Critical infrastructure and hacking report

[Cain]

http://www.wired.com/threatlevel/2010/01/csis-report-on-cybersecurity/

Critical infrastructure systems around the world are the targets of repeated cyberattacks, according to a new global survey of technology executives in these industries. They believe some of the attacks are coming not just from individual cybercriminals but terrorists and foreign nation states.

The United States and China are believed to be the most likely countries to conduct a cyberattack against the critical infrastructure of another nation, according to the respondents.

Companies and agencies operating in the banking and finance sectors, energy and natural resources, telecommunications and internet service providers, transportation and mass transit, chemical production and storage, food distribution and government services are considered critical infrastructure companies.

The attacks that are occurring include massive denial of service attacks, stealthy efforts to penetrate networks undetected, DNS poisoning, SQL injection attacks and malware infections. The aims of the attacks vary from shutting down services or operations to theft of services and data or extortion attempts.

Among the more serious findings in the report is that some of the most sensitive critical infrastructure entities around the world, such as those for energy and natural-resource industries (such as water and sewage plants), are some of the least secure.

I am shocked, SHOCKED to discover this, I tell you.  Next thing you'll know, tactical data-feeds for war zones wont be encrypted or something.

[Rococo Modem Basilisk]

Back in the 80s and 90s, this was supposed to be 'the future of warfare' or something.

[Elder Iptuous]

bank of america's website was (effectively) down for the entire day yesterday due to, presumably, a DDoS attack.
how much revenue does one day of online banking services being unavailable for a major bank like that cost?

[Cain]

Depending on whether their investment transactions were on the same server....billions?  I would have thought they would have seperate servers for commercial banking and their larger financial transactions, but, well, relying on a bank to be clever...

Admittedly, it being a Saturday probably lessened the blow somewhat.  Even evil international financiers like to spend some time at one of their McMansions with the family.

[Jasper]

This has been a long time coming, hasn't it though?  Attacking people's money is so much more bloodless and remote than attacking them conventionally.

[Cain]

Oh yeah, like Enki said, people were talking about this 20 years ago.  One of the best books on the topic was written a decade ago.  The RAND corporation have run countless simulations and war games based around this.  No-one will do anything until a huge loss though, the much spoken of "electronic Pearl Harbour".  So long as hackers play smart and continue with the "death by a thousand cuts" approach, its likely no-one will ever do anything, and the whole thing will become a silent war of attrition between hackers and security experts.

[Jasper]

That's the good outcome.



Fuck.  Another bogeyman of apocalypse.

[Rococo Modem Basilisk]

One of the best books on the topic was written a decade ago.

Which one was this?

(Also, I thought RAND dissolved in the seventies? I only know of them in association with minis.)

[The Fundamentalist]

Wikipedia says that RAND still exists. </uninformed>

I did hear something about an "electronic Pearl Harbor".  Chinese hackers stole a very high amount of data from the DoD or something.  They left some infected flash drives lying around.

Or maybe it was that they installed a rootkit and were watching the system's activities for over a week.  I don't remember.

[Cain]

One of the best books on the topic was written a decade ago.

Which one was this?

(Also, I thought RAND dissolved in the seventies? I only know of them in association with minis.)

I can't remember the name, but it was by a London Times reporter with some background on military and technology reporting.

As for RAND

http://www.rand.org/

I suggest the downloads section.  Its a treasure-trove of documents on insurgency, terrorism and non-conventional (unfortunately a lot of it done by conventional thinkers with conventional writing styles...but they can occasionally come up with something actually interesting).

[Cain]

One of the best books on the topic was written a decade ago.

Which one was this?

(Also, I thought RAND dissolved in the seventies? I only know of them in association with minis.)

I can't remember the name, but it was by a London Times reporter with some background on military and technology reporting.

As for RAND

http://www.rand.org/

I suggest the downloads section.  Its a treasure-trove of documents on insurgency, terrorism and non-conventional warfare (unfortunately a lot of it done by conventional thinkers with conventional writing styles...but they can occasionally come up with something actually interesting).

Wikipedia says that RAND still exists. </uninformed>

I did hear something about an "electronic Pearl Harbor".  Chinese hackers stole a very high amount of data from the DoD or something.  They left some infected flash drives lying around.

Or maybe it was that they installed a rootkit and were watching the system's activities for over a week.  I don't remember.

I wouldn't say that was exactly an electronic Pearl Harbour though.  Knocking out the communications of the Seventh Fleet during a large-scale conflict in the Pacific might count, as might an electronic attack against the stock market (if it does sufficient economic damage...say on a par with the current financial crisis).  That just seems like run-of-the-mill espionage, no doubt America and Japan have done the same back to China.

[Rococo Modem Basilisk]

I can't really see cybercrime following the same old national boundaries as conventional warfare has, tbh. It's just like how recently the largest perceived 'threats' have been along ideological rather than national lines (and only occasionally lining up when the ideological and national lines sync -- for instance, china works almost as a block, and islamic theocracies of the more significantly extreme sort are more likely to sync up in terms of interests with individual radical islamic elements in arbitrary nations). The trend *seems* to be towards a war on <ideology X> rather than a war on <nation X>, and despite being nonsense legally, it does seem like wars on ideology get closer to the point than wars on nations -- the cold war being a war on communism rather than a war on the USSR, world war two from the allies' perspective being a war on facism, etc.

I dunno if this post makes sense. I'm a little out of it today.

[Cain]

It makes no sense.  America has waged war against fascists and Islamists.  America has cooperated with Islamists and fascists.  Britain has cooperated with strongly Catholic rivals, it has waged wars against strongly Catholic rivals.  France has fought brutally against socialist-national liberation movements, France has worked with socialist-national liberation movements.  All three tried to crush Communism, then tacitly supported Nazism as a counterbalance to Communism, then allied with Communism to crush Nazism and then went back to trying to crush Communism within a twenty year span.

Foreign policy is a product of the desires of the ruling class, of which ideology may play a role, but normally only in how it impacts on geopolitical and strategic ambitions.  America, for example, wanted to exploit central Asia since the end of WWI.  It couldn't though, because a bunch of angry Russians with a grudge against capitalism were sitting on top of it.  These Russians were also stirring up their own underclass and making things less than stable in the United States - threatening their position as the ruling class at home.  Sure, there was an ideological component to this, but if we accept the ideological reason as the primary one, we cannot explain Nixon going to China, or indeed any of the above counterexamples I have given.

You get the occasional ideologically driven leader (like Roosevelt or Churchill) but they usually only gain currency once their pet threat has morphed into a strategic one.  Ideology is more often not the propaganda smokescreen for concrete and real issues, like, say, dominating the Eurasian landmass and thus ensuring unchallengeable hegemony into the forseeable future.  Or whipping up jingoistic attitudes at home to deploy against political enemies.  Or war-profiteering perks.  Or all of the aforementioned.  Sure, you can use the clash of ideologies to try and build an ontological threat to a nation's identity, as many have (see: Writing Security: United States Foreign Policy and the Politics of Identity by David Campbell), but again, those attempts have always been in order to make people more responsive and enthusiastic towards those geopolitical goals.  People aren't going go out and fight Russian imperialism just because you tell them to, but do a long-standing propaganda campaign to try and make out your nation is the saviour of Lutheran Christianity and hey, look, the Russian Orthodox Church just happens to be persecuting Lutherans...and sit back and reap the benefits of an expansionary war.

[Rococo Modem Basilisk]

Foreign policy is a product of the desires of the ruling class, of which ideology may play a role, but normally only in how it impacts on geopolitical and strategic ambitions.

Foreign policy and the desires of the ruling class only factor in when the ruling class is in charge. I'm seeing a pattern with the most recent situations: largely, it is non-government-affiliated individuals bound primarily by a strong shared belief independently organizing attacks (or appears so, at least). If this is a trend -- and it may well be (after all, from what I understand the major impulses towards nationalism have typically been towards a greater level of cultural, racial, and ideological hegemony within a given geographic region, and now that geographic regions are of less importance to social interaction the importance of social hegemony within geographic regions to nationalist impulses can be expected to lessen) -- then nations and their leaders may easily have less control across the board over this type of warfare, which is nonmilitary and largely decentralized (and does not particularly benefit from numbers or central leadership).

[Shibboleet The Annihilator]

bank of america's website was (effectively) down for the entire day yesterday due to, presumably, a DDoS attack.
how much revenue does one day of online banking services being unavailable for a major bank like that cost?

I would guess not much. The online banking services are generally the same services that the banks themselves offer. Most people only use this to pay their credit cards and transfer balances.

I would be surprised if Bank of America even hosted its own website. It's probably on some server in some data farm in Nebraska or something. I would be shocked if the server or VM that hosted their website for customers hosted anything as important as large investments or corporate operations.