Re: Anyone see a game changer here?

[Steven Bellovin <smb () cs columbia edu>]

On Jan 15, 2010, at 10:43 AM, Jared Mauch wrote:

> On Jan 15, 2010, at 10:37 AM, Jon Lewis wrote:
>
> > Does anyone really believe that the use of targeted 0-day exploits to gain unauthorized access to information hasn't 
> > been at least considered if not used by spies working for other [than China] countries?
>
> I think only those not paying attention would be left with that impression.
>
> Spying has been done for years on every side of various issues.  Build a more complex system, someone will eventually 
> find the weak points.
>
> Personally I was amused at people adding cement to USB ports to mitigate against the "removable media threat".  The 
> issue I see is people forget that floppies posed the same threat back in the day.
>
> The reality is that the technology is complex and easily used in asymmetrical ways, either for DDoS or for other 
> purposes.
>
> The game is the same, it's just that some people are paying attention this week.  It will soon go back to being 
> harmless background radiation for most of us soon.

The "difference" this week is motive.

In the 1980s-1990s, we had joy-hacking.

In the 2000s, we had profit-motivated hacking by criminals.

We now have (and have had for a few years) what appears to be nation-state hacking.  The differences are in targets and 
resources available to the attacker.

                --Steve Bellovin, http://www.cs.columbia.edu/~smb