Schneier Calls US Stuxnet Cyberattack a 'Destabilizing and Dangerous' Action 351
alphadogg writes "Revelations by The New York Times that President Barack Obama in his role as commander in chief ordered the Stuxnet cyberattack against Iran's uranium-enrichment facility two years ago in cahoots with Israel is generating controversy, with Washington in an uproar over national-security leaks. But the important question is whether this covert action of sabotage against Iran, the first known major cyberattack authorized by a U.S. president, is the right course for the country to take. Are secret cyberattacks helping the U.S. solve geopolitical problems or actually making things worse? Bruce Schneier, whose most recent book is 'Liars and Outliers,' argues the U.S. made a mistake with Stuxnet, and he discusses why it's important for the world to tackle cyber-arms control now."
Nonsense! (Score:5, Funny)
That's crazy talk.
I Think You Missed the Point (Score:5, Interesting)
How could contributing to the spread of clever computer-intrusion technologies(both with things like Stuxnet, and with the pernicious habit of doing business with the sort of slimy vulnerability-sellers whose customers want to exploit, not patch, them), possibly be a bad idea for a country whose citizens, businesses, government, and R&D capabilities are overwhelmingly dependent on computerized infrastructure?
I have to disagree with you here. To ensure that your businesses and citizens and government and infrastructure are sound, you should always be investigating modes for attacks and publishing them. My logic is that if the United States Government is able to develop this, then so is China's, Russia's, India's, etc so get it out in the open already. In fact, your claim almost seems to advocate security through obscurity. If you want to ensure that people aren't pilfering data without your knowledge, publish your exploits and what you see as "contributing to the spread of clever computer-intrusion technologies" could just as well be seen as "telling SCADA and other makers to pull their heads out of their asses and fix this." Also, your statements can apply to every single country now, even third world countries are largely dependent on networking hardware to function.
... "destabilizing and dangerous" is a definition of what you can expect the repercussions to be.
The reason this is a "destabilizing and dangerous" action was because it was effective -- not because the US Government secretly given hackers a bunch of ways to hack every computer ever made. Also, the US kind of lost the "moral high ground" now when someone hacks their nuclear facilities with the intent of disabling our capabilities. Use an effective cyber attack against a nation state that does not have similar capabilities
Re:I Think You Missed the Point (Score:5, Interesting)
If you want to use an attack, you need a vulnerability. If you want to use an attack against a really clueful adversary, you may need a really juicy vulnerability, a set of zero-days(as with Stuxnet) or that nifty code-signing trick with Flame, or the like. This is where the trouble starts:
Your attack people now have a direct interest in keeping certain vulnerabilities unfixed. Since much of the world's software is widely used, and has a reasonably publicly visible update process, there is no viable way to sneak out some kind of 'Important vulnerability fix for Win32 systems in the US only'. Either you keep the bug secret, leaving your own people vulnerable, in the hopes that you can hit the other guy before he discovers the problem, or you protect everyone from that vulnerability by getting it fixed.
Having US 'national security' types researching vulnerabilities is a good thing; but only if they do so with the intent of getting them fixed(US-CERT vulnerability reporting, for instance, makes us stronger.) That is how you 'get it in the open'. Things like Stuxnet and Flame were based on vulnerabilities that were kept in the dark(during which time they could have been used against us) for as long as possible.
It's not that I advocate security through obscurity(quite the opposite, in fact), it's that in order to possess good offensive tools you must, necessarily, have knowledge of vulnerabilities that you are concealing. You had to discover them in order to build your attack system, you have to hide them in order to preserve its effectiveness. That's the problem. Possession of useful offensive capabilities implies that you are condemning everyone, your own people included, to security-by-obscurity.
Re: (Score:2)
I believe that Schneier compared this with desire for secure communications SecCom vs Signals Intelligence SigInt at the NSA in his CryptoGram newsletter.
Re: (Score:2)
That's what public key cryptography is for. The bug doesn't have to be a secret if it's designed to only be triggered by an attack signed by the right secret key.
[paranoid]And Windows 8 certification means that mass market hardware is required come with the keyring for checking that signature.
Re: (Score:2)
I see this as a valid reprisal against Iran's refusal to cooperate with UN weapon inspections or whatever.
You can't stay on the moral high ground either if you just sign a non proliferation agreement and then work with nuke stuff behind everyone's back.
Re: (Score:2, Insightful)
Wait, why does America, Russia and China get to have thousands of nukes and Iran can't have any? Does that sound fair? Who has the moral high ground here? And why does Iran want a nuke anyway? Would it be because Israel has them? Is that fair?
Re: (Score:2)
I don't have a beef with Iran having nukes per se. Rather I have a problem with them agreeing to a treaty and then slyly defying it behind everyone's backs.
Re: (Score:2)
The Islamic militants of Iran are, like de crooks in N. Korea, a totally different kettle of fish.
Re:I Think You Missed the Point (Score:5, Insightful)
I see this as a valid reprisal against Iran's refusal to cooperate with UN weapon inspections or whatever.
Sadaam Hussein was fighting UN weapons inspectors tooth and nail, yet he didn't even have WMDs. Perhaps he just didn't want his adversaries to know how weak he was? Considering all the sabre rattling the US's done recently, I'd be holding my cards close to my chest too were I Iran.
Re: (Score:2, Insightful)
"You can't stay on the moral high ground either if you just sign a non proliferation agreement and then work with nuke stuff behind everyone's back."
If you are serious, you are about as clueless as it gets.
There is no such thing as "moral high ground" any more.
The only thing that matters is power. And no one with any actual intelligence
can blame countries for wanting to have nukes, because that is the ONLY
guarantee against being buttfucked by the US in the event US corporations
have decided you have somethin
Re: (Score:3)
Iran wanting nukes is not what I have a problem with.
What I have a problem with is two bit countries signing treaties they have no intention of abiding by.
Iran sucks because they lied their asses off.
Re: (Score:3, Interesting)
The astonishing thing is that anyone in the Obama administration was stupid enough to think that secrecy could be maintained on this indefinitely. Unlike physical warfare, in which the aftermath can be sanitized and obfuscated, software never goes away.
We all know this: full erasure of a worm in the wild is impossible to ensure, because you never know when some vital assumption is going to change. So the Iranians would have caught on eventually.
Add to that the equal certainty that eventually a programmin
Re:Nonsense! (Score:5, Insightful)
The astonishing thing is that anyone in the Obama administration was stupid enough to think that secrecy could be maintained on this indefinitely.
Who says they were thinking that? Trying to keep it under wraps as long as possible (a reasonable strategy from a tactical/strategic POV) does not imply the belief it can be done so indefinitely.
Your sentence makes a nice target against which to launch a tirade, but barring corroborating facts, it is one built on speculation.
Re: (Score:2)
Until they admit this attack, it can still be sanitized and obfuscated. It's not like the code has little comments that say: I was written by the US Government and launched by Barack Obama. They just need to deny, deny, deny. I don't see how having software proves anything.
Obama's Record (Score:5, Insightful)
I voted for Obama based on two things: I hated how George Bush increased deficits recklessly and I hated how the Republican cavalierly meddled in other country's affairs using military might.
I feel like a fool.
Re:Obama's Record (Score:5, Interesting)
Re:Obama's Record (Score:5, Insightful)
The only difference between machines and bullets is that it's easier to affect a far more widespread amount of machines in a more discriminate fashion.
Disable pacemakers? Shut down a hospital's equipment? These things will kill people too.
Re:Obama's Record (Score:5, Insightful)
This is possible, but at least it hasn't happened yet. While I'm not particularly happy about the Stuxnet attack, I couldn't accuse it of murdering hospital patients & civilians.
The same can not be said for the gun using meat space branch of the American war machine.
Re: (Score:2)
Re: (Score:2)
On a completely different scale. Just like Stuxnet caused the death of two people while an armed attack would cause tens of thousands of casualties.
"Discriminate fashion" is the key feature (Score:2)
But that's not what this particular software does. If someone wants to repurpose Stuxnet or Flame to target pacemakers, they're going to have to do the work to make it so.
OTOH if you make bullets intended to kill only bad guys and someone else decides to repurpose them for killing cute puppies and children, the bullets are just fine as-is, and ready to use.
Re:Obama's Record (Score:5, Informative)
You realize that Obama has increased troops to Afghanistan and only removed troops from Iraq when forced to by their government? Gitmo is also still open.
Re: (Score:2)
Bytes only delay the inevitable as iran won't stop its nuclear program. The purpose of this sabotage was to buy enough time for Obama to be able to attack after the elections. It's a risky gamble as the dely might not be enough, and bullets are still better than nukes.
Re: (Score:2)
The problem is, Iran doesn't have the time or expertise to retaliate with anything except bullets and bombs.
You do understand they have to retaliate now, right? We got them where it hurts and cost them a lot of money and time. All of their Islamic buddies are now sitting around talking about how the Great Satan pulled a good one on ole Iran. The disclosure turned a painful incident into a public slap in the face. So now they can either be considered inferior by their Islamic buddies or they can slap bac
Re: (Score:2, Interesting)
So what? Who did you vote for Senate, House, etc.? The President doesn't run the show himself.
Re: (Score:3)
The President doesn't run the show himself, but because he's commander-in-chief, the President can and does regularly order in the troops without any declaration of war from Congress. For example, the USAF was ordered into Libya even though Congress didn't provide any funding or authorization for that mission.
The last time Congress formally declared war was in 1942.
Re:Obama's Record (Score:5, Insightful)
Re: (Score:2)
Gary Johnson [wikipedia.org] might be thought of that way by Republicans, except he never actually lied to them. The stabs are right in the Republicans' chests. Their eyes were open and they had blades in their own hands. You might disagree with him, but he is not a scumbag.
Unfortunately, the stabs are also less than a millimeter deep and I don't think they even damaged the threading of their clothing .. unless you vo
Re: (Score:3)
I became a Democrat in 2000 not because I was 'in love' with them, but as I thought that the GOP was so utterly broken that the only real choice was the Democratic Party. My old party's ongoing reliance on seemingly conflicting wedge issues (i.e. smaller government that regulates abortion access, etc), unwillingness to make political comprises, party messaging that's created on right wing talk radio, institutionalized voter suppression efforts, and many more reasons convince me that continuing to vote/supp
Obama is the Bush who isn't a coward (Score:2)
You don't just roll back from GITMO etc in a decade no matter who is in charge. Conservative lawyers are about keeping things rolling with the minimum of change and that's who y
Re:Obama's Record (Score:4, Informative)
This program started under Bush.
Re: (Score:2)
And how do you know this program wasn't started under bush. Obama leaked what he wanted you to think nothing more.
Re:Obama's Record (Score:5, Insightful)
So let me get this straight, you thought any US administration was just going to sit by and let Iran gain nuclear capabilities.
Apparently that is his/her line of thinking, and for that, humanity weeps.
I don't understand what in Baal's name these ignoramuses expected when they voted for Obama, that he was going to kumbaya his way to the Ayatollah's hearts, that Bin Laden was going to repent and kill himself out of remorse, that all the jobs that went to China will come back (and with a pay increase to boot), and that all the shit that permeates international reality was going to magically turn into Pandora's bioluminescent flowers and hexapodal bunnies with cute emerald eyes, with Thinkerbell pixie dust poured from over a rainbow in peaceful anarchic harmony?
Uninformed, delutional ideological thinking (be it left or right leaning), that is the stuff nightmares are made of.
I didn't vote for Obama in 2008, but I can't really say he is doing a terrible job, or that he lied. I actually like him more than what the GOP (the party I'm registered for) has to offer, and he has done a decent job considering all current factors.
People who now feel betrayed for voting for him are as stupid as the people who think Obama is the root cause of all evil and that shit will turn to honey once they vote a Repub back into the presidency (specially if he believes Darwin's "On The Origin of Species" is a work of fiction.)
Stupidity of the most grotesque kind permeates both sides of the political spectrum. Such is the ethos of the at-will uneducated simpleton masses.
Re: (Score:3)
I still think McCain would have been the better president, but honestly, I'm also not really down on Obama personally. What I definitely don't like is where things are going where its becoming super polarized. There *are* decent compromises to be made out there, but no one wants to make them. I'm usually in favor of gridlock, as it prevents the more extreme elements of a party from ramming their pet projects through, but this is more like a situation where only the extreme parts of the platforms are bein
Re: (Score:3)
Technically true but practically wrong. The President has much more of an influence on spending than any ten congresscritters combined.
So, they have found the proof? (Score:4, Interesting)
Re:So, they have found the proof? (Score:5, Informative)
Would you liked a signed letter from the CIA and NSA directors talking about their top secret program? Because, obviously vetted sources in the most reputable newspaper in the U.S., a Congressional investigation into the leak, a Presidential denial of the leak, etc. aren't enough to convince you. So I'm assuming that we need to get Leon Panetta to come over to your house and read you in on the program.
Re:So, they have found the proof? (Score:5, Insightful)
Of course, this was a controlled release of info, excluding critical operational details. Deterrence only works if the other side thinks that you have better weapons and will use them. So, yes, sometimes you do have to leave a calling card. The thing is, sometimes it looked like the US Government and the Soviet Government were in a conspiracy against their own respective peoples.
Re: (Score:3)
Deterrence is a weasel word. The word you're looking for is "Fear".
Myself, I loosely define conspiracy as an "in" group that acts in secret to further their own aims without regard for the consequences to the "out" group. Which includes pretty much every government and corporation on earth.
Re:So, they have found the proof? (Score:5, Interesting)
Deterrence is a weasel word. The word you're looking for is "Fear"...
No, Arthur C. Clarke talked about this w.r.t. technology. There are fears that are destabilizing, and fears that stabilize. If your "enemy" thinks that you are going to come to him and take his stuff, that fear destabilizes, weapons escalation is destabilizing. If your "enemy" has good intelligence, and knows that your weapons are secure and non-mobile, that fear is stabilizing, he knows he's safe now, but if he attacks those weapons are available.
To paraphase Mr. Clarke, more nuclear bombs, destabilizing. More spy satellites, stabilizing.
That sad part of the human existence, is that if your "enemy" doesn't fear you in the least, and has no reason to believe you will oppose him, he *will* come and take your stuff.
Most reputable newspaper??? (Score:3)
This wasn't reported in 'The Onion' it was reported in the 'New York Times', which has been a yellow DNC mouthpiece for decades. They are about as reputable as Fox News.
They ran this story to give Obama a boost in the polls. They needed no facts.
Re: (Score:3)
You wouldn't know it now, but the Democrats were for the invasion before they were against it.
Re:So, they have found the proof? (Score:5, Interesting)
Others want their expertise to rank with the NSA it seems
No this is where the U.S. made a mistake with Iran (Score:5, Insightful)
The U.S. made a mistake with Iran with that stupid "Axis of Evil" speech. I'm still not sure why that speech isn't recognized as one of the biggest diplomatic blunders in recent history. First of all, lumping Iran and North Korea in with Iraq (who Bush planned to invade) served no good purpose. It was basically an open threat to Iran and North Korea that we were going to invade them next. And, not surprisingly, both responded by ramping up their nuclear weapons programs to a feverish pace (since nukes are basically the only way to ensure that the U.S. can't invade).
Iran was actually getting pretty moderate before that speech, even sending open condolences and holding vigils after 9-11, with fairly moderate leadership. After the speech we get Ahmadinejad and and full-on nuke program. Smart move, George.
Re:No this is where the U.S. made a mistake with I (Score:5, Insightful)
Smart move, George.
Intentional move, with successful outcome. The POTUS needs an outside enemy so the people will forget to debate internal issues.
You Are Spreading Lies (Score:4, Informative)
Iran was actually getting pretty moderate before that speech, even sending open condolences and holding vigils after 9-11, with fairly moderate leadership. After the speech we get Ahmadinejad and and full-on nuke program. Smart move, George.
You are flat out wrong. The candle light vigils held for 9-11 victims were entirely citizen events [newamericamedia.org] and had nothing to do with the government. I have two Iranian citizens as good friends and they are completely different people than Ahmadinejad and, worse, their nutjob supreme leader [wikipedia.org]. Your insinuation that Iran the nation state sent open condolences and held vigils after 9-11 is laughable and erroneous -- some of the leadership did condemn the attacks but that's as far as it went. Hate the nation not the national. Hate the religion not the religious.
Your blame on George is also largely misplaced. They had deals with Russia to improve their nuke program long before him [wikipedia.org] and the leaders have always wanted the ultimate weapon. I know life would be simpler if everything was George W. Bush's fault but, unfortunately for you, we must face reality.
Re:You Are Spreading Lies (Score:4, Insightful)
If you had read my statement more carefully, you would note that I said "Iran was actually getting pretty moderate before that speech", that means the people as well as the government. Yes, before that speech the people held vigils and the government sent condolences. It was only afterwards that they ramped up their dormant nuke *weapons* program and elected nutjob (by a 62% margin) to lead the country.
Before dipshit got up and made his "Axis of Evil" speech, the people were quite sympathetic to the U.S. and their leader was Mohammad Khatami [wikipedia.org], a reformer and moderate. Guess what happened to him after W. had his "We're coming for you next, Iran" cowboy moment?
Sounds Like a Flimsy Conspiracy Theory (Score:2)
It was basically an open threat to Iran and North Korea that we were going to invade them next.
Which is sort of incorrect, the speech was given on January 29, 2002 and Iraq was invaded on 19 of March 2003. So let's look at Mohammad Khatami who was in office from 2 August 1997 – 3 August 2005 and I'll leave it to the reader to decide if it was the speech of George W. Bush on in January of 2002 or the ongoing "Operation Iraqi Freedom" that started in 2003 and was still going on when he left office that was the primary motivation for him being replaced by someone th
Re: (Score:2)
The cowboy moment was the speech COUPLED WITH the invasion. If you label someone part of an "Axis of Evil" and a few months later invade one of the three members, it sends a pretty clear and unambiguous message to the other two that they had damn well better prepare to be next. And that's EXACTLY what they did.
Re: (Score:2)
It's a bit of a race between when the old generation lose power and when the nukes are ready.
Re: (Score:3)
What else should they to? After all, it was only one building and few thousand victims of attack. Comparing to hundrends of thousend civilians killed and wounded by US Army. If Iranian condemnation of attack (they were not involved in) is too little, what is Obama supposed to do in Iraq, about mindless attacks he is directly responsible for?
Re: (Score:3)
First of all, lumping Iran and North Korea in with Iraq (who Bush planned to invade) served no good purpose.
It makes good theater. Destro, Cobra Commander and Zartan all had different aims and ambitions, but they pretty much just got lumped together as Bad Guys too. The American public dislikes subtlety.
Re: (Score:2)
First of all, lumping Iran and North Korea in with Iraq (who Bush planned to invade) served no good purpose.
Ah, you don't understand how the US works. Much like, "Invasion is the means by which the US teaches its citizens geography", invasions are also the beta testing ground for US munitions manufacturers. Does stealth work? Invade Iraq. Bunker busters? Afghanistan. Does mobile infantry help? Invade VietNam. Does jet tech. help? Korea. Etc.
I'm not really sure how Afghanistan fits in, but "Combat Hospital" is my favourite show (if that means anything). HAND.
Re: (Score:3)
The U.S. made a mistake with Iran with that stupid "Axis of Evil" speech. I'm still not sure why that speech isn't recognized as one of the biggest diplomatic blunders in recent history. First of all, lumping Iran and North Korea in with Iraq (who Bush planned to invade) served no good purpose. It was basically an open threat to Iran and North Korea that we were going to invade them next. And, not surprisingly, both responded by ramping up their nuclear weapons programs to a feverish pace (since nukes are basically the only way to ensure that the U.S. can't invade).
Iran was actually getting pretty moderate before that speech, even sending open condolences and holding vigils after 9-11, with fairly moderate leadership. After the speech we get Ahmadinejad and and full-on nuke program. Smart move, George.
Agreed. But instead of being shunned for being the author of one of the most damaging speeches in American foreign policy history he gets a blog, a contributors spot on CNN, and gets to publish seven books.
http://www.thedailybeast.com/davidfrum.html [thedailybeast.com]
kind of absurd (Score:3)
all countries are doing this, and have been doing this, for years
i never understood this "single out the USA for what everyone does" nonsense
it seems like a defect in one's ability to keep perspective to me
Re: (Score:3)
This includes people in the US. While there has been a lot of rhetoric about not needing a 'balance of power' in the world, in the end, such balance ends up being good for citizens. In a way, as citizens, out greatest ally is people on the outside who counter our g
Re: (Score:2)
Their security services could be running many legal compromised savants, gangs, political groups - but it was always a distant, deniable, criminal or just hijinks.
This is new in its directness.
Re: (Score:2)
i never understood this "single out the USA for what everyone does" nonsense
I'm not one to quote scripture often, but a good cliche is a good cliche.
Re: (Score:3)
All nations are flawed, obviously. But the US is our nation, and we're responsible for its flaws.
No Disrespect, But... (Score:3, Interesting)
Bruce Schneier is NOT a diplomat and has fuck all experience in dealing with international affairs. And what sort of Diplomacy are we supposed to use when "Stern Letter Writing", "UN Inspections" and threats fail? Obama showed quite a bit of creativity and tact in performing an elaborate Cyber-Attack that left our best Security Researchers stumped for months and seems to have worked quite well in derailing their bomb making efforts.
Would Schneier prefer we have gone ahead with Israel's agenda and bombed the suspected weapons making facilities and risked killing people -- even civilians? Or is he just the sort of Freedom Loving Pacifist that would have us dawdling around writing more "Sternly Worded Letters" until Iran finally trotted out a bomb and wiped out an entire city full of people?
Re: (Score:3)
Or is he just the sort of Freedom Loving Pacifist that would have us dawdling around writing more "Sternly Worded Letters" until Iran finally trotted out a bomb and wiped out an entire city full of people?
Ah, cowardice and fear-mongering, the ever-eager fellow travelers of the security-industrial complex!
When you have an actual argument, do please make it. Until then your reliance on invalid assumption and misleading innuendo makes you look pretty stupid. After all, everyone knows that war is dead last in terms of efficient, effective ways of solving international disputes, just as interpersonal violence is the least effective and inefficient way of solving private disputes. If you don't advocate interper
Re: (Score:2)
After all, everyone knows that war is dead last in terms of efficient, effective ways of solving international disputes, just as interpersonal violence is the least effective and inefficient way of solving private disputes.
I take it you haven't been introduced to certain members of Homo homo sapiens, who will do whatever the hell they want, until someone physically stops them. They're the sociopaths, serial killers and assorted anti-social people who will happily skin their mother if they can make a buck off of it, save the world, or get their jollies off. At that point, physical violence is the most efficient way of solving the dispute.
With regard to the "Iranian bomb": Iran is not pursuing nuclear weapons.
Ahem?
We know this from a very simple piece of evidence: they don't have them.
Oooohhh.... the "I can't see it, therefore it will never exist" approach. They've bee
Re: (Score:3)
As an EU person, may I suggest to our US friends another option: when "Stern Letter Writing" and "UN Inspections" threats fail in Iran, to provide healthcare for poor people in US?
Re: (Score:2)
I've been pointing this out for years - Schneier has pretty much no experience or knowledge in 90% of what he pontificates about.
Re: (Score:2)
Of course it's an analogy and I'm sure nobody is stupid enough to reply that gas is far worse because it's a completely different thing. I'm just giving an example of another line that most nations will not cross for fear of backlash.
Also, get a grip on reality. Iran gains nothing by nuking Israel but various leaders there
Re: (Score:2)
hmmh. Israel apparently did sponsor bombing of civilians in Iran.. which did more to slow down their progress than anything done to the control sw - it didn't only RISK killing scientists but it was 100% intentional killings. at least outright bombing of the facilities would be "honorable" over the table attack(in other words, regular old school dirty and mean WAR). Now, what are they going to do if Iran starts harboring cyber villains? seems it's ok for USA to do that and piss on international agreements
Re: (Score:3)
Bruce Schneier is NOT a diplomat
All the more reason to trust that his analysis is accurate and not propaganda.
Re:No Disrespect, But... [EXPLAINED] (Score:3)
Have any of you calling me an idiot ever considered that the real enemy for Obama was Israel and the Congressional War Hawks who have been calling for Military Action against Iran for most the last decade?
By conducting this Cyber-Attack he not only derailed the Iranian Nuclear effort -- but he staved off Israel's promised Military Assault and quieted the voices at the Pentagon and Congress that were all for a Joint Offense with Israel against Iran.
Sometimes the "victory" isn't against the commonly perceived
Stop and consider the source... (Score:2, Interesting)
There is only one source who says they have "evidence" and keeps pointing the finger at the US and Israel about Stuxnet, Flame, and other Trojans, and that is Kaspersky, which is a Russian AV company. Nobody else out there, be it Panda, Symantec, McAfee, or independent researchers makes these conclusions. It might just be me, but it appears that there might be a political agenda here.
Russia has a lot to gain by making the US appear at fault for these Trojans. There is a battle now for who runs the Net, e
Nobel Peace Prize winner (Score:4, Funny)
I wonder if that Nobel Peace Prize burns in his hand yet.
Re: (Score:3)
If doing nothing and letting Israel bomb Iran possibly leading to war is your version of "peace", then I'm glad you're not in charge. Life isn't always pleasant, sometimes you have to pick the lesser of two bad situations. In this case, no one died,
Re:Nobel Peace Prize winner (Score:4)
Two options: take military action against Iran to prevent them destabilizing the region
Since when is a sovereign nation developing defensive capability "destabilizing"? Attacking a sovereign nation when it exercises its right to defense is far more destabilizing.
Re: (Score:2)
All of what you say might be true. But it sure has to hurt making those kinds of decisions with a Nobel Peace Prize hanging over your conscience. (Where does he keep it?)
I would also like to offer some perspective here:
First is your assumption that Iran is destabilizing the region. Is Iran destabilizing the nation by building weapons? From their perspective, isn't the US the the destabilizing force since it keeps invading their neighbors? I know that isn't Obama's fault, but if he accepted that prize h
Re: (Score:3)
I wonder if that Nobel Peace Prize burns in his hand yet.
Why should it? He's in good company [wikipedia.org].
No enforceable treaty is possible on this. (Score:4, Interesting)
It would be colossally foolish to sign such a treaty.
I can not imagine such a treaty being ratified.
Therefore, baton down the hatches a storm is coming.
Re: (Score:3)
I don't think a baton down the hatches is going to keep the water out.
The Mistake? (Score:3)
Was the US government ever seen as a "fair arbiter and force for peace in cyberspace". Yes, many Americans played that role, but the official government?
Deterrence only works if the other side thinks that you have better weapons and will use them. It's entirely possible that "Getting Caught" was a calculated risk, planned from the beginning. Unofficial channels may have sent the messge, "We were easy on you this time, back off, or next time we take off the gloves." Certainly, after you get caught, that's the way you want to spin it.
Re: (Score:2)
Was the US government ever seen as a "fair arbiter and force for peace in cyberspace".
The US has never even been a fair arbiter and force for peace in meatspace.
Nobody ever won a war by following rules (Score:5, Interesting)
The pacific portion of WWII ended because we annihilated two cities - civilians and all - and threatened to to turn the island of Japan into a wasteland. War sucks, and shouldn't need to exist, but it does. Good? Bad? Think of it this way - do you want to be the country that doesn't have nuclear weapons because they're "against the rules," or do you want to have them because - rules or not - people are much less likely to fuck with you if they know you can destroy them?
Re:Nobody ever won a war by following rules (Score:5, Insightful)
The pacific portion of WWII ended because we annihilated two cities
Yeah, except there is just one problem with that Iran = WWII-Japan analogy. Iran never attacked us, isn't at war with us, and has absolutely no imperial ambitions. But other than that, sure, Iran is exactly like Imperial Japan in 1945.
Re: (Score:2)
The pacific portion of WWII ended because we annihilated two cities - civilians and all - and threatened to to turn the island of Japan into a wasteland. War sucks, and shouldn't need to exist, but it does. Good? Bad? Think of it this way - do you want to be the country that doesn't have nuclear weapons because they're "against the rules," or do you want to have them because - rules or not - people are much less likely to fuck with you if they know you can destroy them?
The problem with that line of thinking is this: If you know a country can destroy you, you are not going to leave them alone and HOPE that they don't. No, you going to take steps to eliminate that threat.
Sure, in isolation it was a bad call but given (Score:2)
the alternatives, invasion or air bombardment, it seems reasonable.
Was a good call with limited info (Score:3)
This was just a routine Cloak and Dagger Op. During the Cold War the CIA and KGB did "monkey wrench" ops like this all the time. Most of the time they didn't bother telling the Prez... So he couldn't accidentally apologize!
In the grand scheme from the Prez point of view, this was the right way to go. Americans aren't really willing to start another war, and the intel in Iran's Nuclear program is so sensational and political the truth is long lost. The CIA wants to throw a digital wrench in the works that Iran claims don't exist is better than letting Israel invade their airspace with US made planes again. Iran isn't being honest with neighbors like Syria either, so "outrage" over breaking something they claimed they wernt doing is minimal.
The bigger problem is that the military and other orgs are utterly irresponsible With their "toys". They ended up giving foreign hackers something high-end and new to hack our OWN computers with. This leads to looking for "terrorists" under every beach towel because there is all this irresponsible stuff going on even the President and industry leaders aren't warned is coming.... Because these idiots turned stuff loose and tried to cover it up.
Act of war (Score:3)
Has the US formally declared war on Iran?
MAD...not crazy (Score:2)
Crazy is today's relevant metaphor for the United States military - industrial complex MAD, Mutually Assured Destruction, theory-driven policies for gaming ultimate zero-win war scenarios. Zero-war scenarios have yet to disarm nuclear technologies. Stuxnet, Flame, drones, et. al. advance the state of politics without the incursion and loss of life on the battlefields of nation states who have nothing left to lose but treasury of its future, youth.
Disclosing this is dangerous and destablizing (Score:2)
While the wisdom of pursuing the attack can be debated, a larger question of disclosing it publicly needs to be addressed. Let's just say that doing it was of questionable benefit and it probably should not have been done.
However, once it was done I would say that as a major component of any covert military operation there was an extreme need to keep it secret. Forever. Disclosing this has more or less committed Iran to a course of action to retaliate. There is no escaping that fact - they have to retal
Well, let's just stop cyberwar for them. (Score:2)
The main reason that cyberwar is a threat is because we haven't worried about code complexity, as long as systems worked, we figured it was good enough. There are now projects in play that offer ways to manage this complexity, and reduce the number of trusted lines of code for any given function to tractable numbers. I'd even go so far as to say that it's possible to have a computer that is usable, secure and networked, with active users.
Capability based security offers one part of the approach to making th
Re: (Score:2)
Today "power plants", soon the billing/pension/social security systems? Add or remove 20% with direct debit/deposit in some parts of the world?
If a country votes the wrong way in the UN? Make the sitting gov fall with a wave of cyber "thingy"?
Re: (Score:2)
As far as I know, power plants are not connected to the internet.
According to those who showed up for a related discussion a month or two ago, this cannot be assumed today. Management wants to be able to monitor this stuff from their home peecee.
The virus thingy only attacks powerplants. So there is nothing for it to do if it is on the internet.
Stuxnet "walked" across the airgap on a contractor's usb key.
Correct me if I am wrong, I think this is all just media sensationalism about 'omg the hackerz!".
The last I heard, it set back Iran's uranium enrichment program two years. I imagine it likely fanned the flames of Iran's policy makers, so when the hammer eventually falls, it's *really* going to fall. Good work, cyberwarriors! Gun, meet foot.
Re: (Score:2, Interesting)
Schneier is a fool, nothing can stop cyber warfare because there is no way of monitoring it. With all other weapons treaties you have some chance of verifying them but all cyber warefare needs is a laptop and a WiFi hotspot. So it is coming and we all know it. Good time to buy shares in secure products and cyber security businesses.
Sometimes I find it astonishing how naive people can be. And if you see a vulnerability in scum like Kim Barking Mad Teapots North Korea or Ahmadinejad's Iran then we should be d
Re:Yes, and? (Score:5, Insightful)
And if you see a vulnerability in scum like Kim Barking Mad Teapots North Korea or Ahmadinejad's Iran then we should be doing our best to take them out now whilst we still can.
Which is exactly the mind set that got us into this position. Neither Iran nor North Korea would be such a big problem for us now if we hadn't sponsored a coup in one, and used the other as a proxy during the Cold War.
The way we deal with them today will set the stage for the next 50-100 years. We can keep fucking with them, or we can work on decreasing tensions.
Re:Yes, and? (Score:4, Insightful)
The US regularly commits acts that if committed against us would cause a full-scale war. It's unacceptable. If you're in power and you abuse those around you, guess what happens when you start losing power and they gain it?
"With great power comes great responsibility." The US over the past 60 years has demonstrated the responsibility of a small child.
As a young person, I'm just trying to be optomistic the future -- because I really do think this country is fucked.
Re: (Score:3, Interesting)
No, not even that. They wouldn't be so intent on nuclear weapons if Bush hadn't named them a part of the "Axis of Evil" that included Saddam Hussein's Iraq at the time. Considering what happened to Iraq (and Afghanistan, but not to Pakistan), pursuing nuclear weapons was their only choice.
Re:Yes, and? (Score:5, Funny)
Re:Yes, and? (Score:5, Interesting)
That's not entirely the modern problem. We had relations relatively stabilized under Clinton. When Bush II adopted the PNAC world view, severed our relations with NK and Iran, declared his axis of evil, then scaled his foreign policy based on access to nuclear weapons, that basically told every two-bit dictator on the planet that a nuclear arsenal is "U.S. Invasion"-bane. That completely contradicted the message we've been trying to communicate to 3rd world countries for 50 years; nuclear weapons are expensive, hard to secure, dangerous, incite regional arms races, and an irreversible strategic choice.
The new mantra (as perceived around the world) is the US wants nukes and doesn't want you to have them just in case we want to change your leadership. This is all a part of the horrible damage to our image that probably won't ever be righted.
Re:Yes, and? (Score:5, Informative)
And if you see a vulnerability in scum like Kim Barking Mad Teapots North Korea or Ahmadinejad's Iran then we should be doing our best to take them out now whilst we still can.
Which is exactly the mind set that got us into this position. Neither Iran nor North Korea would be such a big problem for us now if we hadn't sponsored a coup in one, and used the other as a proxy during the Cold War.
The way we deal with them today will set the stage for the next 50-100 years. We can keep fucking with them, or we can work on decreasing tensions.
This is absolutely astonishing. We "used" North Korea as a proxy? Really? Crawl out of your political cocoon for a minute, and look at the facts: North Korea is a pariah because it attempted an invasion of South Korea in 1950, supplied and backed by the Soviet Union and Maoist China. The Norks were a proxy, all right, but a proxy used as a weapon against the West and emerging Asian democracies by Stalin and Mao.You DO know this, right? Or are we going to get a conspiracy theory about it? And ever since, they've periodically attacked the South or US forces stationed there. The regime is infamous for kidnapping South Korean citizens for reasons as varied as the need for political prisoners to Kim Jong Il having the hots for a actress he saw in the South. The Norks are as institutionally brutal, corrupt, and totalitarian as any regime in history, and they got that way all on their own. Every time we try to "decrease tensions" with the North... giving them aid, etc... they abuse it, renege on their agreements, and inevitably attack the South in some manner. Did you forget that they sank a ship of the SK Navy a few years ago, literally because they could get away with it? That they just woke up one day and decided to shell South Korea last year?
You can debate the Iranian situation (though I think an Islamist government was inevitable no matter what policy we followed), but to somehow blame us for North Korea is the very height of what Jeanne Kirkpatrick used to call the "Blame America First" syndrome.
Re: (Score:2)
Im pretty sure osama bin laden thought the exact same thing! Hint, its called terrorism if there isn't a war on. That is what is to be expected from america these days i guess.
Re: (Score:3)
Or as Scotty said, "the more you overengineer the plumbing, the easier it is to stop up the drain."
Re:Yes, and? (Score:5, Funny)
Schneier goes commando! Every day!