CNN a few days back ran a story about an interview with Chinese “hackers”, first of all CNN needs to know that the Pentagon is not a website! They have a website but they aren’t a website. These are the type of gullible guys who are now commenting about national security & cyber crime, oh dear where have all the good reporters gone? Maybe CNN should hire technology reporters who don’t faint in awe when hearing the words “TCP/IP”. The worst thing is that it’s CNN lot of people panic when they hear something like this on CNN.
However, there is a grain of truth in that article, in 2005 there was widespread infiltration of various European and American networks in a series of attack that they’re now calling “Titan Rain“, the real name for these attacks has now been classified with the rest of the details. Most of these attacks have been blamed on China, now as the very nature, data and the name for the case itself is classified, one should be slightly skeptical to what extent this is true but it does tell us one thing, a new type of espionage is on the rise. In the good ole days you used to have humans, whom you could torture/kill/maim/imprison on suspicion of theft of the classified documents which you could bury, burn and lock up in a safe 2 miles beneath the ground, whatever. Now we have organized groups of people hundreds of miles away in their homeland jacking into a network using viruses, worms, trojans with the aid of truly anonymous proxy servers or bot nets and access vital data and potentially use it against the nation.
This should make leaders lose their sleep. Think about it; what if Al-Qaeda uses the same techniques to infiltrate and gain the blueprints of a thermo-nuclear device, including techniques to enrich the uranium etc? Shouldn’t this be on the top list of priorities for every nation? Well, if you think about it, it tends to get very impractical to fix up every loophole in a network in order to make it foolproof, if the guys at the NSA, CIA, Pentagon haven’t been able do it, do you think that any other government can? It’s very scary to think that those people, usually one of the best in their field, aren’t able to tackle it but maybe there’s a second way out.
First: The data has been connected to the internet because they need data access from multiple locations around the globe, why not put the most vital data on a secondary network which is connected to the highest offices of the country and make sure that there is no other connection out i.e. the only way left now to steal the data is to physically steal it from one of the secure computers, they have safeguards against that and it’s much easier to implement those than digital ones.
Second: They can employ the techniques of quantum encryption which have been proven viable in a recent swiss election basically, there are two pairs of particles which have been entangled lets say A & B when we entangle them their physical states become inherently link to each other even though they may be physically separated in distances measured in thousands of kilometers, the beauty is that if there is any eavesdropper which intercepts the particle and sees the state on B then he cannot according to the uncertainty principle return it to the original state. It’s against the law of nature to successfully eavesdrop in this scenario. Thus it’s impossible for any 3rd party to intrude without altering the state of particle B which would alert the receiver, thus it’s fool proof, practical but expensive.
Maybe they could remove funding for items like Antimatter weapons or “Voice of God” microwaves that beam speech into the heads of unsuspecting enemies to fund more vital aspects of their national security and I think that other nations should follow suite.
Thus there may be one day when most of the websites containing sensitive data will become safe, till that time I suggest not to put very sensitive data online at all, I know this may sound very low tech but if you really consider the convenience of the internet over national security then you this is the wisest thing anyone can do, after all isn’t prevention better than cure?
0 replies on ““No site is safe”, Yeah Right!”
@Anuj: Well…frankly, I must say, that even if the CNN reporter himself DID know what ‘stuff like TCP/IP’ is, the general public doesn’t. If you were working for CNN, you’d probably be chucked out if you wrote a news item saying ‘hackers had broken into the LAN of Pentagon’. 😉 So I give them the benefit of doubt. As for the attacks themselves, I don’t think the Pentagon is as stupid as to keep thermo-nuclear device plans on a computer connected to the Internet – they probably DO have a cordoned off network amongst themselves. But the spectre of cyberwarfare IS very real. The only reason I think nobody has (and nobody will) carry out such an attack is because every country realises that THEIR own network could be as vulnerable to a cyber attack as the country they’re attacking. So I think it’s a simply case of not provoking the other guy when they KNOW they themselves can be taken down in the same way in the form of retaliation.
“I don’t think the Pentagon is as stupid as to keep thermo-nuclear device plans on a computer connected to the Internet”
You never know GQ some of the silos are connected indirectly to the internet, that’s even more dangerous what if the chain of command breaks down and the signal is sent by a third party to destroy a secondary one? Of course they have protocols but humans and machines can be fooled. However I think that I am probably wrong and this scenario has the probability of one in a googolplex.
However, the fact is that they DO have this connection and I have the bad/good habit to take the worst case scenario. I used it as dramatic effect but I did say that it was just a conjecture. Do you want me to remove it?
“So I think it’s a simply case of not provoking the other guy when they KNOW they themselves can be taken down in the same way in the form of retaliation”
Hmm MAD in computers, you know it’s like Nash’s equilibrium, mathematics is everywhere!
@Anuj: No no, no need to delete. 🙂 I was just pointing out that it’s a remote possibility. Yes, the silos may have computers connected to the Net for transferring data, but I don’t think that they’d be the ones directly responsible for maintaining critical systems like nuclear launch. As for MAD, I think the world now knows how much it can hurt them too – for MAD using computers directly strikes civilian life, and in that situation of civil unrest governments fall. Politicians, above anything, don’t want to lose power.
I just finished reading Digital Fortress by Dan Brown, and the security measures employed by the NSA to protect the country’s ‘TOP SECRET UMBRA’ (sic) data, were actually believable. I mean, selective granting of permission to data isn’t exactly impossible. But then again, it’s just a book. And I spoiled the climax by figuring out the code puzzles towards the end of the story on my own!
@Tech Nut: Digital Fortress is RIDDLED with mistakes, but it’s a well-paced book. That makes up for it.
@GQ: Do you remember my quiz when I just said things the way they were without spice or anything like that and hoped that people would see my point of view well they didn’t, so I have trying to make myself more acceptable, man I am messed up.
@technut: Yeah it’s full of mistake, dude I mean the column will overheat and fry but it won’t sure as hell burn the place down and then he flaunts bullshit as if it was the holy commandments or something.
But it sure is one hell of a story.
@Anuj: Come on, you aren’t messed up! You were just a bit nervous on that day, it was the first quiz you were conducting, right? You don’t need to fret about that! 🙂 I quite liked that quiz!
And I meant more FACTUAL mistakes. U-238 is a stable isotope, you DON’T use it in a nuclear reaction, the other bomb DID use plutonium. And he calls ZIP and PGP encryption standards at one point. Does he know no difference between file formats, programs, and encryption standards. Still, I was a nicely paced book.
And also, the virus was written in a custom language, and yet, executed itself without a custom interpretor for it. That doesn’t happen.
Hmm I noticed the U-238 one (don’t they derive PU from it? Checked it on wikipedia). He said that? You know what’s worse? People buy this stuff.