I love it when governments try to enact policy regarding the internet. It's always obvious that ministers who last had a full head of hair when Led Zeppellin was still together don't know the first thing about the internet. The federal government think that companies operating 'critical infrastructure' should be allowed to read their employees' email without their consent. This is to protect us against CYBERTERROR!!1111!!. It's obvious that whoever it is that checks Robert McClelland's email for him has tried to explain how the 'net works and has been less than successful.
"At least 90 per cent of networks exist outside government but there's no powers for corporate network supervisors to intercept such communications unless they have specific authority from the employee," he told the Herald.
"It's unquestionable that it's necessary from time to time for network supervisors to open emails addressed to people to identify viruses and the like …"
No. Wrong Robert. Your emails aren't checked by magical elves who open every email to examine it for viruses. All emails are scanned at some point to determine if they do carry viruses. No one actually reads them to see what's inside. Also why would someone send an email at work to carry out CYBERTERROR!!111? The person goes to work, uploads a virus in an email and then sends it where? Where is the mechanism for such an attack to cause more than mild annoyance seeing as how it happens all the damn time by accident.
"There's no question that breaches of both government and private sector computer networks have occurred already - in some instances as a result of mischief, in some instances to obtain security-sensitive information and in some cases to obtain commercial information."
He said it was difficult to track electronic attackers.
He cited an attack by hackers in Estonia last year that, in effect, shut down its Government for almost two weeks.
Checking peoples' email isn't going to help you contain a network breach. First of all your network wouldn't have been owned by someone sending an email at work. Secondly the attacker sure as hell isn't going to be sending you emails of doom. The attack he cites was a denial of service attack caused by government servers receiving so many fake requests for data that they couldn't serve legitimate requests. There was NO WAY checking emails would have prevented, ameliorated or caught the perpetrators who were probably in a different country. That's the thing about the internets, its tubes go all around the world, which means an attacker doesn't have to be at work sending an email. In fact the smh article goes on to say:
"They used thousands of computers controlled through viruses - known as botnets - to simultaneously access an Estonian Government website, overwhelming the server and crashing its entire network."
SMH
The computers in that botnet were probably spread out on every continent. Not one of them sent anyone an email. No one had to gain physical access to anything. McClelland's advice is also ignorant of the fact that it is trivially easy for an attacker to gain physical access to a site. All they have to do is drop a few usb sticks outside the front door of the office. I guarantee you that someone will pick one up and plug it into a windows machine, at which point the machine can be made to execute a bit of code. No emails sent. Robert wants to make legal a tool which will inevitably be abused to spy on and harass workers while proving to be utterly useless in preventing CYBERTERROR. Seriously man, whoever gave you this advice is making you look like an idiot. You should seriously consider talking to some people who know what the hell they're talking about when it comes to network security.
There's plenty of people in this country who crack networks for fun. Get ASIO to hire them and spend your time on legislative reform so we can have fewer laws not more overlapping ones.
You could also consider setting up an organisation to develop a linux based, custom OS for managers of critical infrastructure. If they're so important, why in fuck are they running windows, the vector for most of these attacks?
UPDATE: It is alleged [Club Troppo, via Slashdot] that this whole thing is a media beat-up.
2 comments:
It makes you wonder whether the "only 3 Lib can use computers" 'leak' is something that could be asked of Labor with similar results.
I wasn't expecting anything great (like: nothing) with regards to the internet with Labor, but I also wasn't expecting anything quite this stupid...
Your emails aren't checked by magical elves who open every email to examine it for viruses.
They're not? Damn. Another belief bites the dust.
Post a Comment