Everynerds favorite crypto-guru uses both well-worn barrels:
Cyber-extortion is certainly on the rise; we see it at Counterpane. Primarily it’s against fringe industries — online gambling, online gaming, online porn — operating offshore in countries like Bermuda and the Cayman Islands. It is going mainstream, but this is the first I’ve heard of it targeting power companies. Certainly possible, but is that part of the CIA rumor or was it tacked on afterwards?
And here’s list of power outages. Which ones were hacker caused? Some details would be nice.
I’d like a little bit more information before I start panicking.
He joins the voices of other professional contrarians (keep waiting for “Dick Destiny” to sound off) about how this is all rumor, fear-mongering, lies, or worse.
Yelling “hype” is a convenient way to show the pocket-protector sniffers how deep and ponderous your thoughts are. It’s very popular in the “everyone else is an idiot but me” crowd. You’ll note one key factor not addressed amidst all the nay-saying, however: In recent memory, how many active, bona-fide CIA officers have come out and put their names and faces to statements like this? I’ll go out on a limb and say exactly zero.
If I were a betting man, I would put my money on: “everything we think we know about how bad this may be is wrong: it’s worse.” Not necessarily “worse” like the lights are going to go off tomorrow and won’t come back on until we pay Dr. Evil $1 meeelion dollars but “worse” like “if we keep ignoring relatively small but important things, we are risking having numbskulls play with the lights like they used to play with Web sites.” I don’t know about you but the prospect of a Zone-H archive filled with exploited Dominion Power entries gives me the creeps.
Let’s keep something else in mind here: We’re talking about an agency that thinks nothing of demanding that you classify a newspaper story if you’re going to stick the data from that story into a briefing or report. As an astute Australian colleague put it; “What tw** back home authorizes the classification of the New York Times?”
A disinformation campaign? Sure: the community that can’t keep a secret about efforts directed at foreign adversaries is suddenly in OPSEC lock-down over an effort to fool the US public. Let’s also not forget we’re talking about people (and organizations) that cannot stand to be wrong, which makes a disinfo campaign on SCADA issues entirely believable if you like kool aid.
I know that it is not beyond some people to fake problems to generate false concern. I know there is a lot of money to be made here. But if this briefing ends up giving a boost to the SCADA protection racket that has nothing to do with Tom: his paycheck stays the same. Even if you wanted to get all conspiracy-theory here, is he going to stick his neck out in preparation for a lucrative career in the advice-giving business by talking about something he knows is bulls***?
I mean, I know some CIA guys follow that path, but I wouldn’t recommend it.