Follow Slashdot stories on Twitter


Forgot your password?
Take advantage of Black Friday with 15% off sitewide with coupon code "BLACKFRIDAY" on Slashdot Deals (some exclusions apply)". ×

The Global Struggle To Prevent Cyberwar 57

blottsie writes: What constitutes war in the 21st century? In an age of almost constant cyberattacks against major corporations and world governments, the consensus among international-law experts is clear: Nobody knows. This sweeping Daily Dot investigation explores the ongoing struggle to define "cyberwar," the increasing geopolitical aggression in cyberspace, and the major players now attempting to write the rules of online battlefields before it's too late.

"Technical experts and legal scholars repeatedly stress that the idea of a 'cyber Pearl Harbor'—a devastating sneak attack on U.S. infrastructure by a powerful state actor that launched a sustained international conflict—is wildly overblown. Right now, Watts said, 'states bite at one another’s ankles in a way to impede progress or to harass them,' but 'as for the likelihood of a major cyber war, I would rate it pretty low.'

Cyber armageddon may be extremely unlikely, but the many attacks below the level of formal armed conflict have still extracted a staggering price, in both economic and political terms. ... For starters, cyber-arms control is effectively hopeless. There’s no point, experts say, in trying to contain the spread of offensive cyber technology. Instead, the best hope for international law is to focus on reducing the incentives for malicious behavior."

Professional Russian Trolling Exposed 276

An anonymous reader writes: Today the New York Times published a stunning exposé revealing the strategies used by one of the Web's greatest enemies: professional, government-backed "internet trolls." These well-paid agent provocateurs are dedicated to destroying the value of the Internet as an organizing and political tool. The trolling attacks described within are mind-boggling -- they sound like the basis of a Neal Stephenson novel as much as they do real life -- but they all rely on the usual, inevitable suspects of imperfect security and human credulity.
The Military

In North Korea, Hackers Are a Handpicked, Pampered Elite 102 writes: Ju-Min Park and James Pearson report at Reuters that despite its poverty and isolation, North Korea has poured resources into a sophisticated cyber-warfare cell called Bureau 121, staffed by some of the most talented, and rewarded, people in North Korea, handpicked and trained from as young as 17. "They are handpicked," says Kim Heung-kwang, a former computer science professor in North Korea who defected to the South in 2004. "It is a great honor for them. It is a white-collar job there and people have fantasies about it." The hackers in Bureau 121 were among the 100 students who graduate from the University of Automation each year after five years of study. Over 2,500 apply for places at the university, which has a campus in Pyongyang, behind barbed wire.

According to Jang Se-yul, who studied with them at North Korea's military college for computer science, the Bureau 121 unit comprises about 1,800 cyber-warriors, and is considered the elite of the military. As well as having salaries far above the country's average, they are often gifted with good food, luxuries and even apartments. According to John Griasafi, this kind of treatment could be expected for those working in the elite Bureau. "You'd have to be pretty special and well trusted to even be allowed on email in North Korea so I have no doubt that they are treated well too." Pyongyang has active cyber-warfare capabilities, military and software security experts have said. In 2013, tens of thousands of computers were made to malfunction, disrupting work at banks and television broadcasters in South Korea. "In North Korea, it's called the Secret War," says Jang.

How the Code War Has Replaced the Cold War 79

An anonymous reader writes "After years on the defensive, governments are building their own offensive capabilities to deliver digital attacks against their enemies. It's all part of a secret arms race, where countries spend billions of dollars to create stockpiles of digital weapons and zero-day flaws. But is this making us any safer, or putting us and the internet at risk? 'Estonia is a small state with a population of just 1.3 million. However, it has a highly-developed online infrastructure, having invested heavily in e-government services, digital ID cards, and online banking. ... The attacks on Estonia were a turning point, proving that a digital bombardment could be used not just to derail a company or a website, but to attack a country. Since then, many nations have been scrambling to improve their digital defenses -- and their digital weapons. While the attacks on Estonia used relatively simple tools against a small target, bigger weapons are being built to take on some of the mightiest of targets.'"
The Military

S. Korea's Cyberwar Against N. Korea's Nukes 57

An anonymous reader writes "Yonhap News Agency reports that South Korea has announced it is developing offensive cyber-capabilities to target North Korea's nuclear facilities. Yonhap speculates the tools will be similar to the Stuxnet computer virus the U.S. used against Iran's uranium enrichment program. A report in The Diplomat questions this assertion, noting that a Stuxnet-like virus would only temporarily disrupt Pyongyang's ability to build more nuclear weapons, while doing nothing to address its existing ones. Instead, The Diplomat suggests Seoul is interested in developing cyber-capabilities that temporarily disable North Korea's ability to launch nuclear missiles, which would be complement Seoul's efforts to develop precision-guided missiles to preemptively destroy Pyongyang's nuclear and missile facilities."

In an Age of Cyber War, Where Are the Cyber Weapons? 94

chicksdaddy writes "MIT Tech Review has an interesting piece that asks an obvious, but intriguing question: if we're living in an age of cyber warfare, where are all the cyber weapons? Like the dawn of the nuclear age that started with the bombs over Hiroshima and Nagasaki, the use of the Stuxnet worm reportedly launched a global cyber arms race involving everyone from Syria to Iran and North Korea. But almost four years after it was first publicly identified, Stuxnet is an anomaly: the first and only cyber weapon known to have been deployed. Experts in securing critical infrastructure including industrial control systems are wondering why. If Stuxnet was the world's cyber 'Little Boy,' where is the 'Fat Man'? Speaking at the recent S4 Conference, Ralph Langner, perhaps the world's top authority on the Stuxnet worm, argues that the mere hacking of critical systems is just a kind of 'hooliganism' that doesn't count as cyber warfare. True cyber weapons capable of inflicting cyber-physical damage require extraordinary expertise. Stuxnet, he notes, made headlines for using four exploits for "zero day" (or previously undiscovered) holes in the Windows operating system. Far more impressive was the metallurgic expertise needed to understand the construction of Iran's centrifuges. Those who created and programmed Stuxnet needed to know the exact amount of pressure or torque needed to damage aluminum rotors within them, sabotaging the country's uranium enrichment operation."
The Military

Iranians, Russians, and Chinese Hackers Are After You, Says Lawmaker 211

Velcroman1 writes "The House Intelligence Committee is warning that 'time is running out' before the next major cyberattack: The Russians, Iranians, Chinese, and others are likely already on your computer. 'You have criminal organizations trying to get into your personal computer and steal your personal stuff. And by the way, the Chinese are probably on your computer, the Russians are probably on your personal computer, the Iranians are already there,' House Intelligence Committee chairman Mike Rogers (R.-MI) said. 'They're trying to steal things that they think are valuable or use your computer to help them steal from someone else,' he said. 'That's a real problem.'"

If You're a Foreigner Using GPS In China, You Could Be a Spy 219

tedlistens writes "China has accused Coca Cola of espionage for its 'illegal mapping,' allegedly with the use of GPS 'devices with ultra high sensitivity.' On its face the case looks like yet another example of China's aggressive sensitivity about its maps, no doubt heightened by its ongoing fracas with the U.S. over cyberwar. Li Pengde, deputy director of the National Administration of Surveying, Mapping and Geoinformation, said during a radio interview on Tuesday that the Coca Cola case was only one of 21 similar cases involving companies using GPS devices in Yunnan to 'illegally obtain classified information.' According to Chinese authorities, geographical data can be used by guided missiles to strike key military facilities — a concern that one GPS expert says is overblown at a time when the U.S. government already has high-precision satellite maps of China. Nevertheless, Chinese law dictates that foreigners, be they companies or individuals, are prohibited from using highly-sensitive GPS equipment in China."

Bruce Schneier: A Cyber Cold War Could Destabilize the Internet 124

moon_unit2 writes "In an op-ed piece over at Technology Review, Bruce Schneier says that the cyber espionage between the U.S., China, and other nations, has been rampant for the past decade. But he also worries that the media frenzy over recent attacks is fostering a new kind of Internet-nationalism and spurring a cyber arms race that has plenty of negative side-effects for the Internet and its users. From the piece: 'We don't know the capabilities of the other side, and we fear that they are more capable than we are. So we spend more, just in case. The other side, of course, does the same. That spending will result in more cyber weapons for attack and more cyber-surveillance for defense. It will result in move government control over the protocols of the Internet, and less free-market innovation over the same. At its worst, we might be about to enter an information-age Cold War: one with more than two "superpowers." Aside from this being a bad future for the Internet, this is inherently destabilizing.'"

James Bond Film Skyfall Inspired By Stuxnet Virus 187

Velcroman1 writes "No smartphones. No exploding pens. No ejector seats. No rocket-powered submarines. 'It's a brave new world,' gadget-maker Q tells James Bond in the new film Skyfall. The new film, released on the 50th anniversary of the storied franchise, presents a gadget-free Bond fighting with both brains and brawn against a high-tech villain with computer prowess Bill Gates would be envious of. What inspired such a villain? 'Stuxnet,' producer Michael G. Wilson said. 'There is a cyberwar that has been going on for some time, and we thought we'd bring that into the fore and let people see how it could be going on.'"
The Military

Iran's High Tech Copycat War Against the West: Drones and Cyberwar 159

An anonymous reader writes "Iran and its nuclear program seem to be getting all the headlines. Yet, Iran has found a way to respond to western cyber attacks such as Stuxnet, drone surveillance and targeted assassinations; they've decided to respond in kind. Iran has launched its own cyber attacks on U.S. banks via denial-of-service attacks. Iranian drones recently were used to spy on Israeli nuclear facilities. Cyberweapons were also used against Saudi oil facilities. The goal: to make sure the west, specifically the United States, knows that Iran does have the tools to strike back. While Iran does not have a world-class military like the United States, it does have the capabilities to cause damage if it wants to. With Iran taking to cyberspace and drones, it shows such technology is not just under the control of the U.S. Iran has been careful, though, not to escalate the conflict. The risk: what if the plan backfires and goes beyond its intended scope?"

Obama's Portrait of Cyberwar Isn't Complete Hyperbole 240

pigrabbitbear writes "It's hard to imagine what cyberwarfare actually looks like. Is it like regular warfare, where two sides armed with arsenals of deadly weapons open fire on each other and hope for total destruction? What do they fire instead of bullets? Packets of information? Do people die? Or is it not violent at all — just a bunch of geeks in uniforms playing tricks on each other with sneaky code? Barack Obama would like to clear up this question, thank you very much. In an op-ed published in the Wall Street Journal the president voiced his support for the Cybersecurity Act of 2012 now being considered by the Senate with the help of a truly frightening hypothetical: 'Across the country trains had derailed, including one carrying industrial chemicals that exploded into a toxic cloud,' Obama wrote, describing a nightmare scenario of a cyber attack. 'Water treatment plants in several states had shut down, contaminating drinking water and causing Americans to fall ill.' All because of hackers!"
The Military

Defense Expert: Hire Hackers and Wage War 157

Phoghat writes "A top defense and cybersecurity expert says the U.S. should stop trying to take aim at expert hackers and start doing a better job of recruiting them. 'Let's just say that in some places you find guys with body piercings and nonregulation haircuts,' says U.S. Naval Postgraduate School professor John Arquilla . 'But most of these sorts of guys can't be vetted in the traditional way. We need a new institutional culture that allows us to reach out to them.'"
The Military

Pentagon Contractors Openly Post Job Listings For Offensive Hackers 149

Sparrowvsrevolution writes "In the wake of confirmation that the U.S. government was involved in the creation of Stuxnet and likely Flame, a look over job listings on defense contractor sites shows just how explicitly the Pentagon and the firms that service it are recruiting offense-oriented hackers. Northrop Grumman, Raytheon, Lockheed Martin, SAIC, and Booz Allen have all posted job ads that require skills like 'exploit development,' have titles like 'Windows Attack Developer,' or asks them to 'plan, execute, and assess an Offensive Cyberspace Operation.'"

Americans More Worried About Cybersecurity Than Terrorism 266

TheGift73 tips an article discussing a new study (PDF) which found Americans are now more worried about cybersecurity threats than they are about terrorism. Here's Techdirt's acerbic take: "Well, it looks like all the fearmongering about hackers shutting down electrical grids and making planes fall from the sky is working. No matter that there's no evidence of any actual risk, or that the only real issue is if anyone is stupid enough to actually connect such critical infrastructure to the internet (the proper response to which is: take it off the internet), fear is spreading. Of course, this is mostly due to the work of a neat combination of ex-politicians/now lobbyists working for defense contractors who stand to make a ton of money from the panic — enabled by politicians who seem to have no shame in telling scary bedtime stories that have no basis in reality."

We all agree on the necessity of compromise. We just can't agree on when it's necessary to compromise. -- Larry Wall