It’s not often that one has the opportunity to be the target of a cyber and kinetic attack at the same time. But that is exactly what’s happened to me and my Web site over the past 24 hours. On Thursday afternoon, my site was the target of a fairly massive denial of service attack. That attack was punctuated by a visit from a heavily armed local police unit that was tricked into responding to a 911 call spoofed to look like it came from my home. Well, as one gamer enthusiast who follows me on Twitter remarked, I guess I’ve now “unlocked that level.” ~ KrebsonSecurity
A year after the infrastructure-attacking Stuxnet worm was discovered in Iran, a new piece of malware using some of the same techniques (but apparently with different goals) has been found infecting systems in Europe. The new malware, dubbed “Duqu” [dü-kyü], appears to have been written by someone with direct access to the Stuxnet source code.
Science fiction always uses it in varying degrees. Some believe it will bring about a perfect Technological Utopia:Heaven on Earth. Some believe it will herald a dark and dystopian future. Perhaps it will elevate man to a being that is more than human; Human+ and permanently and irrevocably transform the human condition, and still others believe that too much involvement in it will void your existence. Some religions totally depend on it and others find it harder to deal with: The list of emerging technologies.
Jerry Brito and Tate Watkins of George Mason University published a new paper "Loving the Cyber Bomb? The Dangers of Threat Inflation in Cybersecurity Policy" examining the parallels with the US military's other recent exaggerations. "Cybersecurity is an important policy issue, but the alarmist rhetoric coming out of Washington that focuses on worst-case scenarios is unhelpful and dangerous. Aspects of current cyber policy discourse parallel the run-up to the Iraq War and pose the same dangers. Pre-war threat inflation and conflation of threats led us into war on shaky evidence. By focusing on doomsday scenarios and conflating cyber threats, government officials threaten to legislate, regulate, or spend in the name of cybersecurity based largely on fear, misplaced rhetoric, conflated threats, and credulous reporting. The public should have access to classified evidence of cyber threats, and further examination of the risks posed by those threats, before sound policies can be proposed, let alone enacted. ... No one wants a “cyber Katrina” or a “digital Pearl Harbor.” But honestly assessing cyber threats and appropriate responses does not mean that we have to learn to stop worrying and love the cyber bomb."
An Accelerated Grimace. Chris Lehmann takes down Clay Shirky's cyber-uptopianism by way of Evgeny Morozov.
The recent cyber attacks on pro-Tibet groups in the U.S. (attack details, technical data) and on the Save Darfur Coalition, among others, have managed to catch the attention of some in the mainstream media. Such super-targeted spear phishing attacks have been on the rise for several years, and have become an important tool for corporate espionage and military infiltration attempts. Teaching users to recognize such attack emails is probably the most effective deterrence, as technology solutions have shown to not be particularly effective. Some companies and government agencies even conduct sting operations to ferret out which internal users fail the test, targeting them for additional training. [more inside]
Cannes Cyber Lions Winners: Come Clean and Super Bonder Instant win the Grand Prix, but that's old news on the blue.