15 posts • joined 5 Feb 2011
Why not have the ghost of Goose lose that lovin' feelin', cyber-haunt the X-47B, exact some revenge upon everyone, killing them off one-by-one, and maybe make some prank phone calls to the victims' families?
If you need some holes punched through your air gap, secured rooms that only two (or so) qualified people can and must enter simultaneously can be provided. The secured room details can be laid out in length, but it should be taken seriously. (Paper trail, full auditing, independent security monitoring both local and remote, etc.) This can still be defeated by collusion, but collusion is a separate problem from people plugging in infected iPods or taking information out on a CD-R. It is absolutely possible. (I've done it.)
As for reducing risk, that may be all that is necessary for most SCADA systems. As you said, it would probably take a complete teardown and rebuild to make it right and defense in depth, but that would have to be determined on a case-by-case basis. Air gapping critical systems would buy them enough time to drum up an emergency budget out of profits and capital (what those pricks should have already done decades ago) and execute some sort of plan to fix the rest. Until hackers find a way to impose a signal onto a network from a distance without frying their retinas out, things can be pretty safe.
"spread virally through SCADA, or supervisory control and data acquisition, systems"
Here comes Frankenstein's monster. This is what happens when you create monsters, dictators, tearists, viruses, or Israel.
I have to disagree somewhat with your sky-is-falling viewpoint. A few policy changes followed by some precautions can protect entire systems similar to this. Step 1, create bulletproof policy and *enforce* it strictly. In NBC facilities, this is easy: you imprison people. In other cases, such as the "omg hackers in the power grid" power grids, you fire them and sue them in civil court because you *do* have a valid contract in your jurisdiction. As for protections, maintain an air gap in all cases. This is easier than most people think. First, unplug everything that isn't essential. Second, reduce cabling at the breaker panel and the switches so that it is impossible to plug something else in and have it work. Third, fill every unnecessary computer port with epoxy cement and epoxy cement all keyboards and mice into their own ports. Terminals are typically redundant in these establishments, so unless you fuck up all of your terminals in all of your redundant locations, you'll be fine. These few, minor tasks are easily surmountable in these large organizations.
You got that right!
maybe, just maybe
"You've got police officers running around with weapons. When it goes bad it can be really freaking bad."
If they weren't outfitted like a military force, a standing army on US soil, if you will, it wouldn't be that dangerous.
They're Chinese. They figured out how to do it, but they are putting out this disinformation so everyone else will stop research. Then, ONLY THEY will be the ones churning out high volumes of low quality clothing and useless plastic doodads faster than the speed of light and dominate the market, present, future, and past.
They may also keep the tearists on the shelf next to smallpox et al, just in case they ever need to stage another attack and boost the fear levels, or even release them on their enemies.
1. Has it been proven from DHCP logs?
2. You don't know how DHCP works. Legality in the mind of the suspect is also unknown, and only relevant after determination of mens rea.
3. That isn't illegal in the US. It may be in the UK, but you're all fucked, anyway.
4. That is how it is intended to work in the US. We also don't have beheadings.
Authorities, particularly in the US, just completely make things up for press releases. Did he actually break into the closet? It is just as likely that he knew someone at MIT who let him do it without the administration knowing or giving explicit permission. They also make it seem like he used some sort of "special skill" to "hide" from JSTOR's defenses. While changing an IP address or MAC address takes as much skill as tying a shoelace, they will use this in front of the knows-nothing-about-technology court to garner a tougher sentence. It is just as likely that he got a new DHCP address, changed his MAC to avoid a DHCP lease cache problem, or just thought he triggered a high traffic filter. Police will say just about anything to make someone seem like a perp, so without hard facts and/or a brain dump of what they are making out to be a single perpetrator, everyone should be erring on the side of innocence.
My money is on the student government chief not standing up to the threat of punishment and Christie supporters not walking out of school.
Yay for irrelevant benchmarks.
only the beginning
Someone just heard about the Top Gear kerfuffle...
waste of time
Most Americans don't know what half of those quoted words mean, and most Mexicans in the US don't speak English. Kind of a wasted effort.
If they had mentioned instead that they have somehow failed to pull themselves out of the hole they come from, despite almost a century of tax-free exportation of labor, US cash, and smuggling of random car parts and done absolutely nothing for their home country, the ambassador would probably agree and try to distract with "ooh, we have beaches." Maybe characterizing them as baby thieves, drug smugglers, murderers, cop killers, or tiny-cocked men with severe machismo problems who, at any slight inference of an insult will attack you with his chin and puffed chest, "que paso" or "waa oppeeng?!", subsequently getting stabby on you and your girlfriend's face, or throwing acid on you, would just be accepted as fact. Sleepy Mexicans is just over the line!
- Nokia: Read our Maps, Samsung – we're HERE for the Gear
- Ofcom will not probe lesbian lizard snog in new Dr Who series
- Kaspersky backpedals on 'done nothing wrong, nothing to fear' blather
- Too slow with that iPhone refresh, Apple: Android is GOBBLING up US mobile market
- Episode 9 BOFH: The current value of our IT ASSets? Minus eleventy-seven...