Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security IT News

Threat of Cyberwar Is Over-Hyped 123

nk497 writes "A new OECD report suggests the cyberwar threat is over-hyped. A pair of British researchers have said states are only likely to use cyberattacks against other states when already involved in military action against them, and that sub-state actors such as terrorists and individual hackers can't really do much damage. Dr. Ian Brown said, 'We think that describing things like online fraud and hacktivism as cyberwar is very misleading.'"
This discussion has been archived. No new comments can be posted.

Threat of Cyberwar Is Over-Hyped

Comments Filter:
  • Well... (Score:4, Interesting)

    by Monkeedude1212 ( 1560403 ) on Monday January 17, 2011 @02:59PM (#34908256) Journal

    Good thing the US isn't at involved in any military action with anyone.

    Oh wait. is that WoT thing still going?

    • Re:Well... (Score:4, Insightful)

      by jusdisgi ( 617863 ) on Monday January 17, 2011 @03:10PM (#34908382)

      A pair of British researchers have said states are only likely to use cyberattacks against other states when already involved in military action against them...

      Right. Tell that to the Iranians [nytimes.com] who just lost 984 uranium-enrichment centrifuges to a US/Israeli worm.

      • by blueg3 ( 192743 )

        And if the Stuxnet worm wasn't state-developed, then certainly sub-state actors are doing substantial damage.

      • Re:Well... (Score:5, Funny)

        by PolygamousRanchKid ( 1290638 ) on Monday January 17, 2011 @03:41PM (#34908688)

        Right. Tell that to the Iranians [nytimes.com] who just lost 984 uranium-enrichment centrifuges to a US/Israeli worm.

        The official explanation from the British Foreign Office stated that the centrifuges were not lost, but merely resting, after a long squawk, and were pining for the fjords.

        Norwegian centrifuges stun easily.

        • Who's to say it wasn't someone else? Iran does a lot of business with China, and the Middle Kingdom would more than enjoy helping by providing more hardware. I would find it hard to accept that the events in Iran were only limited to governments. There are far more inciteful and vicious businesses out there that could only profit by the events in the Farsi State.

          Just a thought, but considering these events, should underwear be Internet Enabled?
      • It has never been proven that Iranian uranium-enrichment centrifuges where damaged by Stuxnet. The Iranians deny it [www.abna.ir]. I wouldn't rely on the NYT for information about such topics. It might well be a propaganda spin.
        • It has never been proven that Iranian uranium-enrichment centrifuges where damaged by Stuxnet. The Iranians deny it [www.abna.ir]. I wouldn't rely on the NYT for information about such topics. It might well be a propaganda spin.

          Quite right. It's not like the Iranians wouldn't try to hide the fact they got taken for a ride. FWIW, it's been reported by numerous other journalistic outlets, the virus itself has infected countries other than Iran and has been subject to quite a bit of detailed scrutiny.

          But of course, it could all be a put on by Symantec.

        • by plover ( 150551 ) *

          It has never been proven that Iranian uranium-enrichment centrifuges where damaged by Stuxnet. The Iranians deny it [www.abna.ir]. I wouldn't rely on the NYT for information about such topics. It might well be a propaganda spin.

          That's funny, because the president of Iran admitted it. [guardian.co.uk] He said

          Ahmadinejad admitted the worm had affected Iran's uranium enrichment. "They succeeded in creating problems for a limited number of our centrifuges with the software they had installed in electronic parts," the president said. "They did a bad thing. Fortunately our experts discovered that, and today they are not able [to do that] anymore."

          That means very little, other than that you probably shouldn't rely on an Iranian news source for actual ne

        • you don't want your friends to see you on one...

          Who would admit to Windows on industrial controllers? It is embarrassing, to say the least.

      • by icebike ( 68054 )

        Your point is well made.

        However, the question remains as to whether the US and Isreal, (not to mention the Saudis) were already engaged in military action (covertly), and about to be engaged overtly.

        Perhaps there was already military action, just short of lethal weaponry?

        The Guardian has a story [guardian.co.uk] that suggests there may have already been an attack on Iranian nuclear facilities by this time had it not been for the success of Stuxnet, as well as targeted assassinations of key scientists.

        Add to this the Iranian

      • Wish I hadn't posted since the above post re: the Iranian reactors lost to a worm is a perfect example of cyberwarfare.
      • by w1z4rd ( 1025692 )
        Exactly. Not to
    • by cacba ( 1831766 )
      Was stuxnet a one sided attack and therefore not a cyberwar?
      • Someone has to fire first, and I hope everyone remembers we did.

        While I don't want to over-generalize, Russian hackers are top-notch. We have may started a war we're going to lose. As more and more Russian systems go Linux, and we keep writing checks to Microsoft for shoddy code, I expect us to be at a full disadvantage.

      • by L7_ ( 645377 )

        The iranians first causes millions of twitter users to turn their icons green. If that is not a first strike, I don't know what is.

      • Cyber-warfare will likely always be guerrilla warfare: one-sided surprise attacks.
      • Just because a country doesn't mount a defense doesn't mean it's not an act of war to march troops into that country without an alliance treaty.
    • My government (for better or worse) can't seem to function properly unless we're at war with something or someone. This sort of behaviour seems to be inexorably linked to profit taking by multinational corporations and defense contractors. Same old crap.
  • Perhaps... (Score:3, Insightful)

    by Pojut ( 1027544 ) on Monday January 17, 2011 @03:01PM (#34908268) Homepage

    Perhaps the "movie science/actual science" effect is going on here...example: people see "Hackers", and think that's what "hacking" is. People then see either a script kiddy in their mom's basement or a government techie with sky-high stacks of paper on his desk (or working at a scarily-clean desk), and realize the actual act is pretty damn boring.

    • this made me think of Cloak and Dagger [wikipedia.org] for some reason.
    • Hacking (in all senses of the word) is not a spectator sport. You can't watch someone poking at code or discovering an exploit / compromising a system and understand the feeling of elation unless you, yourself, have felt that elation. The excitement is personal. Or at least, the excitement requires considerable background knowledge. Capturing that is a difficult challenge. As you noted, it tends to make a pretty poor movie scene.

      • by Cryacin ( 657549 )
        Have you ever seen a chess match?!?
        • Are you saying a chess match would make a good movie scene? And yes - seen a chess match. Not all that interesting unless you're in to the game. Which means you have personal experience and the considerable background knowledge the appreciate it.

          • by Nadaka ( 224565 )

            Have you seen the chess match between Kai and the prince of fire in LEXX?

            • No. But I have seen LEXX before. As far as I've been able to determine, it isn't a documentary and their take on chess might be somewhat removed from the experiences of the average player.

              • by Nadaka ( 224565 )

                It very much removed, but it was both entertaining and technically accurate.

                • It very much removed, but it was both entertaining and technically accurate.

                  Alright - entertaining, yes. But not exactly educational or representing what chess is about. There's been movies done about hacking that are reasonably accurate and entertaining as well. But for the most part, the subject isn't handled well and I still maintain that is because the subject is difficult to handle in an entertaining way without presenting an entirely inaccurate portrayal.

        • A chess match is usually much better understandable than program code to a general audience.

  • Yes and no (Score:5, Insightful)

    by geekoid ( 135745 ) <dadinportland@y[ ]o.com ['aho' in gap]> on Monday January 17, 2011 @03:01PM (#34908270) Homepage Journal

    Yes, describing fraud and hackivism as cyber war is misleadg.

    No, it's not over-hyped.

    Cyber-war is cheap, the knowledge on how to do it is free, and it doesn't need to take much manpower, as compared to conventional war.

  • by commodore64_love ( 1445365 ) on Monday January 17, 2011 @03:01PM (#34908278) Journal

    There's no real threat of cyberwar. And there's no real threat of me being blown by an airplane terrorist. But that's completely irrelevant for government leaders desiring to control everything within their sight.

    So enjoy your slef-portrait porn, scanner-induced skin cancer, your breast/penis fondling by the SA, and the eventual limitations placed upon the internet/free speech. It's inevitable.

    • by fishexe ( 168879 ) on Monday January 17, 2011 @03:25PM (#34908538) Homepage

      And there's no real threat of me being blown by an airplane terrorist.

      Well, no, I think nearly all airplane terrorists are men who don't swing that way. But it would be an interesting experience right before getting blown up.

    • "There's no real threat of cyberwar."

      Um, citations, please.

      And there's no real threat of me being blown by an airplane terrorist."

      Same for me, but that's because I rarely fly nowadays.

      "But that's completely irrelevant for government leaders desiring to control everything within their sight."

      Their reactions would be the same if they were instead desiring to not to be in office when an attack was successful. Bonus points for thwarting attacks in a way that can be disclosed. More points if any of various ter

    • -1 Flamebait

      Really? Which part?

  • by royallthefourth ( 1564389 ) <royallthefourth@gmail.com> on Monday January 17, 2011 @03:04PM (#34908308)

    Perhaps they are unaware that the US and Israel have just recently made a computer attack against Iran, where there is no actual military confrontation.

  • by ballsbot ( 122144 ) on Monday January 17, 2011 @03:04PM (#34908310)
    I guess they didn't read yesterday's new york times: http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html [nytimes.com]
    • by Anonymous Coward

      I guess they didn't read yesterday's new york times:
      http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html [nytimes.com]

      No.
      So, who was actually hurt? Were there any casualties?

      No one was hurt. Most Persian civilians went about their business. The Government had one of their projects set back. BFD.

      Comparing that to war just dilutes what war really means just as much as the "War on Drugs", "War on Terrorism", and every other hyperbolic statement made by media, government and anyone else who has an agenda - like computer security people selling their services and wares.

      • No.
        So, who was actually hurt? Were there any casualties?

        No one was hurt. Most Persian civilians went about their business. The Government had one of their projects set back. BFD.

        Comparing that to war just dilutes what war really means just as much as the "War on Drugs", "War on Terrorism", and every other hyperbolic statement made by media, government and anyone else who has an agenda - like computer security people selling their services and wares.

        Are you requiring casualties and injuries in order to make the determination of war??

        In fact, I think a clearer representation of what fuels the undertakings of war was
        your one line:
        "The Government had one of their projects set back."

        Uh-huh... I think THAT is the purpose of war.

        -AI

  • sub-state actors such as terrorists and individual hackers can't really do much damage.

    Considering the presence of many brands of botnets for hire, I'd strongly disagree with that. Anyone with the cash can launch a cyber-attack.

    Or look at what "Anonymous" has been doing lately. Or are they a state now?

    • by krou ( 1027572 ) on Monday January 17, 2011 @03:26PM (#34908548)

      I recently submitted [slashdot.org] a story to /. that is related to this very topic. Chief of defence staff in the UK, General Sir David Richards, argued a little while ago that the UK should have a cyber command [iiss.org], and that the UK faces what he called a 'horse verses tank moment' in coping with modern warfare, saying the the rules of war had changed as a result of the success of insurgents in Iraq/Afghanistan, and the threat of non-state actors. In particular, he said that 'We must learn to defend, delay, attack and manoeuvre in cyberspace, just as we might on the land, sea or air and all together at the same time. Future war will always include a cyber dimension and it could become the dominant form. At the moment we don't have a cyber command and I'm very keen we have one [google.com]. Whether we like it or not, cyber is going to be part of future warfare, just as tanks and aircraft are today. It's a cultural change. In the future I don't think state-to-state warfare will start in the way it did even 10 years ago. It will be cyber or banking attacks — that's how I'd conduct a war if I was running a belligerent state or a rebel movement. It's semi-anonymous, cheap and doesn't risk people.'"

      • I recently submitted [slashdot.org] a story to /. that is related to this very topic. Chief of defence staff in the UK, General Sir David Richards, argued a little while ago that the UK should have a cyber command [iiss.org], and that the UK faces what he called a 'horse verses tank moment' in coping with modern warfare, saying the the rules of war had changed as a result of the success of insurgents in Iraq/Afghanistan, and the threat of non-state actors. In particular, he said that 'We must learn to defend, delay, attack and manoeuvre in cyberspace, just as we might on the land, sea or air and all together at the same time. Future war will always include a cyber dimension and it could become the dominant form. At the moment we don't have a cyber command and I'm very keen we have one [google.com]. Whether we like it or not, cyber is going to be part of future warfare, just as tanks and aircraft are today. It's a cultural change. In the future I don't think state-to-state warfare will start in the way it did even 10 years ago. It will be cyber or banking attacks — that's how I'd conduct a war if I was running a belligerent state or a rebel movement. It's semi-anonymous, cheap and doesn't risk people.'"

        I for one welcome our new bloodless cyber-war overlords. I think StarCraft 5 should be the medium mandated by the Seoul Conventions of 2025 and 2032.

    • Or look at what "Anonymous" has been doing lately.

      Yes, let's look at that. What did Anonymous accomplish? They brought down a few websites for a couple of hours.

      And most of their targets didn't actually need their websites to conduct business, so it barely affected them (PayPal was the big exception).

  • by fuzzyfuzzyfungus ( 1223518 ) on Monday January 17, 2011 @03:06PM (#34908342) Journal
    Is that the term "cyberwar" is pretty stupid. In fact, it isn't just stupid, it is so misleading(intentionally or otherwise) that letting it slip into your lexicon makes you dumber.

    "war" carries with it a strong series of historical associations, lessons learned, rules of thumb, rules, likelihoods, etc. Virtually none of them really map all that well into the area of computer security. If you use the term "cyberwar", though, you are implicitly trying to mash those (comfortingly familiar) concepts into a badly-fitting new environment. In a much less serious vein, this is why most movies that feature a "hacking" sequence usually make hacking look like beating a video game- because video games are "computery"; but they work very hard to simulate familiar rules.

    Electronic attacks are a costly problem and, if some idiot connects the wrong control systems to the internet, or a laptop to the wrong control systems, potentially a dangerous one; but trying to map them into the historical concepts of "war" just doesn't work very well.
    • by cacba ( 1831766 )
      I disagree, viruses infiltrating enemy electronics can have a very similar affect to human infiltrating enemy structures. A few similar capabilities are sabotaging production and leaking information. They are also similar in that it is difficult to prove who controls them. Cyberwar may be a silly name but it is correct in the characterization. It is a new domain and because it hasnt seen many important attacks is struggling to be separated from its lone hacker past.
      • Spionage isn't war. The name is dumb.

        You can use spionage in a war. But it is not the same as murdering lots of people.

    • by jfengel ( 409917 ) on Monday January 17, 2011 @04:36PM (#34909202) Homepage Journal

      It's really computer espionage and/or sabotage. Those have been parts of warfare for as long as there has been war.

      Since the Internet lets you engage in espionage and sabotage with zero risk of being physically caught, it changes the dynamic to something we haven't seen before. But it's not completely unrelated to warfare as it's always been done. The real constant about it is the lack of constants, as the level of technology constantly increases and presents new opportunities to thwart or take advantage.

    • Is that the term "cyberwar" is pretty stupid. In fact, it isn't just stupid, it is so misleading(intentionally or otherwise) that letting it slip into your lexicon makes you dumber.

      "war" carries with it a strong series of historical associations, lessons learned, rules of thumb, rules, likelihoods, etc.

      Electronic attacks are a costly problem and, if some idiot connects the wrong control systems to the internet, or a laptop to the wrong control systems, potentially a dangerous one; but trying to map them into the historical concepts of "war" just doesn't work very well.

      Ahh, I see. And by your determination, the bit of electronics I have in my pocket that
      I make "telephone calls" with is thus, not a telephone because it doesn't have the
      strong historical associations with MaBell's horkin large plastic behemoth that has
      been hanging from my mom's kitchen wall for the past 40 years.

      Got it!

      -AI

      • by fuzzyfuzzyfungus ( 1223518 ) on Monday January 17, 2011 @07:24PM (#34910746) Journal
        Your proposed reductio ad absurdem is actually a pretty decent example: The two are not fundamentally and utterly different, both cellphones and landlines are capable of making voice calls, just as both "cyberwar" and conventional war are ways of applying pressure to foreigners you don't like; but the broad similarities obscure a vast number of salient differences:

        Your old-school landline was associated with a place, in that its area code probably actually meant something, it was physically terminated in a given building(which, if a residence, quite likely had more occupants than phone lines). Also, billing may well have drawn a distinction between "local" and "long distance". It was further localized in that, unless specifically unlisted, it would be printed in the local telephone directory.

        Your cellphone, by contrast, is more typically connected with a person. Odds are that its area code is nearly arbitrary, it is listed in no phone books, and its billing is flat at least within an entire country, if not more broadly. It is not at all uncommon for a household to have a cell per person, and, since there is no physical hookup, even people without addresses commonly have them.

        There are also the broader social changes: social event organization certainly isn't the same if you can only call somebody when you are both in a building with a phone. Just ask an old person about the rise of the spontaneous "eh, we'll figure it out as we go and text you" model of social planning. That simply didn't work with the old material culture. Never mind the(less notable in the wealthy west; but dramatic among the poor here and abroad) change from "you basically can't get a line run and provisioned for less than $$ a month; but the calls cost essentially nothing" to "calls cost $/minute; but you can literally get a phone and some starter minutes at any corner store for 15-20bucks".

        Also, of course, we have the fact that landline phones work very well as dumb extensions of the network. The older ones are even powered by it. Thus, the landline world has seen an almost complete dichotomy: phones, which have remained dumb as bricks, with the exception of message machines, and modem-connected computers, which are wholly free of telco control and treat the network as a dumb pipe. Cellphones, on the other hand, have to be pretty sophisticated devices just to work, so they started sprouting additional features early; but were always much more creatures of the carriers. Hence the continuing differences between the evolution of the "smartphone" and the evolution of internet-connected devices with their heritage in modem-linked PCs.

        I don't wish to claim that yours is precisely analogous to "war" vs. "cyberwar"; but I would very much claim that it does demonstrate the sort of important changes that an apparently simple switch can hide. My contention would be that somebody trying to approach a "cyberwar" based on the "war" part would be roughly like somebody trying to use a bleeding-edge smartphone by looking things up in the phone book and attempting to rotary dial the touch screen.
  • by russotto ( 537200 ) on Monday January 17, 2011 @03:08PM (#34908358) Journal

    The cyberwar is already ON between state actors. Stuxnet, for instance. Certainly targeted at Iran, almost certainly developed by the US, Israel, or both. There's the attack on Google and other non-Chinese companies from China in 2009 as well.

    IMO, now that Stuxnet has paved the way, we WILL see cyberterrorism directed at other SCADA systems.

    • by Anonymous Coward

      The cyberwar is already ON between state actors.

      Has been for years, amazing how many people have seen the NSA portrayed in TV and films but have not heard of INFOSEC.

    • Re: (Score:2, Insightful)

      by _Sprocket_ ( 42527 )

      And that elephant is named "espionage." The only difference today is that the systems are more complex and interconnected. Otherwise, "cyber-war" is no different than the ongoing spying and sabotage that's been practiced for decades. Espionage was never it's own entity which is why "cyber-war" is misleading.

    • There's the attack on Google and other non-Chinese companies from China in 2009 as well.

      Not to mention Titan Rain [time.com], from 2003.

  • In a Perfect World (Score:4, Insightful)

    by jasnw ( 1913892 ) on Monday January 17, 2011 @03:10PM (#34908378)
    Granted that Cyberwar (sound of clashing cymbols) is overhyped, but a key assumption in this article is that governments and key private organizations (power grid operators, network operators, etc) are doing everything they can to protect their systems. I find this assumption to be laughably naive. The point to be made here is that cyberwar is often used as a bludgeon to obtain resources, or persue hackers in court (Wikileaks, anyone?), and is a bit over-hyped. There are, however, clear dangers in this area which can be avoided if prudent steps are taken (not putting power-grid controlling on the Internet, for example). Given the US's penchant for letting private industry do what it wants, and given that private industry only cares about this-quarter bottom-line earnings, I still see even the "small fry" identified in this article as being capable of some nasty mischief.
  • by Anonymous Coward

    I mean their example of what they consider cyberwar is the estonia thing, which pretty much means they couldn't have done much research considering the US and China have been battling it out for well over 10 years.

    But beyond that, they're economics professors! Why do educated people try to convey messages about stuff they're not educated in? Isn't that how the whole 'thermite did 9/11' thing started? By not realizing that thermite is more or less a fancy word for 'finely crushed aluminum', sorta like what y

  • by i_want_you_to_throw_ ( 559379 ) on Monday January 17, 2011 @03:17PM (#34908462) Journal
    states are only likely to use cyberattacks against other states when already involved in military action against them

    Ho, that's rich! There is speculation that the U.S. and Israel are behind Stuxnet which is dedicated to screwing up Iran. And why not? Why wait until military action? In fact in this case if you can screw the Iran infrastructure up enough, you may not even need to have a military action against them.

    Also a lot of this depends on your definition of cyberwar.

    China is doing the smart thing right now by backing cyber attacks against the US infrastructure. Before engaging an opponent, it's good to know their weaknesses. The US government uses a lot of Microsoft products as does China now. (China bought shared source years ago). If I were the Chinese I would be setting up servers and hacking them down just to record things like recovery time, etc.

    This ain't your daddy's cyberwar. It's all about probing and sizing up an opponent these days.
  • by mschaffer ( 97223 ) on Monday January 17, 2011 @03:18PM (#34908472)

    Since the news media likes to repeat the same thing over, and over, and over, just about anything that hits the national press is either over-hyped or about to be over-hyped. That's just the way it is. Cyberwar is no different.

  • Oh come now, we need all the hype to keep our unsatisfactory, unhappy, dull and routine days mildly entertaining. Media sensationalism is the new opiate of the masses. How dare a research study take that away from us, by blatantly stating facts?!
  • Sorry, we already have a counterexample in Stuxnet: a highly enginnered, highly malicious 'cyber-warface' class attack, launched outside of open hostilities with the intended aim of destroying portions of the target's infrastructure.

    Stuxnet has now said 'if you don't get caught, its open season'.

  • Wait...are they saying that the media over-hyping something so that people constantly feel that there is/are imminent threat(s)? Sounds totally different than the war on drugs/terror/immigration/[insertscarythinghere]!
  • The cost of securing is much greater than the losses will ever be. There's good money to be made and jobs to be created on both sides.
  • by fishexe ( 168879 ) on Monday January 17, 2011 @03:32PM (#34908624) Homepage
    Why the hell would states restrict usage to conflicts that they're already prepared to engage in with conventional militaries? Dr. Brown himself admits that it's hard to tell the source of an attack, which creates plausible deniability for a state actor to engage in all sorts of conduct they otherwise might not get away with, including (potentially) both of the attacks Brown mentions which might have involved Russia, and all of the Chinese attacks against the US for the past 2 or 3 years, and of course Stuxnet. Why would countries turn down an opportunity to use these types of attacks on their enemies? Just because they're not officially fighting? Yeah, right. Granted cyber-warfare is much more likely to be used for black ops than for a full-scale long-term attack on another country's infrastructure, but that's warfare too. It's "unconventional warfare", but warfare nonetheless.
  • So what happens 20 Years from now when we all have robots connected to the internet living in our offices and houses?
    • by Anonymous Coward

      new rule to add onto asimov's

      Never connect a robot to the internet.

      • Some Robots already were connected to multivac. The difference probably relies on the fact that Multivac was run by the government.

        If we could actually apply Asimov's 3 rules to computers and robots we'd probably be on the right track. :P

  • Cyber espionage (Score:3, Insightful)

    by He who knows ( 1376995 ) on Monday January 17, 2011 @03:44PM (#34908716)
    Would be a much better name for it. Infact I would go as far as to call it espionage.
  • by GodfatherofSoul ( 174979 ) on Monday January 17, 2011 @03:50PM (#34908778)

    Nothing to see here, move along, your unsecured networks are perfectly safe as they stand.

  • by Nidi62 ( 1525137 ) on Monday January 17, 2011 @03:53PM (#34908810)

    Do they mean like when, during the incident in Georgia, Russian hackers brought down the primary bank used by most Georgians for about a week? Look at what happened at 9/11. In physical terms, the damage was slight. A couple planes, a few buildings, and several thousand people gone. The actual act didn't really affect anything. It was the response generated by the attack-the fear, the anger-that prompted the stock market to drop, and the US to invade 2 countries. Terrorists do not care about physical damage, they go after symbolic targets that will create the most psychological damage. Say al-Qaeda brought down Bank of America's online systems for a few days. Economically it would not have much of an impact overall. However, it would shake people's confidence in the system, cause huge overreactions, and the damage would come not from the attack but from the response.

    Consider this example: you want to attack the population of a walled city, and you have something that will make a water supply useless. What is going to have the bigger impact, poisoning the stream that runs by the walls, or poisoning the well in the middle of the town? With cyber attacks, a terrorist can essentially do this without ever having to set foot inside the walls. You want to really cause problems in the US and the rest of the West? You don't attack an embassy, or a military convoy. You don't even have to directly, physically attack the civilian populace. You simply attack their wallets. Make people worried that they can't get to their money, and you will have caused real problems.

    • Say al-Qaeda brought down Bank of America's online systems for a few days. Economically it would not have much of an impact overall.

      It would not have much of an impact overall??? I guess that
      means you bank with Well's Fargo or some other bank?

      Cause, if B of A was down for a few days, I would be so
      fucked it would be stupid.

      I'm one of these that bought into the, don't carry cash anymore.

      So, yeah, I don't. And if BofA went offline let's say yesterday
      morning cause I did my shopping, got gas, etc in the evening...
      I would be so completely fucked. I wouldn't have money in my
      pockets, I wouldn't have food for me to eat or for my poor dog

      If BofA

  • Anyone who leaves their machines open to invasion deserve what they get. My machines are well protected and will never be &*^#&%^#&

    Buy our H3RB4L V14GR4 [wikipedia.org]. Is the bestest availleable.

  • by fluffy99 ( 870997 ) on Monday January 17, 2011 @04:31PM (#34909152)

    states are only likely to use cyberattacks against other states when already involved in military action against them

    Well Stuxnet has already blown that theory. Network intrusions and system compromises are only part of the equation. Cyber espionage is alive and well and extremely prevalent. The only difference between a cyber-attack and cyber-espionage is whether you're just stealing valuable info or actively damaging things. China is only interested in acquiring technical knowledge at this point. Also by quietly exfiltrating data as they are, it makes it much harder to find out just how deep they are. If they start breaking things, their methods and access gets discovered. Better to be quiet and maintain access in case they want to turn malicious and actively disrupt things..

  • by rickb928 ( 945187 ) on Monday January 17, 2011 @05:17PM (#34909620) Homepage Journal

    First, there are plenty of non-states that would like to, and indeed are this moment planning to, cause harm to the United States, its people, and other nations that are generally considered our allies. Even some that are not. This motivation has, in the past, been expressed by actions that are not those of a conventional military, nor of even fairly unconventional war. Trying to dismiss 'cyberwar' as something that is not likely because it would not be termed 'war' misses the point and wastes my time.

    War by technical manipulation of the Internet, etc., would be damaging, and it is not inconceivable that it could cost lives directly and indirectly. This meets any definition of war that I'm interested in working with. Parsing the words will not change the outcomes, so let's stop that, ok?

    And it should be obvious that adversaries that are not 'states' will certainly not be less motivated to do us harm by 'cyberwar' means just because such means don't involve massive visible, physical damage and attendant casualties. Indeed, many will see this as a method that can yield them substantial gains for what is limited exposure to retaliation.

    I'm left thinking that not only do many Slashdotters buy into this 'no cyberwar threat' campaign, but that our leaders may. Discounting a new weapon is not a good military strategy. Perhaps we won't be using guns and bullets to fight this fight, but actually a well-placed explosive could isolate any number of cyberwar forces if they are limiting themselves to their home states. Needless to say, these combatants will be dispersing themselves to avoid being cut off, literally, from their battlefield. Finding them will be the challenge. Deflecting and mitigating the attacks will be needed, but finding the actual perpetrators will be a challenge. The question will be if this is necessary.

    • I'm left thinking that not only do many Slashdotters buy into this 'no cyberwar threat' campaign, but that our leaders may

      Really? Last place in the world I would expect people to "not get it"
      would be here. Maybe I see my fellow /.'rs as a different animal,
      but I'd expect a full 90% here to be the rallying cry for "watch out".

      And I'm just allowing 10% for the typical populous of naysayers.

      -AI

      • Many here try to minimize the threat. I understand, but of course, there's the delusion thing...

  • emacs -batch -l CYBERWAR #You have joined WAR WITH CHIRAN >Attack Router You find yourself in a very cold room with lots of wires there is an Ogar guarding the door >Attack Servers You begin to attack servers, and notice a Firwall intrusion alert. As you try to block it, you are logged out of the remote host. You are dead. You have scored 0 out of a possible 90 points.
  • The threat of "cyber-" anything is overhyped.
  • Ya think!? Seriously, the thing that concerns me the most is very caustic blend between any give management team and IT. I've been around a long time and have seen way too many occurances of exceptions in Infosec that are just unbelievable. I just recently had to make a payment on something and asked the bank how I could contact someone to arrange the details. I got a nice little e-mail from someone in management that I could call anyone with the payment details or I could just "e-mail" my name cc#, cvc
  • Online fraud is not usually terroristic. I have no issue at all with that. But when the combined effect of online fraud is considered it places a huge economic burden on some nations. Sex sites are similar. By themselves those sites are harmless. But the combined effect is eating half of the net alive. The power use for sex sites alone is a burden on society. So to what degree do we know that foreign powers are involved in promoting such things with war like intentions?

  • "A pair of British researchers have said states are only likely to use cyberattacks against other states when already involved in military action against them"

    That is a ridiculously stupid assertion.

    IANAG, and...

    I haven't studied every war in history but I'm pretty sure they all
    started when "another state" instigated military action. Now the
    journalistic view of a war starting is a jet taking off or a tank rolling
    into town. But it can just as easily be started by someone hitting the
    ENTER key.

    Best thing you c

    • by GrpA ( 691294 )

      Absolutely correct. Consider that one state wants resources that another state also desires and both are negotiating with a third state to secure them.

      Now imagine that one of the states has the information and capability to disrupt the resources of both the supplier and it's competing state. It will gain a serious competative advantage in doing do right?

      Warfare isn't just about shooting at people. Gains to the state can be made through many means. Through the barrel of a gun is just one of them. Electronic

  • Instead, you can catch it on alt.com

After all is said and done, a hell of a lot more is said than done.

Working...