But, as far as we know, nobody died as a result of the DDOS attack. One news service described the attacks as "no more harmful than spam'" (CBC)
So far, we've been lucky.
Code discovered in the American power grid two years ago could have interfered with the power supply. (CNN) If there is no change in the status quo, I'd be surprised if, in the next decade, somebody doesn't manage to take down America's power grid, or another part of our infrastructure.
Sneak Peek at Power Grid Failure: 1995, Chicago
If the power grid was compromised in, say, July, we could see results similar to Chicago's 1995 heat wave, where about 600 or 700 people died. (Annals of Internal Medicine, The New England Journal of Medicine) That time, Chicago had power, but it was really hot."...From July 12 through July 16, 1995, in Chicago, the maximal and minimal temperatures reached unprecedented highs, and the high temperatures were accompanied by extremes of relative humidity...." (The New England Journal of Medicine)A more conventional academic approach to the disaster says that it wasn't the heat. Someone wrote a book saying that not having enough government services, and apathy, were at least partly to blame. (University Press, Chicago)
So the Heat Index is 100 and the Power Goes Out: How Bad Could That Be?
If malicious software took down a large part of America's power grid in July or August, my household would be inconvenienced, but we'd be okay. We live in a small town in central Minnesota. Even if it was a hot, sticky week, we could move into the basement, wrap the freezer in blankets, and wait it out.I'm pretty sure that most people living in cities wouldn't have that option. There's only so much room in the basement of high-rise apartments.
Finger-Pointing Knows No Borders
Meanwhile, in South Korea, the comparatively routine sequence of claims that the country's intelligence agency didn't see the attacks coming, that it did, but that the rest of the government didn't do something, and so on, are making their way through the press. (The Korea Times, The Korea Herald)Cyber-Attacks: Business-as-Usual, Feel-Good Solutions, and Thinking for the Long Haul
The CNN article I'm using for an example is in their "World Business" section, so the emphasis on the criminal aspect of malicious activity on the Internet is somewhat understandable.It's a Crime
However, it impressed me how the article stressed how events like the cyber-attacks on American and South Korean government targets were compared to identity theft and similar for-profit actions against individuals and businesses:"The death of Michael Jackson and Internet attacks in the United States and South Korea share a cyber-crime connection...."That third reference was in the fourth-to-last paragraph, right after a brief discussion of the hazards that a hotel's Web page might pose.
"...The fake Michael Jackson snares and the large-scale attack in South Korea illustrate the pipeline of cyber crime...."
"...Internet crime has evolved from the vandalism of early worms to schemes to bilk users out of personal information and cash. Now there are more incidents like the cyber attack in South Korea and Washington, which nation-states can use in military or political conflicts...." (CNN) [emphasis mine]
I'll heartily agree that an attempt to get someone's credit card number, and an attempt to read classified information or bring down a military information network are both activities which are both not good.
But, although the latter is, in a sense, "criminal," I think it is a mistake to treat the creation of phony Michael Jackson fan sites and assaults on a government's information system as equivalent activities.
America had a long record of treating terrorist attacks as essentially criminal matters in 1993, when Sheikh Omar Abdel-Rahman masterminded the first attack on New York City's World Trade Center. Arguably, it took another, more successful, attack in 2001 to jolt some of America's leaders into accepting the idea that the jihad against the West was more than an unconnected series of criminal acts.
From the looks of things, quite a few people have yet to make the connection, when it comes to attacks on our information system.
Okay, Let's Say These Attacks are Attacks, Now What?
I discussed an emotionally satisfying but debatably sensible argument for retaliation in kind yesterday. (July 10, 2009)Briefly: An op-ed writer had, I think correctly, said that a purely defensive posture against cyber-attacks was imprudent; He then proposed retaliating with a similar attack against North Korea's information systems.
Even assuming that there's reasonable proof that North Korea is the source of the recent attacks - and I think they're the leading suspect - I am not at all convinced that a 'tit for tat' approach would work. Yesterday, I suggested blocking all information access to North Korea as a means of dealing with the immediate issue of protecting our information systems.
After that, short of a 'Nuke Pyongyang' approach, there isn't an obvious solution to the problem of what to do with North Korea's leaders. It's difficult to see what would affect the policies of a country whose leaders give every indication of being unresponsive both to the opinions of the world's nations and to the needs of their subjects.
If nothing changes, I fear that military force will be needed. On the other hand, considering the age of North Korea's leaders, we can wait for Kim Jong Il and some of the top generals to die: and hope that the dynasty's next generation is a little more interested in the welfare of North Koreans.
We Need More San Marinos and Fewer North Koreas
In the long run, I think many problems we have with criminal activity on the Internet will be more easily solved when there are more nations like Brunei, Japan, San Marino and Singapore: with healthy economies, literacy rates in the nineties, and a vested interest in protecting individuals and businesses from criminal activity as well as terrorism.But that's getting somewhat beyond the scope of this blog.
Related posts:
- "Cyber-Attack Started July Fourth: Common Sense, Security, and the War on Terror"
(July 10, 2009) - "Tiananmen Square 20th Anniversary: A Losing Battle for Traditional Information Gatekeepers"
(June 3, 2009) - "Pentagon Computers Hacked - Joint Strike Fighter Project Data This Time"
(April 21, 2009) - "Cyberspy Network Hacked 103 Countries' Systems"
(March 29, 2009) - "Marine One Plans in Tehran - File Sharing Software and Sloppiness"
(March 1, 2009) - "McCain Campaign BlackBerrys Sold at Bargain-Basement Prices - Confidential Data Included: What's the Matter With People These Days?!"
(December 15, 2008) - "Worm Spreading Fast in Pentagon Computers: (not) in the News"
(November 21, 2008) - "Pentagon Hacked, Removable Media Banned: Cyberattack Hits American Military"
(November 20, 2008) - "International Monetary Fund Allegedly Hacked - And It's Not News"
(November 14, 2008) - "White House Computers Hacked, Probably by China: News That's Not Fit to Print?"
(November 9, 2008) - "World Bank Under Cyberattack? Surprise!"
(November 2, 2008) - "World Bank Group Network Hacked; Chinese IPs Used: Just What We Need"
(October 10, 2008) - "DC Gun Ban, Online Censorship, Individual Rights, and Power to the People"
(June 27, 2008) - "The War on Terror? This May be The War For Freedom"
(March 18, 2008)- Consumer electronics from China arrive pre-infected
- "Deterrence in Cyberspace: This Just Might Work"
(March 18, 2008) - "FISA, the Patriot Act, and the Protect America Act: Who's Protecting Whom from Whom?"
(March 13, 2008) - "PAA is Poo, and Kaput: Or, Who Should Congress be Protecting Americans From?"
(February 23, 2008) - "Hacked Police Website: Get Used to This"
(February 21, 2008) - "It's Not Both Sides: It's All Sides"
(September 4, 2007)
- "Credibility of S. Korean Spy Agency in Doubt"
The Korea Times (July 11, 2009) - "Seoul suffers fallout from cyber attacks"
The Korea Herald, via asiaone digital (July 11, 2009) - ""
The Associated Press (July 11, 2009) - "Cyber attacks touching celebrities, governments"
CNN (July 10, 2009) - "U.S., South Korean cyber attacks no more harmful than spam, experts say"
CBC (July 10, 2009)
- "Near-Fatal Heat Stroke during the 1995 Heat Wave in Chicago"
Annals of Internal Medicine (August 1, 1998) - "Heat-Related Deaths during the July 1995 Heat Wave in Chicago"
The New England Journal of Medicine (July 11, 1996)
No comments:
Post a Comment