Noise versus Espionage versus Attack

| No Comments | No TrackBacks
An article last week got the Cyber Pacifists group in a tizzy.  A congressional committee reported that utilities experienced over 10,000 'cyber attacks' per month.sinewave_silverwuff.jpg

My immediate and admittedly snarky reaction was to look through my log files.  Last week
I experienced 34,000 SSH bruteforce attempts originating from 52 hosts in 18 countries.
I also experience numerous web server attacks.  This is on my single colocated server.

I could use the term 'cyber attack' to describe what I face every day, but it's a
bit counterproductive.  I don't call my wife a criminal even if she does get parking
tickets from time to time (she pays them right away, don't worry).  Similarly,
'cyber' fatigue will cause both companies and our representatives to make stupid decisions: to not focus security dollars on the areas that they should be focused upon.

Indeed most of the hacking going on right now -- spear phishing campaigns combined with intellectual property theft -- isn't really attacking either.  It's espionage.  It's weird espionage,
to be sure: when in history have governments been so interested in stealing the research
of commerce?  The 'who is doing it to who' is interesting in its own way because it says
something about globalization and how important governments really are anymore, but that's
besides the point.

The only real 'cyber attacks' to date have been the well-known Stuxnet example, and the
still little-talked-about Syrian radar example (and how would we know if the latter is even true).

In my mind, a cyber attack has to have some physical goal: either causing destruction or
disruption of service, particularly aimed at weakening a target militarily.
Most cyber attacks are going to have a level of covertness about them that precludes their
discovery, or at least their attribution, because of the whole 'acts of war' aspect.

Of course when a piece of critical infrastructure is the target of Cyber Noise,
it's only human to start connecting dots, to start thinking that there is someone is trying
to knock out the lights.  Reality is funny though: there is so much noise that it's impossible
to tell what attackers are after until they get in.  If I were to guess, utility attackers are more interested in the financials of a utility for insider trading and investing than in manipulating the controls.  At least for now.

Image by silverwuff

No TrackBacks

TrackBack URL:

Leave a comment

About this Entry

This page contains a single entry by giminy published on May 28, 2013 1:52 PM.

SSL Wrapping is Not Good Enough was the previous entry in this blog.

Privateering versus the New Navy is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.