Perhaps it would be good to refrain from throwing stones down towards the neighbors from high atop our glass skyscraper?

The trust model that worked ok in 1970's Computer Science departments isn't adequate for a widely networking world of mobile code (stuff not written on the same computers it is run on). It blindly assumes that every program should be trusted with all the rights the user has available.

Linux, Windows, Mac, Android all share this flawed model. Thus they are all vulnerable to a wide spectrum of attacks, making all our PCs vulnerable. Virus Scanners just check programs against a list in the same manner is the "no fly list".

Instead of trusting programs, capability based systems require a list of rights (aka capabilities) a given task is to be given at the time it is run. This allows the users and administrators to decide up front, with no uncertainty, what side-effects can happen when the program is run.

Capability based secure operating systems are under development, and should be available in a few years. If you're impatient for this future, check out the Genode project to see how things are coming along.

Again,
Until we get computer security fixed in this country, we shouldn't throw stones from our glass tower.
posted by MikeWarot at 8:09 PM on June 9, 2013 [12 favorites]

I'm a little lost in the rhetoric. This "terrifying" was is, as far as I know, bloodless. The losses in it are, at worst, financial. Comparing it to nuclear war seems remarkably inept.
posted by Nomyte at 8:11 PM on June 9, 2013 [27 favorites]

With the help of highly placed government and private-sector sources, Michael Joseph Gross describes the outbreak of the conflict, its escalation, and its startling paradox: that America’s bid to stop nuclear proliferation may have unleashed a greater threat.

This is a very interesting article, and I thank you for it, but what? no! Unless cyberwarfare threatens to control nuclear warheads it is not a greater threat than nuclear warheads! Is it a more pervasive threat? Absolutely! But the article doesn't earn this conclusion.

I suppose it is a nice try at grabbing the reader and all that, though.
posted by furiousthought at 8:11 PM on June 9, 2013 [3 favorites]

It's funny that the United States is so often the first one to use new military technologies (nukes, cyber-attacks) and then immediately the first one to condemn other countries when they want to get the same tools.

The worst is that, unlike the atom bomb, probably within a few days of the time the United States started to use cyberattacks on Iran, this technology was in the hands of the criminals - because you can just copy any attack vector that someone has used on you.

> The losses in it are, at worst, financial.

Failure of vision.

Power; water; ground and air traffic control; military weapons including atom bombs; all of these are controlled by computers. Do remember that being completely disconnected from the internet is by no means a guarantee of safety. Stuxnet was almost certainly spread to computers in an Iranian nuclear facility through a thumb-drive.

And just because something is "purely financial" doesn't mean that it doesn't severely hurt a great many people. Look at the havoc that the global financial crisis caused - I don't think we've really figured out the consequences of it yet, because we're still in the middle of it, but it's certain that it directly caused more deaths than 9/11 - and that's not counting all the people whose health suffered due to losing their money or their job - and their health care.
posted by lupus_yonderboy at 8:22 PM on June 9, 2013 [9 favorites]

Shit is getting more and more like Ghost in the Shell every fucking day.
posted by symbioid at 8:24 PM on June 9, 2013 [7 favorites]

Failure of vision.

Well, furiousthought did include the caveat of controlling nuclear warheads. Outside of that caveat, if you polled most people which do you think they'd prefer: having all of their funds saved in banks lost, utilities disabled, and electronic communications disrupted via cyber attack, or a nuclear bomb dropped on their city?

Part of vision is perspective.
posted by Reverend John at 8:28 PM on June 9, 2013 [6 favorites]

Shit is getting more and more like Ghost in the Shell every fucking day.

Does that mean that Anonymous is The Laughing Man? I suppose the shoe fits.
posted by strangely stunted trees at 8:29 PM on June 9, 2013 [1 favorite]

I really dislike the "war" framing, but I acknowledge the only thing that will change my mind is actual deaths resulting from hacking operations.

There's been some doubt about that Soviet pipeline explosion story, and cyberspace operations can run a huge spectrum.

Keep Cyberwar Narrow.

Bruce Schneier has written about:

The rise of nationalism on the Internet and a cyberwar arms race, both of which play on our fears and which are resulting in increased military involvement in our information infrastructure.

It is the "Wild West" out there.
posted by the man of twists and turns at 8:34 PM on June 9, 2013 [1 favorite]

The trust model that worked ok in 1970's Computer Science departments isn't adequate for a widely networking world of mobile code (stuff not written on the same computers it is run on)

As much as it pains me to type this, you should look at the Multics security evaluation. It's a running gag in academic security circles that all the problems we have were solved in Multics. To a certain extent it's true.

Capability based secure operating systems are under development, and should be available in a few years.

Capability systems are available now -- see Capsicum. I know they're available for linux as well. For that matter, one of the OS's you list (Android) is based largely off a capability model (they're called intents, but they're effectively the same thing).

Capability systems have their own set of problems though. They're certainly not a cure-all for our current security problems, and while they partially fix one of the problem you outlined (programs running with the rights of the user), thats hardly the extent to which computers have security problems.
posted by yeahwhatever at 8:35 PM on June 9, 2013 [8 favorites]

I grew up reading science fiction: I remember my parents very concernedly reminding me that these were fiction, not reality. For a living, I'm a high-end network engineer. I deal with stuff that was remotest speculation on a daily basis. Getting more like Ghost in the Shell? Hell yes, and it's only going to get stranger and more complex as time goes by.
posted by Blackanvil at 8:36 PM on June 9, 2013

The worst is that, unlike the atom bomb, probably within a few days of the time the United States started to use cyberattacks on Iran, this technology was in the hands of the criminals - because you can just copy any attack vector that someone has used on you.

This is almost definitely not true. The program was, from memory, called Olympic Games and started in 2006. It wasn't detected (that we know of) until 2010. This is a very difficult statement to evaluate because this technology only falls into the hands of criminals when it's detected. I'm willing to bet in the vast majority of cases it's never detected and thus never falls into the hands of criminals.

Of course the nature this stuff makes claims really hard to evaluate, so who knows?
posted by yeahwhatever at 8:38 PM on June 9, 2013

I do understand that the article, hyperbolically, says that this is a greater threat than nuclear war - and that's a completely unjustifiable statement.

However, it's far more likely than nuclear war, at least as things appear right now - indeed, future cyberwar, and in the near future to boot, seems like a lead pipe cinch. My bet is that some Metafilter readers will be negatively affected in the coming years by cyberattacks, but none of them will be killed by nuclear weapons.

Just because something isn't a nuclear bomb, doesn't mean it can't cause terrible havoc.
posted by lupus_yonderboy at 8:39 PM on June 9, 2013

yeahwhatever: You're right - I should have said that the virus was probably in the hands of criminals almost immediately after it was detected. Stuxnet was operating in a limited fashion perhaps as far back as 2007 in a primitive form, probably deployed in earnest in mid 2009, but not detected till mid-2010.

But once you have the virus or worm in hand, you can study it and convert it to your own ends. The same is not true of atom bombs - just knowing that a bomb can be made is very useful, but you still have to do hundreds of millions of dollars of research to make an effective bomb after that.
posted by lupus_yonderboy at 8:48 PM on June 9, 2013 [1 favorite]

However, it's far more likely than nuclear war, at least as things appear right now - indeed, future cyberwar, and in the near future to boot, seems like a lead pipe cinch. My bet is that some Metafilter readers will be negatively affected in the coming years by cyberattacks, but none of them will be killed by nuclear weapons.

Just because something isn't a nuclear bomb, doesn't mean it can't cause terrible havoc.

All true. But it's less havoc, and I don't think the paranoia that equating the two engenders is a good thing to foster. That was my motivation for commenting, not so much a "ha ha you are technically wrong" sort of jackassery.
posted by furiousthought at 8:49 PM on June 9, 2013 [1 favorite]

Every time people say cyberwarfare isn't dangerous, I think about what someone could do hacking the SCADA system of a petroleum pipeline, particularly one that runs through a populated area, and shudder.
posted by immlass at 8:50 PM on June 9, 2013 [2 favorites]

The headline seemed to be arguing that cyberwar (drink!) is worse than nuclear *proliferation*, which is far more arguable than nuclear *war*.
posted by xiw at 8:51 PM on June 9, 2013

With nuclear war, it's fairly obvious what's been hit, and you don't have to worry about your own nukes being silently turned against you.

With "cyberwar", you could have been under siege for years, having your backups encrypted with a key you don't know, your operations subtly tweaked for effects your enemies find useful. You can never trust your own infrastructure in a cyberwar.
posted by MikeWarot at 8:53 PM on June 9, 2013 [1 favorite]

lupus_yonderboy:

Check out Gauss. It's unlikely that we'll ever know what the payload is. It's basically super targeted, so unless you're the intended receiver it's payload never decrypts/activates. Now, it entirely depends on the infection vector if it's useful to criminals. If you're using a remote code execution vuln then obviously it's useful, but if its local priv escalation then it's worthless to criminals even once detecte. Could go either way.

It's interesting to see how people are learning from the mistakes of Stuxnet.
posted by yeahwhatever at 8:53 PM on June 9, 2013 [2 favorites]

Also the first person to say APT has to buy everyone else in the thread a drink.

...


Wait, shit.
posted by yeahwhatever at 8:55 PM on June 9, 2013 [2 favorites]

I strongly suspect that the collocation of "cyberwar" and "nuclear war" is part of a dialectic of militarizing the broader Internet. One of the outcomes is a constant state of war in every domain of public life and increasing public acceptance of government monitoring of personal communication, thus giving up other freedoms in the name of defense against existential threats.

Basically, I'm seeing too much synergy between related threads to take this rhetoric at face value. In the near future, I think we will see a growing rhetorical-metaphorical-whatever push to conflate all electronic communication, phone, email, whatever, with the idea of war. Over the last 10+ years the US government has rolled out a series of initiatives that have made public space into a perpetual theater of war. This newest kind of rhetoric is directed at turning the telephone and email into the same thing.

And, again, up to the possibility of a cyberattack on a nuclear facility, cybernetic warfare is no match to the constant, lifelong fear of the possibility that the rockets are already on the way and all life on earth will end in a few minutes. A state of nuclear proliferation is constant existential terror. Cyberwarfare is not constant existential terror, at least not in the mind of the public, at least not yet.
posted by Nomyte at 9:08 PM on June 9, 2013 [30 favorites]

I'm not really terrified yet, maybe a couple more articles and I will be. Out of all the things people say iI should be terrified of Cyber Warfare is definitely inching into way up I guess, probably right after "get shot by swat team in mistaken raid".
posted by Ad hominem at 9:24 PM on June 9, 2013 [3 favorites]

Capability systems are available now -- see Capsicum. I know they're available for linux as well. For that matter, one of the OS's you list (Android) is based largely off a capability model (they're called intents, but they're effectively the same thing).

Android highlights a big issue with capability systems, which is that most people are just going to click right through without even caring, many probably seeing the permissions prompt as an annoyance. The bigger problem is the lack of even basic public education on security.
posted by jason_steakums at 10:02 PM on June 9, 2013 [5 favorites]

Android highlights a big issue with capability systems, which is that most people are just going to click right through without even caring, many probably seeing the permissions prompt as an annoyance.

As someone who is a newcomer to Android and who also cares, at least nominally, about security issues, I don't think it's necessarily an issue with users. A lot of consumer software (apps) for Android seem to demand a wide range of access and fail silently in big ways if not given that access. There isn't much practical difference between "this app can do everything you can as a user" and "this app will only function correctly if given the same permissions as a user."
posted by Nomyte at 10:10 PM on June 9, 2013 [1 favorite]

Nomyte: “I strongly suspect that the collocation of "cyberwar" and "nuclear war" is part of a dialectic of militarizing the broader Internet.”

It's interesting you say that, because damn if Bill Maher didn't make a similar argument Friday night.
posted by ob1quixote at 10:24 PM on June 9, 2013

No matter how good your (non-trivial) security model is in theory, it's almost impossible to implement perfectly. The existence of rootkits isn't a failure of the discretionary access model so much a failure to correctly implement isolation.
posted by qxntpqbbbqxl at 10:32 PM on June 9, 2013

The irony is that the concentration of power to the state actually fuels the threat, such as it exists. Strong crypto and robust, decentralized systems makes us safer. Government-mandated backdoors and cyber warfare arms races only increase the risk of disaster. The state can't expect to provide adequate protection against diffuse, covert threats (see: war on terror), no matter how much it would like to think otherwise, and it certainly can't do so by creating its own diffuse, covert threats. The Mutually Assured Destruction model does not apply to the 21st century.
posted by dephlogisticated at 11:06 PM on June 9, 2013 [3 favorites]

Mike,

I've been in the thick of real world capability systems. The reality is that they rapidly devolve into what can only be called ACL hell -- an infinitely increasing series of ever fine grained decisions we expect users or adminstrators to be able to successfully make, in lieu of developers who we accept cannot or must not make those calls.

It's a lie. Users and admins -- who, by the way, are increasingly the same person -- can't make those fine grained decisions either.

We're doing it wrong, but cap bits don't appear to be a path to doing it right.
posted by effugas at 12:36 AM on June 10, 2013 [5 favorites]

What if the drone control network was hacked?
posted by JJ86 at 5:57 AM on June 10, 2013

What if the drone control network was hacked?

Castle & Beckett have that covered.
posted by titus-g at 6:19 AM on June 10, 2013

Okay, it is a bit of a derail, but I'm wondering why no one considered charging some at Enron for murder. How can you shut down an electric grid and not cause some deaths? How is it not terrorism?
posted by dances_with_sneetches at 6:49 AM on June 10, 2013

The losses in it are, at worst, financial.

In a capitalist/market-based society, inflicting severe financial losses are at least as important as human casualties. And probably much more effective, in the long run.
posted by Thorzdad at 8:08 AM on June 10, 2013

ObSF: Frederik Pohl, The Cool War
posted by Chrysostom at 9:23 AM on June 10, 2013

Resolved: the Internet Is No Place for Critical Infrastructure, Dan Geer, ACM Queue, 02 April 2013
posted by ob1quixote at 10:00 AM on June 10, 2013 [1 favorite]

Critical Infrastructure ain't going offline, any more than anything else can anymore. Dan Geer's awesome but wrong.
posted by effugas at 11:14 AM on June 10, 2013

I strongly suspect that the collocation of "cyberwar" and "nuclear war" is part of a dialectic of militarizing the broader Internet. One of the outcomes is a constant state of war in every domain of public life and increasing public acceptance of government monitoring of personal communication, thus giving up other freedoms in the name of defense against existential threats.

Cyberwar Is the New Yellowcake
posted by homunculus at 11:44 AM on June 10, 2013 [1 favorite]

Android capabilities are not "real" capabilities... they are just privilege flags assigned to a program, which then gets trusted blindly after that point.

Effugas - what real world capabilities system are you using? It should make things easier, instead of something harder like the hell that is AppArmour.
posted by MikeWarot at 10:12 PM on June 10, 2013

It's funny that the United States is so often the first one to use new military technologies (nukes, cyber-attacks) and then immediately the first one to condemn other countries when they want to get the same tools.

Been happening that way since before the crossbow.

The big problem is the mechanization of the mechanization of making war because it’s the only adequate response to the mechanization of the mechanization of communication.

Short tangent - Schneier is right to use the term feudal security. How many telecom companies are there? That own the hard wires I mean. How many data centers are there? Who determines who owns/can access the data running through there?
Matter of time before someone decided to systematically pick that up as a matter of course. Hackers, companies, whatever.

And eventually a government has to be involved, because you have a group that includes people who want to harm others by using that system. No, really, they do. It's not b.s. Or at least not b.s. in the sense that the yellowcake Joe Wilson called b.s. on was b.s.

You have a system given oversight over a system which runs a system.
Information has always been collected by the government, it’s merely been rendered unable to be used in prosecution except under certain conditions of collection.

(…the greatest protections of privacy were neither constitutional nor statutory, but practical… surveillance at issue in the case constant monitoring of the location of a vehicle for four weeks -- would have required a large team of agents, multiple vehicles, and perhaps aerial assistance. Only an investigation of unusual importance could have justified such an expenditure of law enforcement resources)
So.
Technical capacity requires conscious restraint if it’s not going to intrude on people’s lives.

I mean third party doctrine meant a lot more when Ernestine had to manually hook you up to make a phone call. There was a human actively involved in the process. Now because there’s not a human involved, it’s technically not an intrusion. Not on the phone, not in cloud e-mail – because it’s automated.

“The losses in it are, at worst, financial. Comparing it to nuclear war seems remarkably inept.”

The (now ubiquitous) “senior administration official” from the vanity fair link is right. It is the natural evolution of (technical) things. Once you have the technology to do something, you do a lot of it – again - “Fundamentally, cyber-warfare is a story about proliferation.”
Once you can build a nuke, you build many so you have more. Regardless of whether you’ve well surpassed any reasonable goal.

Data algorithms, embedded worms, malware, etc. are foreplay. If militarization remains our only response eventually it'll be worms all the way down. ("The criteria for offensive cyber operations in the directive is not limited to retaliation for attacks against the U.S. but can also be approved if they would advance “US national objectives around the world.” - wired piece)

A weapon can be used for a variety of purposes, but the basis is harm or the threat of harm, to whatever purpose. So you need recognition of harm or the threat of harm. If I walk into a bank with a starter pistol and no one knows it’s harmless, I’ll be charged with armed robbery. If I walk in with a squirt gun, not so much. The bank guard can just send me on my way if he’s feeling generous towards idiots that day.

So if my weapon is inadequate – the question of whether I’ve done harm is predicated on the perception of the defender.
If I’ve done harm, that is, if my weapon is adequate, but I had no intention of doing harm, again, that’s predicated on the perception of the defender, or if we establish lack of intent, the recipient of harm.
Take the Sayano-Shushenskaya dam accident. No intent. The guys at the Bratsk station had a fire and shunted power production at the wrong time.
It happened in August, but wide spread power blackout in Siberia in winter, might have caused more casualties. But again that it was an accident doesn't mean it was any less destructive than what could have been perceived as an attack.
Which would demand a response. So, what, destroy someone else's dam?
It's not just the escalation, it's the automatic escalation based on something that's subjective - and could well be subjective to a machine.

“He emphasized that “civilian objects … under international law are generally protected from attack.” The following week, Iran claimed that the German manufacturer Siemens had planted tiny explosives inside some of the hardware used for its nuclear program. Siemens denied any involvement. Then Western intelligence sources let The Sunday Times of London know that another explosion had occurred at Fordow. This time, a spying device disguised as a rock blew up when Iranian soldiers tried to move it.”

This is like PK Dick's "Second Variety"

Trojan horsing is one thing, but this is weaponization of shared tools such that nothing is as it seems.
It’s not security, it’s the system itself that becomes the enemy. Because what’s the enemy of consensus? Fear. Secrecy.
Historically if someone – criminals, corporations, the church, the government, anyone, has the technical expertise to do something, they probably will.
The “senior administration official” is aptly named because he’s illustrating what’s been policy since before the Roman Empire.

“I think we will see a growing rhetorical-metaphorical-whatever push to conflate all electronic communication, phone, email, whatever, with the idea of war”

I agree. And I think the big danger here is treating it as something exceptional. As a conspiracy or some kind of angle. It’s not. The conflation is systemic inertia.

We don’t need to give up any freedom because such freedom doesn’t exist. We’re not the ones being looked at. We’re the baselines. The folks who aren’t planning to blow something up.
Obvious to y'all from high school science: you have a control set and then the variables. However that means you have to define what “baseline” behavior is and then subject everything that isn’t that to stress.

I don’t know if all that’s clear, but follow me here: Development along the lines of cyberops will continue and accelerate. Talent being emphasized now will be mechanized later to be less resource intensive but will still require effort to stay in the "being smart" arms race.
Those that can’t keep up will find tangential methods, typically more brutal and less interested in preventing collateral damage.
It’s happening even now. The vulnerability is the lack of mobility of the infrastructure if you can’t overcome the talent of the defenders.

Legal, moral or diplomatic methods will come to about the same result as Innocent the 2nd issuing a Papal Bull against using crossbows on Christians in 1139.
Responses will be met with equal, if not greater infliction of pain on innocents and reprisals for the involved, cutting off captured Genoese crossbowman’s fingers by the Holy Roman Emperor f’rinstance.

Non nuclear EMPs and electrical infrastructure munitions are the weapons of the future whether they ride cruise missile (e.g. CHAMP) or are deployed by other methods (BLU-114/B’s in clusters, etc. etc)

But it’s a matter of time before someone uses a nuclear or otherwise messy/explosive EMP generating weapon to attack a cyber target somewhere and uses the excuse of not directly killing anyone with it as a legitimate response.

Not that I’m not a big fan of reducing our nuclear arsenal, but mass starvation resulting from chaos in communication and reducing everything to pre-computer age efficiency is probably worse than a high rad nuke like a neutron bomb. Even better at leaving the buildings standing.

The argument that they’re not nukes, or deployed in non-populated areas, makes their use more likely. Idiocy notwithstanding, genuine ideas are firming up along those lines.

We've essentially limited our options by putting it within a "war" framework and then mechanizing our response to how we conceptualize security.

I don't know a lot on the cyber end of things, but I'm pretty familiar with prosecuting certain elements of warfare and how these kinds of low intensity things play out.

Not that war isn't a nasty business, but at least humans still mostly kill people manually.

The way we're headed along these lines is a bit scary. Not because of any powers that be, but precisely because we seem to be racing headlong without ANY intent.
posted by Smedleyman at 11:34 PM on June 10, 2013 [1 favorite]

How To Protect Yourself From The Online Axis Of Evil, on cyberdefense.
posted by the man of twists and turns at 6:40 AM on June 11, 2013

Encryption is a good idea. Why we keep plugging ourselves into this stuff though...

That, for me, is the big question. Who's responsible? If there's an automated system that interprets something as a threat, and it's wrong and it's a civilian - where do you seek redress?
If I deliberately shoot a civilian, it's on me. If an automated system disables my car or shuts off power to my neighborhood (and my gramma on the iron lung dies), or any number of other possible responses occur (including an automatic drone strike), who goes to jail?
Right now it's no one. Because no one ordered the response just like Obama said "no one" is listening to your calls.
The difference used to be functional. Now the distinction doesn't exist.
posted by Smedleyman at 12:39 PM on June 12, 2013 [1 favorite]

Bruce Schneier: Has U.S. started an Internet war?
posted by homunculus at 10:58 AM on June 20, 2013

It’s not security, it’s the system itself that becomes the enemy.

Heh.
posted by infini at 11:08 AM on June 25, 2013