, SecurityFocus 2003-08-08
Declaring hidden malware to be "a growing threat," the National Security Agency's cybersecurity chief is calling on Congress to fund a new National Software Assurance Center dedicated to developing advanced techniques for detecting backdoors and logic bombs in large software applications.
Expand all |
Post comment
But, a lot of harm can be done with systems. Not by destroying the data, but by stealing the data and using it.
What would you rather someone do? Make your system reboot or force you to reinstall your Operating System... or, hack into your police record and turn you into a wanted felon? Would you want someone stealing your identity? Would the government want someone using their own private records against them? Would corporations like their private secrets posted on public newsgroups?
There is a lot of bad things which can be done with data. Terrorists could auto-hack systems with a worm, search the system for credit card numbers... and then post these credit card numbers to various newsgroups -- all in a worm.
There does also remain the problem that these worms we have been seeing... Slammer, Code Red, Blaster... these are loud worms. They were easy to detect. Yes, they were fast spreading, but what use is that as they were also fast to dissapear? Had any of these worms been silent, stealthy... and had a dangerous payloud (be it time fuse DDoS or some game with people's information)... it would be far more obvious as to what harm terrorists could do with information systems.
But, the main thing a hacker will ever be able to do is to target individual systems... be they a diplomat, a random enemy, a corporate executive, whatever. I am not sure if abusing someone's secrets might inspire terror, but it can really ruin someone.
All this said... anyone with a gun can walk into a store and just start shooting people. Generally, if they walk in and walk out, no one will do anything because of the stun factor. Further, it is trivial to make things explode. Gas mains are everywhere. People die extremely easily. Just puncture the right place, bend the right place, hit them the right way -- they are dead.
All of this said, we could use more examination of code. Since they have disclosed that they are going to do this (and apparently, have been neglecting, no surprise)... likely, they would disclose any negative findings. Who can be against that?
(And, if they don't, well, I am an American and continue to agree with our foreign policy, so I have no qualms about that. What else are intelligence agencies for?)
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/articles/6671/21485#21485