A recent article in the New York Times demonstrates just how helpless our nation is against hacker threats. Please notice my lack of using the word "Cyber" which in reality has nothing to do with the Internet or computer security, despite the media's attention to the word.

The revelation that a major defense contractor had their network broken into and extremely sensitive data stolen is nothing surprising. I think we can all assume it was the Lockheed Martin attack even though they haven't named which contractor was compromised. The timing makes sense.

Security Is Tough, Tracking Exploits Tougher
A lot of the accepted standards for network security hail back to the 1980's unfortunately, such as requiring users to constantly change passwords. Other problems stem from the use of vendor proprietary security products without fully understanding how they work. Even worse are the users and their desktops - It's trivial to convince the average user to install spyware software without realizing what they are doing. As one network penetration tester / security expert I know said "I used to treat myself to a steak dinner after every successful break-in. Now I just grab it on the way to the client's site because I know I'm going to be successful."

Our fine government experts seem to have a clue at first glance. They suggest making certain their are "active defenses" or counterattacks against attacks, making sure there are consequences for attacking us, just like there would be if they dropped a bomb on a US city. Unfortunately it's much harder to get public opinion on your side for an invasion, digital or otherwise, when there's no visible casualties.

It's also trivial to bounce an attack through an unsuspecting server somewhere, making tracing attacks back sometimes impossible. An attack that appears to come from a Chinese server could as easily have been started by a 16 year-old in Kansas if that Chinese server were already compromised and used to relay the attack. Getting a Chinese server's logs to be able to trace back the next step of relays is probably not that easy. You can't just assume the attack came from where it appears to originate.

Even tracing back common attacks that happen all day every day against my own servers from addresses that originate in the USA is nearly impossible. 99.9% of ISP's are going to require a warrant first, and most judges just don't understand the evidence to begin with. An American ISP is also very unlikely to give those logs to some foreign nation even if they ask politely. Just think how unlikely it is that a Russian or Chinese ISP will give their logs to the USA even if we ask politely.

Another challenge is determining what is an attack from a government versus some twenty-something in Romania who is just looking for data to sell to the highest bidder. From the target's perspective, both attacks would appear to be identical.

And Then the Ignorance...
Then they go on to state something completely idiotic: "If a terrorist group obtains disruptive or destructive cyber tools, we have to assume they will strike with little hesitation."

Really? What "disruptive or destructive," ahem, "Cyber" tools are we worried about them getting their hands on? You think with a copy of Metasploit or The Social Engineering Toolkit that I can't break into 99% of corporate networks that control things like the power grid or defense systems? There are no top-secret "Cyber" tools that terrorists don't have their hands on yet. Everything is freely available and open-source for the most part, and what isn't available such as botnet controls can no doubt be bought somewhere in the shady corners of IRC chat rooms.