Information recovered while designing weapons to attack nations we’re asking to behave appropriately… I think that’s what it says
I love the way that some of the media seems to collude with some of government to give a totally inaccurate and unrealistic view of ‘cyberspace’. Here’s an example from Monday’s Telegraph.
Stolen information worth £300m recovered by GCHQ
How do you recover information? It’s not like stolen jewellery. You can’t just recover information and give it back to the rightful owner.
Details stolen from more than a million credit cards across Europe, worth an estimated £300 million, have been recovered by the GCHQ spy agency, The Daily Telegraph can disclose.
It sounds impressive, but is really rather meaningless. How can you steal anything FROM a credit card? The need, surely, is to steal something WITH a credit card. And you don’t need the card to do that; you just need the account details ON the credit card. So are we really talking about a list of credit card numbers that GCHQ has discovered on the internet? If that’s the case, I’m rather disappointed that GCHQ has found only one million. And where does the £300 million come from? We are told that the ‘details’ are worth this. So are they saying that each stolen credit card number is worth £300 on the black market? I doubt that. It sounds a tad high to me. I certainly wouldn’t buy details of an account for £300 when it might have reached it’s limit and not allow me anything else.
A team of experts at GCHQ is understood to be working with the military to develop internet tools to strike back if states attack infrastructure such as water supplies, electricity and banking.
I doubt if the military can teach GCHQ anything about the internet. Unless, of course, the intention is that the SAS parachute into foreign nation states, steal into foreign government buildings and install UK trojans made in Sheffield (or Birmingham, or wherever). That’s possible, of course, but I doubt it. It’s probably got more to do with the fact that the new Head of the (new) Defence Cyber Operations Group is a military man: Major General Jonathan Shaw. Anyway, it seems that we are developing internet strike (back) tools. But none of this is news – it was announced by Nick Harvey in a speech last November (see Defence Cyber Operations Group and the Ministry of Attack).
Again, moving on…
A conference in London in November, to which both China and Russia have been invited, will try to agree “appropriate behaviour” in cyberspace in order to protect “democratic ideals”.
Well, I can say now: China, Russia, France, Israel (well, possibly), the USA and us (and every other cyber savvy nation in the world) will readily agree to behave appropriately. Because any nation that is savvy enough to attack the infrastructure of a foreign nation will be savvy enough to cover its tracks. We may suspect that China was involved in the Aurora attacks; we may suspect that Israel (or possibly the US or even us) had a hand in Stuxnet; we may believe that China stole the SecurID details from RSA so that it could then attack US defense companies – but we’ll never be able to prove any of it.
In short, this article says nothing; but says it very dramatically. The only person to benefit is William Hague: it makes it look as if he’s on the ball.
The conference, incidentally, could be the Cyber Security 2011 conference at the QE11 on 29 November. I’m almost tempted to book a seat so that I can go along to this commercial conference in order to rub shoulders with both China and Russia. While I’m there, I’ll make sure that I attend Stream 2 in the afternoon: The National Cyber Security Programme. Oh, look. It’s chaired by another Telegraph journalist!