Comments on: Cyber Attack?

By: probligo

probligo — Tue, 29 May 2007 20:49:25 +0000

I had in mind the recent experience in Estonia where telephone, financial, and emergency systems were all closed down by a concerted attack through the internet.

Look, for example, at what happened to Estonia last week. Ever since the government of the Baltic state decided (rather tactlessly it must be said) to remove a war memorial to the Red Army from a square in the capital, Tallinn, Russian outrage has ensued.

This took the form of demonstrations and even riots. But then something extraordinary happened: quickly, and wholly without warning, the whole country was subjected to a barrage of cyber-warfare, disabling the websites of government ministries, political parties, banks and newspapers.

Techniques normally employed by cybercriminals, such as huge remotely-controlled networks of hijacked computers, were used to cripple vital public services.

Nato has sent its top cyber-terrorism experts to Tallinn, with western democracies caught on the hop over the implications of such an attack.

The Estonian defence ministry said: “We’ve been lucky to survive this. If an airport, bank or state infrastructure is attacked by a missile, it’s clear war. But if the same result is done by computers, then what do you call it? Is it a state of war? These questions must be addressed.”

By: Aric

Aric — Sun, 27 May 2007 09:28:12 +0000

Any distributed computing system risks a cyber attack. Protocols make little difference; only physical isolation can completely protect from remote intrusion.

TCP/IP serves as the backbone of current computer networks. The reason for this is that it is simple, efficient, and flexible. Like any computer system, the methods it uses are subject to exploitation. Over the course of the last 20 years, as security issues have been raised, counters to electronic attack have been developed: Packet Encryption, Jails, Firewalls, Tar Pits, and a host of others. The evolution of such tools will go hand in hand with the development of methods to circumvent them. IPv6, which was to replace IPv4 with a more secure, reliable and flexible method of data delivery was recently discovered to have a very serious security flaw. This only goes to show that any new “secure” system will always be at risk because the people who design it are human, and will make mistakes.

By: probligo

probligo — Sat, 26 May 2007 20:54:16 +0000

Language in question Dave is HTTP.

It is not just the interface translation that is at fault (Firefox or iMax vs Explorer proves that).

The problem is the ability for HTTP itself to be abused and the functions it contains to be used for more nefarious purposes.

By: Dave Justus

Dave Justus — Wed, 23 May 2007 18:46:12 +0000

If the ‘problem’ is that all the network software is from a single source (which is plausible but probably not the case) wouldn’t greater standardisation make the problem worse, not better?

Obviously means of defense need to be found, and I expect that many many people are working on that, and many others are working on ways to overcome that defense.

By: probligo

probligo — Wed, 23 May 2007 18:31:02 +0000

The “how” is a series of IT industry standard routines.

The problem is that the primary network software is from one source.

That is exacerbated by the fact that the software is not the most reliable.

Having said that, there is a need for some level of standardisation and that introduces the risks associated with the likes of html.

Of greater importance though must surely be the development of specialised protocols for strategic (and I mean here non-military such as financial and commercial traffic) functions.

FWIW…

By: Aric

Aric — Tue, 22 May 2007 23:39:02 +0000

I deny all responsibility.