October 15, 2004

Lost in the Noise, or, how I learned to stop worrying about North Korean Cyber-Terrorists and Love my Network Connection.

I was reading this story: "North Korea to Launch cyber war" and I gotta ask ...Why would any sovereign nation think that 500 people are going to make a palpable difference? We probably have tens of thousands of lame script kiddies in the US alone, not even considering Europe, Russia, Belarus, Romania, Australia and the pacific rim. I mean, it's not as if every single site and machine of any prominence isn't under constant DDOS anyway.

When I was working at VA/OSDN, at least one of our sites was under attack (DDOS, scripted, etc...) every single day, so I don't really see the point of training an additional 500 to attack the US or any of our allies.

Additionally, I'd worry more about Kim Jong Il's nuclear capability before I'd worry about a syn flood from North Korea. I've got backups of my data, I can't backup my DNA...at least not yet. I'll even go so far to say that while inconvenient, "cyber-terrorism" is pretty far down my list of "threats to worry about", somewhere far below mad-cow disease and maybe a little higher than the threat presented by George Lucas' promise to make sequels to Return of the Jedi.

Considering this, I don't operate under the assumption that this is what N. Korea is actually doing...whether you call it network security operations, penetration testing, or computer forensics, you'd imagine every nation of a certain size and ambition has a team like this. I know we do.

So, with those caveats in mind, if we have to present the spammer/ddos/script kiddie threat as a national security concern to get some of these aberrant freaks thrown brought up for charges, I guess I'm okay with that. It's not 1988 anymore, these aren't well intentioned Robert Morris' after all. For that matter, they aren't even Kevins around anymore...at least Kevin Mitnick had to have some knowledge (And I actually like Kevin, we did some TV together). We aren't wasting a precious programming resource by jailing a script kiddie.

This post actually dovetails well into an article I'm writing for my pals at Linux Journal, which I'll link to when I get that one finished.

Chris DiBona

Location: Mountain View, Ca.
Posted Via: Blogger Interface


moeffju said...

You mistyped freshmeat in the link.
Other than that, I agree. However, imagine if people start paying script kiddies to hack 'important' systems instead of just DDoSing or IDS'ing systems at semi-random for IRC wars? The organized attacks on eBay and the likes (complete with blackmailing) might just've been a foretaste.

Chris DiBona said...

Thanks for the heads up on the link.

A to your comment, that kind of thing is very suckful, but I think that the national problem of "cyber-terrorism" is a bit overblown. Anyhow..Thanks!