agriculture."
Ever hear of hydroponics? Back then they didn't know soil wasn't a requirement for plant growth. In fact the first published work on hydroponics didn't happen until the late 1600s. In this day and age, we can most certainly use that area for agriculture.
Re:Society is cooperative in nature (Score:3, Interesting)
Allowing other countries to be sovereign in their own affairs.
What about other countries whose affairs constitute of getting involved in your own?
Re:Society is cooperative in nature (Score:3, Interesting)
You can poison drinking water. LSD is pretty easy to make cheaply, and a single pound of it thrown into a public water system would cause mass insanity.
Oh, how I wish this were true. First, LSD is a pretty complicated synthesis, it's not kitchen chemistry by any means. Second, the precursors are watched carefully. Third, LSD is not very stable. If there's any chlorine added to the water the LSD would never make it to the tap.
Re:Redundancy, redundancy, redundancy... (Score:4, Interesting)
There is one advantage, though, especially in a small town:
I can do absolutely nothing about Lisco [liscofiber.com]'s current bandwidth cap, other than blog loudly. They know I'm not going to switch to Mediacom, and definitely not Iowa Telecom. No one else can really compete with their fiber network, partly because they have a government grant to do it.
However, if it was actually local to the town, and the town chose to be assholes about our Internet, all I really have to do is make enough of a fuss to get the rest of the town pissed off. That's not hard in a small town. March them all down to the town hall and demand to know why our tax dollars aren't being spent efficiently enough...
Maybe I'm being optimistic. Maybe things don't work that way in the real world. Or maybe the better solution would be to start laying some of our own fiber.
Hexapodia as the key insight? (Score:5, Interesting)
-- Vernor Vinge, A Deepness In The Sky.
Always we hear that something should be privatized because private industry is more efficient. Yet never does anyone stop to ask whether efficiency is the only concern.
Thus rather than having a reserve in transmission capacity on our electric grid, since deregulation we simply eat farther and farther into former safety margins. Rather than spend the time to set up proper local mirrors of systems, hospital networks collapse when their Internet connection breaks. It's reasoned that the time-integrated cost of safety margins exceeds the price to be paid when failures they would have prevented occurs.
And so far, they're mostly right. We have a little more latitude for technical failures on Earth than the fictional inhabitants of Namqem. But eventually, as we hop and skip blithely into privatization of core systems, we're going to pay a horrible price for it. It's sad how many innocent lives it's going to take, but no one listened to those calling for improved maritime safety until Titanic sank either.
Re:Redundancy, redundancy, redundancy... (Score:3, Interesting)
See that manhole?
A few years ago ALL of the wires and fiber that connect lower Manhattan to the rest of the world, and North America to Europe passed under it or another one within 2000 feet of there. Maybe it still does. An ISO container full of thermite would be mighty inconvenient there.
Well at least it seems to have that lady and her dog protecting it.
http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=north+moore+street+nyc&sll=40.245992,-75.058594&sspn=27.982756,31.376953&ie=UTF8&ll=40.717907,-74.008951&spn=0.000851,0.000958&t=h&z=20&iwloc=A&layer=c&cbll=40.717992,-74.008935&panoid=OCs289ypEgC5xTJ-HUnRUg&cbp=12,47.40486352385342,,0,47.29957379390799 [google.com]
Re:Redundancy, redundancy, redundancy... (Score:3, Interesting)
Yep, and working with the Tribal OEM to install a D-Star repeater and an EOC radio room. I'm proud of our Tribal police chief; he needed to upgrade the PD radios from VHF simplex system and refused to go with the county 800MHz trunking system (for all the right reasons.) He's going with analog UHF (narrowband) with our own repeaters on generator back-up. He's also VERY supportive of the local ham club (tribalhams.net) and is giving us free space on one of his towers. The tribes have also given the ham club a grant so that we all have D-Star radios (and no, I'm not a tribal member.)
Good article Bruce, I'll be sharing it with my emergency manager which I'll see tomorrow morning for at a FEMA regional working group on emcomm.
Your article really hit home for me because I use to work at the Westin Building in Seattle (major telco hotel) and saw for many years just how fragile the system really is. Getting diverse feeds is hard when everything eventually ends up in the same building. I know if that building took a hit Alaska would have a hard time getting any traffic.
73 de w7com
Re:Society is cooperative in nature (Score:3, Interesting)
You can salt fields. The Romans did this thousands of years ago, and the areas they ravaged are, to this day, incapable of meaningful agriculture.
This is a myth. Salt was way too valuable at the time to waste as a sterilizer. You'd have to dump millions of tons of it to kill a field. And think that at the time the legionaries were paid in salt because. Hence the word 'salary'. Now would you cover a field with money in order to sterilize it ? Hmmm, now that's a novel way to think about the bank bailouts...
Re:Redundancy, redundancy, redundancy... (Score:3, Interesting)
Using tax money to pay for stuff doesn't make it cheaper - it just hides the cost.
Funny, then, that the US healthcare system is the most expensive one in the world.
Using tax money *does* mean that there is no longer a motive to make a profit, which means, at least on the services side, cheaper rates because the goal is to recover costs, not make a profit. This would be why, when the government privatized alcohol sales around these parts, prices went *up*, not down.
Using tax money also means that projects that would only be long-term profitable (infrastructure development) or not profitable at all (fundamental science) will actually still get done, as the government can, in theory, take the long view ('course, they don't always... elected terms don't last forever... but at least the government isn't focused on quarterly profits).
In short: competition isn't necessarily the best or only route to economic efficiency (again, witness the incredible inefficiencies in the US healthcare system).