[Infowarrior] - So-called cyberattack was overblown

Richard Forno rforno at infowarrior.org
Mon Jul 13 11:17:43 UTC 2009 

So-called cyberattack was overblown
by Bruce Schneier
July 13, 2009
http://minnesota.publicradio.org/display/web/2009/07/10/schneier/
To hear the media tell it, the United States suffered a major  
cyberattack last week. Stories were everywhere. "Cyber Blitz hits  
U.S., Korea" was the headline in Thursday's Wall Street Journal. North  
Korea was blamed.

Where were you when North Korea attacked America? Did you feel the  
fury of North Korea's armies? Were you fearful for your country? Or  
did your resolve strengthen, knowing that we would defend our homeland  
bravely and valiantly?

My guess is that you didn't even notice, that - if you didn't open a  
newspaper or read a news website - you had no idea anything was  
happening. Sure, a few government websites were knocked out, but  
that's not alarming or even uncommon. Other government websites were  
attacked but defended themselves, the sort of thing that happens all  
the time. If this is what an international cyberattack looks like, it  
hardly seems worth worrying about at all.

Politically motivated cyber attacks are nothing new. We've seen U.K.  
vs. Ireland. Israel vs. the Arab states. Russia vs. several former  
Soviet Republics. India vs. Pakistan, especially after the nuclear  
bomb tests in 1998. China vs. the United States, especially in 2001  
when a U.S. spy plane collided with a Chinese fighter jet. And so on  
and so on.

The big one happened in 2007, when the government of Estonia was  
attacked in cyberspace following a diplomatic incident with Russia  
about the relocation of a Soviet World War II memorial. The networks  
of many Estonian organizations, including the Estonian parliament,  
banks, ministries, newspapers and broadcasters, were attacked and --  
in many cases -- shut down. Estonia was quick to blame Russia, which  
was equally quick to deny any involvement.

It was hyped as the first cyberwar, but after two years there is still  
no evidence that the Russian government was involved. Though Russian  
hackers were indisputably the major instigators of the attack, the  
only individuals positively identified have been young ethnic Russians  
living inside Estonia, who were angry over the statue incident.

Poke at any of these international incidents, and what you find are  
kids playing politics. Last Wednesday, South Korea's National  
Intelligence Service admitted that it didn't actually know that North  
Korea was behind the attacks: "North Korea or North Korean  
sympathizers in the South" was what it said. Once again, it'll be kids  
playing politics.

This isn't to say that cyberattacks by governments aren't an issue, or  
that cyberwar is something to be ignored. The constant attacks by  
Chinese nationals against U.S. networks may not be government- 
sponsored, but it's pretty clear that they're tacitly government- 
approved. Criminals, from lone hackers to organized crime syndicates,  
attack networks all the time. And war expands to fill every possible  
theater: land, sea, air, space, and now cyberspace. But cyberterrorism  
is nothing more than a media invention designed to scare people. And  
for there to be a cyberwar, there first needs to be a war.

Israel is currently considering attacking Iran in cyberspace, for  
example. If it tries, it'll discover that attacking computer networks  
is an inconvenience to the nuclear facilities it's targeting, but  
doesn't begin to substitute for bombing them.

In May, President Obama gave a major speech on cybersecurity. He was  
right when he said that cybersecurity is a national security issue,  
and that the government needs to step up and do more to prevent  
cyberattacks. But he couldn't resist hyping the threat with scare  
stories: "In one of the most serious cyber incidents to date against  
our military networks, several thousand computers were infected last  
year by malicious software -- malware," he said. What he didn't add  
was that those infections occurred because the Air Force couldn't be  
bothered to keep its patches up to date.

This is the face of cyberwar: easily preventable attacks that, even  
when they succeed, only a few people notice. Even this current  
incident is turning out to be a sloppily modified five-year-old worm  
that no modern network should still be vulnerable to.

Securing our networks doesn't require some secret advanced NSA  
technology. It's the boring network security administration stuff we  
already know how to do: keep your patches up to date, install good  
anti-malware software, correctly configure your firewalls and  
intrusion-detection systems, monitor your networks. And while some  
government and corporate networks do a pretty good job at this, others  
fail again and again.

Enough of the hype and the bluster. The news isn't the attacks, but  
that some networks had security lousy enough to be vulnerable to them.

Bruce Schneier is a security technologist. His latest book is  
"Schneier on Security."

More information about the Infowarrior mailing list