Comments on: The Coming Cyber-War

By: Todd

Todd — Sat, 10 May 2008 23:33:17 +0000

The risk of cyber warfare is real and the likelihood of a major incident is increasing. I was at a presentation by Kevin Coleman, he is one of the top cyber warfare subject matter experts in the US and he showed the data about current threats and forecasted the most likely scenarios of attacks. We are way behind and can't rely on the government to do everything.

By: May 9 News on Cyber Warfare

May 9 News on Cyber Warfare — Fri, 09 May 2008 13:09:45 +0000

[...] The Coming Cyber-War Nations around the world can no longer ignore the advanced threat that China’s cyber warfare capabilities may have today and the ones they aspire to have in … [...]

By: Michael

Michael — Thu, 08 May 2008 18:21:19 +0000

Encryption in US is more heavily regulated than guns. Encryption is actually classified as a weapon. If a company comes up with encryption software or hardware in the US they would have to turn that technology over to the U.S. Government and the government regulates it.

Yes, but if it's open-source you can make it available to anybody on the internet.

By: Wayne

Wayne — Thu, 08 May 2008 17:50:00 +0000

Yes it is often easier for a layman to hack a system using social engineering but if one has the means to break encryption at the basic level then it is much faster and easier to do so. For experts they use such things as key stroke and traffic capturing software to break in instead of just making guesses.

Encryption in US is more heavily regulated than guns. Encryption is actually classified as a weapon. If a company comes up with encryption software or hardware in the US they would have to turn that technology over to the U.S. Government and the government regulates it.
“There are no limits on what kinds of encryption people can use within the United States. But the government has used export restrictions to try to shape what encryption technology is used internationally, and by extension, what is available in the United States. Those export laws prohibit U.S. companies from selling their best technology overseas.”
http://www.washingtonpost.com/wp-srv/politics/special/encryption/stories/cr022596.htm

By: Bithead

Bithead — Thu, 08 May 2008 17:05:43 +0000

Odd thing; I don't see Iraq mentioned anywhere in there. You tell ME, Najin; who has the iraq obsession?

By: Michael

Michael — Thu, 08 May 2008 16:09:49 +0000

And had anyone noted that of late the number of virus spam coming from chinese addresses?

I don't check IP addresses of spam, because most of today's spam seems to be coming from zombies, not the spammer's own computers. Surely Chinese hackers know enough not to hack government agencies from their own computers.

We should put a bounty on bringing Chinese government sites down. It wouldn't be long before they couldn't run an electronic calculator for ten minutes before it was breached.

And what would be the point in that? Preventing the Chinese from having access to their government via the internet? I'm not sure that's going to impact anybody in any way, since they don't really have access their government in person, let alone online. It's not like any sane person makes critical infrastructure available from the internet.

they are able to get to most encryption technology and had super computers to crack any that they didn’t have.

In any security setup, breaking encryption is very rarely the easiest point of entry. Social engineering has been the hallmark of the world's greatest hacks, not technological feats.

By: Wayne

Wayne — Thu, 08 May 2008 15:48:24 +0000

Chinese and Amsterdam IP addresses seems to be the worst offenders. Although some US companies do use some of Amsterdam IPs. Not sure if this is for legal reasons or what. I recall a few years ago a little war between Asian and US Hackers with many suspecting Chinese Hackers being government sponsor.

Rumors are that the US government has stepped up its efforts but I not sure by how much. They were a little too comfortable since they are able to get to most encryption technology and had super computers to crack any that they didn’t have. However low-level attacks don’t rely on someone else’s abilities to crack their codes. It should be a great concern.

By: anjin-san

anjin-san — Thu, 08 May 2008 15:31:26 +0000

Bush's Iraq obsession has compromised national security? Thats hardly news...

By: Dave Schuler

Dave Schuler — Thu, 08 May 2008 15:22:06 +0000

Frankly, I think that we should stick to our strengths just as the Chinese are to theirs. A systematic government approach to the problem plays to their strengths, not ours.

We should put a bounty on bringing Chinese government sites down. It wouldn't be long before they couldn't run an electronic calculator for ten minutes before it was breached.

Then we could negotiate with them to end the cyber-hostilities.

By: Bithead

Bithead — Thu, 08 May 2008 14:48:00 +0000

I strongly suggest a read of Simson Garfinkel and Gene Spafford's book, Web Security, Privacy and Commerce. It's available online. It's been a while since I've read the thing, (Spaff's an old high-school buddy) but I seem to recall the book remarking how the Fulung-gong people had a number of their servers hacked into by Chinese authorities a few years back. Clearly, they're not above doing the same to anyone else. And had anyone noted that of late the number of virus spam coming from chinese addresses?