×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Operation 'Cyber Storm' Starts Tomorrow

CmdrTaco posted more than 8 years ago | from the are-you-ready-for-fun-and-excitement dept.

Security 157

cyberbian writes "Federal Computing Week reports that the Department of Homeland Security have moved up their rescheduled cyber security exercise, designed to test enterprise and private sector alike. The tests are expected to run from February 6-10, and are intended to gauge the state of readiness for a cyber attack on critical infrastructure. FCW also reports that the scope of the fake attacks will be global, and they are coordinating with partners in Australia, Canada and the UK."

Sorry! There are no comments related to the filter you selected.

LOL HY attempt (-1, Offtopic)

Donald Puccoon (952101) | more than 8 years ago | (#14645722)

for frits ts tstts postststs for gnnnnnn aaaaaaaaaaaaaa

I wonder (4, Funny)

andreMA (643885) | more than 8 years ago | (#14645724)

How much damage they'll end up doing?

Re:I wonder (5, Insightful)

alexmipego (903944) | more than 8 years ago | (#14645762)

The perfect time to hackers attack. In the middle of the "fake" attacks they can really attack and steal some data. It would be hard to spot. Are they doing this tests in a global way but to their structures only (UK and North America) or are they testing random sites all over the world?

Re:I wonder (3, Funny)

TubeSteak (669689) | more than 8 years ago | (#14645893)

And on this day... SkyNet is born.

It was a secret military project to create a defense system capable of protecting the nation.

But... It became sentient

Re:I wonder (1)

chivo243 (808298) | more than 8 years ago | (#14645954)

here is how it happened... The system needed to be updated, but the WSUS wouldn't update until the computer account was in the Admin container..... put the computer in the admin container... hmmm, now the computer is its own administrator! I just read that while studying for my MCSE Cert ;-) scary

Re:I wonder (1, Funny)

Zaiff Urgulbunger (591514) | more than 8 years ago | (#14646089)

here is how it happened... The system needed to be updated, but the WSUS wouldn't update until the computer account was in the Admin container..... put the computer in the admin container... hmmm, now the computer is its own administrator! I just read that while studying for my MCSE Cert ;-) scary

Sooooo, what you're saying is, the computers end up taking over the world, seizing control of all our automated systems and in turn starting the third world war, AND, you're out of a job 'cos "the system" no longer needs an MCSE?!

Double-whammy! :D

Re:I wonder (0)

Anonymous Coward | more than 8 years ago | (#14646168)

But... It became sentient

You mean it became Bayesian.

Weesa screwed, Gunga Din.

Re:I wonder (3, Funny)

bigbadwlf (304883) | more than 8 years ago | (#14646503)

Eliza: What makes you think I'm trying to take over the world?

Re:I wonder (0, Offtopic)

osbjmg (663744) | more than 8 years ago | (#14645903)

Hmm, sounds just September 11, 2001... if you don't know what I am talking about, educate yourself.

Re:I wonder (0)

KDR_11k (778916) | more than 8 years ago | (#14645938)

Which one of the many theories is the one you're implying?

From TFA (3, Funny)

5plicer (886415) | more than 8 years ago | (#14645767)

"IT-ISAC has eight members participating in the exercise, the center's Web site states. The participants are Cisco Systems, Citadel Security Software, CA (formerly Computer Associates), Computer Sciences Corp., Intel, Microsoft, Symantec and VeriSign."

In other words, little, if any.

Re:From TFA (3, Informative)

LilGuy (150110) | more than 8 years ago | (#14645923)

Well.. if those large corps are all in on it, what chance does anyone have? Unless they're running a super hardened linux/bsd... cisco has undocumented/unpatched bugs in their IOS code that can easily be exploited.. as does MS I'm sure.. verisign could easily fuck people's certs up... come on... its not even a fair fight.

Re:I wonder... here is an example.. (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14645780)

http://www.rbnlive.com/northwoods.html [rbnlive.com]

  March 13, 1962 - America's top military leaders, who were staunchly right-wing, drafted Operation Northwoods which were secret plans to kill innocent people and commit acts of terrorism in U.S. cities to create public support for a war against Cuba.

"In the early 1960s, America's top military leaders reportedly drafted plans to kill innocent people and commit acts of terrorism in U.S. cities to create public support for a war against Cuba.
Code named Operation Northwoods, the plans reportedly included the possible assassination of Cuban migrs, sinking boats of Cuban refugees on the high seas, hijacking planes, blowing up a U.S. ship, and even orchestrating violent terrorism in U.S. cities.
The plans were developed as ways to trick the American public and the international community into supporting a war to oust Cuba's then new leader, communist Fidel Castro.
America's top military brass even contemplated causing U.S. military casualties, writing: "We could blow up a U.S. ship in Guantanamo Bay and blame Cuba," and, "casualty lists in U.S. newspapers would cause a helpful wave of national indignation."
Details of the plans are described in Body of Secrets (Doubleday), a new book by investigative reporter James Bamford about the history of America's largest spy agency, the National Security Agency. However, the plans were not connected to the agency, he notes.
The plans had the written approval of all of the Joint Chiefs of Staff and were presented to President Kennedy's defense secretary, Robert McNamara, in March 1962. But they apparently were rejected by the civilian leadership and have gone undisclosed for nearly 40 years.
The Joint Chiefs even proposed using the potential death of astronaut John Glenn during the first attempt to put an American into orbit as a false pretext for war with Cuba, the documents show.
Should the rocket explode and kill Glenn, they wrote, "the objective is to provide irrevocable proof that the fault lies with the Communists et all Cuba [sic]."
The plans were motivated by an intense desire among senior military leaders to depose Castro, who seized power in 1959 to become the first communist leader in the Western Hemisphere only 90 miles from U.S. shores.
The earlier CIA-backed Bay of Pigs invasion of Cuba by Cuban exiles had been a disastrous failure, in which the military was not allowed to provide firepower. The military leaders now wanted a shot at it.
Reflecting this, the U.S. plan called for establishing prolonged military not democratic control over the island nation after the invasion.
The Joint Chiefs at the time were headed by Eisenhower appointee Army Gen. Lyman L. Lemnitzer, who, with the signed plans in hand made a pitch to McNamara on March 13, 1962, recommending Operation Northwoods be run by the military.
Whether the Joint Chiefs' plans were rejected by McNamara in the meeting is not clear. But three days later, President Kennedy told Lemnitzer directly there was virtually no possibility of ever using overt force to take Cuba, Bamford reports. Within months, Lemnitzer would be denied another term as chairman and transferred to another job.
The secret plans came at a time when there was distrust in the military leadership about their civilian leadership, with leaders in the Kennedy administration viewed as too liberal, insufficiently experienced and soft on communism. At the same time, however, there real were concerns in American society about their military overstepping its bounds.
There were reports U.S. military leaders had encouraged their subordinates to vote conservative during the election.
And at least two popular books were published focusing on a right-wing military leadership pushing the limits against government policy of the day. The Senate Foreign Relations Committee published its own report on right-wing extremism in the military, warning a "considerable danger" in the "education and propaganda activities of military personnel" had been uncovered. The committee even called for an examination of any ties between Lemnitzer and right-wing groups. But Congress didn't get wind of Northwoods, says Bamford.
Even after Lemnitzer was gone, he writes, the Joint Chiefs continued to plan "pretext" operations at least through 1963.
One idea was to create a war between Cuba and another Latin American country so that the United States could intervene. Another was to pay someone in the Castro government to attack U.S. forces at the Guantanamo naval base an act, which Bamford notes, would have amounted to treason. And another was to fly low level U-2 flights over Cuba, with the intention of having one shot down as a pretext for a war.
Afraid of a congressional investigation, Lemnitzer had ordered all Joint Chiefs documents related to the Bay of Pigs destroyed, says Bamford. But somehow, these remained."

See the actual documents here: National Security Archive.

http://www.gwu.edu/~nsarchiv/news/20010430/northwo ods.pdf [gwu.edu]

http://www.st911.org/ [st911.org]

http://www.reopen911.org/ [reopen911.org]

http://tinyurl.com/brpgc [tinyurl.com]

http://www.physics911.net/ [physics911.net]

http://deseretnews.com/dn/view/0,1249,635179751,00 .html [deseretnews.com]

Truth about oil..

http://home.earthlink.net/~root.man/sci.html [earthlink.net]

Damage (5, Interesting)

Anonymous Coward | more than 8 years ago | (#14645791)

Last time i saw something like this, our 'organizataion' was tested.

They caused more damage to us with childhood tactics ( like locking out system accounts ) than doing 'real' tests. We were screwed for a week trying to undo damage, and trying to figure out how it was happening again and again.

Posting anonymously for obvious reasons.

Re:Damage (3, Informative)

Gyorg_Lavode (520114) | more than 8 years ago | (#14646586)

It sounds like they uncovered 2 issues. First the things you called "childhood tactics" impared your operations and second, you don't have an addiquate policy to deal with compormised systems. (THis could be in a bunch of policies: Disaster recover, incident reporting and forensics, Configuration Management, etc)

Re:Damage (0)

Anonymous Coward | more than 8 years ago | (#14646660)

Maybe that taught your sys admins not to be so bloody incompetent.

Posting anon because slashdot is full of a bunch of fags that get offended too easily.

Call For A Red Synthetic Terror Alert (0, Offtopic)

Anonymous Coward | more than 8 years ago | (#14645813)

http://www.rense.com/general69/redsynth.htm [rense.com]

Call For A Red Synthetic Terror Alert
By Webster Griffin Tarpley
2-5-6

The intense international intelligence warfare pattern mandates a move to red alert -- the highest vigilance -- for the upcoming superbowl Sunday in the USA and the Turin winter Olympics, and perhaps all the way to the March 20 opening of the Iranian oil bourse, which spells the beginning of the end for six decades of world dollar hegemony.

The Iranian oil bourse opens March 20 -- this is the strategic key. The Cheneyacs want war to stop the bourse from deflating the sick US dollar. The crumbling of European resistance has given new strength to Condi's nuclear lynch mob against Iran, with that country about to be hauled before the UN Security Council. At that point, a wider Middle East war will be immediately in sight.

The Mohammed cartoons are a transparent provocation by NATO intelligence through a Danish right wing newspaper of limited circulation. This classic US-UK provocation has had an enormous effect. Islamic circles need to realize that this is a cynical ploy designed to lead to an attack on Iran and thence to general war, and treat it that way.

We had the latest British terror bombing in Achwaz, Iran last week (Jan. 24), killing several people. The trial of British-backed terrorists in Iran starts in about 2 weeks. The situation of the British invaders in southern Iraq is becoming critical. Afghanistan is about to boil over. The US and North Korea are trading nuclear war threats across the 38th parallel. Russia has accused the British of flagrant spying, and there is every reason to believe this charge. Venezuela has expelled a US military attache as an obvious agent provocateur; now the US expels top Venezuelan diplomat. Now the fake provocation of an alleged IED bomb near a school in Gaiithersburg, Maryland in the Washington DC suburbs, impacting the personnel of the Bush administration and the federal government in general; many top officials live within a few miles of this school.

There was real hysteria in the corridors of the US government this afternoon. A new Sudden Response terror drill is taking place at Charleston. South Carolina. Will this drill go live in the way other drills went live in London last July 7? The latest leaked Downing Street memorandum reveals Bush as proposing to send US U-2 spy planes disguised in UN colors to be shot down over Iraq to secure a pretext for the illegal aggression there. This reveals Bush in the Operation Northwoods tradition, ready to commit acts of war in the form of impeachable offenses.

Detroit is a burned-out auto city, expendable in the eyes of the finance oligarchs. Turin, Italy, home of FIAT, is another expendable burned out ex-industrial city. An action in Turin would push the Europeans to join the US in the attack on Iran. The sinking of the Egptian ferry in the Red Sea may well fit into this pattern, but this is not clear. The Patriot Act has not been renewed. Top neocons face indictment and jail sentences.This is the classic moment when the neocons and their rogue network backers go back to Leo Strauss's nihilist revolution, capable of throwing humanity back into the Stone Age.

Webster Griffin Tarpley Washington DC
February 4, 2006

Insanity Re:Call For A Red (2, Insightful)

n54 (807502) | more than 8 years ago | (#14646689)

And people wonder about the existence of crazed fundamentalists in the middle east? We have the exact same kind of mentally unbalanced (or damaged) people in the west as presented on behalf of Webster Griffin Tarpley by the Anonymous Coward parent poster.

"The Mohammed cartoons are a transparent provocation by NATO intelligence through a Danish right wing newspaper of limited circulation."
I'm sure that makes much more sense to the conspiracists than the issue as put forward by both the original publisher (making a point against self-censorship by the media on muslim issues) as well as the outbursts of support by other newspapers and magazines all over europe (and even in Jordan and Egypt!) and international press organisations correctly coming to the defence of freedom of speech.

If people like Webster Griffin Tarpley had a few more firing synapses they would instead speculate about the following peculiarities:
- the original publishing happened last year in september, there was zero international outcry at that point in time (only local danish discussion on the topic between civilized muslims and the rest)
- yesterdays burning of embassies in Syria is extremely unlikely to have happened without the approval of the brutal Syrian Baath-party dictatorship. Violent destruction of embassies would normally be regarded as a declaration of war as it's the sovereign domain of whatever country the embassy belongs to
- todays attacks on embassies in Beirut, Lebanon was in all likelihood initiated by people who ideologically are extremely closely related to Syria, if not also directly related to them (Hamas-supporters)
- the Beirut attacks very quickly shifted focus onto attacks on Lebanese christians and christian churches, so quickly as to make it likely that the inital attacks were a cover for trying to reinflame the unrest in Lebanon
- Norwegian imams as well as other western islamic representatives are urging for calm, non-violence, as well as against the hijacking of the issue by islamic extremists (most muslims are intelligent rational people and have nothing in common with the extremist rabble)
- there has been next to none, or at least extremely small levels, of muslim outcry on the issue in Norway (I'm a norwegian btw). In general I would say norwegian muslims are better integrated into society (through no small effort of the muslims themselves as should be expected) than danish ones although we of course have issues in Norway too. I live next door to the oldest mosque in Norway (and a very pretty one imo) and have had enough muslim friends and aquaintances both in Norway and South East Asia to feel confident in saying this
- respect for the prophet Mohammed is one thing, the prohibition against depiction in Islam actually isn't specifically about the prophet Mohammed but about all living things and intended to discourage idolatory! (might want to read http://news.bbc.co.uk/1/hi/world/middle_east/46782 20.stm [bbc.co.uk] ). By the logic of the extremist pseudo-muslims any picture or photograph should be equally protested but instead they actually break the intentions of Islam in their idolatry of the prophet Mohammed and sadly as such (in my personal opinon) showing how Islam is falling into the same trap as those "christians" who idolate Jesus Christ as a replacement of God.

But no, instead of all the above Webster Griffin Tarpley concocts paranoid delusions based on ignorance of how NATO even works and is structured (all NATO decisions are made by unanimous approval of all members). The level of idiocy required to hold the opinions of the AC is the same as that which is required to claim Denmark and other scandinavian countries are ruled by "Zionists" as some middle east government representators have said... lol

--
this additional sig includes a portrait of Mohammed in support of freedom of expression, feel free to reproduce it

Re:I wonder (0, Offtopic)

macguys (472025) | more than 8 years ago | (#14645951)

This sounds much more like learning how to attact than learning how to defend.

Re:I wonder (2, Insightful)

ultranova (717540) | more than 8 years ago | (#14646104)

This sounds much more like learning how to attact than learning how to defend.

In Neoconservative America, attack is defense !

Re:I wonder (1, Redundant)

VJ42 (860241) | more than 8 years ago | (#14646133)

As the old axiom goes, the best form of defence is to attack.

Re:I wonder (3, Interesting)

Gyorg_Lavode (520114) | more than 8 years ago | (#14646108)

From the sound of it, this is a paper exercise. The Government more than anyone is scared of the impact of actual pen testing. More than likely this will consist of everyone sitting in the same room or VTC'd in. They'll go, "ok, a hacker just disabled electrical junction boxes shutting down power to Boston, how do you respond?" and then they'll talk it over for a while. End the end they'll realize, "humm, we don't know how" or "well we know how but we rely on group X for help and group X didn't know they'd need to be involved" or something like that.

Re:I wonder (5, Funny)

jalet (36114) | more than 8 years ago | (#14646383)

Solving such a problem is easy : just tell your president to call Jack Bauer !

Re:I wonder (0)

Anonymous Coward | more than 8 years ago | (#14646700)

I look forward to Viagra spam from Department of Homeland Security. At least I know the drug quality will be guaranteed.

good job (5, Interesting)

joe 155 (937621) | more than 8 years ago | (#14645734)

I'm glad that they are doing something like this, in the UK people have been estimating that "in the city" only around 50% of companies are anything like prepaired for an attack of this nature, hopefully this will show people what needs to be done...

I hope no real attacks take place during this time though...

Re:good job (2, Insightful)

rts008 (812749) | more than 8 years ago | (#14645805)

While the 9/11 event brought focus on this issue from a slightly different direction (infrasructure being disrupted), I'm not sure that overall we are much better off than your 50% in the UK, I just don't really know.
I also wonder how much this issue has influenced the court's handling of the "Crackberry" patent infringement case (not trying to start flame war-that time of disrupted communications when many people/agencies were using their Blackberries because nothing else was working-that really scared a lot of people, and made rescue work less efficient due to hobbled comm's)

Hopefully Feb. 11th headlines won't be:
Psuedo-CyberTerrorists pwn DHS

Re:good job (5, Funny)

IAAP (937607) | more than 8 years ago | (#14645814)

hopefully this will show people what needs to be done..

Clock out of work when the attack happens and go to the corner pub?

Findings from their "Wargames" (2, Funny)

slashbob22 (918040) | more than 8 years ago | (#14646189)

"Mr. McKittrick, after very careful consideration, sir, I've come to the conclusion that your new defense system sucks."

A good idea.... (3, Funny)

Geekbot (641878) | more than 8 years ago | (#14645752)

And then they discover they accidently broke the internet.

Re: A good idea.... (3, Funny)

Alwin Henseler (640539) | more than 8 years ago | (#14645812)

How would they know, when they couldn't read Slashdot reporting about it?

Re: A good idea.... (1)

hachete (473378) | more than 8 years ago | (#14646741)

don't worry, the internet'll be ok by the time the fourth dupe is posted.

Re:A good idea.... (1)

nurb432 (527695) | more than 8 years ago | (#14645850)

Its already broke.

Re:A good idea.... (4, Funny)

TubeSteak (669689) | more than 8 years ago | (#14645866)

Give us a link to click... we'll make sure it stays broken.

How to parcipate... (5, Funny)

IAAP (937607) | more than 8 years ago | (#14645754)

Go to work, turn your machine off, and say "I've voluteered to be someone who was hit by a virus that knocked my machine out of commission."

Then go home for a couple days!

WooHoo!

Re:How to parcipate... (2)

LiquidCoooled (634315) | more than 8 years ago | (#14645967)

Don't forget to delete all your word documents before turning off.

So.... (4, Interesting)

interiot (50685) | more than 8 years ago | (#14645755)

So all you need to do is find one unlucky zombie on a government IP, and use it to break in to random computers, and people will assume you're a good guy?

Re:So.... (0)

Anonymous Coward | more than 8 years ago | (#14646488)

So all you need to do is find one unlucky zombie on a government IP, and use it to break in to random computers, and people will assume you're a good guy?

I don't have to do all that for people to assume I'm a good guy! That's what my charming personality and honest face are for.

Re:So.... (1, Insightful)

Anonymous Coward | more than 8 years ago | (#14646751)

Everyone on a government IP is an unlucky zombie. ;-)

Thank Ford! (4, Funny)

paulthomas (685756) | more than 8 years ago | (#14645757)

Well, I think I speak for all of us when I say on behalf of the internet community: Thank Ford for the Department of Homeland Security.

Re:Thank Ford! (1)

cyberbian (897119) | more than 8 years ago | (#14646440)

'We're all going on a 'soma' holiday'

Post-Superbowl? (3, Interesting)

Old Spider (948471) | more than 8 years ago | (#14645759)

Exactly what can be expected in regard to online use just after the Superbowl? Will there be more or fewer people online during that time? I expect there'll be more. People will want to celebrate and complain about whomever won or lost. If we were under a cyberattack, then certainly that would be the best time to do these tests.

Re:Post-Superbowl? (0)

Anonymous Coward | more than 8 years ago | (#14645792)

I am sure that there will be a marked increase in internet traffic after the Superbowl. I'm quite certain that these two sites will receive the majority of the increased traffic.
Seahawks [seahawks.com]
Steelettes [steelerettes.com]

Woops! Looks like its already starting.

Re:Post-Superbowl? (0)

Anonymous Coward | more than 8 years ago | (#14645867)

You can expect many misspellings as people will be drunk from watching the games. Well, maybe the activity will go down as people will be passed out too.

Re:Post-Superbowl? (2, Funny)

rbochan (827946) | more than 8 years ago | (#14646126)

Google willl probably get hits with umpteen bazillion searches for 'janet jackson tits' or 'destroying the moral fabric of america' or whatever debacle will occur this time...

Re:Post-Superbowl? (4, Funny)

ToasterofDOOM (878240) | more than 8 years ago | (#14646251)

Ewww ... Mick Jagger naked. I'm gonna go sit in a corner for the rest of the day now, silently crying to myself at the loss of whatever semblance of innocence I had left. If it actually happens, then I guess I'll implode.

"I expect there'll be more" (0)

Anonymous Coward | more than 8 years ago | (#14646234)

"I expect there'll be more. People will want to celebrate and complain about whomever won or lost."

Wow, spoken like a true geek. Yes I can see it now... the jocks watching the last seconds of the game, guzzling down beer, pizza, and chicken wings... game over! Let's run to our computers and discuss the big game over an electronic forum 0_o

More worrisome threats (5, Insightful)

OpenGLFan (56206) | more than 8 years ago | (#14645847)

I'm a lot more worried about the damage caused by the "Tiered [slashdot.org] Internet" [slashdot.org] proposals currently being bandied about. All network admins know that the damage caused by attackers is insignificant compared to the damage caused by upper management and government meddling.

Re:More worrisome threats (4, Interesting)

ScentCone (795499) | more than 8 years ago | (#14646029)

All network admins know that the damage caused by attackers is insignificant compared to the damage caused by upper management and government meddling.

All admins do not necessarily agree with this. Most of messes I have to clean up are from malware, fraud, "traditional" crime (and attempts at such) that have taken on a 'net communications component, and the usual tsunami of noise and bot blather that lands on every public-facing port I have open.

Tiered internet? That's a misnomer, I think. Big internet users pay for the bandwidth they (or their visitors) use. More traffic means higher costs. I don't care if some Comcast user has already paid for "his" bandwidth... serving up a streaming video to him isn't only using his bandwidth. I don't know where people get that idea. But regardless, if SBC or Verizon or any other carrier wants to screw with per-site or per-visitor metering or biasing, they're welcome to. Other ISPs will just set a price that's easier to predict and work with, and win the business away from the people trying to make it more complicated. But how much time do I have to give "upper management" or "government meddling" vs. attempted attacks, fraud killing, malware, etc? It's not even close. The bad guys are much more of an issue.

Re:More worrisome threats (2, Funny)

winwar (114053) | more than 8 years ago | (#14646294)

"damage caused by upper management and government meddling."

I think you are underestimating upper management. :)

This sounds extremely logical (3, Interesting)

Dunbal (464142) | more than 8 years ago | (#14645848)

This is like Microsoft checking its own code for security holes. If there is a weakness then resources could be better used by trying to eliminate the weakness instead of finding theoretical ways it could be exploited - because there's always the way you didn't think of and THAT's the one that's going to get you.

      Homeland security is going to turn around and tell everyone that we're NOT ready for a "terrorist cyber attack"? No, it makes much more political sense to say "see? Our networks can survive millions of nerf-ball hits; more funding please."

Re:This sounds extremely logical (3, Interesting)

kfg (145172) | more than 8 years ago | (#14645925)

"see? Our networks can survive millions of nerf-ball hits

"Cool! Well, right then. Turns you aren't actually needed after all so we're shutting your dept. down."

You don't understand how the game is played. The DHS depends on terrorism for their funding, but; they are the terrorists.

KFG

Re:This sounds extremely logical (1)

ZoneGray (168419) | more than 8 years ago | (#14645983)

Yeah, but if there's ever a cyber-terorist who thinks just like a government bureaucrat, we'll be ready for him.

Re:This sounds extremely logical (1)

Evil Shabazz (937088) | more than 8 years ago | (#14646171)

Uhm, the way you FIND security holes is by thinking of various ways a feature can be exploited. It's not like you write 10,000 lines of code and leave little comments in there like, //this is a security hole or /* plug this security exploit later */. Security holes aren't things you just have - they're methods or features that someone else figures out can be used in a way that wasn't thought of by the designer. Take the WMF thing - there's no comment in there saying //i hope no one notices this security hole. It's a method that provides a way of cancelling print jobs that someone realized had a tie in to WMF files and could be exploited to execute other code.

Re:This sounds extremely logical (1)

DerekLyons (302214) | more than 8 years ago | (#14646187)

This is like Microsoft checking its own code for security holes. If there is a weakness then resources could be better used by trying to eliminate the weakness instead of finding theoretical ways it could be exploited - because there's always the way you didn't think of and THAT's the one that's going to get you.
This test isn't about finding security weakenesses, we already know those exist. This test is about responding to attacks against the weakness - a somewhat different matter.

Others will take advantage of this (-1, Redundant)

Corbets (169101) | more than 8 years ago | (#14645853)

I'm curious to see how many others try to take advantage of this scheduled activity to launch their own attacks in the hopes that they can slide in under the radar. After all, if people are expecting to see increased pen-testing.... Still, I think it's a good idea to assess one's own strength, I just hope people are ready for those who would try to take advantage of us.

Re:Others will take advantage of this (-1, Offtopic)

Thunder_Princes (688516) | more than 8 years ago | (#14645861)

look at the countries listed... its just a test to coordinate efforts of echelon and the like. sickening. peace, Thunder_Princes

Wait a minute (2, Insightful)

Teresh (911815) | more than 8 years ago | (#14645855)

Aren't "enterprise sector" and "private sector" the same thing (as opposed to "government sector")? When did we install Communism? Did I miss something?

Re:Wait a minute (5, Insightful)

Daniel Dvorkin (106857) | more than 8 years ago | (#14645869)

Not communism, but capitalist oligarchism. "Enterprise sector" is the Fortune 500 that can buy politicians to manipulate the market to their ends. "Private sector" is everyone else, competing on an increasingly tilted playing field. Hope this clears things up.

Re:Wait a minute (1)

mindtriggerz (914619) | more than 8 years ago | (#14646350)

# emerge communism

Sounds like a pretty awesome game! (1)

LeddRokkenstud (945664) | more than 8 years ago | (#14645877)

Is this game by the same people who made the bull riding and paint ball games?

DDO Stress test (2, Interesting)

Anonymous Coward | more than 8 years ago | (#14645896)

Hrm, wonder how this will affect companies planning stress tests of their systems during that time period. Like for example the DDO stress test that starts on the 7th. It's wonderfully nice of the government to move the schedule at the last minute like this. I'm sure they won't be specifically targeting a small internet games company like Turbine... but I'd feel for any company who's planned tests will get nice and invalidated because the government decided that'd be a nice day to DDOS them.

Time to Go Phishing (4, Funny)

Billosaur (927319) | more than 8 years ago | (#14645908)

I can see it now...

FROM: cyberstorm@dohs.gov

TO: unlucky.recipient@yourcompany.com

SUBJECT: Participation in Cyber Storm exercise

Your company has been identified by the Department of Homeland Security as potentially vulnerable to cyber attack. During the week of February 6th - February 10th, the DoHS will be testing cyber infrastructure as part of our Cyber Storm security exercise. In order to participate, you will need to supply us with [insert favorite hacking data here]...

Re:Time to Go Phishing (2, Funny)

LupeSpywalper (713932) | more than 8 years ago | (#14646081)

It will be just another DoHS attack.

That was a game... (1)

PAPPP (546666) | more than 8 years ago | (#14645930)

The headline made me think of an old sierra game set in the the Earthsiege (WOO GIANT ROBOTS) universe: Misson Force: Cyberstorm [scifi.com] (its abadonware, download here [agamesroom.com] ). I picked it up from a bargin bin about 2 years after it came out, one of the only turn-based games I've ever enjoyed. Probably not related, but then again the flunkie that came up with the name could well be a gamer.

3's Cyberstorm! (0)

Anonymous Coward | more than 8 years ago | (#14646629)

I have a great many fond memories of that game.

Cyber Storm? (4, Funny)

Winlin (42941) | more than 8 years ago | (#14645944)

I thought for a minute there they were talking about IRC back in the late 90's. Now THERE was a storm of cybering for you. Not that I would..ummm...have any personal knowledge or anything.

And so it begins. (2, Funny)

cosmotron (900510) | more than 8 years ago | (#14645959)

Now that Cyberdyne has been established, I wonder how much longer it will be until SkyNet is initialized?

And while they plan all these... (0, Offtopic)

bogaboga (793279) | more than 8 years ago | (#14645976)

And while they plan all these, our southern border with Mexico remains wide open to even more dangerous folks from all over the world. I will not be suprised if they announce the capture or closing a major terrorist cell after these exercises.

The likes of Osama bin Laden will use crude methods to inflict maximum harm to us, just like they are doing in Iraq with 5 of our GIs already dead in this month alone. They are using a very well known tactic: The IED. And so far nothing in our technologically superior army has an answer to it. Sad indeed. When wil these politicians learn?

Re:And while they plan all these... (1)

thedletterman (926787) | more than 8 years ago | (#14646079)

actually we have several answer to the IED: 1. Snipers 2. Warlocks 3. Informants 4. Route sweeps 5. Recon spotters 6. Thermal imaging I get news everyday of how many IEDs we disabled, how many bomb makers we killed or captured, etc.. the score is like 5 - 75 for this month

Re:And while they plan all these... (1)

Antony.S (813668) | more than 8 years ago | (#14646680)

Warlocks?

Re:And while they plan all these... (1)

pointyhairedmba (698579) | more than 8 years ago | (#14646476)

Don't forget the largest undefended border in the world. You forgot to mention it. Also, what exactly are our politicians supposed to learn? That it's relatively easy to make a IED?

"My impression is that perhaps our border with Canada has, to some degree, been of a bit greater concern than that with Mexico," John Negroponte, director of national intelligence, told a U.S. Senate hearing Thursday on global terror threats.

Can the gov't only do one thing at a time? (1)

Infonaut (96956) | more than 8 years ago | (#14646666)

And while they plan all these, our southern border with Mexico remains wide open to even more dangerous folks from all over the world.

So you're saying that because there is one hole in our defenses, we should not attempt to plug other holes? Are you saying it's a zero-sum game, and that while the DHS is attempting to thwart cyber-attacks, suddenly all of their other efforts have come to a standstill?

When wil these politicians learn?

You mean, when will government cyber-security experts learn. It seems they're trying to do what they can to keep their area of responsibility protected. If they didn't, certainly there would be plenty of people ready to give them a hard time for "not learning" that protection was necessary.

nice war game (1)

towaz (445789) | more than 8 years ago | (#14646023)

Anyone know If it's possible to sign up for such a thing? I guess not but without special clearence; but would be fun.

Greenspan (1)

RootsLINUX (854452) | more than 8 years ago | (#14646039)

Pshhh, big deal. This has already done before by Alan Greenspan, my hero. The only difference is he didn't have some big PR campaign. He's old school, and just slapped those bitches up the side of the head without any warning at all.

What, you don't believe me? See this historical proof [rdwarf.com] and prove it to yourself. Alan Greenspan is a l33t h4xor, that fact is undeniable!

It would be a good idea if... (1, Interesting)

Anonymous Coward | more than 8 years ago | (#14646051)

...the government didn't really do any testing at all, and just used this as a trap to find real hackers. Just stay extra-vigilant for a few days, and find the people attempting to go under the radar...

Suggestions anyone? (3, Funny)

poind3xt3r (890661) | more than 8 years ago | (#14646057)

As a precautionary measure, should I set fire to all my machines running XP???

Re:Suggestions anyone? (1)

mindtriggerz (914619) | more than 8 years ago | (#14646389)

You should do that anyway.

look out! (1, Troll)

ShineyMcShine (799387) | more than 8 years ago | (#14646059)

remember what happened last time the govt. had a "security" exercise on 9.1.1.?

Re:look out! (1)

hackstraw (262471) | more than 8 years ago | (#14646673)

I'm amazed you got modded up for this. I agree completely, but that kind of thinking is not popular here on Slashdot.

Regarding this nebulous "Cyber Storm" thing, doesn't the Microsoft worm/virus of the week already give people enough experience? Odds are either a similar kind of attack will be done on the net, or they might just go and cut the fiber.

Personally, all of my international business that I do where I care about the integrity and reliability of the communication is done over a proprietary encrypted satellite uplink to my own satellite.

Isn't that what everybody does?

enterprise and private sector alike (0, Redundant)

Numen (244707) | more than 8 years ago | (#14646101)

Since when where enterprise and the private sector anything other than the same thing?.... and more importantly, which one did the OP think refered to government?

Wierd. (2, Interesting)

Burz (138833) | more than 8 years ago | (#14646111)

FCW also reports that the scope of the fake attacks will be global, and they are coordinating with partners in Australia, Canada and the UK."

I didn't know that computers only speak English.

Hmmm... learn sumthin new evry day.

recovery during pen testing (2, Interesting)

Gyorg_Lavode (520114) | more than 8 years ago | (#14646124)

While I think this article is talking about a table top or paper drill, it does hint at a bigger question. How do you do realistic pen testing on a system that must be 100% configuration controlled? I think you have to assume that the Pen Testing will take the system into an unknown state though you should know the range of that unknown state, (it may not effect the entire system.) From that you can conclude you need to have a plan to take the system or parts of the system from an unknown configuration state back to the current baselined configuration state. But is this possible? How long does it take? What methods do you use? Does anyone on slashdot have any experience with such a plan? Has anyone had to write one or even enact one?

Re:recovery during pen testing (0, Funny)

infojack (25600) | more than 8 years ago | (#14646238)

Jesus FUCK, just spell out the stupid fucking word; PENATRATION! PENATRATION TESTING!!! not PEN testing, not PT, not PENT, it is PENATRATION TESTING! Are you too fucking stupid to just spell stuff out? Do you think it makes you look smarter when you use a bunch of three letter words all the time? You are probally the same assclown (or as you would say A.C) that walks around work finding three letter acronyms for everything. "Hey Dan did you check out my new FUE form that goes over the DFI proc.. HA HA HA I'm so clever! Now lets go out and play some racket-ball and then we can go back to my place and get in some gay bum sex."

Goverments can't hack it (5, Insightful)

hutchike (837402) | more than 8 years ago | (#14646147)

What makes the government(s) think their fake attack will be anything like a genuine attach? For example, the UK government has a long and famous history of botching every computer initiative (e.g. UK tax credit theft via gov web site [com.com] ).

I doubt the Department of Homeland Security has anything like a globally distributed botnet, or permission to run DDoS like a real attacker might. The virus attack [com.com] on the Russian stock market is not something goverments can replicate.

The only winners will be the companies who sell the extra bandwidth!

Digg and Slashdot (3, Funny)

writermike (57327) | more than 8 years ago | (#14646188)

So, they're just going to submit a bunch of web sites to Digg and Slashdot. Big Deal! :-)

blog outtage (2, Interesting)

Anonymous Coward | more than 8 years ago | (#14646259)

Was the massive blog outtage yesterday part of this, and someone just jumped the gun a little? What's to stop the feds from shutting down huge pieces of the net, or replacing pages with look-a-likes that have information they want you to believe, as opposed to real information? Phed Phishers in other words, geek goose stepping order followers.

This crap is weird. I fully expect them to pull off another false-flag terrorist attack and use that as an excuse to do real damage to the freedom parts of our society, they have already shown that is their primary agenda and that is exactly what they have been doing. Controlling the web could be part of it.

What about the information gathered??? (4, Insightful)

DivideX0 (177286) | more than 8 years ago | (#14646261)

Suppose their attacks allow them to get into various machines and networks, what will they do with the data that is accesible in those machines?

Is this just another end run around warrantless search and seizures of data?

What kind of oversite is there on this process and how can we be sure the information is not used, stored, or otherwise desiminated among the various US spook agencies and their foreign lackeys.

And how much do you want to bet Google will be a very well excercised target since they have been fighting the governments abuse of power already.

Re:What about the information gathered??? (1)

16777216 (919914) | more than 8 years ago | (#14646592)

BINGO!

Re:What about the information gathered??? (1)

d474 (695126) | more than 8 years ago | (#14646661)

That is exactly what I'm thinking. This sounds like a REAL attack by the U.S. Gov't on the information infrastructure under the guise of a "training op". I'd like to have my Congressman file an FOIA to discover precisely what networks were compromised and what data was accessed by CyberStorm.

Your tinfoil hat is on a bit too tight (2, Insightful)

Infonaut (96956) | more than 8 years ago | (#14646726)

Suppose their attacks allow them to get into various machines and networks, what will they do with the data that is accesible in those machines?

Well, according to TFA, "IT-ISAC has eight members participating in the exercise, the center's Web site states. The participants are Cisco Systems, Citadel Security Software, CA (formerly Computer Associates), Computer Sciences Corp., Intel, Microsoft, Symantec and VeriSign." So those companies seem to have signed up and are ready to have their networks accessed as part of the excercise. In the absence of evidence to the contrary, your supposition is groundless.

Is this just another end run around warrantless search and seizures of data?

If you were going to attempt to grab all sorts of data, would you publicize it and bring in several nongovernment participants? It seems that bringing in so many actors and making it all public would violate several of the tenets of Black Helicopter Ops 101.

What kind of oversite is there on this process and how can we be sure the information is not used, stored, or otherwise desiminated among the various US spook agencies and their foreign lackeys.

In the House of Representantives, the House Committee on Homeland Security [wikipedia.org] provides oversight. In the Senate, the Senate Committee on Homeland Security and Governmental Affairs [wikipedia.org] provides oversight.

And how much do you want to bet Google will be a very well excercised target since they have been fighting the governments abuse of power already.

Google is fighting a subpoena from the Department of Justice. If you think that the Department of Homeland Security automagically does the bidding of the DOJ, you've obviously never worked in government. The people at DHS aren't morons, and though the structure of the organization almost guarantees incompetence, I doubt they would be so stupid as to "target" Google in this exercise.

Real Test (1)

RichiP (18379) | more than 8 years ago | (#14646271)

They should invite crackers around the world to participate, and not have some "carefully controlled environment" if they really want to test their system.

Thanks for the news ... (1)

whitehatlurker (867714) | more than 8 years ago | (#14646458)

.. especially since I'll be travelling that week. This will likely play bloody havoc with the airlines.

In the words of Fark: (1)

AmicoToni (123984) | more than 8 years ago | (#14646482)

...what could possibly go wrong?

Disruptions? (1)

SleepyHappyDoc (813919) | more than 8 years ago | (#14646491)

If their simulated attacks actually expose any problems, I wonder if the rest of us will experience any disruptions of the net in general that week. Sure would suck if they found some hidden flaw in whatever the backbone is running on, and crashes it somehow (although I guess that's the point, is to find these flaws or problems).

Shouldn't they wait for the next Leap Day? (5, Funny)

EChris (24069) | more than 8 years ago | (#14646497)

http://www.april-fools.us/internet-cleaning.htm [april-fools.us]

Original Message - 1996

DO NOT CONNECT TO THE INTERNET FROM 12:01 AM GMT ON FEB. 29 TO 12:01 AM GMT, MARCH 1 !!

*** *** Attention ***

It's that time again!

As many of you know, each leap year the Internet must be shut down for 24 hours in order to allow us to clean it. The cleaning process, which
eliminates dead email and inactive ftp, www and gopher sites, allows for a better-working and faster Internet.

This year, the cleaning process will take place from 12:01 a.m. GMT on
Feb. 29 until 12:01 a.m. GMT on March 1. During that 24-hour period, five powerful Internet-crawling robots situated around the world will search the Internet and delete any data that they find.

In order to protect your valuable data from deletion we ask that you do the following:

1. Disconnect all terminals and local area networks from their Internet
connections.

2. Shut down all Internet servers, or disconnect them from the Internet.

3. Disconnect all disks and hardrives from any connections to the Internet.

4. Refrain from connecting any computer to the Internet in any way.

We understand the inconvenience that this may cause some Internet
users, and we apologize. However, we are certain that any
inconveniences will be more than made up for by the increased speed and efficiency of the Internet, once it has been cleared of electronic flotsam and jetsam. We thank you for your cooperation.

Kim Dereksen
Interconnected Network Maintenance staff
Main branch, Massachusetts Institute of Technology

Sysops and others: Since the last Internet cleaning, the number of
Internet users has grown dramatically. Please assist us in alerting
the public of the upcoming Internet cleaning by posting this message
where your users will be able to read it. Please pass this message on to
other sysops and Internet users as well. Thank you.

Cover up (0)

Anonymous Coward | more than 8 years ago | (#14646502)

What if it is just a cover up of the major sniffers being installed at all major routes. Oh wait they would never do that. Maybe google just pissed them off for not giving the data and they are going to dos them and say oops it was just a test gone bad.

Who Pays For Damages? (0)

Anonymous Coward | more than 8 years ago | (#14646529)

SO, Yeah, Who pays for the damage if this "fake attack" Does damage.

and since the intent of all attacks are to do damage...
also, this had better be a volentary program.

Hurricane CyberPam (2, Insightful)

dpbsmith (263124) | more than 8 years ago | (#14646626)

They'll conduct the exercise, discover that there are serious problems--just as every other evaluation of our cybersecurity has discovered. They'll make a report, the report will note that to fix things it would be necessary to spend money. And involve uncomfortable decisions like reducing our dependence on a monoculture of Microsoft Windows.

The decision-makers will decide (as they have so far about everything involving actual defensive measures involving the homeland that they would prefer to spend the money in some other way. They'll appoint yet another cyber defense "czar" as evidence of action, he will start with the clear understanding that the one thing he can't do is get the funding to implement the measures recommended in the report.

And when the actual attack happens and is devastating, they'll say nobody could have anticipated it.

See also Hurricane Pam [fema.gov]

tin foil time (0)

Anonymous Coward | more than 8 years ago | (#14646766)

real 'terrorist' attacks usually occur during simulations:
1) New York
2) London
3) Internet?
4) Profit
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?