Monday, January 28, 2013

Things that go bump in the 'Net

Oh noes! We're under attack!

Unseen, all-out cyber war on the U.S. has begun

 I read a lot of folks, some of whom I agree with, some not, and some that I agree with sometimes and sometimes not. In this case, not so much with these folks, but with a guy named Bruce Schneier who likens articles like this to hype and hysteria (not a literal quote). While he frequently feels that discussions about a "cyber Pearl Harbor" are overdone, that the threat isn't that severe, I don't share his complete disregard. I don't disagree that there is a lot of alarm being raised by folks who have something to gain from the fear, but that doesn't mean that there isn't a big threat.

 This particular article has a lot of "may" and "could be" sprinkled throughout. It does address issues that are true, there have been some particularly severe infestations of networks that went on for years before being detected. The attacks are getting much more sophisticated. The article mentions the recent advice to turn off or disable Java in your systems. 

 For those within the cyber security industry, "Duh". We've been using separate browsers for years now, one with Java installed for those sites that we regularly have to use that require Java to be enabled. 

Like Gmail. 

And our other browser, the one we use for normal surfing the web, without Java in it. And neither browser is Internet Explorer

Firefox. Chrome. Opera. 

 This particular article slings phrases like "cyber violence" and "cyber 9/11" looking to spook folks. Phrases just loaded with strong imagery designed to instill fear in the readers. Yeah, there is stuff happening, there has been for years. Yeah, it's getting sneakier. Yeah, lots of folks do the equivalent of leaving their front door open, their back door open, leave their wallets on the front steps, and so on.

But . . .

This is the sort of thing that gripes me: 

 Banks coming under cyberattack 

This article is being used as an example of how pervasive this cyber threat is. They talk about how the U.S. financial system is being targeted, then using an example of a distributed denial of service (DDoS) attack to make their point. A DDoS is where a lot of computers are directed to ask the bank's web server to send them a copy of the bank's home page. 

Think supply and demand. When too many folks mob something looking for more of it than is on hand, some do without. 

In this case, normal customers that are trying to do their banking business with the bank either may not be able to reach it or experience slow response from the bank site. In cases like this, this is considered a damaging attack because customers are being inconvenienced. More so if they actually cannot get through. 

However, a physical version would be a large crowd of people swarming the ATM that you usually use. You are denied access to it while they're swarming it, but the bank is not going down. 

In the cyber case, the bank may not be able to put up another ATM, but it hasn't failed nor been compromised. With experience, the bank will learn how to deal with this type of attack to minimize the impact to their operations and the customer experience. 

But, cyber violence it isn't. 

Neither is it a cyber 9/11.  

There is a threat. We do need to take it seriously.

But let us not equate what is really only a cyber flash mob and its effects with results like this.


1 comment:

  1. I switched to Chrome lately and I'm not sure what to think. Is it really safer than IE or just the same? It feels like a lateral move. Feel free to email me about that one...

    I think what puzzles me is how many people I know who's email gets hacked. How does that happen? Is it the passwords they pick?

    As for the banking, right now, I just feel very blessed for my credit union. They canceled my card recently (unfortunately I was traveling when it happened... that sucked) because there was a fraud alert. They were right... someone had created a fake card with my number and then then used it in Michigan.

    I think I could probably spend a lot of time worrying, but I think I'd rather be just vigilant and I guess deep down I feel like I have to have some faith that someone is doing their job in industries like banking. They have too much to lose...