this going to go well
At least no-one will actually die, just spend the rest of their lives in legal disputes as the mess gets cleared up.
oh... was that a hospital system I just wiped?
Two members of the US House of Representatives today introduced a law bill that would allow hacking victims to seek revenge and hack the hackers who hacked them. The Active Cyber Defense Certainty Act (ACDC) [PDF] amends the Computer Fraud and Abuse Act to make limited retaliatory strikes against cyber-miscreants legal in …
this going to go well
I hope it passes, because I reckon the impact on me (several thousand miles away) will be quite limited. But it will be fantastic entertainment to watch from afar. Imagine the bunglers of Target, Equifax, Home Depot and all the rest trying to find and retaliate against their attackers? These corporations were clueless in the first place, so they'll be crap at finding those responsible, and worse at retaliation, and if they attack the wrong guys, presumably they'll be entitled to hit back, causing more chaos.
"Imagine the bunglers of Target, Equifax, Home Depot and all the rest trying to find and retaliate against their attackers?"
Until they start hiring armies of "cyber" mercenaries. Will 2018 be seen from a historic perspective as the beginning of the corporate war?
At least no-one will actually die, just spend the rest of their lives in legal disputes as the mess gets cleared up. oh... was that a hospital system I just wiped?
Some interesting scenarii to consider: find a poorly secured account on the, say, DoJ systems, log in there and use that to chuck whatever mildly worrying connections at a NSA subsystem.
Interesting side effect: as most people in charge have a very hazy understanding of "hacking", care to imagine what absolute mess would be achievable... heck, some network testing tools allow you to spoof the originating IP out of the box, no actual hacking needed...
I will say no more lest it gives Anonymous some "interesting" ideas.
This new law uses the same logic as arming children in order to protect schools from mass shootings. The only possible result is a bloodbath. And the only real motivation is to let the government dodge its responsibility to protect its citizens.
It's not even the same as arming children. /That/ would ensure that the children can shoot back at the time of the attack. /This/ law would still require you to collect evidence to prove who did it, check with law enforcement and compare notes, and then retaliate after everyone is dead.
If we assume that the police will respond to convincing evidence that one US citizen has committed a crime against another, on US soil, we can conclude that this new law would provide no new tools for the victims. Indeed, the lack of a response by the police could be the basis of a case by the accused that there was *not* sufficient evidence and that the so-called victim is the actual criminal here.
Totally fucking bonkers.
(from the article>
"Before hacking back, the IT department would have to submit some homework to the FBI's National Cyber Investigative Joint Task Force so the Feds can make sure national boundaries are being respected and that any action wouldn't interfere with an ongoing investigation."
And I wanted to have a bot do it, automagically. DAMMIT!
This is like "the 2nd ammendment" for cyber-self-defense. Works for me.
A cop cannot be everywhere. Citizens have to take it upon themselves to report and stop crime. I don't know about the U.K. but here in the USA we have "citizen's arrest" laws, where if you catch someone "in the act" you have the right to arrest that person with REASONABLE FORCE [but criminals have black eyes, broken bones, missing teeth, and if he doesn't look like a criminal, the cops won't believe it, heh]. So yeah, if you witness someone stealing, raping, murdering, you have EVERY right to use deadly force in many cases, and that's the point. Citizens are as good as cops at stopping crime.
In this case, it's citizens with computers who could, in theory, do their OWN investigating. But seriously, if you detect an intrusion, putting up a shield may not be enough. You might have to do something to damage the other end, like trick them into downloading a trojan horse that wipes their hard drive or similar. If a bot kicks in a URL re-director that fakes them into going to the wrong web pages [for example], they end up downloading the trojan horse.
I'd be all for THAT. As an extra added bonus, the law contains liability insurance, so if you destroy some innocent person's computer, you have to pay for it. No biggee. It's the same if you shoot the wrong person. You're liable for that, too.
/me gets bumper sticker for PC: This Computer is Protected by Smith & Wesson
I'd be all for THAT. As an extra added bonus, the law contains liability insurance, so if you destroy some innocent person's computer, you have to pay for it. No biggee. It's the same if you shoot the wrong person. You're liable for that, too.
Bob, could you please let us know where you live, so that we all can avoid getting within 200 miles of that place - at least, not without body armour and heavily armed guard?
And shooting or otherwise killing a person is a "biggie" for most psychiatrically healthy people, regardless of whether that person is a criminal or an innocent bystander. Most people who have, or might have to do so require extensive training to be able to do it at all. A large fraction of those who end up doing it in real life do require extensive psychological and psychiatric councelling later on - even when the person they killed has been trying to kill them. It gets much worse when killing is unintended or accidental - many people placed in that situation never fully recover.
"You're making a big assumption about the mental health of the average american gun carrying individual."
Those who think like wildebeasts have a hard time understanding those who think like LIONS. And they're too willing to judge, point fingers, and try to legislate them away. Except, without some who THINK like LIONS [who aren't necessarily lions, but understand them] you're at the mercy of the REAL LIONS. And that's the point.
My balls are just TOO BIG for me to think like a prey animal.
My balls are just TOO BIG for me to think like a prey animal.,My balls are just TOO BIG for me to think like a prey animal.
The last couple of guys I heard boasting about how big their balls were dropped them PDQ when they realised I wasn't backing down from their threats. Sadly they had the sense to recognise a Tae Kwon Do stance (even though I haven't actually practised in like 20 years!), and left straight away.
The marbles they dropped on the ground as they ran were about the size I expected - something a newborn kitten would be ashamed of.
Afraid, like most who make such boasts, you sound much the same as them! :)
--> Me checking for wallets and valuables amongst the other stuff they left behind (we need a "Captain Runaway" icon!)
"My balls are just TOO BIG for me to think."
Fixed that for you, Zippy.
(Note to the cross-pond readers: Not all of us Yanks are as daft as Zippy, here. He's an unfortunate casualty of a steady diet of taco sauce and Ding Dongs. Probably the best method of dealing with him is as with any other troll ... simply don't feed him.)
"A large fraction of those who end up doing it in real life do require extensive psychological and psychiatric councelling later on - even when the person they killed has been trying to kill them."
not me - I'd make sure they stared right into my eyeballs as I stare into theirs, watching the life drain away. I'm the last thing they'd see on the way to HELL.
[THAT, by the way, makes me a *HARD* *TARGET* - meaning I'm in the house they avoid, or the person they avoid on the street or in a crowd - the one who FIGHTS BACK]
Sorry, I can't by into your "prey animal" kind of thinking. I think like a predator. A self-disciplined predator who doesn't kill without reason. And I spent time in the military, and have been prepared to take a life in self-defense [or defense of others] since then. No problem.
The point is *TO* fight back. Make it hard for the criminal. Even if you're passive-aggressive about it, it's still fighting back. I prefer "active aggressive". And *revenge* is a GOOD thing. enough people do it, and you see crime go WAY down, because their's now a PENALTY [potentially] for the bad behavior.
[this is not how SHEEPLE think. This is how men with BIG BALLS think.]
Cough! Cough! Staring into their eyes as their life drains away is
a GRAVE TACTICAL ERROR! AS YOU WELL SHOULD KNOW,
9mm and 7.62 rounds don't actually work that well at killing people
and said shootees TEND to STILL be able to shoot back even
AS their life EVER-SLOWLY drains away.
Nooooooo! You ALWAYS move off to the side and preferably north of their head
from at least a few feet (3 metres!) away STILL pointing your sidearm or your M4
at their heads. Then you can relax ONLY A TINY BIT! ---- Once they're not moving...
please do remember to pump two or more rounds point blank into the heart
JUST TO MAKE SURE that Dead Means Dead !!!
ONLY THEN can you yourself a REAL MAN WITH BIG JUICY JUEVOS !!!
*Mentally ill man sees someone he doesn't like the look of in front of him in the queue at Walmart, pulls gun, kills with no warning*.
Same man, later: oh, was he a HARD TARGET? Totally my bad. Please make him all alive again.
/You utter twat
But how would they know you were a "hard target" a "house to avoid" until they actually targeted your house?
If we assume some random miscreant, than why would they know anything about you (or indeed the owner of whatever house they were breaking into)?
If we say the miscreant did (in whatever magical way) know you were a hard target, what's to say that although it may discourage some felons, others might be attracted to having a crack at the "hard target" as more of a challenge?
Good Grief....I was wrong....
"[THAT, by the way, makes me a *HARD* *TARGET* - meaning I'm in the house they avoid, or the person they avoid on the street or in a crowd - the one who FIGHTS BACK]"
That's the one. Yep. forget my last post.
" And *revenge* is a GOOD thing"
oh sweet jebus....he keeps going further....
So folks, if you want to know what's wrong with America, I give you Bob - AKA Exhibit A. This is how they train their soldiers....
"So folks, if you want to know what's wrong with America, I give you Bob - AKA Exhibit A. This is how they train their soldiers...."
That and USA 'justice' is about "retribution with interest" rather than "repair and reconciliation"
Such policies have always led to escalating cycles of violence.
This is not like the second amendment for cyber security and it's not like "stand your ground" laws. In those cases you are (in theory) not retaliating to the attack, you're just taking action to keep yourself safe from an attack that is still ongoing.
The physical world equivalent of this sort of law would allow you to burgle the houses of people you suspect of being burglars. Utterly bonkers.
Sort of, isn't it rather like the police having to get a warrant from a judge before searching the home and premises of a suspected burglar? Though it reminds of FindMyPhone incidents were the cops, despite being shown specific GPS data decline to intervene and suggest the aggrieved party go there themselves and attempt to get their property back,
"Though it reminds of FindMyPhone incidents were the cops, despite being shown specific GPS data decline to intervene and suggest the aggrieved party go there themselves and attempt to get their property back,"
Yes, that particular issue is one that worries me, because it's effectively the cops _encouraging_ vigilante justice, when in a lot of cases the criminal is armed and has nothing to lose if a victim shows up.
If nothing else, your commentary is incredibly useful for providing an insight into the way certain individuals think.
Things to note:
- Lumping murder and rape together with robbery
- Using rape and murder as a comparison to copyright infringement / IP theft or other hacking related crimes
- Comparing a "caught in the act whilst physically present to witness" crime to a digital crime for which the thorough analysis of logs is required in order to confirm whether a crime has even taken place. The very quote you chose from the article means that an immediate response is excluded from this law.
Overall you come off very "kill 'em all and let god sort 'em out", even without your S&W bumper sticker. That's just the teflon on the tip.
/me isn't worried about your Smith & Wesson when I'm thousands of 0.62 miles away.
And I wanted to have a bot do it, automagically. DAMMIT!
No problem, you can have your bot submit the paperwork to the FBI at the same time as it launches the retaliatory strike. The whole process doesn't need to take more than a few seconds.
There's no mention of "waiting for the FBI to respond" to your notification.
Bob announces that he will hack back against anybody who attacks him.
So Mallory impersonates Alice and attacks Bob. Doesn't need to be a big or effective attack.
Bob detects the attack and launches a hack-back against Alice.
Alice's network is now trashed, and Bob claims he was retaliating legally.
Congress seems to be a bunch of Chaos Monkeys.
They're an odd mix of throttlingly tight control in some areas (copyright - where money is at risk but lives aren't) and "go get 'em tiger" chaos in others (abhorrently loose gun control - where lives are at risk but money isn't).
This revenge hack thing sits firmly under chaos, the necessity of which is driven by "corporate / IP" psychopathy.
Very plain to see what's important to those who occupy the halls of power in the ol' US of A. Land of the free, so long as you can wrench that freedom from thy neighbour's cold dead hand like the true winner you are!
U! S! A!
U! S! A!
U! S! A!
P.S. If this law passes, the ultimate challenge to a black hat hacker is this:
Create a circle of forever legitimate revenge attacks between Apple, Google, Facebook, and Microsoft.
Not Alice - see "Joe job". Misdirected reactions since 1996.
These things happen all the time in the physical world, especially when one of the actors is going through an acute paranoia phase, and has copious amounts of ammo lying around. Very frequently, they do not even require a malicious, misdirecting agent, and come from either a purely accedental glitch somewhere, or because of a misinterpretation of an innocent mistake. See (among many others) the Tonkin incident and KAL 007 incident.
I am really looking forward to some cowboy "defending" himself by trashing my systems after misinterpreting his logs showing my e-mail arriving 5 minutes before his 15-years old SCSI disk array finally gave up the ghost due to an advanced old age - which will inevitably happen if laws like this one come into force.
most people understand the 'joe job' problem. I've been Joe-jobbed a couple of times. Fortunately the web service that handles domain e-mails added the ability to put the correct MX DNS info records in place to specify which servers are authorized to send e-mail for the domain, and I haven't seen it happen since.
in one joe-job case that I allegedly heard about, the alleged perps allegedly had an alleged server running in an alleged country that is well known for having compromised servers and NOT responding to alleged abuse reports because alleged mail service was filtering the abuse reports as "spam". Allegedly. And it allegedly had the usual "fake rolex" and "fake handbag" web sites on it. And it allegedly got flooded with specially crafted (not illegal) HTTP requests that shut it down for a significant amount of time (allegedly exploiting a bug in the way they were re-directing via the "probably compromised" web server), on multiple occasions, with "stop joe jobbing XXX" allegedly being PROMINENT in the logs, allegedly. Yeah, no retaliation THERE, right?
added the ability to put the correct MX DNS info records in place to specify which servers are authorized to send e-mail for the domain, and I haven't seen it happen since.
Ahh bless. You think anyone takes any notice of that? AOL certainly doesn't (yes, I've had bounces from AOL of spam that's come no-where near my systems and the originating IP isn't even in the same country as me).
In short, like most of SMTP - those domain SPF records are only any use if receiving domains check them. And a large minority don't.
"Bob announces that he will hack back against anybody who attacks him."
heh, I wouldn't announce it, just do it.
That's where the liability comes in - if you don't cover your ass and get the right target, you're as bad as the perp [and so YOU get in trouble]. Unless it becomes a ginormous free-for-all, in which case, popcorn please.
"So Mallory impersonates Alice and attacks Bob. Doesn't need to be a big or effective attack."
swap "XYZ state-sponsored attack team" for Mallory, who hacks into Alice, attacks Bob and then disappears into the night, carefully deleting logfiles which might identify them.
Then sit back and enjoy the popcorn.
Please don't judge the military by Crazy Bob's remarks any more than you should judge Americans.
You will probably have seen a lot of stuff recently on forces mental health, especially Prince Harry's involvement. Actual professionals know that whatever size of balls you have, killing is terrible for the perpetrator, though clearly not as bad as for the victim.
Perfect. I'll set my IoT borgs on the task right now. Oh, by the way, I'll spoof the headers to show it comes from the us congress.
Hey, this is a joke and is covered by the 36th amendment. Parody of absurdity is reality.
... so the Feds can make sure national boundaries are being respected...
Whose national boundaries? Are they concerned that someone in the US of A is being targeted and want to stop it, or are they really worried about the national boundaries of Burkino Faso or one of the 'stans, or the two largest countries in Asia?
I'll bet a dead dingo's donger that the Feds are only concerned about one nation's boundaries.
(No icon for a DDD, so have a beer instead.)
No one every accused Congress critters of being intelligent or ethical. In fact, it is a good assumption to assume that adding up the IQs of all the critters would result in large negative number. And it is a good assumption they have are on someone else's till as well as the US taxpayers. Party affiliation only influences whose payroll they are on.
The main issue as I see it is that most hacks are bounced via other compromised machines first. As noted on the classic movie "Hackers", you don't hack a bank from your house. ... because thats just stupid. If you allow retaliation attacks then really you're in all likelyhood just setting people off against machines owned by other "good guys". The "bad guys" are long gone.
well, if you do things properly on YOUR end, researching the hack/crack, it becomes obvious when a web site is being used as a "pure re-director". A little research may lead you to the REAL web site (or person doing the shell access cracking, whichever), especially for things _LIKE_ when the POST transactions in a fake web page reveal exactly where that is [for getting your credit card info, for example]. If your server is the re-director, then you study the logs to see where everything is going, and go from there. That kind of thing. Or if it's someone else, you can often determine where it REALLY came from through various means.
From that point, the lazy coder's or incompetent script-kiddie's ass is YOURS. Just "follow the money" (or in this case, the IP address of the server doing the credit card stuff or intrusions). Notifying the credit card companies along the way is an extra added 'bonus'.
(I would normally expect crack attempts to come in via web site requests as a vector, unless you allow ssh access for more than 1 or two obscure user names with either proper pass-PHRASES or cert-only, or both)
I know that where we are, we're legally in the clear if we mount a DDoS on networks that seek to hack our infrastructure, provided we preserve the evidence. However, the problem is that traffic is easy to fake, either at IP level if you're not concerned about return traffic, or via proxy through a hacked resource like a breached WP site, so we could end up being used to zap an innocent entity who just has rubbish security. You may consider that deserved, but that's not how we tick.
The funny thing is that if other countries implement such a measure, the US will get blasted from all over the place given how often US companies and government get breached.
The recipe is thus:
1 - re-hack OPM and install a proxy
2 - hack whitehouse.gov
3 - as bonus, maybe hack trump<anything>.com
4 - point them at each other
5 - buy popcorn and watch the show.
Where did all the smart people go? Canada?
Is the word 'cyber' dead or not? Is it terribly undignified to try to use it since maybe a generation ago? I think so. Convince me otherwise (please!) so I needn't facepalm every time I hear someone say it as though it's a meaningful, professional term. I would prefer to be wrong, and merely be reminded about how I was wrong, each time... it would be Significantly Less Horrible™
When your digital doppelganger is regularly surfing the information superhighway, and conversing with good netiquette with people in this virtual playground, it's easy to forget what's happening in meatspace. As such, who knows if words like 'cyber" still used out in the wild?
Been trying to think of an answer to the obvious question: what not-horrible term, or ordinary term with not-horrible common usage, should everyone be using instead?
Maybe techno-? (ignoring the bucket of electronic music) I couldn't think of one with roughly the same coverage. Sheeit. So what is my problem? Do I hate the word, or its use, or its abuse, or something else-- such as the way its users seem to be trying to manufacture the sound of knowing WTF they're talking about? Not sure... of course that last one would be the irritating one only because it proves to me that I CAN recognize that pattern, forces me to admit I've seen it before, and burns off any hope of using ignorance as an excuse.
Maybe that's all there was.
Might use Greasemonkey to change it to sighber or derper or whatever, something fun.
"So we can all hack the US Government back now without worrying about getting extradited?"
you have MY permission, if they're invading your computer without probable cause, and without any kind of legal approval in the UK. They should get a UK warrant first. Then it would be _legal_ in the UK to do that. Or let the UK gummint do it on the US gummint's behalf. Then it's all above-board diplomatically.
But invading your computers? bad idea. hack 'em back. [if you don't mind the legal fees associated with defending yourself, anyway, and IANAL so my legal advice is probably worthless]
I came up with an analogy to explain to the politicians why this is such a very bad idea. It goes like this...
The Las Vegas mass shooting was terrible.
Maybe everyone should be armed.
And legally permitted to shoot back in retaliation.
That way, when a crazed gunman starts firing, everyone will fire back at him.
Of course, a moment's thought shows this to be an astoundingly bad idea. Most people are very bad at handling guns. Couldn't hit the side of a barn at two paces. There will be bullets flying everywhere. Somebody is going to get hit accidentally, causing his friends to return fire at somebody who was trying to hit the crazed gunman but instead hit a spectator. His friends are going to retaliate. Pretty soon everybody is shooting at everybody else, and the crazed gunman shits himself from laughter.
That, privileged white gentlemen, is exactly how your cyber-retaliation will play out. It isn't just ineffective, it actually makes matters a lot worse.
To which the response is "I cain't see nothing wrong with arming everywun like the saycond amendmunt sayes. Freedumb!" and they pass the cyber-retaliation bill too.
"Pretty soon everybody is shooting at everybody else, and the crazed gunman shits himself from laughter."
Taking that to its ultimate conclusion, the gunman wouldn't even need a gun. Just to let off some firecrackers, stand well back and watch everyone slaughter each other.
Anyone remember the film Hopscotch?
Those two members of US Congress and many others in both House (of Representatives) and Senate are just as daft as their President to put forth such stupid, unenforceable Bill.
THE US CIA, FBI, Department of Defense, European and Asian security agencies, nor any of the top technology companies in the world cannot prove - without question and with full verification - who hacked them, how in God's name is an individual or and other entity going to bring about a legitimate counter-hack result.
The idiocy of Donald Trump is apparently rubbing off very quickly and completely onto Republican law makers.
"how in God's name is an individual or and other entity going to bring about a legitimate counter-hack result."
it's been done before [locating the perp]. An enterprising and intelligent operator of a router system did it once, back in the 90's. I can't recall his name, but he got the FBI involved because he was seeing some really unusual activity... and as it turned out, it was someone trying to crack into gummint computers, if I remember correctly.
Someone at an ISP could assist a company in doing the same thing, or if you have your own routers [that can display the right kind of info], you could do it yourself.
even WireShark can be very helpful.
auto-redirect routing to a honeypot server - even better. make it nice and sweet. download that trojan, yeah! let it phone home, and we'll see who you REALLY are! back-door THAT machine, looks for back doors already there, and keep digging until you find the perp. chances are, he's not protecting himself very well... thinking "TOR" will anonymize him. Uh, huh... and then you examine his facebook cookie, his twitter cookie, his microsoft login cookie, ...
it's been done before
The only thing I can think of remotely similar to your account, in that timeframe, was Clifford Stoll and he wrote a book about it called Cuckoo's Egg.
It was in 1986 rather than the 90s. And he was monitoring dial-up modems not routers. My increasingly-unreliable memory tells me people were tromboning dial-up systems to get to his, not using the nascent Internet. And the on-line world was a much smaller place back then. And he was lucky. And his opponents weren't too clever. Apart from all that, it's a perfect match.
Oh, and Stoll is very, very clever. Even if his youtube videos give a completely different impression (like the one where he accidentally started a fire in his kitchen).
It's not as easy as you imply to track these people down and retaliate. If only because they're using botnets so all you're likely to do is trash thousands of computers belonging to innocent people without ever hitting the person responsible (other than by diminishing the size of his botnet).
Dramatization of Stoll's story (probably uploaded in violation of copyright, so don't watch if you're squeamish about that sort of thing) here.
"In 2017, a crack commando unit was sent to prison by a military court for a hack they didn't commit. These men promptly escaped from a maximum security stockade to the Los Angeles underground. Today, still wanted by the government they survive as soldiers of fortune. If you have a problem, if no one else can help, and if you can find them....maybe you can hire The IT-Team."
...That the average US internet connection is about as fast as a crippled snail on morphine, so the actual utility of this word-embellished piece of bog roll is diminished to the point of utter uselessness anyway.
Plus most ISPs would either block it or charge you more for a premium 'Retaliation Plus' service which coincidentally is only available as an upgrade to our Platinum Service and would you kindly sign here for only $74.99 a month extra....
Should be good for laugh, US says it's OK for a US company to hacks EU computer, illegal in EU, who gets prosecuted, the dude who did it, the boss that ordered it, CEO and would they ever get extradited?
EU geezer hacks back against a US company, that wrongly hacks him, illegal in EU but justified in the US, oh but wait, US company goes crying to FBI and asks for help ... oh what a can of worms !
One of my websites was under constant attack from a networked photocopier/printer in Australia a few years ago. So what do you do..?
...You find the default login for the machine and set it to print 10,000 copies of a message that says 'This machine has been hacked and is being used to attack websites. Fix it. Change your login.' That's what you do.
Might have been 1,000 copies but it was enough to make 'em take notice. Never heard from that machine again.
It is reasonable to expect that if you hack into someone's system(s) then you must expect to be targeted back with a reasonable response.
The Lawmakers who introduced this Bill must be under the impression that all cyber criminals are bored millennials inhabiting suburban basements. They want to start an American 'civil war' in cyber space, to fix the misguided. The enemy is thy neighbor.
Meanwhile, a real cyber war has been underway for years, populated with sophisticated state actors, agents of chaos and organised crime. Vigilante counterattacks here and there will be met with either contempt, a vicious up the ante campaign or they will fuel the American cyber 'civil war' to their own advantage. My bet is on the latter.
While you are for the most part correct, you SHOULD also realize that one is
dealing with America!....and a pissed off America tends to shoot first and ask
questions later! Which means that in the REAL WORLD, said state actors,
criminal agents and even the moms-basement dwelling millennial will end up
with their basements burned and bombed out to the concrete and theirs and
their children's and/or Mom's guts and brains spilling out into the street from
a suite of Hellfire missiles fired from 50,000 feet (15000 metres)!
Try NOT to piss off an America already-pissed off even more so than it already is!
"Try NOT to piss off an America already-pissed off even more so than it already is!"
So it's a natural state of affairs that the rest of humanity must live in fear of that ignorant lout in the White House? I don't think so.
I'd happily see America descend into perpetual civil war, if that would stop Washington poking its nose into other countries' affairs.
Two things, Jake:
1. I have visited the US, and seen more places than just the tourist hot-spots. I don't claim to understand the entire country, but I have seen more than just BBC pap and clickbait webshites.
2. Our house is well and truly screwed, agreed. I wouldn't trust our government to make a success of running a public lavatory, if the Brexit farce is anything to go by. That's why I returned home last year, as Holyrood still has a fighting chance of saving Scotland from disaster.
But dysfunctional governments aside, the difference between the left and right pondians is that we don't ponce around the world thinking we own the place and we also make it difficult for people to own firearms without having a legitimate need for them. We also take a dim view of vigilantism, which this proposed legislation appears to be encouraging.
I couldn't care less what the US does internally - those are matters between US citizens and their elected government. What I do care about is that government's attitude to the rest of the globe, as the cretin in the White House is quite capable of provoking a nuclear war. And that's something everyone, including Americans in the backwoods, should be concerned about, as radioactive particles and nuclear winter don't give a toss about your border security, or anyone else's, for that matter.
"So it's a natural state of affairs that the rest of humanity must live in fear of that ignorant lout in the White House?"
The United States was founded in 1776. That's 239 years ago. During that period of time, the US has been in a formal state of war with one party or another for 222 years. That's 93% of its existence, or, if you prefer, it has been in a state of peace for 17 years of its entire life. It's longest period of "peacetime" was six years, from 1935 to 1940.
I think that speaks for itself.
[Source] : http://www.washingtonsblog.com/2015/02/america-war-93-time-222-239-years-since-1776.html
It's quite likely that this proposal is coming from "cyber" security lobby groups who know that their industry could grow tenfold if they are allowed to work the offensive side. Fat official government contracts, mercenary arrangements, and limitless commercial vigilante work. Hell, they could even play both sides. The industry is already swimming in cash, so the chance at a significant increase I'm sure justified quite large campaign donations, enough to convince these representatives to present such laughable legislation. Given the shift in american politics, playing to the ignorant in the extreme, they just might get away with it.
That featured tweet is an exaggeration:
"I never thought of it this way. It's basically the cyber version of being allowed to murder someone for entering your property."
It's more like being given a license to burgle your burglar and destroy or steal your own property in the process.
This sounds good. I've always been a fan of an eye for an eye, but the collateral damage will be horrendous: Person A burgles Person B, who suspects Person C, and burgles him...He then suspects Person D...And...See where i'm going with this?
We'll end up with the Purge...
Ok. Sorry to disappoint, this is not snarky, insulting, or full of bravado, but a real question. I am curious why those with massive data files (cough, cough, Equifax), don't have 'red dye-packs' buried in their data files. They would be buried routines that would trigger some event if they were moved from one network/operating system/whatever to another. No one would legitimately be asking for the transfer of these specific 'files' because no one would know they were there. They would only be accessed in a bulk transfer.
The triggered event could be something benign - like sending a traceable email to the data-owner, or more severe, like encrypting everything in the files (and only the data-owner has the key).
If this gives anyone any ideas for a product, I relinquish all rights. I'm tired of the creeps causing these problems.
"I am curious why those with massive data files (cough, cough, Equifax), don't have 'red dye-packs' buried in their data files. They would be buried routines that would trigger some event if they were moved from one network/operating system/whatever to another."
Data isn't generally executed. Things don't quite happen in the way it does in movies, most of the time. Although Microsoft has tried hard to make it really insecure by running all sorts of sh*t that should never be run, on the altar if being "friendly".
The government is doing a poor job of protecting the citizenry, the economy and the military against foreign hackers. ADM Mike Rogers, NSA Director, opposes hacking back by using scare terms about Pandora's Box and chaos. He wants his office to retain its monopoly on offensive cyber and hacking back. Yet the citizenry feels helpless and the people are still bleeding jobs and fortunes.
Another fear of Rogers and the bureaucracy is that allowing private industry to defend citizens and companies from hacking and pursuing offenders could show up politically constrained, conflicted- priority government efforts for their lack of accomplishments, focus and effectiveness.
I can remember not too long ago, the SOPA and PIPA bills which showed that the Government priorities were protecting music and movies over protecting Industry and personal information. It was a reenactment of the Dutch purchasing Manhattan Island for $25 worth of Trinkets. In this case, it was the Government, and the then head of the NSA, that was selling the country to the Chinese for a few DVDs. Few people, and fewer news media, called them out on it then and isn't doing so now, the sponsors of this legislation excepted.
Free enterprise and private industry can always do a better job if there is a free market. What we need is a few companies to serve as Cyber Pinkertons or similar organizations. Will it have some rough spots and will make it a little uncomfortable for government civil service cyber defense groups. Yes, it will, but it will also help make people feel less helpless and provide a layer of threat and uncertainty to private hackers. Hacking won't stop until the price of hacking exceeds the returns yielded by hacking. That isn't happening now, and it is time for a change.
thank is happen to me now have been to three hotel motel6, palace in and crossland by highway6 palace at main street now at intown hotel still going on sound coming in like music , eardroping sound from the ac and talk from the bed wall, sound from microwave and toilet vent, as the hotel about the room security say they have from the doors, but still hear the sound
Biting the hand that feeds IT © 1998–2019