Hard Light Productions Forums
Off-Topic Discussion => General Discussion => Topic started by: Mort on June 20, 2012, 08:02:48 am
-
http://www.washingtonpost.com/world/national-security/us-israel-developed-computer-virus-to-slow-iranian-nuclear-efforts-officials-say/2012/06/19/gJQA6xBPoV_print.html
Israel apparently messed up again which allowed Iran to detect Flame. Bet the US was pissed.
-
:banghead: this is starting to read like a bad hollywood cyberpunk
-
:banghead: this is starting to read like a bad hollywood cyberpunk
Welcome...to the future.
-
http://www.hard-light.net/forums/index.php?topic=81003.msg1615902#msg1615902
-
They guys it Geneva better get to writing some conventions regarding cyberwarfare before it gets out of hand.
-
They guys it Geneva better get to writing some conventions regarding cyberwarfare before it gets out of hand.
I don't think it's gonna be that easy... as one of the allures of Cyberwarfare specifically is that you can delude yourself into thinking "that no one will never know who did it".
Before you get caught red-handed anyways ;)
-
Well, in this case it really boils down to US and Israel, since they're the ones that have a bone to pick with Iran. Some cyberintel could still go undetected, which is what is really frightening about it. It has to be regulated, or else somebody will get the idea of attacking civilian targets like that, for whatever reason.
-
how the **** do you regulate it? I could write the next big cyberweapon tonight in my living room without moving my ass an inch.
-
how the **** do you regulate it? I could write the next big cyberweapon tonight in my living room without moving my ass an inch.
like you do every breach of international law, you start at the target and investigate backwards, it's not easy and will probably take decades but thats how these things work
-
Unfortunately, the UN has a habit of writing conventions after something horrible happens. Geneva Conventions were written after WWII has devastated Europe, killing millions, wiping out many old archives and destroying many historic buildings. Maybe now it's time to act before cyberwarfare causes a cataclysm, or escalates so much a convention won't be able to do a thing.
-
my point is thought it's not like nuclear weapons, where you need special materials and equipment, so you can tell when someone is doing something. hell with this you will only know it has been deployed if it fails.
-
It may be possible to detect a cyberattack after the fact, or even if it's already in progress and already did something. Only a perfectly executed attack wouldn't leave any traces, and those don't happen 100% of the time. I know that enforcing such conventions might not be easy, but it should at least be possible to charge the attacked with something in case he's caught. Right now, I don't think a country performing a cyberattack would suffer any consequences from UN, and I would prefer not to have anybody resort to armed retaliation.
-
Right, so, I don't get it. What is a convention going to do if they aren't that afraid of provoking an armed retaliation? I mean, if you're not afraid of pissing a dude off after somehow instantly incinerating the $500 he had in his wallet with your fancy tech toy cause you didn't think that he would know you did it hiding in your little geek van, well, when he catches you, what's the difference if it's just him or if it's also a bunch of his friends because you violated some convention?
What I'm getting at is that it sounds like you're trying to say that laws against some type of crime will prevent someone who is becoming a victim of said crime from protecting themselves.
Or perhaps I'm totally misreading your point.
Convention = yeah cool, but it doesn't work for countries like N. Korea anyways, and those are usually the ones you would worry about. The bigger countries either a) won't get caught, b) get caught and what are you really gonna do about it.
Hmm. I guess what I'm really trying to say is I'm unsure of how this convention dealio would actually play out in the real world. Are you proposing limits to the extent of cyberwarfare? A complete ban? Needing to go to the U.N. for approval and therefore letting your intended target know what you are up to? Consequences for ignoring said convention's rules? Who would sign on? How do you deal with the countries that don't sign?
-
how do you deal with the US vetoing it?
-
I think the best you could hope for is an International Agreement not to conduct cyberwarfare intended to put civilian lives in danger. For example, there's a difference between hampering the development by making centrifuges play up, and causing a generator to explode and putting lives in danger. However, since things like mucking around with finance systems could potentially lead to uprisings and deaths, it's sort of more a gestural commitment than anything else.
-
May I indulge in a bit of devil's advocacy?
Think back to when Stuxnet and Flame were believed to have been developed and deployed. Iran was alleging that their nuclear program was making impressive strides, and Israel was threatening military action to put a stop to any such advances. In the immediate term, Stuxnet and Flame spared Israel from having to risk pilots and aircraft, as well as the lives of the Iranians attending to these facilities.
That's kind of small potatos, though. Consider the larger backdrop, on which these events occurred. In 2006, NATO was attempting to ramp up operations throughout Afghanistan to cobble together some semblence of stability, and Iraq was an utter shambles (this was the year of Abu Ghraib and the fall of Anbar Province). Israel needed bunker-busting weapons from the United States to carry out their proposed attack on Iranian nuclear facilities, something which could have easily drawn Iran into the conflicts in Iraq and Afghanistan, potentially tipping the balance against the occupying forces or drawing those conflicts out much, much longer than they otherwise would have lasted.
Doing nothing wasn't necessarily a much more appealing option than the military strike. Power in the Middle East has always been balanced on the head of a pin. A nuclear Iran poses a serious threat to regional stability, if only because their possession of a nuclear deterrent may serve to free up their conventional forces for offensive operations. Setting aside the rhetoric of driving Israel into the sea, Iran has an ongoing dispute with Iraq over territorial waters in the Persian Gulf, and Iran, even without nuclear capability, has poked its nose into Iraqi territory, since the 2003 US invasion, going as far as to sieze part of the Al-Fakkah oil field for three days at the end of 2009.
When you consider the context, some electronic espionage does seem like the much more appealing option.
That's not to say that there aren't disturbing technological, societal, and political implications. Before proceeding with this style of sabotage, whoever is at the helm needs to carefully consider the consequences of his/her bug getting out into the wild, as it almost inevitably will. That being said, by the time such a bug gets into the wild, as we're seeing with Flame and Stuxnet being discovered five-plus years after they're believed to have been deployed, it's probably done its job, and security software developers will fairly quickly move to limit any collateral damage. Even in the worst case scenario of an espionage-grade piece of malware getting loose and going totally undetected or unaddressed, technology will eventually march past it, providing newer hardware and software standards, with which the malware will not be able to interface.
I'll grant, that's cold comfort, but espionage and warfare are rarely undertaken because they're a desirable option; they're undertaken because they're the least undesirable option available. Electronic espionage/warfare doesn't look like it's really any different. Stuxnet and Flame may have served to save quite a few lives and prevent further deterioration of the Middle East, during a very volatile period.
-
I think the best you could hope for is an International Agreement not to conduct cyberwarfare intended to put civilian lives in danger. For example, there's a difference between hampering the development by making centrifuges play up, and causing a generator to explode and putting lives in danger. However, since things like mucking around with finance systems could potentially lead to uprisings and deaths, it's sort of more a gestural commitment than anything else.
That's about what I've been trying to say. Cyberattacks should be restricted to military targets, and conducted in a way that wouldn't hurt innocent civilians. Just like the use of other weapons. Also, messing with the other country's economy for profit should be forbidden (because let's face it, it's nothing more than fancy stealing). Of course, electronic espionage is just a modern evolution of this ancient art, and it's isn't really any different as far as morality is concerned. It's relation to electronic warfare is similar to relation between a spy and a saboteur.
-
All I can say is that I just can't wait to hear the whining the second China starts using their own versions. :p
-
All I can say is that I just can't wait to hear the whining the second China starts using their own versions. :p
Assumes they haven't. They probably have. Hell, this isn't likely the US' first outing on this road either.
-
they definitely have.
-
Of course they have. They haven't gotten caught yet and that's when the whining begins.
-
Heh, we might be heading for a new case of virtual MAD.
Except... those programs may be a bit more prone to accidents or to escaping into the wild.... than the average actual cruise missile.
Also a bit harder to figure out where it came from when it lands on your head.
-
And it'll be known as the "Flame War".
Anyway, sabotage is nothing new nor is spyware.
-
Heh, we might be heading for a new case of virtual MAD.
I cant see a MAD situation coming out of this. So long as no one is hurt as a result of one of these attacks and the target's economy is not affected, though possible, it is difficult to justify going to war over. In fact I see a situation of widespread targeted use of such attacks acting more as virtual spies. An attack is detected? lots of angry words, talk about sanctions, expel a few diplomats and fund a combined arms war games for a week, or if you have the capability, knock out on of the attackers hacking centers.
-
So long as no one is hurt as a result of one of these attacks and the target's economy is not affected, though possible, it is difficult to justify going to war over.
But stuxnet damaged equipment.
If, for example, Iran were to launch a strike against an unoccupied parked US aircraft, I'd wager the US would be mighty pissed. To be honest, if I had definite proof of a government (as opposed to an individual) launching that kind of attack (stuxnet) against a government facility, I'd take that as a declaration of war.
Is it really that different if you damage something using a virus or explosives?
-
the difference is scale, pursue an individual for hacking and all that is effected is the hacker and their loved ones.
pursue a nation too hard and you risk a war, then many die, why? because on nation disabled a warship for a couple of days just because they could.
edit.
what happens if one nation hacks another's nuclear arsenal and launches a missile at the missile's owner's capital?
-
With regards your edit, that simply cannot happen unless the nation with the nuke is literally asking someone else to press the button for them. Nuclear authorization and launching protocols are more physical than they are digital. You literally cannot launch one simply by computer.
-
fair enough
-
the difference is scale, pursue an individual for hacking and all that is effected is the hacker and their loved ones.
pursue a nation too hard and you risk a war, then many die, why? because on nation disabled a warship for a couple of days just because they could.
edit.
what happens if one nation hacks another's nuclear arsenal and launches a missile at the missile's owner's capital?
So if the warship had been disabled by physical means (say a torpedo) instead of a virus, the reaction would be the same?
-
the difference is scale, pursue an individual for hacking and all that is effected is the hacker and their loved ones.
pursue a nation too hard and you risk a war, then many die, why? because on nation disabled a warship for a couple of days just because they could.
edit.
what happens if one nation hacks another's nuclear arsenal and launches a missile at the missile's owner's capital?
So if the warship had been disabled by physical means (say a torpedo) instead of a virus, the reaction would be the same?
no because that is a clearly defined act of war and is more likely to cause injury and fatality not to mention the loss of the ship
-
So if the warship had been disabled by physical means (say a torpedo) instead of a virus, the reaction would be the same?
There are levels of force, as there are of most things. The use of a torpedo is above the use of a virus for a variety of reasons, among them those headdie listed, others being the proximity necessary, the acceptance of various risks involved indicating a stronger commitment, the greater difficulty of repairing physical as opposed to nonphysical damage.
-
Considering the state that the financial system is currently in, a hefty dose of Cyberwarfare "Nuke style" might be the best thing that could happen to it. :coughs:
I cant see a MAD situation coming out of this. So long as no one is hurt as a result of one of these attacks and the target's economy is not affected, though possible, it is difficult to justify going to war over. In fact I see a situation of widespread targeted use of such attacks acting more as virtual spies. An attack is detected? lots of angry words, talk about sanctions, expel a few diplomats and fund a combined arms war games for a week, or if you have the capability, knock out on of the attackers hacking centers.
In principle I agree... we're not quite there yet. But give it a few more years - or decades - of further networking and interlinking systems.... if you could potentially disrupt a nations entire infrastructure, powergrid and economy for 1-4 weeks... a sort of MAD situation might develop, no? An unstable one for sure... as anyone who was attacked would have to establish "who'd dunnit" before being able to retaliate.
-
the difference is scale, pursue an individual for hacking and all that is effected is the hacker and their loved ones.
pursue a nation too hard and you risk a war, then many die, why? because on nation disabled a warship for a couple of days just because they could.
edit.
what happens if one nation hacks another's nuclear arsenal and launches a missile at the missile's owner's capital?
So if the warship had been disabled by physical means (say a torpedo) instead of a virus, the reaction would be the same?
no because that is a clearly defined act of war and is more likely to cause injury and fatality not to mention the loss of the ship
So what about a hypothetical strike against an unmanned military device vs using a virus to crash it into the ground?
-
the difference is scale, pursue an individual for hacking and all that is effected is the hacker and their loved ones.
pursue a nation too hard and you risk a war, then many die, why? because on nation disabled a warship for a couple of days just because they could.
edit.
what happens if one nation hacks another's nuclear arsenal and launches a missile at the missile's owner's capital?
So if the warship had been disabled by physical means (say a torpedo) instead of a virus, the reaction would be the same?
no because that is a clearly defined act of war and is more likely to cause injury and fatality not to mention the loss of the ship
So what about a hypothetical strike against an unmanned military device vs using a virus to crash it into the ground?
might be easier just to use local signal jamming, also unmanned vehicles apart from when in maintenance are likely unpowered until they are needed and currently they the main use is for entering unfriendly regions which would be the greater act of war