Steve Spoonamore, CEO of CYBRINTH, is one of the subject matter experts I trust and from whom I have learned a lot concerning the really scary side of electronic commerce/government and virtual life. Steve sent this note and I think it worth reading and incorporating into your view of the worlds, real and virtual, in which we operate. Steve’s message follows immediately and a link to the New York Times article after that. I even included a few ideas of my own after the link to the story.
“Many of you have heard me say the following: 'Everything you have seen in hacking up until now, has been a Beta Test of what is possible.'
This would qualify as a full Pilot. Small, but very succesful. It was not a Siege. It was a multi-pronged, multi-tasking, multi-fronted attack against several asset classes and financial institutions using a flame war of honor as COVER for the operation.
This article does not report the massive shut downs – Globally – of Central Banks, Processing Centers, parts of the US and EU Treasuries and many other financial elements. Many digital ripples extended from this event.
The ARPAnet turned Internet was designed to be a robust, synchronous and neutral tool. It was intended to facilitate kinetic wars by facilitating communication from all points to all points as kinetic attacks made communications routing unpredictable. But what exists today is, or soon will exist, will be far more powerful than all the kinetic tools themselves. It is the tool by which the tools are accessed, targeted and controlled.
If this does not wake people up to the need for defined Policy, defined Goals, defined Access and Prepared response. I am a loss as to what will. Interesting that this is now a front page of the NY Times story.”
Check out the entire story at the link provided below.
Check out the entire story at the link provided below.
TECHNOLOGY | May 29, 2007
Digital Fears Emerge After Data Siege in Estonia
By MARK LANDLER and JOHN MARKOFF
The removal of a Soviet statue prompted cyber assaults that nearly shut down Estonia’s Internet infrastructure.
(Remember, just because you’re paranoid doesn’t mean that they ain’t out to getcha.) While the article is interesting it focuses on the cover or diversion rather than what is likely the underlying purpose of this attack. It would be much more interesting to see (although not very likely that we will) the follow up report detailing the crimes, successful and attempted, beyond the denial of service cover that occurred during the attack and seemingly persist still.
Why should this appear on a blog about Real ID?
The same organizations, criminal, other governments and terrorist (COGT), that are amassing the ability to conduct and those perpetrating these attacks are also indicated to some extent in ID crimes and would benefit tremendously from combining the DoS cover with high volume crimes employing compromised personal information. We make this much easier, more profitable and more likely because we have not addressed the need for strong identity functions. While much of the justification for the Real ID Act is based upon preventing physical entry, activities and movement of terrorists it is at least as important to inhibit the same or related activities in the virtual world. Real ID done right could be a tool in this fight.
Over the last few years there seems to have been a dramatic gap between the massive amount of personal information compromised and the much smaller amount used for criminal activity. At some point “market” forces should quell the appetite for compromised information, but that does not seem to have happened. It is worthwhile to ponder, “where is the information going and who continues to feed the demand side for personal information?” I believe one potential answer worth considering is that some combination of COGT organizations (their membership roles are not necessarily mutually exclusive) are supporting the “market” and stockpiling the personal information of U.S. citizens for future use. Remember, there is no expiration date on this information.
