Hopefully it's not related threats about hacking during the election.
Remember that recently Biden openly threatened cyber attack on Russia if they make any attempt to tamper with the election. Which is completely unprecedented, as is the notion that DOD is openly saying Russia was behind DNC and other attacks.
Also what amazed me is that he would casually threaten to strike Russia. It seems that no one considers these attacks as an act of war. But that's what they are.
In July 2016, Allies reaffirmed NATO’s defensive
mandate and recognised cyberspace as a domain of
operations in which NATO must defend itself as
effectively as it does in the air, on land and at sea.
The technical verbiage used is "domain of operations" and "security domain".
> It seems that no one considers these attacks as an act of war. But that's what they are.
Wouldn't it be better that we on Hacker News stay above trying of define "act of war". Is it an act of war for one country to pollute air that floats over another country? Is it an act of war to launch satellites that pass over another country? These questions are governed by precise treaties today, but I can imagine politicians screaming "act of war, act of war!" at some point in the past.
It's just an arbitrary phrase used by politicians to justify whatever action or inaction they take. It will lead us to needless unproductive argument.
God I fucking hope not. I'd much rather lose access to some services and focus on technical mitigations than literally start a war over it. I don't want me or my family to die just because services go down or businesses lose some income.
Like it or not, that's happening and next year when Clinton comes in the office, that will be the among the first things it comes to. Mark this comment.
I think I must have missed some context here or misread since an attack on an electrical grid is substantially different from disrupting major web services.
Espionage is stealing data. Disrupting utility services is an act of war, whether it is shutting down an electricity power plant, cutting communications, or any other act of sabotage.
Equating what amounts to a temporary sabotage of a non-critical service to an act of war highlights how brittle and conflicted is US cyber-strategy.
Surveillance has for so long gotten all the money and mindshare A stockpile of zero days is considered a good and necessary thing. Back doors in hardware and software are considered clever and useful, and maybe even a workable compromise for domestic surveillance.
Imagine if the domestic surveillance budget had been spent instead on making Linux into an EAL6+ certifiable system and creating open, verifiable designs for chips and firmware for secure hardware platforms.
This is true, but in fun hypothetical talks with various tech friends over the decades, we often talked about in relation to Internet services in particular, taking down services and such can actually help with hacking (i.e. stealing data) efforts. How? Why? Firstly, probing as the article mentions does yield plenty of valuable intel which is the core for espionage.
Secondly, we often joked that companies have such flawed backup and response procedures that triggering these things has a funny effect. More specifically, a lot of times in our experiences, we saw things like backups, up-scaling servers, etc. go noticeably unmaintained or poorly attended. A lot of people, especially years ago never did a great job of testing their backup systems, failovers, scaling, etc. and kept them up-to-date and secured as well as the main stuff. It's more interesting in some ways in this world of containers and VMs. One would assume things are updated, patched, and deployed exactly inline with the mainline stuff, but that's not always the case. It often takes only one slip-up and this is where a ton of people make mistakes for so many reasons. And sometimes it's easier to manipulate the protection systems to be the vector itself than the systems they are protecting.
That is to say, messing around with services sometimes can be a way of creating an open front or back door. Especially if there's malware and things that can be planted that will be less likely to be caught in the panic or otherwise deployed as a result of the panic response.
Of course all of this is more unlikely, but it's fun to think about in the same way stupid schemes that are similar in heist movies are fun.
What if an entity willingly allowed the attacks or espionage to continue? Like the NSA allowing foreign nations to spy on US citizens and corporations, or the CIA operating and allowing drug operations to run amok within US borders, or the OPM breach?
You can't just have one without being able to hold all of those responsible accountable.
What Russia is trying to do with us (whether it's to influence our election or just make us seem weak) is very bad and should be met with a proportional response, but calling it an act of war seems a bit too far.
Did you know you're not at war, and have never been, with Afghanistan?
Meaning of all that: what is or isn't "war", an "act of war" or "is" is up to people to define, and international law is easily ignored whenever states think that's a good idea.
The best definition is probably the UN's "act of aggression", see http://www.un-documents.net/a29r3314.htm. That definition does not include provisions for such situations – the only (theoretically) unarmed act of aggression is a blockade.
There is a strange push in America to go to war with Russia. Of course no one comes right out and says this, because it would be counterproductive. But every time something bad happens to democrats, it gets blamed on Russia. Lots of non-sequitur bellicose talk about Putin all the time.
It reminds me of the run up to the Iraq war. Seems bad.
The idiot is embarrassed because the DNC was exposed as fraudulent and corrupt to the core. One might figure only the Russians would be interested in exposing the underlying machinations of American politics, but it really is just a classic case of misdirection.
He's also threatening not just the Russians, but the American citizens as well... that if they try to challenge the system as it is, then the politicians would rather start a major war than to address any concerns of fraud/corruption.
Thank you, missed this piece but it was interesting.
I disagree with him on the point of "Who would do that?" He might be right about state level actors, but I think he discounts the motivations of crazy/disillusioned people, bored and curious people, and especially teenagers.
When I was a teenager, the Internet wasn't a thing yet, but we sure dreamed of all kinds of crazy schemes for taking out the phone company, power, anything really. We talked about anarchy and many "taboo" topics I can't mention here. The thing is we were good kids at heart and we had the discretion and morals not to act on those things. All of this happened in a time where our instant communication was the phone or meeting up in person. Today, it is infinitely easier to seek out like-minded people and to replace those who drop out. The ability to seek out confirmation and push is easier than ever as well.
Unfortunately, there are plenty of people that don't have that. Just because someone is a misguided teenager or crazy person does not mean they do not have intelligence, organization, and skills. Many of us certainly did our share of things and had the power, but I wonder what might have happened if we didn't stop ourselves in some cases. While perhaps the organization and probing nature likely hints at something else, it's really not that unusual for people to just mess around. Some people as they say also just want to watch the world burn. A couple of rough years in my teens, I certainly felt that way at times. I did plenty of things I'm not proud of, many people just have no shame and will take it that much further.
In the end I probably agree in terms of who is most likely, but I am kind of surprised that there were not more possibilities mentioned. Even 20 years ago, attacking Internet infrastructure seemed an obvious thing to do to us and we used to love talking about fun ways to ruin things over a burger at lunch. I mean is it really that hard to fathom people would think about attacking targets other than some organization, government, or other kind of company's servers?
Schneier's post is hardly prophetic. The idea that "china is attacking the internet" is so well ingrained, that this 2-year-old fake security attack map has "china mode", to make most of the attacks seem to come from China (part of the mockery of such maps): https://github.com/hrbrmstr/pewpew
Remember that recently Biden openly threatened cyber attack on Russia if they make any attempt to tamper with the election. Which is completely unprecedented, as is the notion that DOD is openly saying Russia was behind DNC and other attacks.