UK Cyberwar - or UK Cyberwallies?

One of the most embarrassing features of the dotcom era was a habit of putting “cyber” in front of everything to make it look hot and trendy (disclosure: I did it too, but I was 15 years younger then...). Don't look now, but it's...

Share

One of the most embarrassing features of the dotcom era was a habit of putting "cyber" in front of everything to make it look hot and trendy (disclosure: I did it too, but I was 15 years younger then...). Don't look now, but it's back:

China has penetrated the Foreign Office's internal communications in the most audacious example yet of the growing threat posed by state-sponsored cyber-attacks, it emerged tonight.

In his speech Hague was reflecting growing anger and concern within the government about the increasing threat posed by cyber-espionage – states, as well as individuals, using cyberspace to steal defence, diplomatic and commercial secrets.

Frightening stuff, eh? - cyber-attacks, cyber-espionage etc etc. But let's take a closer look at this "cyberwar":

The foreign secretary said the FO attack came in the form of an email sent to three of his staff "which claimed to be about a forthcoming visit to the region and looked quite innocent". "In fact it was from a hostile state intelligence agency and contained computer code embedded in the attached document that would have attacked their machine. Luckily, our systems identified it and stopped it from ever reaching my staff," Hague said.

Er, hang on: these super-deadly, totally new and cunning "cyber-attacks" took the form of malware hidden in documents attached to emails? You know, the kind of stuff that the rest of us have been dealing with routinely for the last decade or two? And the Foreign Office has only woken up to this danger now?

But wait, there's more:

"In late December a spoof email purporting to be from the White House was sent to a large number of international recipients who were directed to click on a link that then downloaded a variant of Zeus," Hague said. "The UK government was targeted in this attack and a large number of emails bypassed some of our filters. Our experts were able to clear up the infection, but more sophisticated attacks such as these are becoming more common."

"Bypassed our filters" - you mean somebody forgot to run an anti-virus check on the incoming emails, and a bunch of wallies within the UK government clicked on the link contained within an email? Those weren't filters that were bypassed, those were brains.

Since it's probably too much to expect the government not to employ such twits, maybe it should take some technical measures to minimise the damage they cause when they "bypass" their brains again. And I don't mean stuff like this:

The foreign secretary said government was spending £650m on its cyber defences against such attacks, and working with the private sector."

I bet it is, with the private sector taking advantage of the government's naivety here, and ripping them off royally.

No, what I had in mind will cost almost nothing, and is likely to work a darn sight better than all those "cyber defences" (hint: anything being sold as a "cyber defence" is almost certainly a cyberdog.)

The key thing to notice is that the dangerous link that the UK government idiots clicked on downloaded to their PCs the Zeus trojan horse – a keylogger that only affects Windows (not that you'd ever guess that from the pathetic mainstream coverage of any Zeus infection). So if the UK government swapped out lots of those expensive and vulnerable Windows systems with low-cost and rather more secure GNU/Linux ones, we'd be spared most of the losses from those cyber-wallies, for almost no outlay.

But that would be too easy, efficient and intelligent – especially when there's a baying pack of security companies who have the scent of those 650 million smackeroonies in their dilated nostrils. To avoid that threat of minimising the threat with such simple means, they'll doubtless create a crescendo of FUD about the imminent "cyber-Armageddon" we all face if the UK government doesn't throw buckets of dosh in their direction to "defend, delay, attack and manoeuvre in cyberspace", as General Sir David Richards, chief of the defence staff, put it in the article quoted above (how on earth do you "manoeuvre in cyberspace"?)

The trouble is, no matter how much security firms claim their costly solutions are idiot-proof, they underestimate the cleverness of idiots – or the deep and intrinsic lack of security offered by a Microsoft monoculture, which is even more durable than that pesky "cyber" prefix....

Follow me @glynmoody on Twitter or identi.ca.

Find your next job with computerworld UK jobs