back to article We stand on the brink of global cyber war, warns encryption guru

We are in the early years of a cyber war arms race, security guru Bruce Schneier warned delegates at the Infosecurity Europe exhibition on Wednesday. Schneier, CTO of Resilient Systems, said the much publicised Stuxnet attacks on Iran by the US and Israel in 2010, Iran’s attack on Saudi Aramco, China’s apparent role in hacking …

Bronze badge
IT Angle

Sony hack costing $15 million? I think they counted only the cost of cleaning ladies and detergents, not BOFHs working overtime.

2
0

You missed the last 5 words

"Schneier claimed that the $15m clean-up costs booked by Sony Pictures in the wake of the attack seem to under-estimate costs and further charges will likely follow"

The BOFH hasn't submitted his bill yet :-)

4
0
Silver badge

The math looks right to me. Clearly this damage is the same as someone pirating 660 songs.

4
0
Silver badge

Anybody who uses the term "cyber" in this context ...

... can probably be safely ignored.

"Cyber" is an irrelevant catch-all, usually meaning "I know nothing about computers and networking".

1
22
Silver badge

Re: Anybody who uses the term "cyber" in this context ...

"...... can probably be safely ignored."

I bet you said the same thing about Snowden

16
0
Silver badge

Re: Anybody who uses the term "cyber" in this context ...

I disike the prefix "cyber-", quite possibly for many of the same reasons you do. But it's here and it's going to stay; language evolves, quite often in ways one deprecates, but one has to accept it. And I might even agree that most people using the term "can probably be safely ignored" - but this is Bruce Schneier; so it's unlikely we can so easily consider him a member of that category.

31
0
Anonymous Coward

Re: Anybody who uses the term "cyber" in this context ...

Ignore Schneier at your peril

7
0
Anonymous Coward

Re: Anybody who uses the term "cyber" in this context ...

Ignore him? I can't even speak his name.

2
0

Re: Anybody who uses the term "cyber" in this context ...

I have to question anyone touting the party line that the DPRK was actually responsible for the Sony "hack".

5
0
Unhappy

Re: Anybody who uses the term "cyber" in this context ...

I have to question anyone touting the party line that the DPRK was actually responsible for the Sony "hack".

Same here. I am a big fan of Bruce (cant spell his surname though) and I count myself as one of the "followers" who regularly read his blog and buy his books.

However, I am at a loss as to what changed his mind on the Sony hack, other than the fact that the company he now works for (Resilient Systems, once called Co3) does a good line in incident response and the fear of Nasty Norks is better for business than "shit happens and on the interwebz a shit can be a big one."

I hope this isnt true though.....

Sadly, nothing in Sanger's NYT article was new, novel or really worth changing your mind over.

2
0
Anonymous Coward

Re: Anybody who uses the term "cyber" in this context ...

'I have to question anyone touting the party line that the DPRK was actually responsible for the Sony "hack".'

That you question it is telling, you're a neophyte in the information security biz.

The DPRK cyber warfare team were trained by their benefactors in the PRC. Those chaps in the PRC are damned good at their jobs!

To the point that one global corporation has had PRC cyber spooks inside of their network for over two years. When called in to assist in the mess, I remarked that the PRC cyber operatives should be drawing a company paycheck, as they're in the network nearly full time.

But, I'll admit, their methods are quite inventive, adaptive and occasionally, novel.

Think of them as China's version of the BOFH, turned spook.

Still, I have to question the wisdom of that corporation's configuration, where one manages to access the interior network and even protected networks through a DMZ machine.

The blithering idiots.

0
3
Anonymous Coward

Re: Anybody who uses the term "cyber" in this context ...

"However, I am at a loss as to what changed his mind on the Sony hack, other than the fact that the company he now works for (Resilient Systems, once called Co3)..."

My information is that he gained access to the classified report on the incident, a report generated by the FBI, but sourced from the NSA.

A report that I also read, when it was first released. Released on the day that Sony admitted that they were hacked.

There are good points to be had for holding a security clearance. Of course, the bad points are tons and tons of mind numbingly boring reports one isn't even allowed to complain about, as the only people who you could complain to is your own uncleared family.

2
1
Windows

Just as well...

Some us have BTI* survival skills.

* Before the Internet.

8
0

Re: Just as well...

What, You didn't back up the internet just in case !

7
0

Re: Just as well...

'Before the Internet'

Ha, Ha, that's a good one, is that one of those tales that old people use to scare the children ? Next you will be telling us that Maccy Ds used to come in styrofoam boxes (like anyone would believe that :)

8
0
Silver badge

Re: Just as well...

I always thought the Styrofoam came between the two bits of bread.

13
0
Anonymous Coward

Re: Just as well...

@James Boag; Don't worry, I'm on it right now!

Damn, has anyone got a spare floppy?

Interesting to wonder at what rate new content was being uploaded to the Internet back in the late 90s(?) when that gif came out... and how much more is being added now. Or put another way, what's the minimum connection that would be required simply to keep up with all new content currently being uploaded worldwide?!

3
0

Re: Just as well...

That sounds like a question for Randall Munroe...

https://what-if.xkcd.com/

3
0
Silver badge

Re: Just as well...

Before the Internet indeed.

Protect and Survive - Government Information Film.

Remove a door from its hinges and lean it against a structural wall.

Take bin bags and fill them with earth from your garden, and pile them up to cover the door.

Hide under the door with your family and a battery transistor radio to listen for government information.

Do all of this in the four minute warning period.

What happened to all those sirens on pylons and high buildings?

2
0

Before the Internet

No. That can't be true.

There can't have been a before the Internet. How would people have survived?

0
0
Windows

Re: Before the Internet

It OK guys we're safe, I've put the big blue 'e' into my recycle bin, if anyone tries to blow up the internet we can just restore it from there.

5
0

Re: Just as well...(You never got the US filmstrip version)

In the case of a nuclear emergency, please crawl under your desk, kneel on the ground facing away from the windows and cover your eyes (and kiss your ass goodbye).

Your glowing parents will be over to pick you up as soon as the half life of Plutonium kicks in. You can play a lot of Fallout 5 in the meantime.

Our sirens are still here but the "shelters" have all been demolished as someone figured out that that many MRVs meant there was no point unless you were in an underground bunker Terminator style.

0
0
Silver badge

Re: Just as well...

Now the government wants everyone to use a dab radio and internet companies want us to stream music so after the big one, we'll have no comms and no record of miley cyrus.

Swings and roundabouts I guess.

1
0

Re: Just as well...

"BTI Survival Skills"

- I call them "Books"

2
0
Silver badge

Re: Just as well...

I always thought that slices of bread *were* Styrofoam.

1
0
Silver badge

Re: Just as well...

"Or put another way, what's the minimum connection that would be required simply to keep up with all new content currently being uploaded worldwide?!"

I don't know, but I have six (!) OC-48 feeds coming into my building at work.

And we're *not* the NSA or any other government entity.

2
0
Silver badge

Re: Just as well...

"What happened to all those sirens on pylons and high buildings?"

They figured out that all of those precautions were rubbish.

If the nuclear attack didn't get you and the firestorm didn't get you, nuclear winter would get you.

1
0
Silver badge

Re: Before the Internet

"It OK guys we're safe, I've put the big blue 'e' into my recycle bin, if anyone tries to blow up the internet we can just restore it from there."

Oy!

The Almighty wanted me to tell you, he can get me out of this mess, but he's pretty sure you're fucked.

I have the internet backed up on my SAN in the basement, run on a Linux cluster, secured by *BSD and managed from a Solaris box.

1
0
Silver badge

Re: Just as well...(You never got the US filmstrip version)

"Your glowing parents will be over to pick you up as soon as the half life of Plutonium kicks in."

I don't know about the plutonium bit, but I'm of the generation that has radioactive bones, courtesy of strontium-90.

My area also still has plenty of the old CD shelters, aka school, church and older government buildings basements.

As I said long ago, when working with nuclear field missiles, "Go toward the light, my children!".

For, afterward shall be much suckage.

2
0
Anonymous Coward

Re: I have six (!) OC-48 feeds coming into my building at work.

"I have six (!) OC-48 feeds coming into my building at work."

Marvellous.

Now, once this Internet feed has been de-duped by your WAN accelerators and your storage magick, and once a top secret gadget has removed everything which some judiciary somewhere regards as pornographic or terrorist-related, will half a dozen boxes of line printer paper a week be enough to print out the useful content in what's left?

Please call 1-800-PAPER to place your order. Also available: 100MB Zip drives and media. Free limited lifetime warranty.

0
0
Silver badge

Luckily defence is comparatively easy

Just use well designed systems.

Don't use "smart"-phones which are highly complex and let the GSM baseband chip talk directly to the memory of the CPU.

Avoid closed source software.

Try to get your systems as simple as possible.

Educate your users.

A side effect of this is that you get much faster and more reliable systems, which are easier to maintain. Also, if you are a nation state, try to build your own computers and computer chips. If a simple CPU can be designed by a small start-up in the 1970s you surely can do it, too. You don't need to do things like video decoding or 3D graphics on your main CPU, those things can be safely separated into separate chips having their own RAM.

4
5
Anonymous Coward

Re: Luckily defence is comparatively easy

"Don't use "smart"-phones which are highly complex and let the GSM baseband chip talk directly to the memory of the CPU."

HAH. Try finding one still in good working order that still operates on usable bands.

"Avoid closed source software."

As if Shellshock and Heartbleed would've been found any quicker. Let's face it; if a true spook wanted to pwn an open-source system, they can do it by way of hundreds of tiny pieces coming together in just the right command, and it's highly unlikely any one person would be able to figure out how all the pieces come together.

"Try to get your systems as simple as possible."

But then you find that the level of NECESSARY complexity is already too complex to make things easy to fix.

"Educate your users."

People these days DON'T WANT to learn.

"You don't need to do things like video decoding or 3D graphics on your main CPU, those things can be safely separated into separate chips having their own RAM."

But that entails specialization, which kinda defeats the purpose of "Keep It Simple, Stupid" by putting everything into a general-purpose processor that can do everything.

3
1
Anonymous Coward

Re: Luckily defence is comparatively easy

"If a simple CPU can be designed by a small start-up in the 1970s you surely can do it, too."

1970s was towards the end of the era of 16bit computers such as PDP11 (on a single chip towards the late 1970s?) and the start of the era of 32bit computers such as VAX (initially in the late 1970s occupying several 19" racks filled with hardware).

I do appreciate where you're coming from, but what software are you going to run on your 'simple' PDP/VAX era CPU.

I like RT11. Is there a torrent client for RT11?

1
1
Silver badge

Re: Luckily defence is comparatively easy

"People these days DON'T WANT to learn."

Easy. Make the people *want* to learn.

'If you get infected due to stupidity, which is entirely the IS shop's call, you are terminated for cause and we'll sue you for damages incurred from the remediation'.

I know of one information security shop that has just that clause in their employment contract.

3
0
Silver badge

Re: Luckily defence is comparatively easy

"1970s was towards the end of the era of 16bit computers such as PDP11..."

Wow, that brings back memories. My high school had a donated PDP11/03.

1
0
Anonymous Coward

Re: Luckily defence is comparatively easy

""Don't use "smart"-phones which are highly complex and let the GSM baseband chip talk directly to the memory of the CPU.""

"HAH. Try finding one still in good working order that still operates on usable bands."

AND you are using an old, easily-broken encryption.

0
0
Silver badge

sounds like he's touting for business

1
5

"Schneier, CTO of Resilient Systems.."

Company slogan: "Things are worse than you thought".

2
0

Tag line (and possibly understatement of the year):

"...things will get out of hand"

1
0
Anonymous Coward

This is what spies have always done. I don't see that the back and forth between the Soviets and the West was tremendously different either in the fact that sufficiently well resourced and determined attacks will always succeed or that collateral damage was a regular occurrence.

Not putting critical assets on the internet seems like a sensible precaution to me, and I still don't understand the obsession with internet enabling anything and everything.

7
0
Anonymous Coward

"Not putting critical assets on the internet seems like a sensible precaution to me, and I still don't understand the obsession with internet enabling anything and everything."

Because how else are you going to retrieve anything on a moment's notice when an emergency arises? It's a tradeoff: make things one step removed and you make them harder to retrieve. It's harder for the enemy to get to it, but then it's harder for YOU to get to it, too, especially when Murphy strikes and you need it yesterday.

1
1
Anonymous Coward

Yeah, I do get that and as someone who VPNs into a corporate network I'm aware that the risk/reward assessment mostly comes up positive for making services securely accessible.

What I don't understand are 2 things:

1) when the disaster scenario is sufficiently scary (critical infrastructure and especially nuclear) how on earth can the risks be deemed worth it? Onsite support can't possibly cost so much more that I can see the risks stacking up.

2) when the rewards are as trivial as turning on a light or many of the other completely meaningless 'benefits' of the IoT revolution even a modest risk seems like a stupid thing to take on.

2
0
Anonymous Coward

before the internet, after the internet

"Because how else are you going to retrieve anything on a moment's notice when an emergency arises?"

Before the Internet, there were private networks. They were used for lots of different things, and they didn't talk to each other or visibly use anyone else's network (whether they did underneath was a different question).

Along came the Internet and took over the world, largely because it was cheap by comparison with private networks, and beancounters always prefer cheap to robust.

After the Internet, there will be private networks again.

Once upon a time, in the early Internet era, I was on a working trip to the US. There was a hurricane which was advertised as quite severe, and indeed the phones and the Internet stopped working. Fortunately X.25 ran over a separate set of kit and cables, and thus survived. I managed to get a message via X.25 from the US to colleagues in the UK, so they could let my worried family know that I was OK.

The private networks of the future may not look like X.25, but nor will they look like today's public Internet, and the private networks probably won't share many resources with the public internet either.

Tell that to the young people of today and... sorry, how does that one end?

2
0
Anonymous Coward

"This is what spies have always done. I don't see that the back and forth between the Soviets and the West was tremendously different either in the fact that sufficiently well resourced and determined attacks will always succeed or that collateral damage was a regular occurrence."

True enough, but then, every corporation with intellectual property wasn't being spied upon.

Today, it is. *And* infrastructure is also targeted to learn how to drop it.

Welcome to the bad new days of Cold War 33 1/3.

1
0
Silver badge

"What I don't understand are 2 things:"

What I see is someone who has not detected, responded and mitigate an APT incursion.

1
0

This post has been deleted by its author

Silver badge

Tell us something we don't already know, Bruce.

Some universities are leading players in the virtual arms race ..... http://www.qub.ac.uk/sites/QUBJobVacancies/FeaturedJobs/CSITCareers/ .... and busy recruiting pioneers.

1
1
Gold badge
Alert

Next week: Sony implicated in assassination of Kim Jong Un.

World fails to give a shit....

Eventually the big corporates will grow tired of the failure of their governments to protect them in an environment where international borders mean sod all and take action to solve these problems their own way.

We're sleepwalking into the demise of national governments as meaningful entities, as pan-national enforcement (regardless of treaties, jurisdiction, diplomacy and other such cruft beloved of politicians) slowly becomes a "must have".

5
0

"We're sleepwalking into the demise of national governments as meaningful entities..."

Thought we were already there.

3
0
Silver badge

>We're sleepwalking into the demise of national governments as meaningful entities,

Yes, one world government is what we need.

I'm not sure what you do when you realise you don't like Kim Il Sung as leader though.

0
1

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017