what about sabotage?greenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread
After lurking a while, I now have a question. What is to keep some unprincipled programer (or maybe hundreds or thousands of them)doing remediation from deliberately sabotaging the work. Don't say it can't happen. Littleton shouldn't have happened either. What is to keep folks from doing this because they are pissed off at having to do what Cory calls a death march. Just wondering.
-- Jeff (email@example.com), May 06, 1999
-- winna (??@??.com), May 06, 1999.
Is there any reason not to think that foreign governments have already recruited some of the programmers to build back doors into the Pentagon's systems? Face it, basically the same thing happened at Los Alamos. This is a once in a lifetime opportunity to either sabotage or build a secret way into any large organization's computers.
Our nation's enemies, common criminals, and pissed off programmers have all thought of this already. Testing is going to be focused on Y2K functionality.
The temptation is just too large.
The worst part is that since foreign countries are so behind in remediation, our spies may not have the opportunity to return the favor.
-- Doug (Doug@work.now), May 06, 1999.
In the same vein as winna's post, look up "Unintended Consequences" by John Ross on Amazon.com or Loompanics.com
-- A (A@AisA.com), May 06, 1999.
The question to ask is: Would you as a company trust Cory to remediate your systems? Given the level of committment he has in seeing things fail?
-- Would (firstname.lastname@example.org), May 06, 1999.
>What is to keep some unprincipled programer (or maybe hundreds or thousands of them)doing remediation from deliberately sabotaging the work
Some things that can be done by management (but many won't do them):
When setting up the project, require all changes to be thoroughly documented, with comparison listings in a format easily subjected to doublechecking.
Require that all changes be done in as simple, regular and consistent a manner as possible.
Have a trusted set of people check the changes independently.
Test changed software very carefully (as you have been doing all along for years and years, right?), but with especial consciousness of this particular threat. (See why many say that the testing phase of Y2k remediation will take as much time as all other phases put together?)
Something many companies _are_ doing is to keep all the Y2k remediation in-house instead of contracting it out. This has its minuses as well as pluses, of course.
-- No Spam Please (No_Spam_Please@anon_ymous.com), May 06, 1999.
Good suggestions, No Spam,
I think, though, that these ideas could be most easily implemented on the smaller projects. The largest ones, like the bank mainframes and government systems, would pose a much different challenge. The custom programming in various languages would make tampering much easier to disguise. And a system that was fully remediated and passed full inspection could still be tampered with in the future. These large projects are also the most attractive for attack.
Perhaps enough control is in place to prevent this. I would hope so, but I also hope we're not naive enough to think it isn't being attempted.
-- Doug (Doug@work.now), May 06, 1999.
Yes Cory-you no. Never have liked a backstabber.
-- Mike Lang (email@example.com), May 06, 1999.
Protests Reach Cyberspace By Stacy Lu -- ABCNEWS.com
May 9, 8:30pm PT Protests over NATO's bombing of the Chinese embassy in Belgrade have spilled into cyberspace.
Enraged hackers apparently attacked the official Web site of the U.S. embassy in China yesterday, took over the Web sites of the Departments of Energy and the Interior today, and established their own online convention center at a site called killusa.
The Department of Interior Web site on Sunday showed pictures of the Chinese journalists killed on Saturday when NATO accidentally bombed the Chinese embassy in Belgrade. The Department of Energy site read Protest USAs Nazi action.
It was unclear whether the hacking was done by Chinese or not, though several messages on Chinese Web sites and message boards based in China claimed that it was.
According to news reports from Chinese media, hackers also launched attacks on the official White House site, which reportedly has a automated restoration function set to operate within five seconds of an attack.
The messages they posted on the attacked sites were vitriolic, patriotic and, in some cases, poetic.
One site read Down with the Yanks. The fate of the Chinese people has reached the most critical pointa play upon the words of the Chinese national anthem, reflecting a similar patriotic call after the Japanese invaded China in 1937.
A poem was posted that has appeared before other civilian unrests in China, particulary in 1976 after the death of Premier Zhou Enlai. A rough translation: I grieve while the wolves howl/I cry while the beasts cheer/I shower the martyrs with my tears while unsheathing the sword.
Communist slogans also appeared, a rarity in today's China. One of the hacked sites declared This hill has been taken over by the commies.
Message Boards Overflowing
Bulletin boards based in China were full of messages condemning the U.S. and NATO's mistaken bombing of the Chinese embassy.
You think you have a strong army without human nature and a great number of brazen politicians just like you...pose as the world cop and think the world must run under your rules, your human rights, your democracy," one message read.
The Department of Energy site's home page also had a message that read, We are Chinese hackers that takes no cares about politics, but we can not stand by seeing our Chinese reporters been killed.
The hackers' own site at killusa.abc.yesite.com, a repository of hacking strategies, had nearly 1,000 messages Sunday, either reporting sites being hacked or expressing anti-American sentiments.
Rumors, none apparently based on fact, flew thick and fast, among them that NATO had again bombed the Chinese embassy in Belgrade and that Chinese President Jiang Zemin had said that China must be prepared to go to war. Another stated that the intelligence reports provided to NATO prior to the embassy bombing were supplied by a NATO officer angry with China over its treatment of Tibet.
A contributor to the page also suggests manning a full-scale attack on American Web sites, disseminating computer viruses, and attacking the sites continuously in a method the hackers term machine- gunning. Another suggests targeting financial sites.
Copyright 1999 ABC News Internet Ventures
-- Andy (2000EOD@prodigy.net), May 10, 1999.