back to article Cyber-terror: How real is the threat? Squirrels are more of a danger

The UK Chancellor George Osborne last week announced that the British government plans to double cybersecurity spending and establish a single National Cyber Centre. Cybersecurity spending will rise to £1.9bn ($2.87bn) at a time of budget cuts to police and other government departments. More details are expected to come in the …

      1. Danny 2 Silver badge

        Re: Spider attacks are demonstrated.

        "I prefer the substitution of "spider" for "cyber" in any and all documents"

        My council IT dept. was called out for months when the security system in the server room tripped. It turned out to be a beetle (not a Beatle) making it's home in the warm sensor.

  1. Pompous Git Silver badge

    Making sense...

    PJ O'Rourke once wrote words to the effect that the USA has an uncanny knack of identifying its enemies and then invading the country next door. For our politicians to do anything other than what they do would be to risk making sense.

  2. Mage Silver badge

    Forget Cyber terrorists

    The West more likely to shoot own feet off by outsourcing IT that should be core part of business. e.g. RBS?

    Or paying Google / Amazon / MS etc to host stuff instead of co-lo servers in different datacentres owned by different companies.

    We are doomed not by terrorists (clue in name) but by our own stupidity,

    1. tom dial Silver badge

      Re: Forget Cyber terrorists

      "We are doomed not by terrorists (clue in name) but by our own stupidity,"

      Or possibly cupidity or, more likely, the latter, augmented mightily by the former.

      1. The Travelling Dangleberries

        Re: Forget Cyber terrorists

        Take a leaf out of the CIAs handbook. You need a cat, a piece of string, a rag soaked in a mix of volatile and less volatile hydrocarbons, a match and a tinder dry forest.

        Tie the rag to the cats tail with a piece of string, set light to the rag with the match and watch that cat run through that tinder dry forest.

        A few cat arsonists running around on a dry summers day in say California would cause the local firefighters to empty the local water reservoirs a lot more quickly than any potential cyber attack on the dam sluice gates.

        It is just another attempt (probably a successful one at that) to enslave us with more draconian cyber laws that will remove that last vestiges of privacy from our lives.

        1. tiggity Silver badge

          Re: Forget Cyber terrorists

          You would be better with a rag dangling drone or some other device that could be human steered.

          Behaviour of a cat with something fiery attached to it is likely to be a tad unpredicatble (typo intentional), though a high probability it will go exactly where you do not want it to go.

          1. The Travelling Dangleberries

            Re: Forget Cyber terrorists

            @tiggity

            "You would be better with a rag dangling drone or some other device that could be human steered."

            I don't think so. The cat runs as fast as it can away from the fire. A cat will cover a considerable distance before it either tires or the rag burns out. A cat cannot be hacked into nor disabled in the same way a drone can. A cat can run through a forest much faster than anyone can fly a drone through a forest. You would be unlikely to be able to trace the person who set fire to the cat in the same way you could gather data on the person controlling the drone. A cat runs on the ground thereby maximising the contact between rag and the ground. Finally, a cat is much cheaper than a drone and can be acquired without leaving a trail of evidence (financial transactions etc).

            1. Ken 16 Silver badge
              WTF?

              Re: Forget Cyber terrorists

              You have spent a lot of time thinking about this obviously.

            2. phil 27
              Thumb Up

              Re: Forget Cyber terrorists

              Use a drone, this is the interwebs, we like cats remember.

            3. Anonymous Coward
              Anonymous Coward

              Re: Forget Cyber terrorists

              Unless, of course, the cat decides to climb a tree. Cats are notorious for that. Plus they can be led astray by the presence of other animals (unlike a pre-programmed drone which can't be hacked because there are no ingress points).

  3. Shady

    Contractors

    Ah, so this is why the Chancellor wants to skim £400 million / year from contractors? To fight ISIS on Twtter? F. F. S.

    1. Anonymous Coward
      Anonymous Coward

      Re: Contractors

      I'd like to know exactly what the government plans to spend this money on. It isn't like they manage the power networks is it? Are they planning to give it to the companies involved in critical services?

      I have ears on the ground and whilst there are plans afoot to improve security in certain areas, the amount the penny-pinching is beyond belief, and the amounts in question are the tiniest drop in the ocean compared to the figures the gov. is bandying about.

      So where is the money actually going to go?

      1. Anonymous Coward
        Anonymous Coward

        Re: Contractors

        I can only conclude from my own personal experience that any budget is going on a new CYBER division staffed by CYBER SPECIALISTS who have proven ability in CYBER turning on a windows machine and doing CYBER things with it, and for added CYBER effect we're not even talking wearing giant penis costumes in second life.

        People are prepared to do almost anything to get into the CYBER teams because they think it's some kind of magic bullet against the beancounters axe, when in fact its completely the opposite inside the department concerned, the cost cutting is shocking.

        Meanwhile some 12 year old will be p0wning their network because he knows more about sqli than was glossed over in some crappy powerpoint training course that all the poor cannon fodder who were cheapest to recruit got so they could be declared "trained". And stiff emails might have to be written. Oh the horrors of it!

    2. Anonymous Coward
      Anonymous Coward

      Budgets

      Just think of how many stray cats could be rounded up for 400 million a year. And we'd all feel safer.

  4. Anonymous Coward
    Gimp

    I think that squirrel image needs an offensive "thumbs up, black flag!" icon.

    Meanwhile, ISIS-kinda-sorta-supporter Turkey engages NATO because Russia is blowing up Turkmen in Syria on behalf of Assad. It's getting fucked-upper.

    Oh, I forgot:

    None of these attacked industrial control systems. The only example of a software nasty deliberately wrecking equipment that we all know about is the infamous Stuxnet worm

    You forgot about: Hackers pop German steel mill, wreck furnace, an attack with clear intent - and success.

    1. The Travelling Dangleberries

      Re: I think that squirrel image needs an offensive "thumbs up, black flag!" icon.

      Although if you read the article the attack was as a result of a successful phishing attempt not a brute force attack on the company's firewall. That the company had not air-gapped the network controlling production machines is an example of bad practice which made the situation worse.

    2. Vic

      Re: I think that squirrel image needs an offensive "thumbs up, black flag!" icon.

      Turkey engages NATO

      I don't think they did...

      Vic.

  5. Anonymous Coward
    Anonymous Coward

    The government's total cyber spending will be more than £3.2 billion...

    Anyone know how to climb aboard this loony gravy train?

    1. Marketing Hack Silver badge
      Devil

      Re: The government's total cyber spending will be more than £3.2 billion...

      Start by getting a CISP certification. See if you can get interviewed by a TV station "man in the street" camera, and say "I think our leaders are misunderstood and are really just trying to protect us from pedophiles and terrorists." Visibly have a copy of the Daily Mail tucked under your arm during the interview. Once your soul is effectively sold, then send your resume in to the GCHQ.

    2. FlamingDeath

      Re: The government's total cyber spending will be more than £3.2 billion...

      Yeah, create a company that does unscrupulous Astroturfing, no questions asked

  6. Rafael 1

    Why? Inquiring minds want to know

    Why www.cybersquirrel1.com when www.cybersquirrel.com is available (at least for the next 45 minutes)?

  7. JustWondering
    Meh

    No Kidding!

    Just like Die Hard 4.0? Sounds legit.

    1. Steven Raith

      Re: No Kidding!

      I came to say exactly the same thing; Die Hard 4 isn't even a good example of a functional story/movie, never mind research on OpSec.

      BitDefender, consider yourself removed from any future consideration of any security software, period. If you can't even keep a leash on your PR people from ridiculing yourself, I dread to think how you keep on top of the herd of cats that would be your dev/research teams.

      And instead of spunking billions on 'cyber security' (for fucks sake, cyber-anything sounds like a joke - try using your grown up words, ministers) how about instead just making outrageous security snafus like Superfish and eDell criminal offences backed up with nine-figure fines per month the devices are on sale. After all, it's not like Dell have huge contracts in the civil service and military where having your secure connections utterly pwned might be considered problematic or owt, you know.

      That way you can *make* billions when the ODM/OEMs fuck their security up so badly that it enables that kind of attack, which is where the problem really lies.

      Steven R

    2. DropBear Silver badge
      Trollface

      Re: No Kidding!

      "...like Die Hard 4.0"

      Worse, much worse - the Vogons could show up any moment (let me see you prove it couldn't happen) and we're completely unprotected! Quick, let's spend a few more billions building some Arks!

      1. Richard Taylor 2 Silver badge

        Re: No Kidding!

        Bloody right - but with a 'C' ark designed for politicians and senior civil (or not) servants

  8. harmjschoonhoven
    Facepalm

    Re: Humanity has clocked up just one.

    This must have been the 2014 Darwin Award Nominee:

    (19 May 2014, Arizona) The mummified remains of a man discovered in a Tucson manhole tell their own poignant story. In May the manhole was opened to investigate a fluctuation in electrical power. According to records kept by Tucson Electric Power the manhole had not been opened in the past five years, so the team that entered the underground high-voltage vault was quite surprised to find the dessicated remains of a man slumped near cut copper wires. In his shriveled hand was -- can you guess? -- a bolt cutter. An autopsy confirmed the obvious conclusion that electrocution was the likely cause of death. The date of death was set at somewhere between one and two years previous to the discovery.

    1. Destroy All Monsters Silver badge

      Re: Humanity has clocked up just one.

      The Miskatonic Manhole!

    2. Sieberana

      Re: Humanity has clocked up just one.

      Cable theft is a huge problem in South Africa. Thieves steal any and all copper wiring and piping they can lay hands on, which costs the economy billions, disrupts business and communications, and also leaves us with some delightful internet images of careless thieves (usually unidentifiable).

  9. Allan George Dyer Silver badge
    Paris Hilton

    "Neither Russian nor China (the UK’s most capable cyber-espionage adversaries) " - So the USA isn't an adversary, or isn't capable? The fact that GCHQ gives the USA sensitive intelligence doesn't make them any less likely to act against UK interests.

    1. amanfromMars 1 Silver badge

      If you can think it, it is quite possible and therefore most probable and not at all unlikely

      "Neither Russian nor China (the UK’s most capable cyber-espionage adversaries) " - So the USA isn't an adversary, or isn't capable? The fact that GCHQ gives the USA sensitive intelligence doesn't make them any less likely to act against UK interests. .... Allan George Dyer

      If GCHQ feeds them the right smarter sort of sensitive intelligence, does the USA and any puppet executive administration acting as if a nation, becomes the UK's bitch, or really just GCHQ's. Is that a sensitive Gareth Williams North Face holdall type secret uncovered and discovered made readily available in the wild to any Tom, Dick or Harry, friendly renegade and independently minded rogue?

      Such a lesson and fact is surely not entirely unknown to more than just wannabe super efficient boffin types batting and battling for an Almighty Masters and Blighty, but whether they be top tier premier league Great Game players or not, is invariably to be highly classified [Cosmic Top Secret Secure Compartmented Information] and that which rates and defines their success in the virtual terrain team field managing failures seeded to earthed systems with SCADA command and control levers. ‽

      IT's a Mad, Mad, Mad, Mad World but not at all Crazy with AI in Leading Crafts and Virgin Flight Vessels.

  10. a_yank_lurker Silver badge

    Cyber Warfare vs things that go boom

    The real vulnerability over here is not taking some SCADA but there are many transmission lines and substations out in the boonies. If there is any security beyond a fence (mostly to keep finger gepokers out) it would be a camera feeding back to a control station may be an hour or so away. Take a few these out and watch the chaos. Some dynamite or C4 would do the job quite well.

    1. tom dial Silver badge

      Re: Cyber Warfare vs things that go boom

      This was an NCIS episode plot a few years ago, so it's all planned out for Daesh, including some of the things to avoid.

      I can't say I fully believe the premise that taking out a few towers could wreak enough damage to bring the US to its knees, though. The last one I experienced was the Northeast US (and Canada) blackout of 14-15 August, 2003, apparently triggered by dodgy control software and sloppy tree pruning near Cleveland at a time of high demand. In Cleveland the lights went out about 1610, I shut down the whimpering servers, and caught a bus to my son's apartment (he had a gas stove). We watched the stars that night, and our power came back on about Noon the following day. That evening I went back and started the computers so the customer department could work their scheduled Saturday O/T. We had an extra paid day off that year, but no obvious long term damage.

      Terrorists might be able to do worse, but I doubt it would not be recoverable in a week or so.

      1. JeffUK

        Re: Cyber Warfare vs things that go boom

        Someone in the local area took out a major transmission mask with a badly (well?) aimed firework a few years ago... (Google 'Morborne transmitter'))

      2. a_yank_lurker Silver badge

        Re: Cyber Warfare vs things that go boom

        It really depends on how many sites are taken out and how easy they are to repair as to how long a blackout would last. From what I hear, replacing a SCADA system might be easier and faster than some of the transformers in some substations. I see people quote a lead time of about 18 - 24 months for transformer delivery - I do not know if the sources knew what they were talking about.

    2. Stoneshop Silver badge
      Mushroom

      Re: Cyber Warfare vs things that go boom

      Take a few these out and watch the chaos.

      As demonstrated on the Crimea peninsula quite recently.

  11. Medixstiff

    If they are so worried about power stations etc. being hacked, why the hell aren't they enforcing a 6 monthly or yearly audit on them?

    On top of that, make it law that CEO's and other upper managers are heavily fined if an incident does occur. Hit the people in the hip pocket that deserve it, not the poor sods that keep getting their budget's cut or told security isn't important.

    If they arc up about it not being fair, a few well placed stories in the tabloids about fat cats risking the security of the nations power grid should sort them out quick smart.

    1. Anonymous Coward
      Anonymous Coward

      Trouble is, the people up top with all the money can use their money to bribe anyone that would be involved in the case, including the checkers and the checker-checkers, ad nauseum.

  12. Voland's right hand Silver badge

    Stretch - not sure.

    That third-party hackers might help them in accomplishing their goals is also a stretch.

    If the estimates from the US special forces raid which terminated their head of oil production and pinched all of his hard drives last year are correct, they have more than enough money to purchase the best attack kit money can buy from Russia, Ukraine or somewhere else in the ex-CIS.

    What is more worrying is that they will continue having the money. Turkey put into a dispute state (which means that deliveries will stop) their Gasprom agreement last month (long before the shoot-down incident). That is 25% of their energy production. What people do not realize is that they are a major manufacturing site today. They build everything from Bosh (and under license) chainsaws to Transit vans and Renault Clios. The energy for that has to come from somewhere and the money they pay for the oil burned to attain it will be more than enough for the recipient to purchase an attack kit.

  13. Voland's right hand Silver badge

    undermined the Daesh-involvement hypothesis and fingered Russians as the likely culprit.

    The evidence was Russian language used in the binaries.

    If we consider for the moment the amount of foreigners which the Turks have assisted in supplying to Daesh, Al Nusra other groups which all differ only in the shade of black they use for their flags, that starts to look extremely circumstantial and flimsy. With 16K+ foreigners being allowed to move freely up to last year into Syria the attackers could have used any language. French (with or without Belgian accent), Dutch, English - you name it. If they had previous cyber-criminal history, that language most likely would have been Russian.

    Similarly, with all oil sold by the same groups back through Turkey on the world market they have more than enough money to buy a kit off the dark net. That generally comes with a choice of Russian or Russian for the code origin. English is only the "Export Documentation".

    In any case, the threat of cyber-terror is very real, but still remote. It will stop being remote after smart meters are deployed. I love the smell of grid failsafes kicking in early in the morning. All you need to do is to program the meters to flip the switch on-off at the same time in a sufficiently big areas and you get a lovely Boom.

  14. John Smith 19 Gold badge
    Unhappy

    Bottom line. GCHQ *must* have more money.

    Right.

    Except the most effective "cyber attack" seems to have been a joint US/Israeli attack on a nation they neither (AFAIK) is officially at war with.

    As for this "Worst case" AKA Die Hard 4.0 scenario BS.

    That would take a large group of simultaneously cretinous managers to f**k up their backup plans, probably with physical visits.

    <profanity filter off>

    This is BULLSHIT

    </profanity filter off>

    BTW The cute Red squirrel in the picture is an endangered species in the UK.

    It's being out bred by the fatter, hornier North American Grey squirrel, which carries but is also immune to "Squirrel pox" which has been killing the Red.

    So if you want to defend your infrastructure against a real threat.

    Trap the Greys.

    1. leon clarke

      Re: Bottom line. GCHQ *must* have more money.

      Regarding Red vs Grey squirrels. I, too, am assuming that all these attacks are the fault of dastardly foreign grey squirrels. True, patriotic, red squirrels would never undermine our national infrastructure.

      1. Mayhem

        Re: Bottom line. GCHQ *must* have more money.

        Damned Grey Aliens coming here and probing our fine native squirrels.

  15. Blofeld's Cat
    Facepalm

    Nuts ...

    Ah so that's why one customer keeps asking me if his website is protected against "squirrel injection attacks".

  16. Solly
    Joke

    1 in 5 Squirrels

    etc

    1. Tim Jenkins

      Re: 1 in 5 Squirrels

      is gay?

  17. AndrueC Silver badge
    Happy

    the rodents have being responsible for 505 such operations. Birds have reached 141, and raccoons 31

    My budgie damaged two buttons on my original Harmony One remote ('ingress of bodily excretions') and pulled a key off my laptop keyboard ('sheer bloody mindedness').

    I was able to replace the key but sadly it proved impossible to clean the Harmony One. The cheeky little chappy has been dead for over two years now but has left me having to put up with a late generation Harmony One which is not as good as the original version. So that's one more count of long-lasting damage to IT infrastructure.

    I do still miss the little sod though :)

    1. Richard Taylor 2 Silver badge

      You were lucky. You have to see how much damage two pissed off parrots can do to infrastructure (electrical, computer and doors) to realise your budgie was just starting off. My nearest and dearest assure me that they didn't like their new grub....

  18. Anonymous Coward
    Anonymous Coward

    How have we ended up in the position where we pay politicians getting on for 3 times the national average wage (74k vs 26.5k) and we still have idiots at the wheel that can't see past the blinken lights? Fortunately the only people stupider (and with less imagination) than the politicians are the terrorists and so by a luck we manage to stay half a step ahead most of the time. FSM help us if a terrorist with half a brain ever gets into a leadership position.

    If you were Timmy Terrorist you wouldn't go for a cyber attack because it's just not scary. Yes it would be very inconvenient if the power went off for a few days but I'm hardly going to be quaking in my boots because my ice cream melted!

    Having said all that all this money might pay for my next job so in the interests of self interest, keep up the good work George.

    1. Anonymous Coward
      Anonymous Coward

      If the power went off to the whole country overnight, you would wake up to a police state and a shoot-to-kill order for looters.

      This country would tear itself apart. I wouldn't be worried about my ice-cream either - the freezer should stay fairly cold for a day or two if you don't keep opening the door.

    2. Anonymous Coward
      Anonymous Coward

      "Yes it would be very inconvenient if the power went off for a few days but I'm hardly going to be quaking in my boots because my ice cream melted!"

      Your ice cream melting is not as inconvenient as the water pumping system shutting down, food shops closing when tills and refrigeration stop working, financial and delivery systems halting, or the panic caused by lack of phone or internet communication. To paraphrase the popular saying, society is only three meals away from chaos.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020