As Congress Debates CISPA, Companies Admit No Real Damage From Cyberattacks
from the the-truth-is-so-inconvenient dept
Since the beginning of the cybersecurity FUDgasm from Congress, we’ve been asking for proof of the actual problem. All we get are stories about how airplanes might fall from the sky, but not a single, actual example of any serious problem. Recently, some of the rhetoric shifted to how it wasn’t necessarily planes falling from the sky but Chinese hackers eating away at our livelihoods by hacking into computers to get our secrets and destroy our economy. Today, Congress is debating CISPA (in secret) based on this assumption. There’s just one problem: it’s still not true.
The 27 largest companies have now admitted to the SEC that cyberattacks are basically meaningless and have done little to no damage.
The 27 largest U.S. companies reporting cyber attacks say they sustained no major financial losses, exposing a disconnect with federal officials who say billions of dollars in corporate secrets are being stolen.
MetLife Inc., Coca-Cola Co. (KO), and Honeywell International Inc. were among the 100 largest U.S. companies by revenue to disclose online attacks in recent filings with the Securities and Exchange Commission, according to data compiled by Bloomberg. Citigroup Inc. (C) reported “limited losses” while the others said there was no material impact.
So what’s this all really about? It goes back to what we said from the very, very beginning. This is all FUD, engineered by defense contractors looking for a new way to charge the government tons of money, combined with a willing government who sees this as an opportunity to further take away the public’s privacy by claiming that it needs to see into corporate networks to prevent these attacks.
If this was a real problem, wouldn’t we see at least some evidence?
Filed Under: cispa, companies, cybersecurity, harm, threats
Comments on “As Congress Debates CISPA, Companies Admit No Real Damage From Cyberattacks”
It is a real problem…Congress itself.
So, what’s being said is CISPA stands for Chinese Instigating Senate Paranoia Act.
Yep, I can see that.
Seriously, something is wrong with our government.
This is all FUD, engineered by defense contractors looking for a new way to charge the government tons of money, combined with a willing government who sees this as an opportunity to further take away the public’s privacy by claiming that it needs to see into corporate networks to prevent these attacks.
Same tactics, new ‘subjective’ realm. And we thought Governments evolved slowly.
Except that it’s harder since there’s more awareness and information spreads more easily.
Re: Re:
What we really need to look out for is
A: Who do these contractors donate to and are those who receive donations from these contractors the ones pushing for these laws. Of course, when these laws are negotiated in secrecy that maybe difficult.
B: Which politicians go working for these defense contractors after their term is up.
This should not be tolerated at all. This is what the politicians are looking forward to. They’re looking for new ways to obtain campaign contributions and find cushy jobs after leaving office and they see cyber defense as a new and innovative way to do it. It’s not about defending the American people from an imminent cyber attack. It’s about what do the politicians get out of it.
Devil’s Advocate:
There are multiple example of financial loss from hacks. Whether this is due to paying employees extra, consultants, or legal fees, it is still a loss. If you need an example, see the Sony breach:
http://en.wikipedia.org/wiki/PlayStation_Network_outage#Legal_action_against_Sony
Was the damage due to IP, not in the least, but there was damage to both the company fiances, as well as image. Although, the image part could of well been deserved.
Re: Re:
Then why didn’t they report this ‘damage’…
maybe it was because these companies already employ people full time to handle this kind of thing, and the overtime pay is a “limited loss” as they have indicated. if “billions” are being lost, why can’t even one company come out and say “this cost us $250,000”.
Re: Re: Re:
Actually, they did:
http://www.forbes.com/sites/insertcoin/2011/05/23/sony-pegs-psn-attack-costs-at-170-million/
Whether the losses are real or fabricated to appease stock holders is up for debate though.
Re: Re: Re: Re:
Sony is not an American company.
Re: Re:
From the wikipedia link:
So, how are lack of encryption, network security and customer support is anyway fault of “chinese hackers” ?
If a bank that keeps your money leave open their safes, open its doors and turn off security cameras, and then someone steals the money, whose head would you want to see on a spike?
Re: Re: Re:
I was basically just commenting on:
As far as lack of security, this was an extreme case of that. A large number of systems however are vulnerable to attack, just download the latest version of Kali Linux and do a quick search on Shodan to realize that Sony isn’t unique in that regard.
Er, Mike, "secrets" can be stolen, yet still have their secrets.
“The 27 largest U.S. companies reporting cyber attacks say they sustained no major financial losses, exposing a disconnect with federal officials who say billions of dollars in corporate secrets are being stolen.”
EXACTLY as you little pirates can steal content yet the owners still have their data! — The industrial kind of data, however, requires more than lounging back while being entertained by it.
I’m SOLELY making the connection above to try and get some mileage out of this dullness, NOT any other disagreement.
But now I’m asking for Mike’s solution to the manifestly growing fascism of the surveillance state. Otherwise, just yet more complaining from Moaning Mike. — What’s the point? We all KNOW the problems, Mike. Now let’s find who’s merging gov’t and corporations, who’s committing what crimes, and think on how we get them under control.
Re: Er, Mike, "secrets" can be stolen, yet still have their secrets.
“”EXACTLY as you little pirates can steal content yet the owners still have their data!””
NO, the content was not stolen. If the content was stolen the owners wouldn’t have their data as it wouldn’t be there due to the fact that it was stolen. The data that you moan about being stolen is in fact COPIED and that is not the same as being stolen.
Flawed and failed logic once again on your part.
Re: Re: Er, Mike, "secrets" can be stolen, yet still have their secrets.
It’s still stolen from the standpoint that you have unlawfully taken the creative output of another without due compensation. The fact that the creator still has the content doesn’t excuse that or make you less honorable than any other chain-snatching hotboy.
Re: Re: Re: Er, Mike, "secrets" can be stolen, yet still have their secrets.
more honorable
Re: Re: Re: Er, Mike, "secrets" can be stolen, yet still have their secrets.
AJ, Mike has stated that you are unwelcome on this site and that he doesn’t want you viewing his content. You are copying his content without compensation.
BTW, WTF is a chain-snatching hotboy?
Re: Re: Re:2 Er, Mike, "secrets" can be stolen, yet still have their secrets.
AJ, Mike has stated that you are unwelcome on this site and that he doesn’t want you viewing his content.
Mike has never said anything like that. Without the 2-3 non-toadies that comment, this place would be nothing more than a vacuous, self-reinforcing circle jerk…. like Insider Chat.
You are copying his content without compensation.
WTF are you babbling about?
BTW, WTF is a chain-snatching hotboy?
A pre-adolescent, low level, urban street dealer who also engages in stupid, high risk/low return street crimes.
Re: Re: Re:3 Er, Mike, "secrets" can be stolen, yet still have their secrets.
Yes he has. I remember him distinctly saying to you, AJ, that he wants $1000 a month from you to view his website. And yet, you continue to copy the articles here onto your computer without due compensation.
Re: Re: Re:4 Er, Mike, "secrets" can be stolen, yet still have their secrets.
Yes he has. I remember him distinctly saying to you, AJ, that he wants $1000 a month from you to view his website. And yet, you continue to copy the articles here onto your computer without due compensation.
You’ll say anything in order to get that pat on the head, won’t you? What a pathetic, ingratiating little ass licker you are.
Re: Re: Re:5 Er, Mike, "secrets" can be stolen, yet still have their secrets.
You must be talking to the mirror.
Re: Er, Mike, "secrets" can be stolen, yet still have their secrets.
I stopped reading at “pirates” because it became apparent your comment had little to do with facts and discussion and everything to do with adhom attacks.
Discussions are about contributing and you are not.
Re: Er, Mike, "secrets" can be stolen, yet still have their secrets.
“Dear” AJ
Fuck off. You’re not welcome
Yours
People who can actually argue and debate.
Re: Er, Mike, "secrets" can be stolen, yet still have their secrets.
You do realize you and trolls like you increase the value of these comments area and give a bunch of us a good laugh right?
YOU are one of the best added values of this blog and the only reason a lot of us come down to the comments section is to look for that “This comment has been flagged” marker since we know comedic gold is hiding a click away.
Re: Er, Mike, "secrets" can be stolen, yet still have their secrets.
that’s obvious you little anti-pirate, the govt. and the corporations. Take off your blinders.
Re: Er, Mike, "secrets" can be stolen, yet still have their secrets.
Focus on the topic, not attacking the people writing it, douschenozzle.
All about two things is CISPA the shit:
1.Corruption and Money hungry Politicians sniffing up the Asshole of DOD Contractors
2.All about the Control of the Internet……….the probably greatest tool ever invented for Activism.And Worldwide Governments and the Greedbag Politicians are getting scared.
So, they pile on the Fearmongering and get Millions of Sheep to sign on to their own doom.
Read History Books as this happens over and over again.
Not that it would ever happen but have any of you really studied the Rise and the Tactics of the Nazi Party in Germany ? Watch a great documentary or go to the Library and read about the use of Scapegoats,Fearmongering,Propaganda, Etc.
Re: Re:
” Not that it would ever happen but have any of you really studied the Rise and the Tactics of the Nazi Party in Germany ? ”
Yes, I have, pretty extensively. I see the same parallels. The problem is that it’s an undiscussable subject, like racism. You mention race in a debate, you are accused of racism simply by suggesting that it’s a possible component. The same goes for bringing up Nazi Germany ( Godwin’s law ). It doesn’t matter that the material IS relevant, mentioning it is taboo. Unfortunately this makes it very easy to miss the fact that history could be repeating itself. It’s sad.
It’s also combined with politicians who want campaign contributions and revolving door favors from these defense contractors. Wouldn’t it be nice to get a nice easy high paying job that requires no skills or effort after you leave office?
what is happening here is that Congress dont want anyone to know the companies that are going to be given massive contracts to ‘protect all from cyber attacks’ whilst paying nice back handers to those in Congress. add to that the secret interpretations that will be used against anyone that is suddenly disliked for whatever reason and can be whipped into court on God knows what trumped up charges! this whole debacle is a farce! Congress ought to be ashamed of itself! definitely the way to project the democratic ways of the USA, i dont think!
Off-topic: I love the little green bar you put on comments that have been made by you. Nice addition.
Re: Re:
Oh, never mind. They are for new comments apparently.
Re: Re: Re:
Still a nice addition. Credit where it’s due.
Re: Re:
The green bar indicates the comments are recent.
At least it’s not as bad as the TSA with Dr. Thick finger.
The relevant part for me
I don’t know enough about cybersecurity to yet know what is happening. But based on what I have read, I don’t think the government is acting independently on this issue. I believe private enterprise is calling the shots in one way or another: either to gain government contracts and/or to get the government to set up protections for private enterprise.
This is the part of the article that stands out for me. It hasn’t been established which is more true.
Cyberattacks Abound Yet Companies Tell SEC Losses Are Few – Bloomberg: “Those mixed messages have triggered a debate over whether Washington is overstating the damage from cyber attacks or whether companies are understating its impact — or not disclosing the attacks at all. It also raises questions about whether some companies are painting more alarming scenarios for politicians than for their investors.”
Since Mike is now a Wall Street expert and understands how SEC filings work, I hesitate to say anything, but here goes.
1) Do companies ever downplay risks to business in their SEC filings? Yes. Much of the time. Most of the time, even. It’s actually mentioned in the story. This means particularly things that don’t have direct material impact–for example, stealing IP that may allow someone else to be build products a company was going to build itself, but may not, in the current reporting period, cause a direct material harm. Over time, these losses would be expected to be greater than direct financial theft, but they are hard to account for and companies have a huge incentive not to speculate on such losses.
2) Several of these companies mention that the greatest impact now is the huge amounts of money they must spend on digital security. The security industry is smaller than the top 100 companies. Those top 100 companies have huge economic power. Do you think that if they believed the threat was fake, they would continue to spend so much money to defend against it just to please the defense industry’s FUD?
3) this site loves to extol the work of torrenters and hackers. Can you honestly say for a second that these operations are not direct contributors to the FUD you blame on defense contractors? Anonymous videos are NOT meant to produce FUD? Anonymous and their allied groups continually take on the appearance of paramilitary groups (“Ops” etc.)–we should presume they are just kidding?