Hacker alert, I’ll explain why the Cyber Agency is lax

8 December 20221 year ago babelfish

There are many methods and technologies to "drain" the unwanted arrival of hordes of jammers. It is catastrophic that the institutional systems do not have them and that the Cyber Agency has not invited the grand commis to equip their respective organizations with suitable countermeasures. Umberto Rapetto's comment

There are atavistic fears. That of the dark, for example, which terrifies children; or that of fire that intimidates animals. Among the "historical" anxieties for the so-called "homo technologicus" there is undoubtedly the fear of being isolated, of finding oneself "out of service". It is not a legacy chronologically linked to the appearance of the first forms of life on Earth, but in any case – given due proportions – it is a terror that manifested itself at the beginning of the indiscriminate telematic civilization (the non-elite one).

Thanks to Tim Berners Lee, who later became a "baronet" of the English crown, between 1993 and 1994 humanity began to populate the Internet thanks to the world wide web. In 1997 (it happened in Las Vegas during the Defcon congress, which has always been a crossroads of brigands and computer security savants) someone demonstrates the fragility of the information highways and the possibility of interrupting "free movement". The perfect world breaks down and since then we understand the possibility of giving rise to traffic jams capable of preventing those who want to reach a certain online computer system from reaching their destination. If no one can get there, obviously even those who normally use it find themselves in conditions of immobility and isolation.

This dynamic is labeled "Denial of Service" and, with its "automation", over time puts a "D" before its acronym. It becomes "Distributed" because it also involves the resources of uninformed and unaware subjects who are only to blame for having a PC that is not particularly protected and for having left it on even in their absence. It is the story of the "zombies", that of the apparatuses which – victim of computer viral contaminations – "obey" the orders of a criminal who has pre-conceived a particular plan of action. When the "machine" realizes that it is in stand-by, forgotten by its legitimate owner, it begins to do what the bandit has programmed for it and – perhaps – connects to a site making requests (all pre-set) which, added to those of many other devices at the same time ends up saturating the response capacity.

To better understand how it works, let's try to imagine a shoe dealer who – having spent a life in absolute monopoly in the street in the center where he has his windows – sees a competitor opening just across the street. Fearing the commercial eclipse, the shoe seller gets busy. He visits a crowded residence for self-sufficient elderly people and offers 10 euros to anyone among the guests of the structure who is willing to go and try on one or possibly more pairs of shoes in the shop opposite his. An army of men and women does not hesitate to join an initiative that allows them to spend their free time in company and moreover with a small remuneration.

For a few days those who have inaugurated their "shop" will find the premises clogged by brisk paid visitors who – it is all too understandable – do not allow access to those who really intend to buy something. This is the material translation of the much feared Distributed Denial of Service which led the National Cybersecurity Agency to raise the alarm fearing an "attack" on public information systems that the then Minister Vittorio Colao had already ruthlessly defined as insecure for 95 % of their deployment.

There are – and it is obvious that there are – numerous methodologies and technologies to “drain” the unwanted arrival of hordes of jammers and therefore the occurrence of such an event certainly cannot be considered catastrophic. On the other hand, it is catastrophic that the institutional systems do not have them and that the Cyber Agency has not invited the grand commis to equip their respective organizations with suitable countermeasures. The son of the shoe dealer afflicted by hyperkinetic and incorruptible old ladies "umarell del fashion" would know how to do it. A pack of carnivalesque "stink bombs" or a garden hose connected to the bathroom faucet would be his weapons.

The self-styled “digital security” gurus crowding the market shouldn't take the inspiration of the teenager a few lines ago literally, because it might not work in the current perceived emergency. The solutions exist and have been known for years. Can we still be afraid of a possible aggression a quarter of a century old? If for three hours you don't connect to the site of this or that ministry, you still survive and maybe you don't even notice. Why don't we worry about what instead – a random situation – has occurred in the many and too many local health companies for years knocked out (and with them the citizens) by hackers around Italy?

Article published on ilfattoquotidiano.it

This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/cybersecurity/allarme-hacker-vi-spiego-perche-agenzia-cyber-e-lassista/ on Thu, 08 Dec 2022 06:03:26 +0000.