Appealing to the private sector, the homeland security boss reached out and simply said: "Please send some of your brightest and best to do service in the government."



phrack off and byte me.

Article Headline: "Cyber risk 'equals 9/11 impact'"

Uh, yeah... Tell me... how many fatalities usually result from a web page going down?

Wait, none? You sure? Wow...

/hate asshatery

Boritom: Article Headline: "Cyber risk 'equals 9/11 impact'"

Uh, yeah... Tell me... how many fatalities usually result from a web page going down?

Wait, none? You sure? Wow...

/hate asshatery

the ONE segment of our society that the federal government cannot easily control is the internet. It's still possible to remain (relatively) anonymous and post information without filter or control by central authority. And that ability irritates certain segments of the government.

So by tagging certain segments of the 'net as 'havens for terrorists' - or as 'havens for pedophiles' - they can scare people into supporting more and more restrictive laws. And there are enough scared and stupid people out there who will believe crap like this and vote for it.

God save Fark!

/nothin'

Looks like the wings are coming out of his head.

Bullshait
Link (new window)

Sec. Chertoff apparently thinks Live Free or Die Hard was non-fiction. I shouldn't criticize as I did the same with They Live when Bush got re-elected. But in my defense, I was high.

wow subby, you worked in Mets bashing. You know, rape is less forced then your jokes.

/ (nothing)

Boritom: Uh, yeah... Tell me... how many fatalities usually result from a web page going down?

You forget the people who die from exploding scrotums (scrotii?) when foobies is down.

In other news Rick Ashley has been taken to Guantanamo.

God I love it when idiots try to tell experts what they need to do.

I like to imagine any one from the DHS talking in a cartoonish evil voice bellowing out.
"More power!" "We need more power!"
"No one is safe, not even your puppy! Unless you hand over EVERYTHING!"
"MOOOORRRREEEEE POWWWEEEEERRRRRRRR!!!"
BUUAAAHHHHHHAHAHAHAHAHAH

Cyber-terrorists. Sounds delicious. Delicious and sexy.

I hate to break it to y'all, but there are dangers here. Taking down a website? Not so threatening. Taking down a backbone router? Big problem. That's not even taking into account the potential harm of compromising, say, the Justice Department's records, or emergency response communications channels.

Just like that...we're terrorist now

Maybe they shouldnt have some of that stuff on computers, then.

Hacker Crackdown redux

Everyone, hide

don't mess with football!

"We take threats to the cyber world as seriously as we take threats to the material world," Mr Chertoff added.

INTERNET. SERIOUS BUSINESS.

feelgood47: Just like that...we're terrorist now

So you admit it!

gcc
I hate to break it to y'all, but there are dangers here. Taking down a website? Not so threatening. Taking down a backbone router? Big problem. That's not even taking into account the potential harm of compromising, say, the Justice Department's records, or emergency response communications channels.

Yeah... I'm the first person to be skeptical of the government raising fears, but there are some pretty nasty consequences to attacks, particularly when they're targeted and coordinated as part of a larger effort. Imagine a mass casualty incident when, say, all the first-line paramedics just spent 12 hours running ghost calls, and can't do record lookups.

Contrary to Subby's misleading headline, you will not even find the word "web" mentioned in the article. Nobody cares whether or not you can get to cheerios.com, but that isn't the only thing going on over the public network, much less in more general terms of information security.

gcc: I hate to break it to y'all, but there are dangers here. Taking down a website? Not so threatening. Taking down a backbone router? Big problem. That's not even taking into account the potential harm of compromising, say, the Justice Department's records, or emergency response communications channels.

That is nothing. I worry about power companies, chemical plants, stock markets, etc where a system can be hacked and invalid data can be entered into the system in a controlled manner. People make decisions based on that data and if you happen to know SOP you can make very bad things happen (like people who are the biggest threat - disgruntled current employees). Shutting down a router or system is probably the best outcome because it gets noticed and is very easily fixed. A corrupted database is bad enough, but a non-corrupted datastore that has had bad data entered into it for an undetermined length of time is far, far, FAR worse.

feelgood47: Just like that...we're terrorist now

Whaddya mean, "now"?

feelgood47:

Just like that...we're terrorist now

Sorry, feelgood47. You tiger now.



/hotlinked, of course

S.A.S.Q.U.A.T.C.H. that picture, the eyes are feminine, the stache, well I personally can't tell if that is a man or not...ANYWAYS. Protect us!

/got nothin

gcc: Taking down a website? Not so threatening.

Agreed. It sucks, but is hardly the end of the world. There are ways to replicate content in a redundant manner (most big sites, who presumably would be targeted, already do this), so the potential for damage isn't a big deal.

Taking down a backbone router? Big problem.

Not for long. Other routers adapt and most of the data gets around the downed router. Things that route only through that router are farked, but the damage is localized. Most backbones are highly redundant.

A bigger issue would be taking down the root DNS servers, and that would only really cause major issues after a few days. Even so, the roots are all widely distributed and anycasted, so they're highly fault-tolerant.

That's not even taking into account the potential harm of compromising, say, the Justice Department's records, or emergency response communications channels.

Justice Department records are not run over the public internet, or if they are, it's over a secure VPN. Good luck with that.

I'm not aware of any emergency response communications that use the internet. Most have specifically dedicated airwaves reserved for their exclusive use.

That said, the internet is pretty resilient: with all the physical damage to infrastructure in NYC after 9/11, my girlfriend at the time (who lived in the area) was able to get messages out indicating that she was ok. Telephone and cellphone networks were horribly overloaded and calls couldn't get through, but the internet kept working.

Network providers deal with significant attacks (major DDoS attacks, for example) every day, and the vast majority of all legit traffic isn't affected. Somehow, I suspect that routine use of BitTorrent and Skype use more resources worldwide than most DDoS attacks.

I don't really think that "cyber-terrorism" is a big deal.

lahuman8
I worry about power companies, chemical plants

Let me just say this here and now. If you are a power company, an oil company, any kind of volatile chemical plant, that kind of shiat... and your production systems are in ANY way connected to a public network... fire your network admins. Nao. They are putting us all at risk with their incompetence.

/not saying that it doesn't happen
//but damn that's infuriatingly stupid

Will Zone
wow subby, you worked in Mets bashing. You know, rape is less forced then your jokes.

/ (nothing)

(nothing) Indeed

I think that Subby was referring to the way that Fark rocked the vote on the Mets page to get Rick Astley to win as a write-in vote for their 8th inning song, with Fark getting credited in TFA of the 'rickroll'.

I think was Subby was implying is that TFA about the song votes pretty much stated that the votes from Fark did not represent the true Mets fans and would be discounted.

Ergo you have, in that instance, the feeling that Mets fans considered Fark, however lightly, to be cyber-terrorists since they took down an actual vote and turned it into a joke on the Mets.

I, of course, could be mistaken, but I got subby's joke and LOL'd a bit. Individual results may vary.

How will humanity survive without websites!

heypete: Not for long. Other routers adapt and most of the data gets around the downed router. Things that route only through that router are farked, but the damage is localized. Most backbones are highly redundant.

A bigger issue would be taking down the root DNS servers, and that would only really cause major issues after a few days. Even so, the roots are all widely distributed and anycasted, so they're highly fault-tolerant.

It's almost as though, rather than a repository for lolcats and porn, it was designed to be an almost unbreakable communications network in the event of war, drawing lessons in redundancy from, amongst other sources, British and German military field communications. Weird.

When the Cylons breach your network they'll just shut down the system and take over everything. They'll barely even have to fire a shot.

Probably download lots of cool porn in the process, too.

mrexcess: lahuman8
I worry about power companies, chemical plants

Let me just say this here and now. If you are a power company, an oil company, any kind of volatile chemical plant, that kind of shiat... and your production systems are in ANY way connected to a public network... fire your network admins. Nao. They are putting us all at risk with their incompetence.

/not saying that it doesn't happen
//but damn that's infuriatingly stupid

It has nothing to do with public networks. Most hacks come from inside the company. If you have a disgruntled developer who happens to have access to CCAs and this person decides to do something bad, you are farked at least for a while. This is why background checks are very important. Depending on that persons' competence you are looking at something that gets found in a day --OR-- whenever this person decides to show nefarious people with lots of money how much control he/she has. And then you have to have people that are smart enough to realize it was a hack and not a fluke, and then have the balls/power to do a complete shutdown to prevent any further problems and eventually root out the bad developer. It's get to the point of ridiculousness when you are hiring foreign nationals to do contract work on important systems.

/yes, I work in one of the mentioned industries, and am frustrated by our security stance.

heypete:

I'm not aware of any emergency response communications that use the internet. Most have specifically dedicated airwaves reserved for their exclusive use.


Get ready for this!

The new P25 trunked radio systems use an Internet connection to check the credentials of users outside of their home system. So, if you're from Washington and there's a disaster in NYC, you can grab your radios and have them work in NYC. The stations in NYC say, "Hey, that radio's not from here." and send out a TCP request to the right home location. That home location checks the credentials and sends a response via TCP to the in-use station.

Rest well, though: "Developers should ensure that their system timing is 100% accurate, as a one-bit difference can take entire groups of radios off the network." - as best as I can remember from one of the equipment manuals.

The system is inherently flawed by its complexity.

Oh, and here's the icing:

It has to respond to all requests withing 500ms or the radios stop working. The radios can retry 5 times, then turn off in software. You have to power cycle them to get them to work.

My supervisor and I built an untraceable jammer and found holes in the way the systems work such that losing signal can convert your radio into a one-way radio. You can hear, but can't talk.

/Dragged to the carpet for questioning the system.
//Wasn't fired because the paper had an article that morning about cops being beaten up when their radios weren't working. They got saved by a bystander who called 911 on their cell phone.

Interwebs... DELETED!

She can reroute me anytime.

FTA: "We don't compete with the private sector with money. I can tell you what can motivate people is the desire to serve," he said.

This guy sounds like a commie sympathizer! This is America, it's all about competition. We fight over privatization for this very reason. If they want highly skilled people, they should expect to pay what they're worth. Otherwise, it mustn't really be all that important.

Giving up a six figure job to work for whatever the government decides to pay is the American way? Trying to exploit people in the name of patriotism isn't what this nation is about. We don't serve our government, it serves us.

I'm getting a kick out of reading this, because some bozo at our Internet provider decided on the very day of 9/11 that the new terrorism danger required sudden untested security measures be added, totally preventing access to our web servers from the Internet, and stopping our business just as well as any deliberate attacker could have.

remember when cyber terrorism was someone picking up the phone while you were on aol?

They'll pry my Fark from my cold dead fingers.

0100010: FTA: "We don't compete with the private sector with money. I can tell you what can motivate people is the desire to serve," he said.

This guy sounds like a commie sympathizer! This is America, it's all about competition. We fight over privatization for this very reason. If they want highly skilled people, they should expect to pay what they're worth. Otherwise, it mustn't really be all that important.

Giving up a six figure job to work for whatever the government decides to pay is the American way? Trying to exploit people in the name of patriotism isn't what this nation is about. We don't serve our government, it serves us.

You are right on the money. If defense contractors can scam billions from the gov't the gov't can afford to spend 2-3 times the privatized salary of the BEST CSO money can buy. It's not that farken hard to figure out in a capitalistic nation. We want the best to be working for the gubment not the mediocre that happen to kiss enough ass to move up the chain which is unfortunately the reality of the situation.

lahuman8: mrexcess: lahuman8
I worry about power companies, chemical plants

Let me just say this here and now. If you are a power company, an oil company, any kind of volatile chemical plant, that kind of shiat... and your production systems are in ANY way connected to a public network... fire your network admins. Nao. They are putting us all at risk with their incompetence.

/not saying that it doesn't happen
//but damn that's infuriatingly stupid

It has nothing to do with public networks. Most hacks come from inside the company. If you have a disgruntled developer who happens to have access to CCAs and this person decides to do something bad, you are farked at least for a while. This is why background checks are very important. Depending on that persons' competence you are looking at something that gets found in a day --OR-- whenever this person decides to show nefarious people with lots of money how much control he/she has. And then you have to have people that are smart enough to realize it was a hack and not a fluke, and then have the balls/power to do a complete shutdown to prevent any further problems and eventually root out the bad developer. It's get to the point of ridiculousness when you are hiring foreign nationals to do contract work on important systems.

/yes, I work in one of the mentioned industries, and am frustrated by our security stance.

IDS can't fix wetware

As a veteran, about three times a year I get the letter from the VA that says, "Hey, dude, we lost your Social Security Number. Again." And then says that I and over 200,000 others are in the same boat. How did that happen? Some loser lost a laptop, that's how. Cyber-terrorists don't really have to DO anything but wait for the guvmint's systems to eat themselves. Hiring America's best & brightest is just a stop-gap to defend us from our dumbest & slowest.

/Cyber-terrorist? Cyber-entropist.

Cup O' Joe Lieberman cowers in fear and kisses his love goodbye.

Premeditated_Road_Rage: Will Zone
wow subby, you worked in Mets bashing. You know, rape is less forced then your jokes.

/ (nothing)

(nothing) Indeed

I think that Subby was referring to the way that Fark rocked the vote on the Mets page to get Rick Astley to win as a write-in vote for their 8th inning song, with Fark getting credited in TFA of the 'rickroll'.

I think was Subby was implying is that TFA about the song votes pretty much stated that the votes from Fark did not represent the true Mets fans and would be discounted.

Ergo you have, in that instance, the feeling that Mets fans considered Fark, however lightly, to be cyber-terrorists since they took down an actual vote and turned it into a joke on the Mets.

I, of course, could be mistaken, but I got subby's joke and LOL'd a bit. Individual results may vary.

Did we actually do that? Did that get done?
/contributor

As it's been for the last 15 years, this stuff is 10% real and 90% noise calculated to scare people and create money making opportunities for the people doing the scaring.

In this case, dude's trying to justify the existence of his department.

Cyber-terrorism... the term makes me laugh.

Here's the latest street-side video of the Capture-The-Torch games in San Francisco: Link

As it's been for the last 15 years, this stuff is 1% real and 99% noise calculated to scare people and create money making opportunities for the people doing the scaring.

This This This This This This This This This This This This This This This This This This This This This This This This This This This This This This This This This This This This This This This This This This This This This This This This

Hackers aren't stupid enough to fark with things like the grid, hospitals and utilities because the day that someone brings down something major through a hacking attack is the day that the wild west style web comes to a shattering halt.

At least, thats why the smart ones who can work in teams don't do that crap. I'm sure tons of script kiddies attempt to 'hack' these major networks every year and get mocked by the sophisticated defense systems.