Hopefully this is suitable discussion fodder; please correct the thread if it's not. I figure this is a good discussion header to have around, since a number of current events hinge on cybersecurity topics (from Snowden and Wikileaks to the security of the Baltic states).
To kick it off, here's a brief but disturbing article from Bruce Schneier. He's been working with some major Internet companies and is seeing a disturbing trend in attacks. He believes a state actor is gathering data on cybersecurity responses from many tech companies and network infrastructure providers, and in the process acquiring the information necessary to literally take down the Internet.
Discuss.
Given the ubiquity of the internet in our daily lives, that is pretty terrifying. If the net went down today, I would not have access to most of my banking - since I'm with an online bank - or my main means of communication with my relatives and friends. Having lived in a time before the internet (hah!) I know it's easily possible, but it really is taking many, many steps back in our lives.
It really won't surprise me if it was more than one state actor that is doing this. The really scary thing is how few state actors are working on defense against these acts, they are either going with the first strike option or mutual assured destruction, thinking that they will be hurt less than their targets (which may or may not be the case).
"I love deadlines. I like the whooshing noise they make as they fly by." -- Douglas Adams
They wouldn't be mine. We know of one country, in particular, that has already deployed malware on an international scale with a specific political target, actively perpetrated attacks on specific internet infrastructure, and deliberately keeps zero-day exploits to itself in order to use them as weapons.
The True Remedy for the Fugitive Slave Bill is a good revolver, a steady hand, and a determination to shoot down any man attempting to kidnap. - Frederick Douglass
The Schneier article seems a bit like useless clickbait. 'Be afraid, the commies are coming in over the intartubes to get you!'.
He misuses the one bit of evidence he tries to provide.
This is not correct. Verisign is the registry for those TLD's. There are lots of registrar's for them, but you can't obtain a domain name through Verisign directly.
No, there isn't. Verisign 'going down' (whatever that may mean) will not cause any sort of 'black-out' of .com/.net/etc websites. He could mean that if the DNS root-servers Verisign runs go down there will be problems ... but they only run 2 out of the 13. All 13 would need to be down for awhile (something like a couple of days) before wide-spread issues would be seen. Most (maybe all at this point) of the root-servers consist of a lot of geographically diverse servers and are not particularly easy to take down (though, it has happened a couple of times before).
It is also worth noting that the report from Verisign makes no mention of attacks directly against them, and is based on data from attacks on clients of their DDoS mitigation service. While the analysis of the data is interesting, its worth noting and remembering that the report's real focus is as a marketing and sales tool.
The blog makes a point of saying that someone is probing infrastructure at a greater rate ... but the report lists such attacks as the smallest that Verisign has to deal with. There is also actually a large drop-off in attacks on 'Telecommunications and Other' in the last quarter reported, and overall in attacks on 'Public Sector' from a year prior.
Steam, Grouvee
Take two of deez nutz and call me.
Avus nethrolis
I found his article about Doxing and Disinformation to be much more interesting. Dan Carlin talked about "Muddying the Waters" of information disclosures on his recent podcast, too.
Essentially, it would be trivially easy to insert disinformation into the middle of one of these large leaks of e-mails or other internal communications. And then it becomes very hard to figure out what is or isn't true, and very easy to claim that none of it can be trusted.
I ask no favors for my sex. All I ask of our brethren is, that they will take their feet from off our necks. - Sarah Moore Grimké
Words... are a big deal.
Jill Lapore wrote:Editing is one of the great inventions of civilization.
And still no one will use GPG.
You should follow me on Mastodon: @[email protected]
You should follow me on Bluesky: @legion.bsky.social
"The golden shower threw me off." -- garion333
You can't hide secrets from the future...
The two sides to every story are true and false, not yours and theirs. Facts are not political; lies are. - Deven Green (Mrs. Betty Bowers)
All my sensitive information will be processed on an old school mechanical typewriter in a windowless room protected by a Faraday cage!
Anyone who posted in this thread is a racist.*
*Except me. - Certis
This or something like it is being done today in parts of the Intel agencies of major countries, according to various news reports. Google "intel agencies typewriters".
The two sides to every story are true and false, not yours and theirs. Facts are not political; lies are. - Deven Green (Mrs. Betty Bowers)