nanog mailing list archives
Re: Anyone see a game changer here?
From: Gadi Evron <ge () linuxbox org>
Date: Fri, 22 Jan 2010 05:52:11 +0200
On 1/15/10 5:52 PM, Steven Bellovin wrote:
The "difference" this week is motive. In the 1980s-1990s, we had joy-hacking. In the 2000s, we had profit-motivated hacking by criminals. We now have (and have had for a few years) what appears to be nation-state hacking. The differences are in targets and resources available to the attacker.
Following up -- I just wrote a blog on the subject called "the fog of cyberwar": http://darkreading.com/blog/archives/2010/01/fog_of_cyberwar.html In short:While we are all talking of Google's morals and US/China diplomacy, there are some questions that mostly remain unasked:
1. Did Google hack a Taiwanese server to investigate the breach? If so, good for them. Our ethics need to catch up to our morals, as we usually wake up to a new world others created for us, a few years too late. But, for now, it's still illegal so some details would be nice.
As you know, I have been calling for more than "get slapped, write analysis" response to cyber crime for a long time, but we need to be careful not to start an offensive the Internet can't win (criminals willing to play scorched Earth--we're not, and our legal/ethical limitations).
2. Is Microsoft, while usually timely and responsible, completely irresponsible in wanting to patch this only in February? While they patched it sooner (which couldn't have been easy), their over-all policy is very disturbing and in my opinion calls for IE to not be used anymore.
3. Why are people treating targeted attacks as a new threat model? Their threat models are just old. This we discussed here.
Oh yeah, and this is espionage, not cyber war. Computers are just new tools/weapons for an old motive. Espionage unlike cyber crime and cyber war is well established in law and diplomacy both. Security experts should not spread fear, and they definitely shouldn't be the ones people look to for answers on this.
Thoughts? Gadi. -- Gadi Evron, ge () linuxbox org. Blog: http://gevron.livejournal.com/
Current thread:
- Re: Anyone see a game changer here?, (continued)
- Re: Anyone see a game changer here? Steven Bellovin (Jan 15)
- Re: Anyone see a game changer here? Jorge Amodio (Jan 15)
- Re: Anyone see a game changer here? Gadi Evron (Jan 15)
- Re: Anyone see a game changer here? Fred Baker (Jan 15)
- Re: Anyone see a game changer here? Gadi Evron (Jan 15)
- Re: Anyone see a game changer here? Bruce Williams (Jan 15)
- Re: Anyone see a game changer here? Fred Baker (Jan 15)
- Re: Anyone see a game changer here? tvest (Jan 15)
- Re: Anyone see a game changer here? Fred Baker (Jan 15)
- RE: Anyone see a game changer here? Warren Bailey (Jan 15)
- Re: Anyone see a game changer here? Gadi Evron (Jan 21)
- Re: Anyone see a game changer here? James Hess (Jan 21)
- Re: Anyone see a game changer here? Bruce Williams (Jan 21)
- Re: Anyone see a game changer here? Steven Bellovin (Jan 22)
- Re: Anyone see a game changer here? William Pitcock (Jan 22)
- Re: Anyone see a game changer here? Brielle Bruns (Jan 22)
- Re: Anyone see a game changer here? Steven Bellovin (Jan 22)
- Re: Anyone see a game changer here? Gadi Evron (Jan 22)
- Re: Anyone see a game changer here? gordon b slater (Jan 21)
- Re: Anyone see a game changer here? Valdis . Kletnieks (Jan 22)
- Re: Anyone see a game changer here? Damian Menscher (Jan 23)