Schneier on Security
A blog covering security and security technology.
« UK Terrorism Arrests |
| Boston Police Consider Using Linux to be Ground for Suspicion »
April 15, 2009
How to Write a Scary Cyberterrorism Story
From Foreign Policy:
8. If you are still having trouble working the Chinese or the Russian governments into your story, why not throw in some geopolitical kerfuffle that involves a country located in between? Not only would it implicate both governments, it would also make cyberspace seem relevant to geopolitics. I suggest you settle on Kyrgyzstan, as it would also help to make a connection to the US military bases; there is no better story than having Russian and Chinese hackers oust the US from Kyrgyzstan via cyber-attacks. Bonus points for mentioning Azerbaijan and the importance of cyberwarfare to the politics of the Caspian oil; in the worst case, Kazakhstan would do as well. Never mention any connectivity statistics for the countries you are writing about: you don't want readers to start doubting that someone might be interested in launching a cyberwar on countries that couldn't care less about the Internet.
Posted on April 15, 2009 at 6:17 AM
• 29 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
That's Foreign Policy, mind you, the publication that *hopes* to be confused with Foreign Affairs.
Looks like Foreign Policy Magazine to me. "Of all places" it doesn't seem the worst one to blog about this topic. Although I can't say what demographic they cater to, not having heard of them before now.
"you don't want readers to start doubting that someone might be interested in launching a cyberwar on countries that couldn't care less about the Internet"
Yeah, that's Foreign Policy, not Foreign Affairs. FP is designed for the interested citizen whereas FA is hard-core policy wonkiness. Anyone who'd argue one is better or worse than the other would succeed mostly in just identifying their own personal preferences, as they are designed for very different audiences. That being said, FA is a much more serious publication.
Foreign Policy magazine is owned by The Washington Post.
The author of that article later observed that two days after it was written, someone followed the advice in it to the letter:
If there's no URL above due to spam filters, you'll just have to search, sorry.
That article is great! I love one part of their 1st step:
"You need to leave enough ambiguity out there for your readers to "connect the dots" themselves. This is a win-win: readers love solving important cyberspy puzzles - and you could get away without doing any analysis of your own."
The best part is the comment by "BruceMcL" at the end of the article!
evgeny morozov has a point. risk analysis is hard, and good security is based on accurate modeling of likelihood as well as the severity of incidents. however, he gets a little to tongue-in-cheek for my tastes just so he can poke fun at people who might take an overly paranoid or pessimistic view of events
"importance of cyberwarfare to the politics of the Caspian oil"
is he confusing tactics with a strategy? cyberwarfare is still more of a term of reference to using information technology within the context of wider conflict. we could ask what is the importance of automatic weapons to the politics of caspian oil? how should we rate the importance of tanks and armored vehicles relative to shipping from russia to the caspian?
"countries that couldn't care less about the Internet"
from that view perhaps these countries could not care less about many aspects of their infrastructure, but what value is such a survey? who is being asked? the people trying to develop it, or who depend on it? perhaps we also should ask if they care about any infrastructure at all? from the outside it is tempting to dismiss some countries' infrastructure as primitive and non-essential, but then (back to tactics) why would anyone bother to launch an attack. let's flesh out likelihood and severity again and not just laugh at those who might be concerned...
Step 7: Leave obvious gaps in your story and claim that you had to remove some of the best material due to cyber-bullying.
But don't you see, their lack of connectivity is what makes is so easy for the hackers! Hacking 50% of the computers in the US, Russia or China would be impossible. But Kyrgyzstan? That would be like the slow day at Best Buy's computer repair desk.
"Hacking 50% of the computers in the US, Russia or China would be impossible."
Looking at data in the Microsoft Security Intelligence Report I would say over 50% of computers in the US, Russia and China already are hacked
Japan, Finland, Sweden and Germany seem to have better defenses...or should I say hygiene?
In the author's reprise, he scoffs at: "Got it: the Obama administration cracking down on civil liberties, of all things?".
There is no increase in the size of government that does not have a corresponding decrease in civil liberties (maybe not linear, but still correlated).
Quote: "If you are still having trouble working the Chinese or the Russian governments into your story, why not throw in some geopolitical kerfuffle that involves a country located in between?"
What about Mongolia? Oh wait, that would not make a good setting for cyberterrorism...
Yup a deadline is a deadline and some writers need the "outline" help.
Now here's a thought,
Do you remember that "scientific report writing" software?
The one where it generated a report that (suposadly) nearly got into a journal...
Well how about putting this rule set in with appropriatr choice phrases from "existing" reports.
Then set it free so it randomly posts it's stories where ever it can ;)
I'd agree that FP is now positioning itself as an international affairs mag for the interested citizen, but this rag was part of the problem during the neocon ramp up to war in Iraq, editors always seemed to agree with the administration positions. Like the UN and the Coalition of the Willing, "we don't need your stupid Council on Foreign Relations, we'll just make our own".
It's forever tainted in my eyes. 'Course, you're welcome to read it. Maybe under Newsweek, it's changed editorial hands.
Scary cyberterrorism story:
Disaster is upon the USA and cyberterrorism is the least of our worries.
Cyberterrorism, it is just a distraction.
Copyright law is a greater threat to computing than any cyberterrorism.
Computers will not destroy the earth, people will.
Complaining about computers will solve PEOPLE problems.
Criminal enterprises will laugh at cyberterrorism, and say:
Caught you in a bit of legal quagmire, eh?
It's a good piece, but it turns out that there *has* been cyberwar in Kyrgyzstan. A few years ago I was working a DDoS against a technology-related website located in the United States, and after capturing control of the IRC C&C, we found that the botnet was attacking not only the technology site, but some Kyrgyz political sites as well.
There was no conceivable connection between the two sites, so we reasoned that this must be a bot-for-hire, and just happened to stumble on another "work order".
Then we wondered: Kyrgyzstan barely has running water, why would anybody care about them? Turns out there was an election going on, and somebody apparently wanted to have their say.
I see this post as a reply to http://www.eweek.com/c/a/Security/... ...
Russian and Chinese spies?! Oh comeone, how do they know they're russian or chinese? There are open proxies, someone could be using an owned box etc. Such an attack is probably practically untrackable... This is damn american propaganda...
When a cyber security czar is selected and all your security is controlled by NSA they'll say something like "For your security and for the security of your children" all your boxes are belong to US(A)...
look whats in the UK Guardian today:
In China and Russia, this cyberforce is reckoned to be becoming more powerful - and more destructive. Dissident Russian nationalists have also been blamed for the Estonia attacks, while similar groups are appearing in other countries around the globe as internet connectivity spreads. Armed with technical know-how and a passionate cause, these ad hoc groups of individuals would seem increasingly important in the way these conflicts are playing out.
no mention of Kyrgyzstan though.
"There is no increase in the size of government that does not have a corresponding decrease in civil liberties (maybe not linear, but still correlated)."
So if a government created a "department of protecting civil liberties against other government agencies", that would decrease civil liberties?
The deniability of a cyber attack due to the use of proxies and owned boxes is one of the attractive things about this kinda warfare.
Supposedly the CIA had bad code implanted into a Russian pipeline control system. It blew up. Did they? Didn't they? Can you prove it?
This is especially true if you want to play a round of "Let's you and him fight!"
@bob Correlation != causation
Don't forget that Kurgan, the enemy of the highlander is from there.
Very interesting read. not sure I agree with it entirely but excellent article.
I love reading anything related to this subject. it's a very interesting and "grey" subject area.
Reminds me of a quick anecdote from my wife.
She has, God bless them, several relatives who are very susceptible to conspiracy theories and who seem to attract towards stories/articles/email-chains ripe with pathos fallacies.
Lately (especially during the recent US election) the stories/articles/email-chains were getting more and more biased and sometimes outright offensive. After a link to a particularly offensive news article, she attempted to point people in the right direction so they can recognize the bias. She emailed everyone who often sends her these emails the following link:
... with simply an invitation to consider reading that article critically and not just respond emotionally.
That wikihow article doesn't mention left-right, liberal-conservative, or other political groupings and lists what she (and I) believe are basic critical thinking skills.
The response she got back ranged from accusations of being too liberal to being called crazy. She (and I) were appalled that an appeal for people to stop and think for a moment about what was being said caused such an aggressive reaction.
Needless to say, she doesn't get those emails anymore--which is what she wanted in the first place.
> I suggest you settle on Kyrgyzstan,
> as it would also help to make a connection
> to the US military bases; there is no better
> story than having Russian and Chinese hackers
> oust the US from Kyrgyzstan
Wrong. A better story would mention Kashyyykstan.
Actually Kazahstan have a highest IT growth in the region, so within few years it may be a very strong player - they have oil and use money to build infrastructure.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.