Truth About Computer Security Hysteria
VB2002 part 6: somebody finally asks an obvious question
Monday, 13 January 2003
[continued from part 5:
Beach balls and worst-case scenarios]
[Editor's note: it will help if you start at part 1 of this multi-part series.]
THE CRIES OF doom & gloom continued at the VB2002 speakers' panel. I finally did lose my patience; I finally did thrust my hand in the air to inject a comment.
But you gotta give me credit — I held my composure for nearly 500 billion nanoseconds!
Let's say you believe "whole economies" may fall "in the next 5-10 years." You couldn't nationalize the antivirus industry even if your country's survival depends on it (and it does).
Vesselin Bontchev (FRISK) hit the nail on the head when he sniffed "you're welcome to try anytime." A powerful global cartel will never permit any one nation to control its affairs.
- 07:51 Rob Rosenberger (Vmyths):
- [overheard talking out loud]
Agh, that's it.
- 07:52 Frederick (no last name:
- And it's just a matter of time until somebody does this.
- 07:54 Nachenberg:
- Right, okay. (In the back of the room? Then we'll come to the front here.)
- 07:58 Graham Cluley (Sophos):
- [overheard talking to aide with microphone]
(I'll let him take it.)
- 08:04 Rosenberger:
- I just want to make a short comment. I had nothing to do with the question. [scattered laughter] And a simple question at this point, which is, if the Internet is that fragile and that important, then why don't we either nationalize the antivirus industry or just dismantle the Internet as a national security threat? [wide applause]
- 08:31 Nachenberg:
- [relays an inaudible retort from Vesselin Bontchev (FRISK)]
Vesselin says you're welcome to try anytime! Okay? (Coming up to the front here.)
I earned the only applause, by the way. Memo to Graham Cluley (Sophos): thank you for offering me your spot in the queue so I could speak out.
Let's say you believe "whole economies" may fall "in the next 5-10 years." You couldn't nationalize the antivirus industry even if your country's survival depends on it (and it does). Vesselin Bontchev (FRISK) hit the nail on the head when he sniffed "you're welcome to try anytime." A powerful global cartel will never permit any one nation to control its affairs. So who ya gonna call if you can't rely on the antivirus cartel to save you from the cybergeddon?
Answer: you're completely screwed by the end of the decade. Enjoy your fragile Utopia while it lasts, folks.
SOMEBODY ELSE PIPED up to ask an obvious question. If Earth's survival hangs on the gossamer thread of a CAT5 cable, then why didn't it already snap? Why didn't we already plummet into global economic chaos?
A reporter asked "if everything is so vulnerable, why hasn't this devastating attack happened already?"
Gryaznov had claimed "[the] Internet can be brought down" ... but he answered the reporter by saying "it is not necessarily very easy."
- 08:36 John Leyden (The Register):
- I'd like to-- It's John Leyden from The Register here--
- 08:39 (unknown person):
- ([inaudible], pardon me? Say it again?)
- 08:41 Panel moderator Carey Nachenberg (Symantec):
- ([inaudible], yeah.)
- 08:44 Leyden:
- --And I'd like to ask you, if everything is so vulnerable, why hasn't this devastating attack happened already?
- 08:50 Graham Cluley (Sophos):
- [overheard talking to Rosenberger]
(That was my question.)
- 08:52 (unknown person):
- Because it--
- 08:53 Leyden:
- No: I'm posing-- I'm posing the question.
- 08:55 Nachenberg:
- 08:56 Leyden:
- I think that systems are far more resilient than people [unknown] themselves. And I-- for example, a few months ago, this attack, that was [unknown] carried out in the U.S. and had their best people trying to take down the Internet. And they caused some damage, but they didn't really succeed. It's definitely the moment out there to do something bad, so, if we're all so vulnerable, why has it not happened? If the bad guys want to do something bad, then unfortunately, they'll use bombs and they'll attempt to kill people. At least that's what [unknown].
- 09:46 Dmitry Gryaznov (Network Associates):
- We did say it is "possible." We didn't say it's, like, you know, "very easy." Because you have to do [unknown] concentrated effort. You have to have very many computers to participate in the attack and they have to be on basically a different network so that they [unknown] shut down [unknown]. So it is-- it is possible, but it is not necessarily very easy to do.
- 10:07 Nachenberg:
- I can't comment on the actual exercise, but I did read about that exercise by the government. But what I can say is, that the demographics of the people that are writing these hacks today, are still similar demographics from what we've seen in the past. Has anybody seen any rogue states for instance, or terrorist organizations, or organized crime, wanting to get involved in this? And for the resources that they have, it [unknown] in the past, I think we would see a shift. And in fact I think we will see a shift over the coming year and I happen to agree-- or "coming years," rather-- with the... (Sorry. Tom?)
"Not necessarily very easy" to destroy the Internet, Gryaznov says? Bah! It's quite literally child's play! A bored teenager can do it on a lark!
Dmitry Gryaznov (Network Associates) claims "it is not necessarily very easy" to bring down the Internet? Waitaminit! Let's recall a bit of trivia, shall we?
FBI NIPC launched a worldwide criminal investigation in every one of these examples! I said it before I'll say it again:
A bored teenager with rudimentary programming skills can circumvent state-of-the-art antivirus software deployed around the globe ... [and] a mediocre 16yr-old pimple farmer can outsmart the antivirus industry's global brain trust.
GRYAZNOV KNOWS ANY teenybopper can easily beat him in a game of wits. He knows a cyber-terrorist can easily drag-and-drop western civilization into the recycle bin. He knows these things!
"But Rob, if a bored kid can destroy the Internet on a lark, then why hasn't it died already?"
Because irony favors the skeptic. Need I say more?
Why, then, did Gryaznov suddenly claim "it is not necessarily very easy" to bring down the Internet? Answer: I'll bet a soda he flip-flopped just because a reporter challenged him on it. What a wimp!
Let's hope Santa brought Gryaznov a pair of gamete glands for Christmas.
"Not necessarily very easy" to bring down the Internet, he says? Bah! It's quite literally child's play! Gryaznov knows full well the examples I cited prove him wrong. If "Wimpy" doesn't know it, then he shouldn't hog the mic at computer security conferences to begin with. Need I say more?
"But Rob!" you interject. "If a bored teenager can destroy the Internet on a lark ... then you need to answer John Leyden's question. Why hasn't it died already?" Because irony favors the skeptic. Any more obvious questions before we move on? No? Good.
Memo to Wimpy: I'm not finished with you yet...
[Continued in part 7:
All your Internet
are belong to us]
[Editor's note: second edition. This column was updated to correct a transcription error. Report any other transcription errors here. Rebuttals go here.]
[continued in part 7:
All your Internet are belong to us]
[Editor's note: This column was updated to correct a transcription error. Report any other transcription errors here. Rebuttals go here.]|