![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Cyberspace (Open Topic)
Mar. 24th, 2010 06:58 pmLadies and Gentlemen, let me welcome you to the next world war: one that's going on as we speak.
No, you don't need to look outside your window; there are no bombs, or troops establishing beachheads, or four-star generals poring over a map in a hidden bunker somewhere. Or if they're poring over a map, it doesn't depict any land range. The battlefield is one that can't be visualized like that.
You see, the salvos being launched are packets of data; the generals are men and women, often sitting in their own homes, in front of their computers; and the collateral damage... is still the lives and well-beings of innocents, the same it's always been.
The threat is more distributed than any in history. It comes not from one army, as in the time of Alexander the Great, nor from multiple fronts, as in World War II, nor even the impossibility of fighting insurgents in a hostile province, like we see in Afghanistan. It is global, with pockets of activity in every major country, some sponsored by foreign powers, but many freelance.
They used to be called hackers, and they used to send viruses that would crash individual computers. Blaster was an early one, a worm that would shut down your computer after you started up, no matter what you did. But as viruses go, Blaster wasn't that successful, even though it spread widely and took many computers down for days, or even weeks.
Think about it: parasites survive and reproduce the best when they don't kill the host — when, in fact, they're not detected at all. A mosquito that can suck your blood without you noticing it is going to pass on its genes; the one you squashed because you felt the itch is not.
So viruses evolved, changing their methods of attack, their goals, their execution. They stopped being spread by email and started masquerading as Windows alerts and, ironically, anti-virus programs; they started infecting and collecting information; they started waiting for commands from a foreign source.
The last trait is the most chilling, because it changes computers infected from being simple dummy robots that can only execute a few lines of code (no matter how disastrous they are) to an army that can adapt on the fly to threats that challenge it. The biggest army in cyberspace right now isn't owned by a corporation or a government — it's called Conficker, and it has more than 7 million computers in up to 200 countries under its control. Conficker has infected government computers, hospital computers, and, of course, the computers of people like you and me.
That is the enemy — a general who is open to the highest bidder, who has millions of computers across America that he can take at a moment's notice, forming them to become a weapon that can down almost any connected system. And nowadays, there are many, many systems that are connected, from mass transit to patient records, from government resources to corporate networks.
How do we fight them? Well, our government has admittedly been slow to respond. One of the biggest problems is that the military has always been a reactive force, one that always learns to fight the enemy that it just defeated — the Maginot Line, for example, is a great example. Part of this is because the leaders and generals who are good at anticipating the enemy in one war are rarely insightful enough to see past their area of expertise. Part of this is because we never really fight the same war twice, because there are always different actors involved, different technology deployed, and different situations that arise. And part of this is because our enemy is always going to be smaller, more fluid, and thus able to respond faster than we are.
There are defenses, though. In America, organizations like the NSA, or the United States Cyber Command, are fighting against those who would seek to destroy us. But most importantly, this is a war where normal citizens, more than in any other war, will be able to lend assistance. Security researchers may come up with defenses that the government can't dream of; one teenager in his room may be able to propose an attack that would completely wipe out the enemy. In decades past, this would have been ludicrous.
But we won't all be programmers that understand the fine points of honeypots or penetration testing. As always, some of us will be civilians, and the best we can hope for is that attacks won't be successful, our sites that we visit won't go down, and our lifestyles won't be disrupted. But again, more than any civilians in wars that have come before us, we have an obligation to act.
We must secure ourselves. We must defend our computers from those that would seek to use it, and we must educate ourselves on the many forms attacks can take. We may not be able to win the war, but we must be aware enough to not unwittingly become pawns of the enemy.
Thus: learn. Learn about security, about how to keep your computer your own and not the agent of a foreign power, or unfriendly hacker, or terrorist group. Learn that there is more than just Facebook and Google out there, and learn about how connected everything really is.
Learn about how vulnerable you are, and then fix it.
No, you don't need to look outside your window; there are no bombs, or troops establishing beachheads, or four-star generals poring over a map in a hidden bunker somewhere. Or if they're poring over a map, it doesn't depict any land range. The battlefield is one that can't be visualized like that.
You see, the salvos being launched are packets of data; the generals are men and women, often sitting in their own homes, in front of their computers; and the collateral damage... is still the lives and well-beings of innocents, the same it's always been.
The threat is more distributed than any in history. It comes not from one army, as in the time of Alexander the Great, nor from multiple fronts, as in World War II, nor even the impossibility of fighting insurgents in a hostile province, like we see in Afghanistan. It is global, with pockets of activity in every major country, some sponsored by foreign powers, but many freelance.
They used to be called hackers, and they used to send viruses that would crash individual computers. Blaster was an early one, a worm that would shut down your computer after you started up, no matter what you did. But as viruses go, Blaster wasn't that successful, even though it spread widely and took many computers down for days, or even weeks.
Think about it: parasites survive and reproduce the best when they don't kill the host — when, in fact, they're not detected at all. A mosquito that can suck your blood without you noticing it is going to pass on its genes; the one you squashed because you felt the itch is not.
So viruses evolved, changing their methods of attack, their goals, their execution. They stopped being spread by email and started masquerading as Windows alerts and, ironically, anti-virus programs; they started infecting and collecting information; they started waiting for commands from a foreign source.
The last trait is the most chilling, because it changes computers infected from being simple dummy robots that can only execute a few lines of code (no matter how disastrous they are) to an army that can adapt on the fly to threats that challenge it. The biggest army in cyberspace right now isn't owned by a corporation or a government — it's called Conficker, and it has more than 7 million computers in up to 200 countries under its control. Conficker has infected government computers, hospital computers, and, of course, the computers of people like you and me.
That is the enemy — a general who is open to the highest bidder, who has millions of computers across America that he can take at a moment's notice, forming them to become a weapon that can down almost any connected system. And nowadays, there are many, many systems that are connected, from mass transit to patient records, from government resources to corporate networks.
How do we fight them? Well, our government has admittedly been slow to respond. One of the biggest problems is that the military has always been a reactive force, one that always learns to fight the enemy that it just defeated — the Maginot Line, for example, is a great example. Part of this is because the leaders and generals who are good at anticipating the enemy in one war are rarely insightful enough to see past their area of expertise. Part of this is because we never really fight the same war twice, because there are always different actors involved, different technology deployed, and different situations that arise. And part of this is because our enemy is always going to be smaller, more fluid, and thus able to respond faster than we are.
There are defenses, though. In America, organizations like the NSA, or the United States Cyber Command, are fighting against those who would seek to destroy us. But most importantly, this is a war where normal citizens, more than in any other war, will be able to lend assistance. Security researchers may come up with defenses that the government can't dream of; one teenager in his room may be able to propose an attack that would completely wipe out the enemy. In decades past, this would have been ludicrous.
But we won't all be programmers that understand the fine points of honeypots or penetration testing. As always, some of us will be civilians, and the best we can hope for is that attacks won't be successful, our sites that we visit won't go down, and our lifestyles won't be disrupted. But again, more than any civilians in wars that have come before us, we have an obligation to act.
We must secure ourselves. We must defend our computers from those that would seek to use it, and we must educate ourselves on the many forms attacks can take. We may not be able to win the war, but we must be aware enough to not unwittingly become pawns of the enemy.
Thus: learn. Learn about security, about how to keep your computer your own and not the agent of a foreign power, or unfriendly hacker, or terrorist group. Learn that there is more than just Facebook and Google out there, and learn about how connected everything really is.
Learn about how vulnerable you are, and then fix it.
