Some articles make my head hurt. Like this one, “The one ring to rule them all,” from the Sydney Morning Herald. Take this opener:
DAVID Vincenzetti isn’t your typical arms dealer. He’s never sold a machinegun, a grenade or a surface-to-air missile. But, make no mistake, he has access to a weapon so powerful it could bring a country to its knees. It’s called RCS – Remote Control System – and it’s a piece of computer software.
Developed by Vincenzetti and a team of former computer hackers, RCS is able to ”invade” a digital device undetected, bypass the most sophisticated electronic defences so far devised and, if the user so desired, disrupt the running of anything from a railway signalling system to a nuclear power station.
Sounds like that box in Sneakers that will crack every encryption ever, right?
Well, when you look at their typograhically-riddled (even language differences notwithstanding) marketing video and the introductory literature, the real story is clearer. This is “simply” another glorified keylogger “agent” that you *have to get installed on a system* and it does the rest. No doubt limited to specific Windows flavors.
But the rub is how you get the agent installed in the first place. I see this as the real challenge, and it’s not of the vein of some super weapon that you digitally point at anything and everything and results in a successful strike, including the implication of SCADA, like the article (and their own marketing) make it sound like. This is the sort of marketing crap that makes people in the military think that a hacking attack can be ordered, carried out, and successful on command.
Sounds like some reporter got a facefull of the kool-aid and mixed it in with an overdose of hyperbole.
Then again, maybe it’s stuff like this that is new to militaries and governments and makes their eyes gleam at the thought of new toys. When in fact it’s not really all that new or novel at all. Makes you wonder if private industry is far ahead in digital security, only less inclined to compromise economic priorities to practice the knowledge….