US and Russia Open Talks On Limits To Cyberwar 80
andy1307 passes on this from the NY Times: "The United States has begun talks with Russia and a United Nations arms control committee about strengthening Internet security and limiting military use of cyberspace. American and Russian officials have different interpretations of the talks so far, but the mere fact that the United States is participating represents a significant policy shift after years of rejecting Russia's overtures. Officials familiar with the talks said the Obama administration realized that more nations were developing cyberweapons and that a new approach was needed to blunt an international arms race ... While the Russians have continued to focus on treaties that may restrict weapons development, the United States is hoping to use the talks to increase international cooperation in opposing Internet crime. Strengthening defenses against Internet criminals would also strengthen defenses against any military-directed cyberattacks, the United States maintains."
Here's a good first step ... (Score:5, Insightful)
Now, some of you may think that I'm picking on Chinese vendors
Re: (Score:2)
Actually, do not need to go that far. (Score:2)
Re: (Score:2, Interesting)
Stop buying networking hardware from China, and build (or re-build) domestic suppliers of such equipment. That applies to any nation that wants to maintain security: China has been abusing its position as a dominant hardware supplier for some time now. You can have all the network security in place that money can buy, but if the Internet-facing defenses have been compromised from the manufacturer you're pretty much screwed. Too much untrustworthy modified firmware has been coming out of China lately for me to place any faith in it. Well, all right ... I suppose that if the boards are made in China but a domestic vendor supplies the firmware locally it would be okay ... but that's not how it usually works.
Now, some of you may think that I'm picking on Chinese vendors ... and I am, but the criticism is well-deserved in this case. Not that I believe the individual manufacturers are doing this of their own accord, necessarily. But there's a lot of intrusion attempts coming out of that country, and you can bet the people behind it look at selling compromised hardware to other countries as a legitimate tool. How many of those attempts are successful because a firewall or router has hidden code in it I suppose we'll never know.
Stop buying networking hardware from China, and build (or re-build) domestic suppliers of such equipment. That applies to any nation that wants to maintain security: China has been abusing its position as a dominant hardware supplier for some time now. You can have all the network security in place that money can buy, but if the Internet-facing defenses have been compromised from the manufacturer you're pretty much screwed. Too much untrustworthy modified firmware has been coming out of China lately for me to place any faith in it. Well, all right ... I suppose that if the boards are made in China but a domestic vendor supplies the firmware locally it would be okay ... but that's not how it usually works.
Now, some of you may think that I'm picking on Chinese vendors ... and I am, but the criticism is well-deserved in this case. Not that I believe the individual manufacturers are doing this of their own accord, necessarily. But there's a lot of intrusion attempts coming out of that country, and you can bet the people behind it look at selling compromised hardware to other countries as a legitimate tool. How many of those attempts are successful because a firewall or router has hidden code in it I suppose we'll never know.
Stop buying networking hardware from China, and build (or re-build) domestic suppliers of such equipment. That applies to any nation that wants to maintain security: China has been abusing its position as a dominant hardware supplier for some time now. You can have all the network security in place that money can buy, but if the Internet-facing defenses have been compromised from the manufacturer you're pretty much screwed. Too much untrustworthy modified firmware has been coming out of China lately for me to place any faith in it. Well, all right ... I suppose that if the boards are made in China but a domestic vendor supplies the firmware locally it would be okay ... but that's not how it usually works.
Now, some of you may think that I'm picking on Chinese vendors ... and I am, but the criticism is well-deserved in this case. Not that I believe the individual manufacturers are doing this of their own accord, necessarily. But there's a lot of intrusion attempts coming out of that country, and you can bet the people behind it look at selling compromised hardware to other countries as a legitimate tool. How many of those attempts are successful because a firewall or router has hidden code in it I suppose we'll never know.
I think we should blame ourselves for allowing them to have control over it. The factories might be crap and there might be poeple wishing to take advantage of it... If our pcps were build in our own region we wouldnt have this problem. But I dont think it depends on us?..
Re: (Score:2)
Given your quoting meltdown, I think its fairly certain you should blame yourself for lack of control.
Either that or the Chinese have a wicked sense of humor....
Re: (Score:1)
Are you having file system problems?
It looked like the post was preceded and followed by the post.
Re:Here's a good first step ... (Score:4, Insightful)
Too much untrustworthy modified firmware has been coming out of China lately for me to place any faith in it.
Citation needed.
I don't doubt this is possible, but a network component manufacturer having product built in China is probably able to tell if the unit is not to spec.
China uses commodity chips, (some of which is also manufactured in China) but the finished product has to run the home manufacturer's software.
The assumption that the engineers that designed it couldn't tell if the the design has been altered and back doors inserted seems a bit of a hyperventilation to me.
Re: (Score:3, Insightful)
Besides, the whole idea is completely missing the point. Cyberwar cannot be limited the way nuclear arms can, because a civilian attack is not fundamentally different froma military one: unlike with nuclear weapons, the civilians have access to all the tools and knowledge the military does. Oh, and their motivations don't fundamentally alter the approach they take. It's like bankrobbers routinely nuking cities.
If a 100k botnet attacks your site, how do you determine if they're the Russian military or a bore
Re: (Score:3, Funny)
var attacker = (benefitToForeignPolicyAgenda (russianMilitary) >= benefitToForeignPolicyAgenda (boredTeenager)) ? russianMilitary : boredTeenager;
Re: (Score:1)
Citation needed.
Slashdot | Feds Seize $78M of Bogus Chinese Cisco Gear [slashdot.org]
Slashdot | FBI Says Military Had Counterfeit Cisco Routers [slashdot.org]
Modding "Disagree" is censorship. A rational rebuttal makes Slashdot better.
Modding "Disagree" is not censorship. It's an important tool to safeguard other readers from thinking your post was anywhere near "Insightful." If you really thought the original post required citations, why not add them yourself? Or better yet, why not edit your post now that you have some. Maybe Slashdot should add a "Dangerously Ignorant" or "Falsely Claims that a Different Opinion Lack
Re: (Score:2)
Bogus does not mean back-doored.
You not only attempted to change the meaning of the thread from a strategic subversion of embedded technology to simple economic piracy. Simple piracy is not cyberwarfare, its not even a precursor of cyberwarfare.
If you are going to get on you high-horse and preach about the moderation system at least have the courage to keep the discussion focused. These drive by link dumps of non germane slashdot postings do not prove your point (if you had one) and do not prove the conte
Re: (Score:1)
If you think that gray market products are inherently trustworthy, and that it's safe for the FBI to buy product A and unknowingly use product B instead (even though it could turn out to be an exact duplicate of product A), then I don't have the time right now to explain how those link are relevant to the parent post.
Re: (Score:2)
I didn't say they were inherently trustworthy. Again stop putting your words in my mouth.
I said counterfeit products are not cyber warfare. That is the topic of this story after all.
If the FBI or the ARMY security relies on knowing who manufactured and item, then they are not doing their job.
Re: (Score:2)
Sooner or later developed countries will realize this arrogance will backfire. If anyone is looking for a solution for a real security, it's hidden under understanding every human being living on this planet have t
Re: (Score:2)
If anyone is looking for a solution for a real security, it's hidden under understanding every human being living on this planet have the same rights as you have. Once you realize this fact, whoever produces these products will lose its meaning, and you won't waste your time to build machines that kill others.
Nonsense. Every human being doesn't have the same rights that I do. Sure, it'd be nicer, if they did.
Re: (Score:2)
Re: (Score:2, Insightful)
Why do you think that is so? We are all the same, yet some countries are in such peril. It isn't because the people are stupid, or lack any qualities anyone else might have. There is only one thing that dominates these countries, and it's closer to home than you would think. International business, in bed with finance, with a stranglehold on government and "journalism". Who is to investigate, when all of the investigators are employees of the entity they are supposed to investigate?
Fortunately the tradition
Re: (Score:1)
Living in a country with more nukes than any other? Did I win?
Re: (Score:2)
Re: (Score:2)
Of course everyone has the same rights as you do. What people may not have is the same liberties.
That's a distinction not worth making in my view. If you "have" the rights, but you don't have the liberties, then you don't really have the rights.
Re: (Score:2)
State Actors have the resources to cause chaos with or without hardware exploits.
It'd be nice to not have backdoors into the routers, but when some guy in England can hack into
classified databases over a 56K modem... there are much simpler problems that need addressing.
"In Soviet Russia..." (Score:2, Funny)
Re: (Score:1)
In Soviet Russia, cyber war limits talks?
Re: (Score:3, Funny)
Re:"In Soviet Russia..." (Score:5, Funny)
Putin: So.. then... I open my secret caves..
Obama: I didn't know you had a cave right there..
Putin: It's a wet one... for our underwater missile carriers..
Obama: Mmmmm my missile carrier is pretty long. My engineers are making it longer as I speak.
Putin: Once we reach the open ocean, all under water.. I launch my missile...
Obama: Make it glow, show me the money shot baby...
Putin: And it explodes, all over Norway... in mesmorizing blue light...
Obama: Oh baby... you almost really tore a new hole there, up in the atmosphere
Putin: The explosion was, sadly, premature
Obama: That's ok, I understand.
Re: (Score:2, Funny)
Re: (Score:1)
Thank you.
This just made my day simultaneously funnier and more disgusting.
Re:"In Soviet Russia..." (Score:5, Funny)
Ah, I just can't do it. Can somebody else say it?
In Soviet Russia, meme fails you?
ACTA (Score:3, Insightful)
Now we know why ACTA is a secret treaty...
Internet crime? (Score:2, Insightful)
Re: (Score:2)
Re: (Score:1)
Reliable infrastructure.... (Score:3, Insightful)
Plus, other than attacks on military infrastructure, the coming diversity of OSes, CPU platforms, and networks would make attacks on civilian devices nearly impossible. You might be able to write an iPhone worm, but you wouldn't be able to write an iPhone/Android/Java/BREW worm that attacks anyone on any cell network. That worm would also not work on a PC running Windows/OS X/Linux/BSD. And the diversity in browsers make exploit-based attacks even harder. It used to be you could attack the weak IE browser and get 90% of web surfers, now you would only get slightly more than half, and you would need to attack Firefox (both 3.0 and 3.5 along with perhaps older versions), Safari, Chrome, Opera and many smaller browsers.
In short, cyber warfare is a possibility on infrastructure and is quickly approaching impossible on large amounts of devices.
Re: (Score:2)
>>You might be able to write an iPhone worm, but you wouldn't be able to write an iPhone/Android/Java/BREW worm that attacks anyone on any cell network. That worm would also not work on a PC running Windows/OS X/Linux/BSD.
Dude it's called snowcrash.
Re: (Score:2, Insightful)
I'm guessing he was born in the wrong decade to have read snowcrash. I'm also guessing he doesn't understand how cyberwarfare has already been used in warfare, both hot and cold, with quite positive effects.
I remember when 6" of air made something safe. It's downright scary how much of what we use and rely on is internet facing. Maybe, soon enough, the securty decision will factor into the engineering decision.
Re: (Score:3, Insightful)
I really don't see the point in "cyber warfare" other than small-scale attacks on a certain site or ISP, a large scale plan could never fully work because any country could simply switch to basically a huge local network. Would it be hard? Yes. Is it able to be done? Yes.
I think your post betrays a surprising amount of naivete. The Internet is, by definition, international. The amount of foreign transacting that would be decimated by switching to "basically a huge local network" is unfathomable. The Interne
Corroboration? (Score:5, Insightful)
How the heck are you going to limit military use? This isn't like nukes where there are facilities to visit. I can't help but think that language is just smokescreen for the public, and this is really about cooperation on policing the internet. (Cue more secret talks ala ACTA.)
Big mistake (Score:3, Informative)
Re: (Score:2, Interesting)
No, its not useless. The US and Russia are the big boys on the block militarily and Russia still has a load of technology. A treaty between the US and Russia on this establishes a "level playing field" for this arena, just like the US and Soviets had treaties about how close SSBMs could get to the coastlines and things like ABM.
Re: (Score:1)
Re: (Score:2)
Many many nations have signed the Council of Europe's Convention on Cybercrime. At least one study in Singapore showed that acceding to the treaty, or even implementing provisions without acceding to it, reduces cybercrime within borders. See http://weis09.infosecon.net/ [infosecon.net] for the paper.
Re: (Score:2)
What about Russian cyber attacks? (Score:1)
Now play nice Russia. (Score:1, Funny)
No more exposing our Global Warming fraud or else we will get mad you Ruskies!
Replacement Propoganda: (Score:1)
Support World Peace!
CORRECTION: Support WWW Police!
Pirates == terrorists? (Score:3, Insightful)
Strengthening defenses against Internet criminals would also strengthen defenses against any military-directed cyberattacks, the United States maintains.
How much do you want to bet that "Internet criminals" in this case are people pirating music and movies? While I'm glad to see that we're finally engaging the Russians, it'd be nice if our foreign policy wasn't being directed by the RIAA and the MPAA.
Re: (Score:1)
Re: (Score:2)
Pirates use WMD (weapons of mass dissemination) too...
I can point them in the right direction. (Score:2)
First,
Start by actually patching your machines and implementing some very basic security stuff..
You know, the kind of stuff that a script kiddie, with aspergers, searching for evidence of UFO's won't be able to get passed.
Or if you can't even manage to do that, or find out which systems you need to do it to, then when he finally get's extrodited at your request, instead of humiliating yourself further by giving him a trial and locking him up for the rest of his life. Give him a computer, let him download a
Re: (Score:2)
First, Start by actually patching your machines and implementing some very basic security stuff..
You know, the kind of stuff that a script kiddie, with aspergers, searching for evidence of UFO's won't be able to get passed.
So Windows is right out then?
Cyber . . . oh fuck, the retards are on duty (Score:2)
Poopst! (Score:2)
Poopst!
Re: (Score:3, Insightful)
Force trumps law, hence any "law" limiting war relies on violence for enforcement.
Lawfare only restricts the lawful thus weakening them relative to the law-free.
As for Iraq, when Iraqis tire of killing each other they will stop. Being law-free, they are free to kill each other except where constrained by internal opposition.
The US has no real choice. (Score:1)
As long as the US in general relies heavily on Microsoft windows they better keep out of any real cyberwar.
Isn't this a waste of time? (Score:2)
Does anyone think anyone will REALLY honor these treaties? I am 100% convinced that they will say, "OK, we will stop cyber warfare work" and then they will get their geeks right back to work on it in their laboratories again.
I would put ZERO confidence in any treaty of this sort.
Internet Borders (Score:1)
Let's count down time to introduction of internet borders. You will have to have a internet passport to connect to site in foreign countries. It will stop cyberwars, terrorists and (you guessed it) child pornography.