Is the Cyberterror Threat Credible? 301
Scott Pinzon writes "Is the idea that cyber terrorists might take down US networks or utilities realistic, or over-hyped? One of the authors of the Patriot Act and several Black Hat 2005 speakers debated the issue informally at WatchGuard's "Security and Beer Roundtable." Participants include Dan Kaminsky, Johnny "Google Hacker" Long, Tim Mullen, Sensepost penetration testers, a guy from Microsoft's ISA team, and others."
Are critical systems on the internet? (Score:4, Insightful)
The question is not whether the threat from cyberterrorism (what a stupid term) is credible, but who in their right mind sees it necessary to put critical systems online?
If you want to take out half the internet, you don't need hackers. A backhoe works just fine. So why in the world would anyone put such important things on a network that is easily disabled?
Re:Are critical systems on the internet? (Score:2)
Agreed (Score:5, Interesting)
But beyond that, there are easier targets.
Railroads carry tanks full of lovely chemicals like SO4 and HCl. For commercial efficiency, they often put all the tank cars together. For historical reasons, the railroads, state highways, and interstates often run close together and intersect. Not far from where I am now is an intersection of two interstate highways, two state highways, two US routes, and a railroad.
Take out the tank cars and drive away in any direction.
Re:Agreed (Score:5, Interesting)
The bridge was out of action completely for about a week. It didn't collapse, but the damage was severe enough to basically destroy it. The northbound lanes were out of action for another week after that. And this was with an extremely huge effort to get it running again, they expected even temporary repairs to take about a month. I don't think they've gotten it properly replaced even now.
The shit really hit the fan when this happened. That stretch of I-95 was(and still is) undergoing heavy construction as it was, so it was backed up already. Traffic got really screwed up, there were lots of detours onto the 15 and the local roads. Commercial traffic was even sent on the 15, that NEVER happens, it is normalyl outright banned.
This was a single, smallish tanker truck that got winged by a passenger car. Early morning too, so traffic was light. A deliberate attack using a larger truck during rush hour... I don't want to imagine. Dozens(for this bridge, potentially hundereds with the right bridge) would be killed and there would be serious economic disruption. That bridge is probably one of the most important in Fairfield County, especially the coastal region.
They did have some antiterrorist type people on scene... it was obviously an accident, but they went there to get a better idea of just what would happen if terrorists did go after a major bridge and how to best recover quickly. Good thing they got a demonstration like that without the death toll an actual attack would have caused.
Re:Agreed (Score:4, Insightful)
The combination is quite deliberate to spread FUD.
If you ever watch the news on TV, they constantly want to portray the Internet as this newfangled thing (still) that vague and murky and might bite you at any second. I think that's simply out of touch for most people (actually I think the TV industry is just jealous) but the FUD must play well with some of them because the mechanics of it isn't so easy to grasp as say any other appliance, like a blender or how TV generally works.
Combined with the vogue word of this decade, terrorism, voila: a whole new genre for the powers that be to terrorize, er, I mean inform others with propaganda.
It's the same old shit (SOS) put in a new dress.
Re:Agreed (Score:2)
I'm not sure that if my e-mail stopped working or I couldn't connect to the Internet, I'd be terrorized. Annoyed, yes. On the other hand, railroad cars blowing up in my neighborhood would make me terrorized.
Re:Are critical systems on the internet? (Score:2)
Suppose a clueless customer requires "remote administration" for their SCADA equipment. Suppose a clueless vendor sells "efficient distributed management! Troubleshoot power line problems from home!". Either way you've got a vulnerable tunnel from the wild Internet to a critical system.
>who in their right mind sees it necessary to put critical systems online?
In another generation
Re:Are critical systems on the internet? (Score:5, Interesting)
If I'm reading this correctly, yes.
The fact that an idea is really dumb doesn't mean it's never been implemented.
Re:Are critical systems on the internet? (Score:2)
Who says it's more secure to have them off the internet? I'd say dial-in access to them is even less secure,just because then people won't plan for daily intrusions.
The question you should be asking, is whether it is necessary to make these critical systems remotely operable.
If so, what can be done to secure them?
If not, disconnect them fr
Re:Are critical systems on the internet? (Score:3, Interesting)
The internet itself is considered a critical system. As valuable (perhaps more) as the telephone and electricity utilities.
What is concerning to many is another Morris internet worm or a similar crash of the internet. Take the recent cisco bugs - these make up a significant portion of internet routing capability. Should someone succeed in developing a cisco worm that infects even 5% of the cisco routers (specifically the "big
Re:Are critical systems on the internet? (Score:5, Insightful)
By what, doing nothing? Two words: New Orleans. The US government can't even defend its citizens and infrastructure against BAD WEATHER.
What % of commerce depends on the net? (Score:2)
Oh and then there the airlines (no flights today because the screens are down), factories (no p
Re:Are critical systems on the internet? (Score:3, Interesting)
What is SCADA? (Score:2, Interesting)
Wikipedia article on SCADA [wikipedia.org]
Re:Are critical systems on the internet? (Score:2)
One of main things a control system in a chemical plant is used for (besides controlling) is data collection. In many or perhaps most cases, the corporate LAN is hooked somehow to the LAN with the DCS (distributed contol system) to give pointy-haired bosses sitting around the world access to this data. Also, the corporate LAN is hooked to the outside world to provide employees with internet access.
Normally this is all put togeth
Re:Are critical systems on the internet? (Score:3, Insightful)
Terrorists are political animals first and foremost. They attempt to disrupt the exisiting political order in order to substutite their own.
This means that they don't really have do something major in terms of deaths or physical destruction. All terrs have to do is disrupt. All they have to do is create enough chaos to force society to give in.
How about the economic impact of shutting down th
Re:Are critical systems on the internet? (Score:2)
You assume everybody implementing network security it competent.
Not so [theregister.co.uk].
Re:Are critical systems on the internet? (Score:5, Informative)
But taking out things like root servers and some major routers, and its efficiency will go down the tubes. Do you recall what the internet was like after 9/11? A lot of major sites were fubared, I had trouble with some emails... it was a pain. A lot of intenet traffic goes throught NYC.
Re:Are critical systems on the internet? (Score:2)
Re:Are critical systems on the internet? (Score:3, Informative)
Here in the UK, everything was fine. Sure, the news sites were dog slow in the immediate aftermath, because they were having trouble handling all the traffic. Other than that, it was fine.
Localised strikes can only do localised damage. The rest of us will barely notice, unless we happen to be trying to send traffic into/through the affected area. Unsurprisingly, most of my London-based traffic never gets routed through New York.
Re:Are critical systems on the internet? (Score:2)
The Internet was supposed to be able to survive a nuclear war. Today, large parts of it couldn't survive a well-placed yokel with a backhoe. Someone remind me whose brilliant idea it was to go with a backbone, any
SIPRNet (Score:5, Informative)
The DOD already operates a separate internet for classified material. It's known as the Secret Internet Protocol Router Network, or SIPRNet [wikipedia.org]. So yes, an alternative "G-Internet" is more than feasible - it already exists.
Re:SIPRNet (Score:2)
I followed your wiki link to the article on SIPRNet. It mentions that the network is for the transmission of classified documents, including (SECRET//NOFORN) documents. Not being a conspiracy theorist, I wondered what NOFORN meant.
I googled it, and this [navy.mil] is the first page that comes up.
I'm wondering when the feds are coming to knock down my door now... I mean... I wonder how much stuff like this is on teh intarwebs? When you go to the root website, it pops a javascript clickyesbox telling you in no uncert
Re:SIPRNet (Score:2, Informative)
Re:SIPRNet (Score:2, Funny)
That's just what they WANT you to think.
Re:Are critical systems on the internet? (Score:3, Interesting)
Many 'fat' internet connections share a single tunnel. Long haul fiber outages and what not can have a huge sweeping blow to thousands of websites if properly planned. Yes, there are redundant links, but if you cause a large enough chunk of traffic to be routed through alternate paths, you will cause those paths to get flooded and DOS not only the originally effected sites, but also the sites that WE
Re:Are critical systems on the internet? (Score:2)
This has been a common internet metaphor since a certain event some years back (1987 as I recall; I should look it up). The New England part of the Internet was connected to the rest of the world via 7 separate trunk lines, which you'd think would have been enough redundancy. But one day all 7 trunks went silent simultaneously, and New England was isolated from the rest of the Net.
Investigation quickly showed that the phone
No - none of that manipulative cyberlip (Score:4, Insightful)
Criminals that use computers for fraud and other crimes should be described by a less stupid and emotive term than cyberterrorism.
Re:No - none of that manipulative cyberlip (Score:3)
Not for long man:
X-45 J-UCAS Unmanned Combat Air System [defense-aerospace.com]
like '%Cyber%' (Score:5, Insightful)
Re:like '%Cyber%' (Score:3, Insightful)
Re:like '%Cyber%' (Score:2)
Cyber? (Score:3, Insightful)
I want my cookie (Score:2)
5|45hd07 Ru|35
And for those that don't speak 1337 - Slashdot Rules
Re: (Score:2)
Keep the govt out. Decentralize security. (Score:5, Insightful)
However, their desire to collect and to centralize information on government computers for 'homeland security' purposes makes such a threat more dangerous, not less dangerous.
If their proposals for government-accessible backdoors [wikipedia.org] for all encryption were actually to become reality, then a single successful hacker could compromise millions of secure computers and documents in a single attack.
The best solution is to go back to the policies of Clinton's presidency. Let us, the people, take care of our own security without government intrusion, as is our natural right and privilege.
Re:Keep the govt out. Decentralize security. (Score:5, Insightful)
I'm not sure that's really what you want. IIRC, the attempts to make key escrow mandatory with Clipper were on Clinton's watch. The sooner we quit believing that one party or another is interested in freedom, the sooner we have a chance to preserve the dwindling amount of it we have left.
Re:Keep the govt out. Decentralize security. (Score:3, Informative)
The last comment is right on, and in fact the Clipper project illustrates quite well that neither party can be trusted. The Clipper chip was actually a Bush I administration project -- initiated and developed before Clinton came into office. It was pretty much
Re:Keep the govt out. Decentralize security. (Score:3, Insightful)
I agree in principle - but it's also kind of unproductive to take the 'long view' and always claim precedent for everything bad going on right now. We don't have time machines, we can't change history- you have to focus on the present and the people who are perpetrating bad things right now. As far as two party politics go, if the elected officia
The "Digital Pearl Harbor" is NOT going... (Score:2)
Re:Keep the govt out. Decentralize security. (Score:2)
You mean Richard Clark, appointed by Clinton, as mentioned in the article you link to?
The best solution is to go back to the policies of Clinton's presidency. Let us, the people, take care of our own security without government intrusion, as is our natural right and privilege.
Hm.
Re: (Score:2)
Re:Keep the govt out. Decentralize security. (Score:2)
Pikers and latecomers.
The DOD has been warning of such things for decades
Back in the 60's, when the DOD's ARPAnet project was started, one of the design goals was that the network should have sufficient redundancy and intelligence so that when an enemy knocked out lines or relays, the software would just silently route around the break and keep the communication going.
This has been one of the more difficult things to impl
Hah!y (Score:3, Insightful)
First it's anthrax (anyone remember that?)
Then it's suitcase nukes..
Then it's bird flu..
Suddenly terrorists are going break into our computers?!
All of these are existant 'problems' blown WAY out of proportion. I'm counting the days before termites are found in the whitehouse, thus becoming the next terrorist threat.
Oh boy (Score:4, Insightful)
Re:Oh boy (Score:3, Insightful)
Falling space debris doesn't kill 5 Israeli civilians and several dozen Iraqis on a quiet week, and several hundred to thousands on a bad day. Falling space debris also isn't actively trying to fall more frequently and harder.
how can we possibly believe that terrorism is capable of any more than the few isolated incidents that have befallen the world in the last dozen years?
Terrorism has been
Re:Oh boy (Score:2)
Re:Oh boy (Score:2)
Duh.
Re:Oh boy (Score:2)
The goal of the Muslim fanatics is to subject everyone to their perception of their religion and its laws. Anyone who is not of their persuasion is an infidel, who must be either made to obey or be eliminated. There may not be a single person or organiziation that drives this goal, but there is this common religious Muslim philosophy. The Jews and their protectors are seen as the number one enemy. This sentiment was s
Re:Oh boy (Score:3, Insightful)
You're right, but not quite on-point. (Score:5, Interesting)
The problem with this way of thinking, though, is that most ordinary people believe that terrorism is not an act of God, and that it is, in some way, a preventable issue. When it comes to auto accidents, ordinary folks want to put controls on those items that can lower the risk of death (preventing DUIs, speed limits, mandatory seat belt laws, etc). It's the same with other deadly issues--like how people want McD's to have healthy choices on their menus because heart disease is so prevalent (now, whether people make good choices is another issue...). Or smoking--how much energy/money has been spent on getting people to stop?
People can accept deaths. It's a normal fact of life, and it sucks when it hits close to home. It sucks even more when those deaths could have been prevented with simple measures. If a party got out of control and a guy that was totally blitzed got behind the wheel and kills your wife/husband/mom/sis/friend/etc, you'd be pretty darned pissed and that incident would leave a hole inside you that might not ever heal completely. That's reality. Also, you, being a responsible citizen and registered voter, would be so upset and hurt that you just might demand more steps be taken to prevent others from feeling how you do. So, you call your local politian.
Economically speaking, no deaths are without consequenses. If it's preventable, then it can be calculated how much the solution would cost and how many deaths it would prevent. Those "non-dead" people earn incomes and pay taxes. If those expected taxes are greater than the proposed solution, then we have a winner. Of course, not all decisions are made based on pure economics. Many people are simply willing to pay higher taxes in favor of more safety, just because we like not having to go to our loved one's funerals.
I do understand what you're saying, and the rational part of my brain agrees. The part that hates going to funerals, though, tells me that if a death can be prevented, maybe we should go out of our way a bit to prevent it.
Re:You're right, but not quite on-point. (Score:3, Insightful)
Re:You're right, but not quite on-point. (Score:5, Insightful)
I disagree with that statement. How many times has the "If but one death could be prevented..." mantra been passed around? Too many people expect EVERYTHING to be risk free, and often propose and avdvocate extreme measures to gain that certainty. No matter how absurd the measure might be for the majority of the people. And if CHILDREN are involved? Oh my god.
Look at all the handwaving currently going on regarding video game violence, dispite the fact that teen violence levels are at the lowest they've been in decades. But no, SOMETHING caused Columbine, and that something must be eliminated.
And if it can't be eliminated one way, they'll try another. A "defective" product? Sue the company. An unforeseen drug interaction? It's class action time. Some kid jumps off a bridge because a character in a game did so? Obviously, it's time to ban all games.
We demand perfection, every time, all the time. And if it's not perfect, then someone, obviously, is to blame.
Re:Oh boy (Score:3, Insightful)
You know, I was a pretty ordinary nerdy teenager, but I hung out with some less savoury characters. We wreaked some pretty fine havoc from a vandalism point of view. Their ideas, of course! ;-)
All the while, I was thinking, "what if we decided to do this somewhere serious?" There were traffic light boxes to mess up, power stations, train controllers, high-
And the answer is.... (Score:5, Insightful)
So maybe what I mean is... no, it isn't remotely credible.
Realistic, I'd say. (Score:3, Informative)
Alan Cox said it best in this interview http://www.oreillynet.com/pub/a/network/2005/09/1
"We are still in a world where an attack like the slammer worm combined with a PC BIOS eraser or disk locking tool could wipe out half the PCs exposed to the internet in a few hours."
Re:Realistic, I'd say. (Score:2)
Re:Realistic, I'd say. (Score:3, Insightful)
OTOH a virus that did this wouldn't propogate very far because it's destroying its host. There's more to be gained by keeping the host running and infecting other machines. eg. Delete NTLDR and
One phrase (Score:3, Insightful)
Re:One phrase (Score:2)
The machines didn't go silent on Jan 1st, but lots of people had upgradeitis and it cost billions.
Simple risk management? (Score:2)
The Nightmare worm (Score:5, Interesting)
It could have already happened, but perhaps the worm writers had a conscious. There will be a worm that 0-day exploit that compromises a common MS Windows service and isn't so polite as SQL-Slammer. Slammer infected almost every vulnerable host in the world within 10 minutes [mit.edu]. I would call Slammer a 'polite' worm as it did no harm other than flooding networks.
It's certainly possible to write an impolite worm. One that doesn't just spread itself, but after 20 minutes of attempting to spread itself decides to stop all of your services and then wipe the data off your hard drive. If a computer isn't directly affected, it will probably be affected downstream by the network traffic or reliance on Windows network services. Those that managed to survive may have a hard time finding other surviving resources.
Hopefully the business world has backups, but can you imagine the global disaster that would follow? In 30 minutes almost every computer in the world is down. Airlines will be grounded, you may lose electricity, you might not be able to order a mocha frappancino(tm) at your favorite fourbucks.
(Not to be judgemental, but in today's world if it doesn't target Windows it's not the Nightmare worm)
Re:The Nightmare worm (Score:4, Insightful)
Nightmare Worm already Exists... (Score:2, Funny)
What other application could update itself weekly and be so intergrated with the OS that a complete removal would render the OS inoperable. Makes that Win32 virus that associated EXEs with itself look like child's play.
Hot-Swapping motherboards??? ROTFL. ROTFL!
Re:The Nightmare worm (Score:2)
So you wouldn't consider a worm that took out say... all the Cisco routers running the Internet a nightmare worm?
Re:The Nightmare worm (Score:2)
You're making a couple of assumptions there - 1) that the virus/worm would work on *most* computer operating systems, not just Windows; 2) that *most* critical systems run on Windows. Not 100 yards from where I'm s
Certainly. (Score:2)
Slashdot effect... (Score:4, Insightful)
I was working at home on 9/11, and yes: CNN was down until they put up a no-graphics static page. Slashdot was up and running just fine.
Anent to the article, I think the so-called cyberterror threat is not so much Al Qaeda as it is Eastern European organized crime, and the threat is more centered towards e-commerce (Amazon, eBay, gambling sites) than public infrastructure.
Al Qaeda wants to perform acts that make people afraid to go to work, not acts that keep them from bidding on Beanie Babies or playing Texas Hold-em. DDos-ing Amazon or Partypoker.com isn't the sort of deadly blow against the infidels that gets them out of bed in the morning. Yuri and Vladimir, on the other hand...
But the real "cyberterror" threat is the potential US Government overreaction towards any potential threat, real or imagined. Since the early '90s, the government has viewed the Internet as something big, scary, and untamed. COPA, DMCA, you name it, they'll regulate it. Even now, look at the way the Federal Election Commission has been eyeballing political blogs: free speech or political contributions?
If there's a threat, it'll be from Capitol Hill or 1600 Pennsylvania Avenue, not some cave on the Afghani-Pakistani border.
k.
Re:Slashdot effect... (Score:2)
guise of fighting a foreign enemy. - James Madison
Re:Slashdot effect... (Score:2, Insightful)
Slashdot traffic ranking: 800 [alexa.com]
CNN traffic ranking: 24 [alexa.com]
During a big news event slashdot's traffic might quadruple, but CNN's would be off the chart. CNN could slashdot slashdot (and most other sites).
Of the top ten google searches on 9/11 the only one that beat World Trade Center was CNN. 6000 users per minute were using google to find CNN.
Effects of 9/11 on Google [firstmonday.org]
Re:Slashdot effect... (Score:3, Insightful)
I really wasn't trying to compare Slashdot's and CNN's network infrastructure. I was just trying to make a simple observation. It's obvious that CNN had at least an order of magnitude more HTTP requests than Slashdot did on that day. Same with bbc.co.uk and msnbc.com on 9/11/2001.
But you have to consider that in 2001 Slashdot's network infrastructure was smaller than that of CNN, the BBC, or MSNBC. And it handled its request load better than the aforementioned web sites.
I'm just sayin'.
k.
ping down AIM (Score:2)
Computer security is one thing (Score:2, Informative)
If you really think about it anything technological that requires a computer is at risk to "cyber"terroris
W00tkits of Mass Destruction! (Score:2)
W00tkits of Mass Destruction (WMDs) are all over the place, man.
Of course (Score:2)
As a security researcher, I can say without hesitation: of course the threat is credible. The vulnerabilities are here, each day a dozen of them are discovered in major applications [1]. And competent security researchers exist around the world (e.g. 75% of windows vulnerabilities are discovered by external independant researchers [2]).
Now the only reason why cyber terrorism is not more frequent and more harmful (it is almost inexistent but it *does* exist) is the relatively few number of black hats (ba
Re:Of course (Score:2)
I would like to make sure everyone understands my point: what I meant is that as of today "cyber terrorists" (I hate this term) pose a threat that is much less important than, say, the whole bunch of script kiddies present on the Internet (I am not even sure if we can call this "terrorism"). But the fact is that given their number and their imagination, terrorists have probably already started to play with some scenarios of Internet attacks (e.
There IS cyberterrorism. And it's here, on /.! (Score:2)
If that's not TERROR, I don't know what it is.
So will I (Score:2, Interesting)
I wonder how this stuff makes news anyway. Soon we'll have these pompeous dicks addressing games like WoW as "Cyber-cocaine," attempting to make it sound as if its addictive as the drug itself. Honestly who the hell comes up with these crappy titles? I mean, these are the same assholes who pulled that "Y2K" scam on everyone, people no different from making "Y2K compliant" appliances, and now, here we are again except we jumped from an alphanumeric word
Indirectly (Score:2)
A simple question: (Score:3, Insightful)
Requirements:
1. It must be easy for them to understand.
2. It must be something they will follow (lots of pictures), and not a white paper.
3. It must be colorful
4. It must have a goal of educating the user and not taking their money.
5. I prefer it be securemypc.com rather than joe.blog.com/files/02/05/security101.htm
I have seen guides with this in mind but they are mostly all crap. The task is not hard and I see people clearly explain it over and over to people on web boards but I have yet to see a _good_ website where I can just say to them "go here http:"
Certianly if people can spend billions of dollars and have hundreds of orginizations to clean up the damage these systems cause than someone can write a simple to follow guide for the end users that do care...right?
Re:Better safe than sorry (Score:2, Insightful)
Yea, money's the real issue. With enough money, they can buy out enough hardware, encourage enough research, hire enough programmers, etc, to do almost anything. On the other hand, I'm sure that no matter what they do, their system will still have critical vulnerablilities, but that's just a fact of life.
Anyway, when we spend a quarter of the money on cyber-c
Re:Better safe than sorry (Score:4, Insightful)
Truth is, if the raids on strongholds in Iraq are any indication, they can barely figure out how to upgrade to Windows 98. I'd be more worried about my government bankrupting me than anything the evil terrorists could pull off.
Re:Better safe than sorry (Score:5, Interesting)
Staying technologically superior is also a form of corporate welfare. Same with war. Without going into the obvious politics of war, was the $30 Billion Shock and Awe phase of the war needed? We could have done just as much damage dropping $10 million worth of diesel fuel and nitrate in 50 gallon drums from cargo planes. But who would that have helped out? Not GE, Lockheed, Boeing, or anyone else who makes high precision implements of death.
Call me an idealist, call me a purist, but if we rewarded technology for the sake of technology, not for how many people it can accurately kill, then maybe people wouldn't want to attack the U.S. Don't believe that "They hate our freedom" line, it's a lot more complicated than that. If a country acted benevolent, didn't cowtow to corporate interests, and took a leadership role, both in its own society as well as in global matters, as well as (and not just) a moral compass, then do you think that country would be the target of attacks? If the U.S. said that they were going to develop a cure for aids, paid for that, and then licensed out the manufacture of the pharmaceuticals, then do you think that there would be a pissing match with African nations over patent controls?
Everyone says that technology is not a panacea, but even still, we've yet given an honest attempt to prove them right. We're still all stuck on that greed thing.
Mod parent down (Score:2)
Whoa whoa whoa, slow down here... Are you saying that if all countries ceased military research, development and maintenance we would magically end all warfare? What a great idea! You put down your weapons first. Don't worry, I'll be right behind you.
as well as (and not just) a moral compass, then do you think th
Firewall against Asian bird flu too (Score:5, Insightful)
Fear is a fantastic way to control people and get big dollars into big lobbiests pockets. It is also a good way to divert focus from real issues.
Unfortunately these measures only give a false sense of security. All the aircraft carriers can't stop a few punks with box cutters from hijacking a plane or whatever.
Huge security measures in the internat will be equivalent to airport security. Pain in the ass (in more ways than one), queues, loss of service etc for Joe Average and ineffective.
Re:Firewall against Asian bird flu too (Score:2)
Who needs box cutters when your hands are registered mortal weapons? Any pointy item could be used as a weapon, too. Even a briefcase, notebook or your glasses.
But of course, handcuffing the passengers is a bit too extreme...
No (Score:2)
No, 0x10 !!
Re:No (Score:4, Insightful)
Even if it's not credible, it doesn't mean it's okay to leave networks unsecured. Having consultants do security analysis is probably a good idea (although I don't personally know to what extent the federal government deliberately gets ripped off by those consultants, as you contend).
The threat of cyberterrorism has more to do with whether we should spend money analyzing threats to electronic infrastructure, and planning responses to potential attacks on it. Not the sort of thing you hire pen-testers for.
Re:No (Score:2)
Does it make a
Re:No (Score:2, Interesting)
I had an old friend/acquaintance (who was very well placed in the networking community) once tell me he could bring the internet to its knees in a matter of half an hour with some poisoned routing tables or somewhat similar at the router/peering points. Granted this was years ago, but as I recall being told it was one of the 'nets darker secrets -- e.g. a handful (or more) of people knew about the security hole, but it was baked into how things were being done
Re:No (Score:2)
M
Re:Issue arises from flat routing and trusted rout (Score:3, Informative)
Considering that my networking professor told the whole class about it, there are more than a handful of people that know.
For those that don't know, the issue arises out of the way the internet does routing. IPv4 uses a flat routing system. Every key router on the internet knows how many hops away it is from all of the other key routers and which direction the router is in. Consider (the dots a
Re:testing pens? (Score:2)
If you can't get in and award yourself the clearances you need, you're obviously not qualified.
If ethical concerns keep you from doing this, you're not qualified.
If you can't make the system issue YOU a purchase order, you're not qualified.
How do you expect your congresscritter to push your name when he or she won't have confidence that you'll be competent enough to hide their payoffs.
Re:No (Score:2)
But why the hell did that story get through to me?? *scratches head* Maybe the Internet is insecure. D'oh.
SCADA, plus STUPIDITY (Was: Re:No) (Score:2)
Re:Chinese (Score:3, Funny)
Don't piss off others! (Score:3, Insightful)
Re:Threat or Not Doesn't Matter (Score:2)
Richard Bachman (aka Stephen King) wrote about this in 1982 [amazon.com].
Re:Threat or Not Doesn't Matter (Score:3, Interesting)
http://www.avweb.com/news/profiles/182918-1.html [avweb.com]
Re:No. (Score:2)