As someone who fancies himelf a smarty-pants Washington writer, I had been convinced by the smarty-pants Washington elite that the threat of cyberterrorism – terror attacks carried out online instead of, you know, with bombs – is a hoax.[…] [W]e all know that nobody’s life is in peril if Osama bin Laden orchestrates a multifront attack on Orbitz, CheapTickets, and Expedia.com.
In round three, the hospital lost power, with only enough fuel to run backup generators for 48 hours. The police chief and the mayor started bickering over whether to implement a curfew and travel restrictions, and the city’s Web site unaccountably declared a mass evacuation. Two nursing homes lost power, and patients at the hospital started dying mysteriously.
The game couldn’t end soon enough. I don’t think we won.
If you want real ‘terror’ go and get defcon. Although I wonder how many ICBM’s would actually work if you hit the button, as you can see how well most military equipment is cared for…
You know, I was reflecting on the fact that my not wanting an iPod might have something to do with the fact that it wouldn’t be useful unless I left my computer.
And even I found myself thinking “Why don’t these fools get off the @!#%!! box and go look outside?”
Or was that just me?
Let’s see. The Hospital only had enough fuel for the generators for 48 hours. Sounds about right. Now, because they are an emergency sight, they would have first delivery of fuel oil. That problem solved.
There is enough power to run the city’s web site, but not enough to run the Hospital? Run an extension cord from City Hall to the Hospital and help them out. In an emergency, is there no one monitoring the web site behind that firewall? If the web site is remotely controlled, pull the plug and revert to the standard procedure, civilian radio. Problem solved.
But in eight hours, I went from smarty-pants to scaredy-cat. Computers don’t kill people; people with computers kill people.
Those that do not have a well thought out emergency plan will have problems. Homeland Security handed out billions so communities could prepare for these scenarios. Most communities upgraded their equipment and hardened their electronics communication systems.
For someone unprepared and not knowing the intricacies of the various city departments of course will fail. Maybe this guy is a writer, but I wouldn’t pick him to organize the company BBQ. Can you imagine him freaking out because there is only enough beer for 48 hours?
Its funny,
that with all this tech, there is VERY little understanding of how Networks, Work.
Why in Hell, would you let a critical server be allowed to be ON the internet, or allow access to the server FROM a remote with access to the internet, without 3 firewalls and encryption, and 3+ passwords Just to see the time of day.
I hear and see this concept all the time, and its rediculous NOT to protect your Main servers, and NOT have a manual override or Network Shut down to Run the computer ALONE…
But its entertaining, to think…
that the State of Oregon has 1 mainframe…And its clients are…
State police, city offices, DMV, Employment office, and ALL state offices.. And when they go down, NOTHING works. they dont even have satilite servers to HOLD the data. they run it all direct to 1 server.
This would make sense if any of these networks were on the internet.
How do you hack into the 911 server? Do I just port scan 0.0.0.911 and use the latest Windows exploit to take it down?
All of the important networks are not online.
Orbitz, Expedia… are all akaimized. No one has ever taken down Akamai.
You wouldn’t hack these from home guys, you’d pick up a laptop from frys and crack in on-site. Most of these while not being online, do have internal networks. Break into the basement and crack into the network via internal wireing. Once in the network you can easily take it down, sniff internal memos, steal or alter files, you get the idea.
Now, thats not exactly going to work on a missle silo, but a PD, hospital, etc. could feasably be brought down that way. True, they would just revert to radios and the like, but they would be working at a smaller capacity. In conjunction with other attacks (like in the sim) it would be a disaster.
But, that is more of a total war scenario most likely with another country not a terrorist group. Terrorrists go for flashy more than effective. As the name suggests they tend to do what will scare people and disrupt their lives, not some giant orchestrated military coup.
Mall santas with C4 would be more likely. Imagine the havok if some jackass blew himself up in the middle of a mall with a kid on his lap. Much more bang for the buck… but maybe I shouldn’t be giving out ideas like this. Oh well, if I never make another post the feds got me… :\
#6, James, please, don’t put those ideas in my head. I volunteer as Santa every year. Now I will be wondering what is really in that kid’s diaper.
I might give this some credit if they mentioned something like the hardware stores were all out of duct tape and plastic sheeting.
The problems come in 2 parts…
1. THERE ARE utilities that have dialup or Internet access to there systems…Long ago, someone havked the east coast power grid.
2. THINKING
9,
OK, What or WHO edited my comment…
#2, should be…
THINKING that wireless is secure…
Ask Home Depot…They got hacked, because they THOUGHT, using wireless for registers would be cool…
#11: That’s all that came through.
hmm.. guess we need some eDraino.. a “tube” must be plugged
#11
It happens…
Or something poped up on my computer, and the rest went into the Sewer…Down the drain into nowhere.
But, my Main comment,
I see to many companies SEEing New tech as a solution and Not understanding the Problems of what they WANT.
”’Wow, new tech and I dont need wires”’ “make it so”
Then the requirements for Backup systems, or remote servers…Just incase, Spit happens.
Ask MSN afew years back, when they went DOWN hard, for 3-4 days, due to virus infection, and had no Reserve systems. They lost about 1 weeks emails, and everything from that week.
Hit the MSN site with Everything locked down and watch all the warnings come up. NEVEr go there with a NEW install loaded and IE4.
As I said above,
there is NO way you want Access from a Client, or direct to your MAIN SERVER, Unless you want to run HEAVY duty protection, and Backups. Which slow the server, and Backups take Time to recover. And make the backups AUTO reboot, from CD/DVD.
That could/would be cool…Write a backup/recovery to CD/DVD each nite, and it loads/recovers the next/every day. And if spit hits, you just back track 1-2-7 days… but the OS would need to be somewhat small and compact, and basic.
Let them BEAT it up and hack it, its totally recoverable.
If you run with this idea, I want 1%…