back to article Cyber attacks will 'catastrophically' spook public, warns GCHQ

A digital attack against the UK causing even minor damage would have a "catastrophic" effect on public confidence in the government, GCHQ has privately warned Whitehall. The Cheltenham spy agency's new Cyber Security Operations Centre (CSOC) makes the prediction in a document prepared for Cabinet Office and seen by The …

COMMENTS

This topic is closed for new posts.
  1. Seanmon
    WTF?

    a "catastrophic" effect...

    ...on public confidence in the government?

    Waaay too late, boys.

  2. Anonymous Coward
    Anonymous Coward

    Serious Mental Health problem there

    So they visit Direct.gov.uk and it times out, and they go hide in their panic room? I think that that is not a cyber attack problem, that is a mental health problem.

    Do the same people panic if the BBC cancels a program because of the snooker?

    Either that or some department has been given a big budget and excessive powers and feels so guilty about that, they feel the need to justify it with vague exaggerated silly claims. Surely not!

  3. Anonymous Coward
    Anonymous Coward

    Bog standard scaremongering, pork barrel attached

    What makes them think that a "cyber" attack will affect Blighty more than, say, a bombing? Or a bunch of crooks managing to "acquire" a government cdrom or usb stick or laptop full of easily abused information?

    I think this is tacit admission CSOC doesn't actually understand much about this "cyber" thing, OR they're cynically playing on the fact that whitehall sure has no idea whatsoever, a not uncommon occurrence. In the same way that terrorism by "scary brown people" is somehow worse than terrorism by catholic or protestant white people.

    That the report isn't much good is evident: For decades we've been hearing that quantum crypto will be here "real soon now", and the state of the art hasn't advanced sufficiently to increase its slow progress much, yet. Even so, the basic rules of information security remain the same, so even with a breakthrough or ten, for the end users it means (expensive) upgrades but business as usual. And since that business wasn't too well run in the first place, the point is largely moot. Even the successor to quantum crypto cannot protect against sheer negligence.

    Note that the quantum crypto scaremongering (not the crypto itself) has been thoroughly discredited in this very rag. But that doesn't stop a good solid round of new rules and security industry pork barreling. What this means is that to this multi-faceted ``cyber'' danger the most dangerous thing for us the citizenry is, again, the very report itself. Carry on government.

    1. amanfromMars 1 Silver badge

      Pork Scratchings or the Finest Smokey Bacon .... Your [Governments] Free Choice.

      "What makes them think that a "cyber" attack will affect Blighty more than, say, a bombing?" .... Anonymous Coward Posted Monday 22nd February 2010 12:46 GMT

      Maybe they have been presented with a scenario/diaspora/virtual reality for which appropriate regular danegeld payment will deliver irregular remedy and unconventional relief for as long as is necessary in a Novel Partnership of Mutual Advantage?

      "I think this is tacit admission CSOC doesn't actually understand much about this "cyber" thing, OR they're cynically playing on the fact that whitehall sure has no idea whatsoever, a not uncommon occurrence. In the same way that terrorism by "scary brown people" is somehow worse than terrorism by catholic or protestant white people." ...... Maybe so, AC, in all those cases, but they sure as hell should know what IT can do in Creative Hands/Hearts and Minds. They should sure as hell know that one wrong move loses them the whole Game, Set and Match and renders them just a dumb spectator munching on a hotdog specially prepared for the masses who are just spectators.

      1. Anonymous 3

        Reading through the jumble, a I am left with a question

        And how, pray tell, is this different from everything else they've bungled so far?

        I'm quite sure that a good scare to ``Do Something, Now'' will get them moving and have them do that, net effect they bungle up some more. But one used to dealing with ``standard class people'' might be excused to think they might notice how that ``Does Not Work Effectively Or Much At All, Really'', and maybe try some quiet deliberation and some actual thought. If this is all they can come up with, then perhaps they aren't fit to represent us, and we really ought to do something about that.

    2. Anonymous Coward
      FAIL

      Scaremongering is right

      We had cyber attacks on government sites here in Australia only a week or so ago (DDOS attack by the Anonymous action group in protest of the governments internet filter policy), and it made not a blind bit of difference to anyone.

      The FAIL is for the report saying it will have catastrophic impact on public confidence!

  4. william henderson 1
    Thumb Down

    .".....availability of cheap, fast .....

    ......broadband will mean that states are able to achieve their aims by hiring criminal botnets to carry out DDOS or other attacks on their enemies' infrastructure."

    is this why botnets appear to be so resilient?

    they are seen as a potential resource by their hosts?

  5. John Smith 19 Gold badge
    WTF?

    Govt spy agency says it needs to do more spying

    "catastrophic" effect on public confidence in the government"

    In a way tha *multiple* losses of 100s of MB of highly personal details (HMRC, prison staff, army applicants, etc) has not.

    "Quantum computing."IMHO someon has been reading *way* too much Tom Clancy.

    One of those technologies that has been coming "Real soon now" for about a decade at least.

    Perhaps a *little* more difficult that its supports claim? Rember *everything* looks slimple on a whiteboard.

    Only a Civil Servant who *wants* to give them more money would fall for this alarmist twaddle.

  6. richard 7
    FAIL

    "catastrophic" effect

    "A digital attack against the UK causing even minor damage would have a "catastrophic" effect on public confidence in the government"

    I'm not overly sure it *could* get any lower.

  7. Nigel 11
    Boffin

    Quantum comuting

    There should be a considerable degree of skepticism about whether a quantum computer with a serious number of qubits (>1024) can actually be constructed. My own belief is that the failure to construct a quantum computer capable of instantaneously breaking all known codes will tell us something very interesting and new about physics - indeed, that it may turn out to be as significant as the failure of the Michaelson-Morley experiment, which disproved the existence of the luminiferous aether.

    That's just a hunch, though. Should "reality" prove otherwise, the philosophical implications are of even greater import.

    1. Alpha Tony

      @Nigel11

      'Quantum comuting'

      That's what I've been doing since I started working from home.

  8. Nigel 11
    Black Helicopters

    The absolute worst-case scenario

    The worst-worst-case scenario is that construction of a working bignum-bit quantum computer crashes the operating system of the virtuality which we call "the universe", or causes the external real intelligence(s) running the computer simulation that we call "the universe" to shut it down in exasperation or disgust.

  9. A J Stiles
    Grenade

    Easy solution

    "Growing reliance on the internet to deliver public services will 'quickly reach a point of no return'" -- and this is the problem.

    The obvious answer to this is to try to *reduce* this reliance on the internet. Make sure there are alternatives in place to allow any public service to be accessed in the more traditional way.

    Not only does this mean there can be no discrimination against non-computer owners, it also avoids backdoor privatisation of law through enforced use of proprietary technology.

  10. amanfromMars 1 Silver badge

    If only you could believe everything which officialdom tells you....

    ""It is unlikely that any state actor will have been able to put quantum systems into operation by 2015, although some state actors may have basic quantum computing capabilities by 2020," CSOC says."

    How very wise of GCHQ to have chosen not to mention non state actor capabilities .... the great known unknown which constantly, transparently and steganographically trails its Bait and Goodies before them, for the SMARTer Players in the Greatest of Great Games to Ponder Purchase before Obvious Sale Elsewhere to more Astutely Aware Competitors and Partners into Wiser Intelligence Servering of Obscene Advantage for Quantum Control Systems Market Control.

  11. Thomas 18
    Stop

    Power Failures...

    often result in mass panic and catastrophic loss of confidence in the government (does anyone actually still have confidence in them?).

    I fail to see how your internet not working is worse than your lights, radio and computer not turning on.

  12. John Smith 19 Gold badge
    Happy

    AC@12:16

    "Either that or some department has been given a big budget and excessive powers and feels so guilty about that, they feel the need to justify it with vague exaggerated silly claims. Surely not!"

    What is this word "Guilty" that you use in relation to a Govenment department?

  13. James 47
    WTF?

    danegeld

    I hadn't heard of this phrase until last week in a quiz, and now aMaNfRoMmArS uses it.

    Weird

  14. Anonymous Coward
    Big Brother

    Be afraid - be very afraid (yeh yeh <sigh />...)

    Last night channel 4 news showed an article on a US government mock-up of a possible "internet meltdown cyber warfare" type scenario which seemed bent on pushing the idea that we all need to be very afraid of such an event. And now we get this report from the UK "Cyber Security Operations Centre".

    It's an amazing coincidence that these two completely separate (yet parallel) stories break within 24 hours of each other. If I were of a suspicious nature I'd say something smells a bit fishy and maybe we're being "fed" these stories in order to make us afraid (after all it seems to me that we're becoming a tad blazé about international terrorist attacks and it's high time we had something new to fear).

    But I'm sure it's all a coincidence and there's no orchestration whatsoever behind these stories (or the ones that will break over the rest of this week).

    1. Mike Flugennock
      Grenade

      Granted, I'm rather generalizing here, but...

      ...it's been nearly twenty years since I've learned to regard as total bullshit any computer-related blather from a government agency or the general media using the prefix "cyber".

      My (rather generalized) standard response is that they can go cyberfuck their cyberselves.

      -

      ("Electronic Pearl Harbor", anyone?)

    2. amanfromMars 1 Silver badge

      AIMODified Cloud Executive ... for ESPecial Virtual Terrain Team Operations

      I admire your cynical naivety, AC, in doubting/hoping/questioning that coincidences are not orchestrated, for of course whenever they are, is the Nature of Reality then a Mainstream Virtual Reality Flow being Programmed into the System.

      "Last night channel 4 news showed an article on a US government mock-up of a possible "internet meltdown cyber warfare" type scenario which seemed bent on pushing the idea that we all need to be very afraid of such an event. And now we get this report from the UK "Cyber Security Operations Centre"." ...... Methinks any fears and/or concerns are firmly rooted and routed in those who would be pimping the fear agendas, hell bent on pushing the idea that we all need to be very afraid of such events. [Oh, and here's wishing Dick Cheney all the Best of Care and Attention that he deserves ..... http://news.bbc.co.uk/2/hi/americas/8529585.stm]

      "Officials plan to feed the results of the meetings into policy, including whether and how the UK should develop offensive capabilities online." ....... Oh FFS.... Aren't you/they already doing at least all of that? What sort of Mickey Mouse operation is the UK CyberSecurity Operations Centre. And what is the point of reinventing the wheel whenever the how of developing offensive capabilities online is so very well known by those with developed offensive capabilities online.

      OK ..... who's got the spooky email address that puts one directly in touch with the GCHQ Beginners or are they so aware that nothing is secret and communications are rigged, that they hide themselves away afeared to exchange pleasantries and information/questions and answers?

      Which all sort of ask the one Big Question ...... Who is Leading Whom and with What? And that is a National/International and InterNetional Question which you will be hard pushed to Answer anywhere near Correctly, or are you content to believe that Things just Happen Randomly and everything therefore is just a Reaction rather than an IntelAIgently Designed Plan, in a Suite of Plans and CHAOS reigns Supreme and Sublime?

      The one novel thing about CyberSpace Security is, that it is a Place in which to Deal Global Scale Business in which the Intellectual Property Exchanged and which Drivers IT, is not Confined or Owned by any Nationality or IntelAIgently Designed Entity, but rather Run by a Host of them Hosting Intellectual Property Exchange which Drivers IT and Media Systems of SMART Power and Animal Control. And a Real Money Spinner for GCHQ Spookery should they ever get their Act together and actually Decide to Lead with CyberIntelAIgents Purchase and AI Leverage, rather than Floundering in the Shallows like a Beached Whale.

    3. Goat Jam
      Big Brother

      Indeed

      "after all it seems to me that we're becoming a tad blazé about international terrorist attacks and it's high time we had something new to fear"

      Meanwhile downunder, the guvmint scaremongers have just released a "Terrorism Whitepaper" which is meant to scar^H^H^H^H inform us about all the growing threat of "home grown terrorists" and the need for biometric passports from suspect countries despite the fact that none of the know terrorists so far have been caught using forged passports and even more ludicrously, our nearest and largest source of terrorist threats, Indonesia, are not included in the "blacklist" of countries requiring biometric passports.

  15. Anonymous Coward
    Stop

    what

    "Officials plan to feed the results of the meetings into policy, including whether and how the UK should develop offensive capabilities online. "

    Waste of time.

    Bin your stupid policy and schoolboy dreams of waging cyber warfare and do something that will actually make a difference in the real world: Stop using Internet Explorer 6.

    Stop using Internet Explorer 6, stop using Internet Explorer 6, stop using Internet Explorer 6, stop using Internet Explorer 6.

    Stop using Internet Explorer 6.

    And then we can FINALLY MOVE ON.

  16. Adam 10
    Happy

    It's happened already, hasn't it?

    This news comes the day after the Argies "cyber attacked" The Penguin News... did that "catastrophically spook" anyone? No.

    People were more bemused than scared.

    OK, so it was an epic fail because they used Spanish text (Falklanders speak English), and they only hacked a local newspaper, but they did their best.

  17. frymaster

    totally agree

    what the report is saying is, "a cyberterrorist attack will cause headless-chicken syndrome for the media and politicians, and thusly for the unwashed masses, far more severely than the actual damage done would suggest"

    given past events, seems a pretty safe bet to me

  18. kbb

    Conflict of interest

    Quote: Growing reliance on the internet to deliver public services will "quickly reach a point of no return", meaning "any interruption of broadband access becomes intolerable and will have serious impacts on the the economy and public well being"

    Better throw that clause out of the Mandybill then.

    1. Mike Flugennock

      I don't know about a serious impact...

      ...on the economy or public well-being, but the last time I had an appreciable broadband outage here, I switched over to my 56k internal modem, let Thunderbird run to catch any important messages, and went downstairs to watch a movie on TV.

      A slight pain in the ass for an hour or so, as I recall, but _impact_...?

  19. Anonymous Coward
    Anonymous Coward

    Hmmm

    "Meanwhile a quantum-encrypted message would be impossible to intercept because just by observing it the eavesdropper would destroy it."

    So all you need to do is observe your enemies communications and you've nailed them. If observing the message destroys it, then you in effect destroy their means of communication just by looking at it. So how can they then co-ordinate anything when you have basically broken the comms link between them.

    Or am I missing something here?

    1. Nigel 11

      Observation in the quantum sense

      Observation in the quantum sense, means eavesdropping or "bugging". In other words, a quantum communications channel shuts down if someone is attempting to "tap" it. This behaviour is generally regarded as preferable to having one's communications spied on, without knowing about it.

      Also if you are in a position to attempt to tap, you are almost certainly in a position to physically destroy. Ordinary doors, locks, men with machine guns etc. will protect a quantum communications channel (usually a fibre optic) from being blocked by observation in much the same way as it will protect a conventional wire from being severed. The difference is that if they have managed to breach your physiccal security, they still won't get any information out of the channel.

      1. fajensen
        Flame

        Quantum Scam!

        So, every time the Quantum Computer has to perform, it feels observed and stops working (until new funding arrives - of course).

      2. Mike Flugennock

        Hmmm... time to add a new word...

        ...to my list of words on my "regard as bullshit" trigger-word list, vis-a-vis government and media:

        "Quantum"

      3. Bumbling Fool

        Don't bug me - well you can a bit

        QKD channels can withstand a certain amount of eavesdropping and still retain their security.

        The key is only ever established from photons that arrive at their destination so any eavesdropping has to be active. Simply trying to tap and 'read' the photons is not sufficient - something has to be sent on to the destination in its place. Quantum mechanics guarantees that one cannot copy or clone the photons.

        The two ends of a QKD channel can assess the error rate on the quantum communication and, provided it is below a certain bound, can still establish a secure key between them. It is irrelevant whether these errors arise from active eavesdropping or from other system errors such as detector dark count noise.

        There are classical processing techniques that will allow the distillation of a shared secret from a collection of partially secret bits. Knowing the error rate one can provably establish the maximum amount of key information that could have possibly leaked to an eavesdropper and reduce this to an arbitrarily small amount using these techniques.

        Observation of a quantum computer IS what collapses the state onto the 'answer'. In a QKD channel observation by an eavesdropper is a source of errors that can be measured and dealt with. In quantum computation it is the act of observation, or measurement, that collapses the processed input state onto what is hoped to be the correct answer.

  20. jake Silver badge

    Idiots.

    "The Cheltenham spy agency's new Cyber Security Operations Centre (CSOC)"

    Anybody who uses the term "cyber security" in earnest can be safely ignored. They are all, quite simply, completely ignorant.

    Seems to me that you right-pondians have elections coming up ... use them wisely.

  21. Nigel Whitfield.

    Go to the post office

    Perhaps, if there's a cyber attack, we could all just queue up at the Post Office, like in the old days? Assuming it's not been sold off to some free-market profiteer....

    Admittedly, some net obsessives may find it spooky having to be in a line with other real people, some of whom may be old, or perhaps look less well off, but on balance, I think most of us would cope.

  22. Anonymous Coward
    Black Helicopters

    NSA

    "The NSA is said to be investing heavily in quantum computing"

    Who said that ? They will have "disappeared" by now if they were right. I guess it depend on what "heavily" is - 35% of budget ?

    The NSA is so well financed (along with the CIA) that the entire GCHQ budget is most probably less than their spend on transportation. GCHQ need to get real and not try and scare the civil servants into providing more money with these sensationalist comments.

    Rather than selling off assets like QinetiQ, government should get a grip. No more taxpayer money until they make savings from such mistakes. Oh, GCHQ should not get staff to leave when acting in the public interest.

  23. Dibbles
    WTF?

    I'm struggling on this one

    I mean, I understand the correct procedure: grossly inflate scale of threat, demand budget and exclusions to privacy laws to resolve it, see department grow into Big Brother. But what these public services that are delivered online that we'd be distraught to miss? A page showing the opening times of the local library? Something about MP attendance? I'm really lost...

  24. Anonymous Coward
    Anonymous Coward

    Biggest online threat...

    I think the biggest threat to our online existence are ISPs and mobile providers who continually over-sell capacity and then want to remove anyone who has the audacity to actually use their "unlimited" connection.

  25. Bumbling Fool

    Quantum Jiggery Pokery

    It's very important to distinguish between 'quantum cryptography' and 'quantum computing' as they are two quite different technical beasties.

    Quantum cryptography is a terrible misnomer - invented to sound catchy but somewhat misleading. It should properly be called quantum key distribution (QKD). It uses the properties of quantum mechanics to establish a secure random sequence of bits between two users. This random sequence can be used as a key in symmetric crypto algorithms. It is just an alternative technology to traditional key distribution mechanisms.

    QKD systems are commercially available. With some investment and a bit of adaptation and tinkering the entire UK telecommunications network could be protected using QKD within a reasonably short timescale. There is, however, no political or commercial will to do so.

    Security is about risk management. Where are you most vulnerable? What failure will cause the biggest impact? etc etc. Existing arrangements for key distribution are not seen as sufficiently vulnerable in order to warrant the substantial investment it would take to implement a QKD mechanism as an alternative. With protecting a single link using QKD currently costing around the £50k mark just for the kit the assessment, quite rightly, is that the money is better spent protecting systems that are more vulnerable.

    Quantum computing is another kettle of fish. It exploits the properties of quantum mechanics to perform some computations faster than can be achieved through classical means. Essentially it performs a massively parallel computation on the components of a wavefunction. The components each have a phase relationship and they are brought together to interfere to yield the correct answer. The principal reason why quantum computers are difficult to build is that this phase relationship is very sensitive. Even the slightest interaction with the environment will destroy the necessary phase coherence very quickly.

    Quantum computers work and have been demonstrated but only very small versions have been built.

    Furthermore there are only a few known algorithms for which a quantum computer provides any substantial benefit. Two of these just happen to be the ability to factorise and solve the discrete log problem - precisely the things you need to do to be able to crack the most popular public key crypto systems. So should someone figure out how to build a quantum computer of any size then we'd need to replace any crypto suite using these aysmmetric public key algorithms pretty quickly.

    Symmetric algorithms like AES are not as vulnerable to attack using a quantum computer. In essence a quantum computer can halve the effective key size of a symmetric algorithm but it cannot do any better than this.

    A successful 'cyber' terror attack on, say, the UK's banking network might have national security implications. If people cannot access cash or pay for goods there is the potential for short term civil unrest until the systems are back on line. This is just one example. Although if we all get smart meters then a cyber attack launched to turn off power might be more than a minor irritation. I'm sure there are other examples.

    1. Anonymous Coward
      Anonymous Coward

      your

      your example isn't great

      "A successful 'cyber' terror attack on, say, the UK's banking network might have national security implications. If people cannot access cash or pay for goods there is the potential for short term civil unrest until the systems are back on line."

      Already happend, but had nothing to do with a cyber attack, I believe it was a faulty SAN that took out a major banks card network.

      People grumble and make a few phone calls, but all in all we get over it. Normal people are quite capable of dealing with minor inconvenience.

      1. Bumbling Fool

        well yes, but . . . .

        "People grumble and make a few phone calls, but all in all we get over it. Normal people are quite capable of dealing with minor inconvenience"

        Yes I accept this point for a relatively minor outage.

        Suppose it was possible to disable electronic payment and cash machine facilities for a few days. Most 'normal' people, as you put it, would probably manage through this. However, I think there would be the possibility that some would not cope so well and this could (note 'could') lead to some civil unrest.

        The banks don't have to be the main target here - just creating enough chaos and difficulty to divert attention from elsewhere might be the goal. Who knows?

        I think it's important to speculate about possible threats, however unlikely. Maybe it's this kind of exercise that has inspired GCHQ to describe a cyber attack as potentially catastrophic. Who knows what goes through their heads? They probably wouldn't want to explain their thinking on this anyway - just in case someone gets a bright idea from it!

  26. dephormation.org.uk
    Coffee/keyboard

    Cyber attacks? Cough, choke!

    Where were GCHQ when Phorm conducted their nationwide man-in-the-middle 'cyber attacks'?

    The Home Office were in meetings with BT/Phorm receiving 'assurances' about BT's nationwide mass surveillance and industrial espionage. Home Office OSCT even wrote words of comfort for them, and sought their agreement prior to publishing. Meanwhile Greek/Turkish/Russian/American spyware crooks were tapping the UK's internet communications.

    So I guess my confidence in Government probably is catastrophically damaged. But more so by the Governments own stupidity and failure than anything else.

    Would I trust GCHQ to save us from cyber attack? Pull the other cable. Its got Stratis Scleparis fingerprints on it.

  27. amanfromMars 1 Silver badge

    Meanwhile, in CHAOSystems, a Whole New Ball Game for Great IntelAIgent Game Players

    "If observing the message destroys it,..." ...Anonymous Coward Posted Monday 22nd February 2010 14:48 GMT

    It destroys the secrecy and reveals the truth, AC.

    "Anybody who uses the term "cyber security" in earnest can be safely ignored. They are all, quite simply, completely ignorant." ..... jake Posted Monday 22nd February 2010 14:48 GMT

    That will suit them greatly, jake .... for then is Stealth provided Sublimely .... and Most Certainly in Semantic Web XPeriMental dDevelopments.

    "GCHQ need to get real and not try and scare the civil servants into providing more money with these sensationalist comments." .... Anonymous Coward Posted Monday 22nd February 2010 15:27 GMT

    One would have thought that a Prime Directive Executive Role for GCHQ would be to Provide the Intelligence to Deliver Always Bounteous Funding Streams Quantitatively Easing Every Blockage and Hindrance to Virtual Progress.

  28. John Smith 19 Gold badge
    Thumb Up

    @Bumbling Fool

    "A successful 'cyber' terror attack on, say, the UK's banking network might have national security implications. If people cannot access cash or pay for goods there is the potential for short term civil unrest until the systems are back on line. "

    True. But how feasible is that?

    This is just one example. Although if we all get smart meters then a cyber attack launched to turn off power might be more than a minor irritation.

    The ones which are *only* being included in the UK Gov'ts energy bill because one of his Lordships took a bung to introduce them. The ones which have *know* security flaws (as in transmitting the data in clear).

    Now that should worry Britards across their land.

  29. Anonymous Coward
    Anonymous Coward

    Not quite true...

    "Quantum computers would be able to test every possible cipher for a traditionally-encrypted message very quickly."

    Using quantum computers for brute force attacks on symetric encryption only decreases the effort by a power of 2, i.e. 1/2 the time.

    Where quantum computing will break encryption is by calculating the factors used in asymetic encryption, e.g. RSA, Diffie Hellman, which is often used for key exchange for the symetric sessions because symetric encryption is more efficient than asymetric and key can then be exchanged outside of the data channel.

    Still scary though...

    1. Bumbling Fool

      still not quite true

      Quantum computers using Grover's algorithm will reduce the key space by a factor of two - not the time. An important distinction.

      So a key space of 128 bits becomes a key space of 64 bits.

      For exhaustive key search the time scales as 2**n where n is the key size. Adding one bit to the length of the key doubles the time (approximately), and reducing the key length by one bit halves the time.

      So you're reducing this time scaling by a square root with a quantum computer. Much, much better than halving the time!

  30. Anonymous Coward
    Linux

    A little fear keeps you alive

    I wanted to say a little fear keeps you alive, but I know damn well I'd be playing right into the same old freaking pattern of...

    1. Create Problem

    2. Create Solution

    3. CRACKDOWN ON CIVIL RIGHTS

    4. Create New Budget to "get er done"

    I would worry about the "government agenda" which will surely follow up such claims.

    Considering 99.99 % of innocent (yes both in the uk and usa) government workers do not even understand basic tcpip, they can only follow along as this vague new invisible freaking threat rolls out new laws, new policies all to be neatly wrapped up in "state secrets" (or your uk equivalent of bullshit, sorry I am in the US here..) so nobody can question what's been rolled out.

    That's the pattern.

    won't that be grand? Could the UK get it worse then the USA?

    No. the real agenda here is if they can cut off web access they can cut off information, news, and communications. This has to be justified and presented in a way which gives plausable deny-ability. They just played that game here in the usa and what did they find? They found they needed authority to hack the shit out of civilian's cellphones even more.

    Or one wild freaking day this news headline pops out

    "Bill would give president emergency control of Internet"

    We hear Na never happen... bla bla bla all over by corporate tout media

    Yet soon we can start finding documents with numbers on them like so

    http://politechbot.com/docs/rockefeller.cybersecurity.questions.082809.txt

    Which again isn't EXACTLY what I said. but some easy digging you get

    http://www.opencongress.org/bill/111-s773/show

    Confirming the pattern of incremental fascist bullshit like so

    http://www.prisonplanet.com/americans-who-know-their-rights-are-the-real-target-of-napolitanos-domestic-terror-warning.html

    (Rep) vs (Dem) + Electronic vote tabulation devices = FAIL That's the new message, throw out all the incumbents, them all out. (At least in the US that has to be the message)

    I always seem to bring this to an American perspective. I dunno what you do to get rid of termites with their teams of mechanics in the UK, I doubt one starts their day running around saying, "impeach the queen!" heh heh heh though I laugh, perhaps you should start considering it! So everyone under the Queen can be challenged? Is that it? Your probably laughing at me now... Sadly none of this is funny.

    I have my Dollar to worry about

    You have your Euro to worry about

    This is part of the root of what's wrong.

    Where are the COPS for our monetary system?

    The other problem is the constant changing of laws, lack of trust from lies and ponzi and potential new law unknowns and it makes it impossible to run a freaking business, AND keep your retirement safe from all the monetary terrorist dangers.

    We got to start telling these people NO.

    We need to get the crap flushed out of the markets so there can be trust again.

    You or I can not be gambling with $65 trillion and when it comes due in an offshore bank

    (really, a shoebox with a poop inside taped up with $65 TRILLION printed on it) saying it's classified you can't see it!

    1. fajensen
      Thumb Up

      Dont we all love Bankers??

      """"

      (really, a shoebox with a poop inside taped up with $65 TRILLION printed on it) saying it's classified you can't see it!

      """"

      If you put a sticker with "Level 3 Asset" on the lid you can pawn it to the FED for maybe 60 Trillion worth of bonds - that's a pretty solid business model IMO.

  31. amanfromMars 1 Silver badge

    KISS

    This is Timely and Apposite ....... John Perry Barlow’s “Declaration of the Independence of Cyberspace” ..... http://homes.eff.org/~barlow/Declaration-Final.html

  32. Someone Else Silver badge
    Badgers

    Fear! Uncertainty! Doubt!

    If this were a Yank outfit, I have to say that:

    1) These two "nascent" outfits were trying to, In the immortal words of Mel Brooks, "...protect our phony-baloney jobs, Gentlemen!"

    2) Had hired Microsoft's PR firm.

    But as this is a Brit outfit, that would never happen on the right side of the pond...now would it?

  33. Anonymous Coward
    Pirate

    Intel Collection

    I think they are so scared because of the enormous potential to gather intelligence using novel methods. Instead of bothering with codebreaking, just use a cleverly written virus which exploits one of those thousands of weaknesses that still lurk in Windows. Or Linux. Or MacOS. Or BSD. Probably even OS/390 / zOS, even though this OS does not seem to have the buffer overflow issues.

    The Chinese do this with some success and that certainly is a threat for the "big boys" in the sigint biz, which are the UKUSA countries (aka "anglos"). The big dog is always pissed off by other dogs coming close to the meat trough.

    One the long run they should simply hire all the x86 and ARM assembly crackers they can get hold of. Surely they can come up with tools that automatically detect a large class of exploits automagically.

  34. Inachu
    Thumb Up

    This will be the future job of AI computers.

    Future AI computers jobs will auto protect networks and firewalls with hacker preventing plugins from some future AI CORP company and will call them something to trooper AI.

    Have the power of a thousand man army in your firewall............

    Ahh will be fun when that day arrives.

    1. Someone Else Silver badge
      Boffin

      Ahh, but then...

      There will be **other** future AI computers organized to auto-attack those auto-protected networks and firewalls....

      Can you say, Dr. Strangelove, 2030"? I knew you could...

  35. Mike Shepherd
    Happy

    Keep Calm and Carry On

    The Home Office has always oscillated between fear of the UK population (hence wartime dread that many were German spies) and a paternal view that they are helpless (as in Gotham City) without Batman or some other hero (perhaps in a pin-striped suit).

    Any of the ordinary populace who relied on government for survival would be long gone. So, a cyber-attack will terrify only civil servants. The rest of us will deal with it and continue (with a chuckle at useless government advice along the way).

    Where is Michael Winner when you need him? Send him to Whitehall. "Calm down, dear. They're not going to shorten your tea breaks".

  36. Anonymous Coward
    Pirate

    Hmmm

    "Any of the ordinary populace who relied on government for survival would be long gone. So, a cyber-attack will terrify only civil servants. The rest of us will deal with it and continue (with a chuckle at useless government advice along the way)."

    I would venture that it was actually a useful arrangement to have that nasty government to organize a navy and an air force between 1933 and 1945. Britons would have had a hard time to fight with pitchforks and knifes against the atavist hoardes of the MG-armed SchutzStaffel and GeheimeStaatspolizei, don't ya think ?

    Ah no, that was just the case for those frogeaters. Brave Englishmen would never have that let happened to them. Indeed.

    Skull, as the nice gentlemen of the SS had on their uniforms and caps.

    1. jake Silver badge

      @joeuro

      "Britons would have had a hard time to fight with pitchforks and knifes"

      Uh ... dude(ette?) ... The Brits had easy access to rifles, shotguns and pistols back then. Wouldn't have made a lot of difference in your obviously flawed scenario, but do try to base things on reality, mkay? Ta.

    2. Destroy All Monsters Silver badge
      Flame

      You may have noticed that the world didn't start with Hitler

      >>I would venture that it was actually a useful arrangement to have that nasty government to organize a navy and an air force between 1933 and 1945

      1) Intervention in WWI with the justification of maintaining Belgium's neutrality and upholding some secret entente thing with France. Not understanding that this is not a fight against dark dudes in faraway colonies but somewhat more serious. Pauperizes and decimates country. Sets up a petard 0.

      2) Scapegoating of Germany in collusion with France. Sets up a petard 1. Also shows the US what "peace in Europe" actually means.

      3) Couldshouldering of Mussolini over Abessynia (which no-one cares about, least of all the UK), dropping a good ally against Hitler. Sets up petard 2.

      4) Naval treaty with Japan is left to expire in preference to naval treaty with USA. Sets up petard 3.

      5) Breastbeating about some part (which no-one cares about) of Poland (which no-one cares about) full of Germans that want to get back to Germany. Sets up petard 4.

      6) War declaration on Germany while no forces actually exist to do anything serious about it. Sets up petard 5.

      Prepare for hoisting, further pauperization and the sell-out of Eastern Europe to another dude from the mustache-bearing brotherhood (perversely admired by Churchill though: he wasn't speaking german)

      Yep, some good planning right there. At least Argentina could still be beaten after that though there was trouble with the Suez action.

  37. Anonymous Coward
    Paris Hilton

    Well? I'll be jiggered?

    Who'd a thunk it?

    Imagine that! The web is insecure and lets people (our people, their people and prospective enemy people (I use the term loosely but prospective out of favour people/nations might be a better descriptor yes?) see things that we are rather a bit miffed about.

    Besides, UK security wants to sell your information to the highest bidder rather than let any and all harvest your details willy-nilly.

    Yes! It is time for a bout of standards, nomenclature and agreements!

    We hereby agree that a nation's security force will have complete and total access to the computer based datamining at one's disposal. Should other nations wish any, part or all of that information then will they kindly pay us please? Pretty please?

    'Cos we in the UK is broke and indications suggest a change in central government that will make much many more peoples broke of greater magnitude and wider scope so we need to be sure yooz will payz wot we asks for. OK?

  38. Anonymous Coward
    Anonymous Coward

    A Cyber-Attack

    It sounds so scary and terminator-esque! Oh no! What will we do!? The Internet might go down, and then crops will stop growing and the rivers will stop flowing. The machines will rise!

    Oh no! The humanity!

    It'll be like Y2K all over again - remember the sheer terror, the fear, the blood on the streets!

    Honestly - it's a bunch of fucking computers. Most of us would cope surprisingly well without them. You know, grow shit, make shit, sell shit, write shit down on paper.

    Bunch of fear mongering morons.

    You NEED US - no you REALLY DO!! WE PROTECT YOU FROM THE MONSTERS....

    1. amanfromMars 1 Silver badge

      ALL THE MONSTERS BELONG TO THEM..... which is real crazy

      "Bunch of fear mongering morons.

      You NEED US - no you REALLY DO!! WE PROTECT YOU FROM THE MONSTERS...." ... Anonymous Coward Posted Tuesday 23rd February 2010 11:22 GMT

      AC,

      It is much a case of ...... You can take a spook to knowledge, but you can't make them think ..... and sometimes they can be denied heaps of information to help them grow into much SMARTer Beings ........ "Posted by: amanfromMars | 02/23/10 | 3:18 am | .... Your comment is awaiting moderation." ..... http://amanfrommars.baywords.com/2010/02/23/100223/

      I wonder if there are SMARTer Beings behind the Iron and Bamboo Curtains exchanging Purple Prose that Captures Hearts and Minds and IntelAIgent Souls?

  39. Rob McDougall

    Wish they'd...

    tell this to Mandelson, before he cuts off half the population for downloads:

    "any interruption of broadband access becomes intolerable and will have serious impacts on the the economy and public well being"

  40. A J Stiles
    FAIL

    Quantum is Fail

    Quantum Key Distribution still requires a secure two-way backchannel to verify the key that was sent to you in an overly-complex way. It's also not necessarily secure against attacks from the middle, if the attacker can obtain access to the backchannel and the verification is done in real time. You might just as well use the backchannel for the key exchange in the first place.

    Quantum computing for decryption is the stuff of bad science-fiction. Even if it worked, any of the possible plaintexts "Attack the bridge at dawn", "Defend the fort at sunset" and "My daughter has the piles" could have resulted in the same ciphertext. There is no method that can distinguish reliably between them.

    1. Bumbling Fool

      Science fiction or science fact?

      Yes, it is true that a QKD system requires an authenticated channel to prevent against man-in-the-middle attacks. This is an unavoidable requirement for the initial set-up of such a channel. However, once the channel has been established the exchanged secrets can be used for subsequent authentication. Once a QKD system has been set up it pretty much runs itself automatically - which is an attractive feature in some cases. It also allows you to consider other key management possibilities in which the key refresh rate can be much higher than would be the case for security policies in which master keys are to be refreshed manually.

      There's far too much hype surrounding both QKD and quantum computing. They are just different technologies for achieving very specific things. They work - they have been built. QKD is commercially available. Quantum computers exist only as small-scale lab demonstrators.

      QKD is just an alternative method of exchanging, or rather establishing, keys. No more and no less. It offers some advantages over traditional methods, but it also has some weaknesses. It's just a different technology.

      The same is true of quantum computing. In security terms the relevant thing to note is that a quantum computer can perform factorisation (or solve discrete logs) much faster than their classical counterparts. So if the inability to factor or find discrete logs is something that your security relies upon then the ability to do these things very quickly undermines that security.

      The 'quantum' aspect is really irrelevant. If it helps just think of it as a new factoring algorithm that works in seconds rather than years. Such an algorithm running on a classical conventional computer would have exactly the same security implications.

  41. Anonymous Coward
    Anonymous Coward

    '"catastrophic" effect on public confidence in the government'

    I don't think we need the cyberattack to have zero confidence in this bunch of control freak chimps.

  42. Anonymous Coward
    Coat

    "Observing the message destroys it"

    That'll be tricky to decrypt then!

This topic is closed for new posts.

Other stories you might like