Fire Hydrant of Freedom
Politics, Religion, Science, Culture and Humanities => Politics & Religion => Topic started by: Crafty_Dog on April 15, 2008, 10:30:48 AM
-
We kick off this thread with a piece by the ever thoughtful Stratfor.com
Cyberwarfare 101: The Internet Is Mightier Than the Sword
Stratfor Today » April 15, 2008 | 1347 GMT
Summary
To say that the Internet is growing in importance these days is an understatement. It is perhaps less obvious to most people that cyberspace is also becoming weaponized. In addition to being a revolutionary medium of communication, the Internet also offers a devastating means of waging war. Understanding the evolution of the Internet is key to understanding the future and effectiveness of cyberwarfare.
Analysis
Editor’s note: This is the first in a series of analyses on the emergence of cyberspace as battlespace. The series will be ongoing, with the initial pieces serving as a kind of primer on the Internet. Subsequent analyses will look at specific ways nations are dealing with the growing threat of cyberwar and its military, economic and geopolitical ramifications.
Related Special Topic Page
Cyberwarfare
Related Links
Cyberwarfare: A Glossary of Useful Terms
A Brief History
Although cyberspace has already established itself as a new medium for all manner of human interactions, its pervasive growth presents profound implications for geopolitical security. Nations, organizations and individuals alike are relying more and more on the Internet in unprecedented ways. This growing dependency entails vulnerability, which is one reason the Internet was created in the first place.
Older than many people might think, the Internet began in the 1950s as a group of primitive networks designed to share research data inside and among academic institutions (notably the RAND Corp.) and air surveillance data between military radar installations (notably the U.S. Semi-Automatic Ground Environment). The former use was based on the need for researchers across the country to access the few really powerful research computers operating at the time. The latter use was an outgrowth of the Soviet Union’s newfound intercontinental reach: the Tu-95 Bear strategic bomber, a large swept-wing four-engine turboprop that began operations in the mid 1950s with a combat radius in excess of 4,500 miles.
(click to view timeline)
The Soviets’ 1957 Sputnik launch spooked the Americans even more. Terrified that it had fallen behind Russia in science and technology, the United States scrambled to catch up. This effort involved, among other things, creation of the Pentagon’s Advanced Research Projects Agency (ARPA). Later “Defense” would be tacked on to the agency’s name to create DARPA (which still exists today). One of ARPA’s early creations was ARPAnet, one of the seminal precursors to the Internet. ARPAnet’s design would be informed by a government-funded RAND study that advocated for a distributed network architecture that could survive — at least in part — a nuclear attack. While progress in developing the network was initially slow, by the 1980s, improvements in programming, technology and infrastructure — combined with increasingly accessible connections and affordable personal computers — were quickly cascading into what would become the Internet as we know it today.
Along the way, the challenges evolved. Technical hurdles early on were all about making the connections work (developing protocols, perfecting packet-switching, etc). It was only in the 1990s that the World Wide Web architecture we know today really took off. While the rapid growth of the Internet (numbers of users, the power or processors, connection speeds) continues apace, the nature of its growth is becoming increasingly organic, as users explore what is possible within connections that already exist.
The Nature of the Internet
The Internet itself is a fairly neutral environment: It is defined, more than anything, by its individual users, who create virtual extensions of themselves, their ideologies and their societies. In many ways, creating human connections is what the Internet is all about. Social networking sites such as Facebook and MySpace allow Internet users to connect with disparate individuals and groups around the world. Connectivity outside of centralized Web sites is also growing rapidly; simply having a connection to the Internet potentially allows one person to interact with every other Internet user.
This has profound implications for both groups and individuals. The Internet can be a powerful facilitator of mass “grassroots” movements that can become forces to reckon with in everything from presidential elections to transnational radical Islamism. Just as the Internet allows Beijing to monitor and disseminate its views to users across China, those users — and expatriates abroad — can use the very same system to coordinate campaigns to undermine Beijing’s efforts. Indeed, the global Internet may be one of the greatest threats to the Communist central government. The accessibility of information on the Internet also allows a single user to learn from the conglomerated lessons of many. This can manifest itself in powerful new online research tools. It can just as easily be found on YouTube, a video hosting Web site where budding hackers can learn the tricks of the trade.
Ultimately, this sort of utility translates into a structural vulnerability that will only increase as the Internet further evolves. As it becomes ever more critical in everyday life, the Internet is likely to be exploited by groups and governments to achieve their strategic goals. This dynamic is the keystone of cyberwarfare.
Cyberwarfare
Cyberwarfare is a broad category. For our purposes here, we are using the term to encompass significant geopolitical conflict in cyberspace usually involving at least one nation-state or its critical infrastructure. Cyberwarfare can be a principal avenue for attack in and of itself or it can be used in a supporting manner, to aid operations in other domains. Cyberwarfare has five noteworthy characteristics:
It provides an extremely dynamic and utterly new battlespace.
It makes range obsolete.
Its operations are typically decentralized and anonymous.
It places great importance on the offense.
It has low entry costs and can give great power to the individual user of the Internet.
Although the word “cyber” suggests “virtual,” or not existing in actual fact or form, cyberspace does have its physical aspects — e.g., computers, servers, fiber-optic cables, network switches and, most important, the connections that make the Internet global, like the immense undersea cable network that stretches around the world. While one of these cables may run from New Jersey to Cornwall, the transmission of data can take place almost instantaneously. U.S. military dominance of the globe rests in no small part on its unparalleled and unprecedented ability to sustain complex logistical links around the globe. In cyberwarfare, the only link the warrior needs to worry about is his or her connection to the global network. Some countries admittedly are far more connected than others. This makes their connections redundant and, generally, they enjoy broader bandwidth. But it also makes them more accessible to those with malicious intent.
Because cyberspace makes range obsolete, an attacker can muster resources from all over the world and bring them to bear in an instant, often with little that could serve as an early warning amid the clutter of day-to-day Internet traffic. The Pentagon alone defends against hundreds — sometimes thousands — of such attacks each day, several of which succeed at some level in penetrating the network. While this clearly demonstrates that a mature network security system can stand up to a great deal of punishment, it takes time to recognize and react to a coordinated and comprehensive attack. Such an attack may come from thousands of remotely controlled computers from around the world and be well under way before a coherent response can be mounted. And none of the computers directly involved in such an attack necessarily has to belong to the attacker. One of the early purposes of computer networking was to share computers as a resource. Malicious hackers have learned how to do much the same thing by infecting and hijacking other computers, unbeknownst to their owners, in order to harness and redirect their processing power.
As interconnected as the Internet is — and with broadband connections and powerful personal computers increasingly affordable — the greatest limitation to the use of the Internet in cyberwarfare may be individual experience and skill. As we continue our look at cyberwarfare, we will focus first not on the amalgamated resources of a national actor but on the innumerable discrete actors that populate cyberspace.
Next: Black Hats, White Hats, Crackers and Bots
-
Summary
Most Internet “hackers” who are sufficiently capable to engage in cyberwarfare have little real affiliation with states (regardless of their citizenship in the real world). Skilled cyberwarriors can be fiercely individualistic and anonymous, though several broad classifications help give definition to the community and highlight some of the major types of actors in cyberspace.
Analysis
Related Special Topic Page
Cyberwarfare
Related Links
Cyberwarfare: A Glossary of Useful Terms
Interactive Cyberwarfare Timeline
Cyberwarfare 101: The Internet Is Mightier Than the Sword
Cyberspace as Battlespace: Evolving Threats
MEMBERS-ONLY PODCAST
Editor’s note: This is part of a series of analyses on the emergence of cyberspace as battlespace.
Before considering the role of a state’s power in cyberspace, it is important to identify and understand the transnational actors who populate it — particularly those who can manipulate the environment. The Internet is an environment defined by its users, and the average user is utterly powerless in terms of cyberwarfare — i.e., wreaking havoc on governments and institutions. But there are some individual actors who wield considerable power. Even average users can contribute unwittingly to this power, serving as conduits for destructive worms and viruses that can hijack individual computers and servers.
As the rise of al Qaeda has reminded the world of the power of the nonstate actor, so too has the rise of the individual hacker. The most powerful lone-wolf hacker may have even less grounding in the traditional political landscape than a motivated jihadist — and is perhaps even less likely to be affiliated with a national government.
A hacker can be many things. For our purposes here, it is someone with sufficient understanding, skill and experience in the nuances and inner workings of computer systems and networks to be able to wield meaningful power and influence events in cyberspace — even if only in concert with others. Such a person must then actively choose to exercise that capability and act boldly on that stage (hacking is almost universally illegal).
A given hacker’s ideology may be flexible or rigid, but the potential power of these individuals does raise new questions about national allegiance. The United States, for example, has dealt with nonstate actors as proxies for decades (e.g., the Afghan mujahideen). Computer hackers are another matter. Often strongly individualistic (and occasionally anarchistic), the smartest and most skilled are not necessarily interested in — or eligible for — work inside government agencies or the military (one of the core tenets of the so-called “Hacker Ethic” is that authority is not to be trusted). A country must consider these “free agents” inside its borders as well as those outside. Often indifferent to matters of state, a hacker’s attention can quickly turn and become an asset or a threat to state authority.
Black Hats
The most threatening hackers are known as black hats, or “dark side” hackers. These are hackers whose primary activities and intentions are malicious and often criminal. Black hats attempt to locate, identify and exploit security gaps or flaws within operating systems, computers and networks in order to gain control of them, steal information, destroy data or orchestrate other illicit activities. Once access to a system has been obtained, a black hat may take measures to establish continued covert access.
White Hats
The antithesis of the black hat is the white-hat hacker, also known as an “ethical” or a “sneaker.” White hats are ethically opposed to the abuse or misuse of computer systems. Like their black-hat counterparts, white hats actively search for flaws within computer systems and networks. These efforts often occur with systems in which a white hat has a vested interest or of which they have substantial knowledge. They distinguish themselves by either repairing or patching these vulnerabilities or alerting the administrator of the system or the designer of the software. Basically, white hats attempt to maintain security within the Internet and its connected systems.
However, some altruistic white-hat pursuits can appear to be quite malicious. A white hat may act with whatever he or she considers a “higher purpose.” The inherent conflict of white and black hat activities can also lead to online bouts between the two classes, in which both sides might use malicious tools to disconnect each other from the system or network. This may involve “back-hacking” — tracing the source of activity and infecting or attempting to disable the other hacker’s connection or system.
Other Hats
Other hackers “wear” colored or hybrid hats. Grey hats, for example, are a blend of the black hat and the white hat. Drawing on experience from both sides can make for a very robust skill set. Computer security professionals are often known as blue hats. Their activities are not unlike those of white hats but are more focused on the interests of paying customers. Hackers wear an assortment of other colored hats, and not all warrant definition here. We mention them only to illustrate the many shades and nuances found in the hacker community.
Cybermercenaries
Generally a black hat, a cybermercenary is an expert hacker for hire. For the right price, cybermercenaries can bring a considerable amount of resources to bear on a target. They are occasionally contracted to assist in network defense, though, as a general rule, cybermercenaries specialize in offensive and malicious acts: conducting denial of service (DoS) and distributed denial of service (DDoS) attacks; disabling, altering or defacing Web sites; electronic espionage; data theft or destruction; network warfare; and wholesale cyberwarfare. At times, the cybermercenary can be found supporting or conducting portions of a significant cyberwarfare strike (such strikes can be particularly manpower-intensive).
Cyberterrorists
Some observers don’t consider this a true category of hacker, since cyberwarfare attacks rarely inflict the kind of direct, physical damage associated with terrorism. Stratfor is not interested in this particular debate. We include the term simply to highlight the potential for cyberwarfare strikes to have an objective not of destroying data or bringing down a financial network but of creating conditions that may directly contribute to significant loss of life (e.g., hacking into an air traffic control grid), with that loss of life being the principal objective.
Coders
Many of the hackers described above are also coders, or “writers,” who create viruses, worms, Trojans, bot protocols and other destructive “malware” tools used by hackers. The ability to write computer code can be an invaluable skill for any hacker, though most coders focus specifically on the design of new and continually evolving software that makes Internet security an ongoing challenge.
Crackers
Crackers are hackers who circumvent or bypass copyright protection on software and digital media. The most prominent recent example of cracking was the “unlocking” of Apple’s iPhones in order to break software-imposed restrictions on the use of GSM cellular networks other than AT&T (which made a deal with Apple to be the sole provider of iPhone service). Of course, cracking has significant ramifications well beyond simply accessing the latest gadget. It also means that, regardless of whether a released software program has copyright protection, there are crackers diligently working to beat it. By making these programs and applications more available, crackers also increase the number of tools available to the online community.
Script Kiddies
Script kiddies represent an intermediate category of actor between regular computer user and hacker. A script kiddie is more knowledgeable about computers and the Internet than most users but has yet to develop the skills, experience and expertise to be a truly effective actor. Nevertheless, a script kiddie can have an impact on the wider online world. Prewritten programs accessible on the Internet can enable the less-skilled to perform many of the same functions as a seasoned hacker. Script kiddies know just enough to get themselves in real trouble or to bring real trouble to bear on others.
Bots and Zombies
Not all actors in cyberspace are human. This is not to classify every server and application in cyberspace as an actor. But there is a unique non-human actor in cyberspace known as a zombie, which is a computer wholly or partially controlled by a bot. A bot, for our purposes, is a parasitic program that hijacks a networked computer and uses it to carry out automated tasks on behalf of a hacker. Individual bots can be building blocks for powerful conglomerations of bots.
Such a gathering of bots is often accomplished by a bot herder, also known as a bot wrangler, which is a program designed to produce bots autonomously (a tedious and time-consuming process for a human hacker). A bot herder can replicate itself and create additional bot herders as well as bots. By using these wranglers, hackers can construct massive networks of bots and use these herders essentially as command and control nodes.
Once many bots and bot herders have been amassed, they can be consolidated into a collective computing network called a botnet, also called a “bot army.” This allows a single hacker to wield simultaneously the computing power of many thousands of machines — or more — and accomplish tasks that would otherwise be impossible with a single computer. Among these tasks are launching DDoS attacks, which can shut down Web sites, servers and backbone nodes; generating massive emailing and spamming campaigns; and disseminating viruses. Once these botnets are established, it can be extremely difficult to disband them and counter their decentralized attacks.
This is only a quick snapshot of the cyberspace population that at times transcends traditional geopolitical concepts like citizenship, national loyalty and international borders. Some countries and transnational groups are better at harnessing such individuals, either within their own borders or beyond. But most hackers also have ideological bents of their own.
stratfor
-
Summary
The online hacker community is strongly individualistic, though it does exhibit a number of characteristic ideologies. An ideological underpinning is not a prerequisite to being a hacker, and many ideologies are not mutually exclusive. Any one actor might subscribe to none, many or a unique amalgam. But these basic ideologies should be considered and understood in any meaningful discussion of cyberwarfare.
Analysis
Related Special Topic Page
Cyberwarfare
Related Links
Cyberspace as Battlespace: Evolving Threats
MEMBERS-ONLY PODCAST
Cyberwarfare: A Glossary of Useful Terms
Interactive Cyberwarfare Timeline
Cyberwarfare 101: The Internet Is Mightier Than the Sword
Cyberwarfare 101: Black Hats, White Hats, Crackers and Bots
Editor’s note: This is one in a series of analyses on the emergence of cyberspace as battlespace.
The personal motivations driving individual hackers are virtually infinite. But there are a handful of dominant ideologies that can offer insight into the mindsets and motivations of much of the larger hacker community. Not all hackers subscribe to or are driven by these beliefs, but most are shaped or affected by them in some fashion.
Any discussion of these ideologies must begin with the basic Hacker Ethic, the founding principle of the hacker community.
Hacker Ethic
Interpretation of this ethic can vary, but it essentially entails the following beliefs:
Information should be free and accessible to all.
Access to computers should be unlimited.
Computers and the Internet can be a force for the betterment of humanity.
Authority is not to be trusted.
The principle of decentralization goes hand-in-hand with all of the above.
These fundamental principles, and variations thereof, are commonly held in the hacker community and have evolved over time into some of the ideologies described below.
Exploration
The basic principles of exploration — an outgrowth of the Hacker Ethic and the first ideology many hackers adopt — are to look into every corner of the Internet and bypass any security simply for the sake of improving skills and learning how to navigate cyberspace covertly. In the process, explorationists generally try to leave no trace and to avoid any damage to the system (which would, inherently, be evidence of their intrusion). Many of this ideology’s tenets originate from newer versions of the Hacker Ethic — especially the white-hat version, which emphasizes benevolent rather than malevolent actions.
Informationism
Another outgrowth of the original Hacker Ethic is informationism, which holds that information should be allowed to flow freely throughout the Internet and, by extension, throughout all human societies. Hackers who embrace this ideology often have specific areas of interest they monitor to identify developments and actors that they might percieve to be limiting the free flow of information. Once these hackers identify constraints, they attempt to remove them by a variety of means, from simply rerouting data to removing security protocols to staging comprehensive network attacks — essentially making that information free through force.
Altruism
The tenets of altruism vary greatly, depending on the person subscribing to it, but often they are based on an individual’s beliefs regarding the Internet and are often associated with what are considered positive actions intended to serve a perceived public good. These tenets can include the free flow of information, security preservation and user protection. In some ways, altruism can be understood as a variation of the Hacker Ethic with a benevolent bent. But because it all comes down to a personal perception and world view, “altruistic” hackers may sometimes perform actions that seem quite malicious to others (e.g., shutting down Web sites that are believed to be blocking the free flow of information).
Hacktivism
Hacktivism promotes the use of hacking to accomplish political goals or advance political ideologies. Depending on the campaign, these actions may involve both white-hat hackers and black-hat hackers and can include Web site defacement, redirects, DoS attacks, virtual sit-ins and electronic sabotage. Many hacktivist actions often fall under the media radar but their political, economic, military and public impact can be significant.
Nationalism
Although a rare hacker ideology, nationalism can envelop large portions of the community given the right cause or circumstance. By their very nature, hackers are individualists who rarely pledge allegiance to other hackers or groups, let alone countries. This is partially due to the fact that the Internet itself and the hacker community it supports have their own cultural elements — indeed, some of the other motivations discussed above often supersede or transcend national identity. There are situations, however, when hackers can be motivated to act in what they perceive to be the best interests of their respective nations. When these situations arise, powerful alliances can quickly emerge that often possess greater capabilities and resources than many developed nations. This ideology is particularly relevant to cyberwarfare.
An outgrowth of nationalism is an ideology not often discussed: when hackers unite to protect not their nation but their community. Thus far, sufficiently explosive or inspiring conditions to unify such a disparate community have been rare. But the potential remains — and is perhaps growing greater in an increasingly wired world.
Rally Around the Flag
Much like nationalism, the “rally around the flag” ideology is rare in the hacker community, but when it emerges and builds a large following it can yield a significant power. Basically, rally around the flag refers to any situation that mobilizes large numbers of hackers behind a particular cause. The cause can vary or be governed by any number of ideological motives, but it is usually a cause that is sufficiently controversial or out of the ordinary to spark outrage and reprisal. Both nationalism and rally around the flag exemplify how certain ideologies can quickly join subnational and transnational hacker groups into fleeting alliances that can bring great force to bear on a target.
In these last two categories, the significance of the ideological motivation is the unifying factor. Once the skills and resources of a particular online demographic are amassed, a broad spectrum of attacks and targets are possible. One notable example was in 1999 during the NATO intervention in Kosovo, when Serbian hackers reportedly began carrying out attacks — from vandalism to larger distributed denial-of-service attacks — against all manner of targets in NATO member states. After the accidental bombing of the Chinese Embassy, a second upsurge in attacks against targets in NATO countries began. The most recent example — and one of the most mature instances of the disruptive effect of this kind of incident — was the Estonian cyberwar in 2007.
-
Summary
One of the most mature instances of a cyberwarfare attack was an assault on Internet networks in Estonia in late April and early May of 2007. The Russian government was suspected of participating in — if not instigating — the attack, which featured some of the key characteristics of cyberwarfare, including decentralization and anonymity.
Analysis
Related Special Topic Page
Cyberwarfare
Related Links
Cyberspace as Battlespace: Evolving Threats
MEMBERS-ONLY PODCAST
Cyberwarfare: A Glossary of Useful Terms
Interactive Cyberwarfare Timeline
Cyberwarfare 101: The Internet Is Mightier Than the Sword
Cyberwarfare 101: Black Hats, White Hats, Crackers and Bots
Cyberwarfare 101: What Makes a Hacker Tick
Editor’s note: This is part of a series of analyses on the emergence of cyberspace as battlespace.
During the night of April 26-27, 2007, in downtown Tallinn, Estonia, government workers took down and moved a Soviet-era monument commemorating World War II called the Bronze Soldier, despite the protests of some 500 ethnic Russian Estonians. For the Kremlin — and Russians in general — such a move in a former Soviet republic was blasphemy.
It was also just the kind emotional flash point that could spark a “nationalistic” or “rally-around-the-flag” movement in cyberspace. By 10 p.m. local time on April 26, 2007, digital intruders began probing Estonian Internet networks, looking for weak points and marshaling resources for an all-out assault. Bursts of data were sent to important nodes and servers to determine their maximum capacity — a capacity that the attackers would later exceed with floods of data, crashing servers and clogging connections.
A concerted cyberwarfare attack on Estonia was under way, one that would eventually bring the functioning of government, banks, media and other institutions to a virtual standstill and ultimately involve more than a million computers from some 75 countries (including some of Estonia’s NATO allies). Estonia was a uniquely vulnerable target. Extremely wired, despite its recent status as a Soviet republic, Estonian society had grown dependent on the Internet for virtually all the administrative workings of everyday life — communications, financial transactions, news, shopping, restaurant reservations, theater tickets and bill paying. Even parliamentary votes were conducted online. When Estonia’s independence from the Soviet Union was restored in 1991, not even telephone connections were reliable or widely available. Today, more than 60 percent of the population owns a cell phone, and Internet usage is already on par with Western European nations. In 2000, Estonia’s parliament declared Internet access a basic human right.
Some of the first targets of the attack were the Estonian parliament’s e-mail servers and networks. A flood of junk e-mails, messages and data caused the servers to crash, along with several important Web sites. After disabling this primary line of communications among Estonian politicians, some of the hackers hijacked Web sites of the Reform Party, along with sites belonging to several other political groups. Once they gained control of the sites, hackers posted a fake letter from Estonian Prime Minister Andrus Ansip apologizing for ordering the removal of the World War II monument.
By April 29, 2007, massive data surges were pressing the networks and rapidly approaching the limits of routers and switches across the country. Even though not all individual servers were taken completely offline, the entire Internet system in Estonia became so preoccupied with protecting itself that it could scarcely function.
During the first wave of the assault, network security specialists attempted to erect barriers and firewalls to protect primary targets. As the attacks increased in frequency and force, these barriers began to crumble.
Seeking reinforcements, Hillar Aarelaid, chief security officer for Estonia’s Computer Emergency Response Team, began calling on contacts from Finland, Germany, Slovenia and other countries to assemble a team of hackers and computer experts to defend the country. Over the next several days, many government ministry and political party Web sites were attacked, resulting either in misinformation being spread or the sites being made partially or completely inaccessible.
After hitting the government and political infrastructure, hackers took aim at other critical institutions. Several denial-of-service attacks forced two major banks to suspend operations and resulted in the loss of millions of dollars (90 percent of all banking transactions in Estonia occur via the Internet). To amplify the disruption caused by the initial operation, hackers turned toward media outlets and began denying reader and viewer access to roughly half the major news organizations in the country. This not only complicated life for Estonians but also denied information to the rest of the world about the ongoing cyberwar. By now, Aarelaid and his team had gradually managed to block access to many of the hackers’ targets and restored a degree of stability within the networks.
Then on May 9, the day Russia celebrates victory over Nazi Germany, the cyberwar on Estonia intensified. Many times the size of the previous days’ incursions, the attacks may have involved newly recruited cybermercenaries and their bot armies. More than 50 Web sites and servers may have been disabled at once, with a data stream crippling many other parts of the system. This continued until late in the evening of May 10, perhaps when the rented time on the botnets and cybermercenaries’ contracts expired. After May 10, the attacks slowly decreased as Aarelaid managed to take the botnets offline by working with phone companies and Internet service providers to trace back the IP addresses of attacking computers and shut down their Internet service connections.
During the defense of Estonia’s Internet system, many of the computers used in the attacks were traced back to computers in Russian government offices. What could not be determined was whether these computers were simply “zombies” hijacked by bots and were not under the control of the Russian government or whether they were actively being used by government personnel.
Although Estonia was uniquely vulnerable to a cyberwarfare attack, the campaign in April and May of 2007 should be understood more as a sign of things to come in the broader developed world. The lessons learned were significant and universal. Any country that relies on the Internet to support many critical, as well as mundane day-to-day, functions can be severely disrupted by a well-orchestrated attack. Estonia, for one, is unlikely ever to reduce its reliance on the Internet, but it will undoubtedly try to develop safeguards to better protect itself (such as filters that restrict internal traffic in a crisis and deny anyone in another country access to domestic servers). Meanwhile, the hacker community will work diligently to figure out a way around the safeguards.
One thing is certain: Cyberattacks like the 2007 assault on Estonia will become more common in an increasingly networked world, which will have to learn — no doubt the hard way — how to reduce vulnerability and more effectively respond to such attacks. Perhaps most significant is the reminder Estonia provides that cyberspace definitely favors offensive operations.
-
Counterfeit tech items from China
Counterfeit products originating from China are not a new problem. Everything from fake iPods to imitation name-brand purses have been sold to unwitting American shoppers. Now, solving the problem has taken on new urgency amid revelations that U.S. government agencies and military branches have bought millions of dollars of counterfeit Cisco networking equipment from China. According to an unclassified PowerPoint presentation circulating within the FBI, government entities that have purchased counterfeit equipment include the U.S. Naval Academy, the U.S. Naval Air Warfare Center, the U.S. Naval Undersea Warfare Center, the U.S. Marine Corps, the U.S. Air Force, the Federal Aviation Administration, numerous defense contractors such as Lockheed Martin and Raytheon, and even the FBI itself.
The counterfeit purchases were largely the result of government buyers trying to obtain high-end equipment for the lowest bid. The nightmare scenario is that U.S. government computer networks assumed secure might be hopelessly compromised with virtual back doors, which could allow the People’s Republic of China to monitor network traffic and even interfere with network operation. The FBI is currently trying to determine the motives of the counterfeiters, and while “profit” is the hoped-for answer, espionage cannot be ruled out at this time.
PatriotPost.com
-
Today's post on the Iran thread about Iran planning a nuke EMP pulse attack over the US wiping out electronics makes thie following all the more pertinent:
========================
Geopolitical Diary: Cyberwarfare Beginning To Take Center Stage
July 30, 2008 | 0152 GMT
2008 has seen an increasingly public acknowledgment by the U.S. intelligence community of the cyberwarfare threat. A report by Defense News on Tuesday highlighted the recent emergence of significant bipartisan congressional support by the powerful U.S. House Permanent Select Committee on Intelligence for a White House initiative on comprehensive national cybersecurity. Though public details are vague, the initiative seeks to improve computer security holistically across the military and government, while better hardening critical infrastructure against cyberattack. The intent is to create architecture that is also open to participation by business and the public.
Related Special Topic Pages
Cyberwarfare
It has long been abundantly clear that computers and especially the global connectivity of the Internet have been, as a whole, one of the most radical and far-reaching inventions in human history. High technology has changed the way business is done and the way humans personally connect and interact. Already we see jihadists using the Internet as a tool for manipulating public perception, coordinating operations and even sharing tactics, training and practices. At the same time, cyberspace has opened new avenues for espionage and crime alike. The free flow of information across international boundaries has influenced color revolutions in countries like Ukraine and precipitated the fall of governments.
But while the geopolitical significance of cyberspace is undeniable, its exploitation in global conflict — cyberwarfare — has largely been limited and deniable. Both the Pentagon’s exercise of cyberwarfare in Kosovo in 1999 and the potential use of it by Israel as part of its raid on Syria in September 2007 is the stuff of speculation. The world has yet to see the comprehensive military exploitation of cyberspace in international conflict.
This is an enormous concern, and though the U.S. Air Force is working to consolidate its cyberwarfare efforts under the aegis of a new Cyber Command, the Pentagon does not have anything close to the established dominance that it enjoys in more traditional domains.
For example, some experts claim that the massive 2004 blackout in the American northeast was precipitated by a Chinese hacker tinkering with systems relevant to the power grid. In 2007, in what has become one of the few true case studies in cyberwarfare, a massive cyberattack brought Estonia to a standstill in the wake of the controversial relocation of a Soviet World War II memorial. (And despite its recent status as a Soviet republic, Estonia is no poorly connected backwater. In fact, it is an exceptionally “wired” country by any standard — which contributed heavily to the effectiveness of the attack.)
At the time, the government was unable to communicate efficiently. Attacks on government websites were interspersed with disinformation and fraudulent postings. Though not everyone or everything was targeted, Estonia’s entire Internet infrastructure was so overloaded with traffic and preoccupied with defending itself that it essentially ceased to function — bringing corporate banking, access to the media and even day-to-day personal transactions to a halt.
Reports on the Estonian incident suggest that the attacks ultimately involved more than a million computers from some 75 countries (including some of Estonia’s NATO allies). And while nationalist fervor on the Russian side certainly played a part in rallying independent hackers, there is little doubt that the Kremlin was involved.
There are several interrelated points here:
Cyberwarfare has the potential to bring a country to an economic standstill on par with that experienced by the United States in the days following the 9/11 attacks.
Offensive actions in cyberspace often provide a great deal of deniability. It is a smart weapon of choice for inflicting blows without engaging in a shooting war.
The connectivity and computing power of systems and servers inside a country and allied countries can be co-opted and used in very simple but often all too effective brute-force attacks.
An attack can be executed from almost anywhere in the world without consideration for strategic geographic buffers and otherwise insurmountable distances.
The list goes on, but the underlying point is that cyberspace is a domain in which many of the traditional considerations of geopolitical conflict are fundamentally altered — if not obviated all together (e.g. geography may not matter, resources can be amassed largely undetected and the primary form of damage may be economic rather than physical).
As the unchallenged and the sole superpower, the United States is the obvious target because symmetrical competition is often inconceivable. Cyberwarfare efforts are under way in many countries around the world (including Russia), but China is widely considered to have the most advanced and robust capability.
Currently, assaults on U.S. systems (corporate, government and military alike) from all over the world occur daily. But there can be little doubt that in a significant escalation of hostilities with a country like Russia or China, such blows will be felt at home even if the conventional conflict may be thousands of miles away.
Keeping conflict an ocean and half a world away has been a core geopolitical imperative for Washington since the beginning. It is the root of the Monroe Doctrine and the reason why Soviet missiles in Cuba were so unacceptable. The very nature of the Internet thus makes comprehensive national cybersecurity at home a geopolitically relevant national interest.
-
In the 1960s, the Pentagon looked for a secure way to keep its lines of communication going in the event of all-out war. The interlinked packet networks of computers became the Internet. Fast-forward to today, and that system of open protocols brings the enormous benefits of the Web to civilian life. But the Web has also become an open field for cyber warriors seeking to harm the U.S.
We're only now realizing that many of these attacks have happened, as evidence mounts that outsiders accessed sensitive government networks and other databases. A report based on closed-door information about cyber attacks reached a sobering conclusion: Foreign governments and terrorist groups are focused on cyber offensives in a "battle we are losing."
Last week's Center for Strategic and International Studies report disclosed that the departments of Defense, State, Homeland Security and Commerce all have had intrusions by unknown foreign entities. The Pentagon's computers are probed "hundreds of thousands of times each day." An official at the State Department says terabytes of its information have been compromised. The Commerce Department's Bureau of Industry and Security had to go offline for several months. NASA has stopped using email before shuttle launches. Jihadist hackers are trying to confuse military computers into mistaking the identities of friendly and unfriendly forces in Afghanistan and Iraq.
The quasigovernmental commission revealing these cyber attacks is made up of private-sector information executives, military and intelligence officials, and two members of Congress. The study found that no department knew the extent of damage done to other departments. The extent of the harm is not known.
"The organization of the federal government, which dates to the 1930s or earlier, is part of the reason we are vulnerable," says the report. "Our industrial-age organization makes a cyber-dependent government vulnerable and inefficient. A collection of hierarchical 'stovepipes' is easier to attack and harder to defend because security programs are not of equal strength (the weakest link compromises all) and stovepiped defenders cannot appreciate the scope of, and respond well to, a multiagency attack."
As the first to build out an Internet grid, the U.S. is more vulnerable than countries that have built their infrastructure later. China, for example, constructed its Internet much later, on a more secure set of protocols. "Many Americans believe that our nation still leads in cyberspace, just as many Americans in 1957 believed that the U.S. led in space until a Soviet satellite appeared over their heads," the study says.
It's telling that the U.S. doesn't have a publicly stated doctrine on cyber defense that warns enemies and commits to taking action in response. Likening today's issues to the Cold War, the report says there should be clear rules about who will be punished how for what. It's in the nature of cyber attacks that it's hard to know exactly who's responsible, but some response must be made. "These uncertainties limit the value of deterrence for cybersecurity," the report says. "The deterrent effect of an unknown doctrine is quite limited."
In today's Opinion Journal
REVIEW & OUTLOOK
Madoff and MarketsDisarming OurselvesIran's YouTube Generation
TODAY'S COLUMNISTS
The Americas: Innocents Die in the Drug War
– Mary Anastasia O'GradyInformation Age: Internet Attacks Are a Real and Growing Problem
– L. Gordon Crovitz
COMMENTARY
Bush Blinks on the Auto Bailout
– Paul IngrassiaThe Fed Still Has Plenty of Ammunition
– Frederic S. MishkinIt's Time to Junk the Electoral College
– Jonathan SorosOne problem is that Russia and China are the main suspects, but the U.S. defense establishment hesitates to say so too loudly. It's true that few cyber attackers are ever clearly identified. No one knows for sure who brought down the Internet in Estonia in 2007, when Moscow was outraged when a Soviet-era war memorial was relocated in Tallinn. Or who was behind the cyber attacks that virtually shut down government communications and financial transactions in the former Soviet republic of Georgia earlier this year. Likewise, many foreign visitors had their PCs and BlackBerrys compromised during the Olympics in Beijing, where cybersnooping equipment is widely available.
Data are lost, communications are compromised, and "denial of service" attacks bring down selected Web sites and national networks. Supposedly confidential corporate information, the report warns, is almost certainly being hacked. As more individuals and companies rely on "cloud computing" -- storing information and services such as email remotely on supposedly secure servers -- foreign intelligence agencies and commercial snoops may have access.
A former official at Darpa, the Pentagon research agency that launched the Web, testified to Congress last year that a major cyber attack on the U.S. could knock out electricity, banking and digital-based communications. Americans would be left rooting around for food and water, trading with one another for firewood (presumably not on eBay). Even if end-of-the-world visions are overdone, it's past time to assess risks and justify countermeasures.
The report has recommendations for the Obama administration, including a new government structure for cyber protection and working more closely with the private sector on security research. The broader point is that it's about time that we knew the extent of the cyberwarring against us. The first step to fighting back is to admit that there's a fight on.
Write to informationage@wsj.com
-
Summary
With its vast population and internal-security concerns, China could well have the most extensive and aggressive cyberwarfare capability in the world. This may bode well for China as it strives to become a global power, but it does not engender a business-friendly environment for foreign companies and individuals in China, where there is no such thing as proprietary information. From within or without, defending against China’s cyberwarfare capability is a daunting task.
Analysis
In late 2008, rumors began circulating that the Chinese government, beginning in May 2009, would require foreign companies operating in China to submit their computer security technology for government approval. Details were vague, but the implication was that computer encryption inside China would become essentially useless. By giving away such information — the type of encryption systems they use and how they are implemented — companies would be showing the Chinese government how to penetrate their computer systems. It is not uncommon for governments and militaries operating on foreign soil to be required to do this, but it is unusual for private companies. (Of course, many governments, such as the United States, refuse to relinquish secure communications even when they have a diplomatic presence in a friendly nation, such as the United Kingdom.)
There is nothing sacred about information in China, where the cyberwarfare capability is deep, pervasive and a threat not only to foreign governments and militaries but also foreign corporations and individuals. STRATFOR sources tell us that the Chinese government already has pertinent information on all Taiwanese citizens of interest to China, a database that could easily be expanded to include other foreign nationals. The Chinese government can decipher most types of encrypted e-mails and documents, and China’s Internet spy network is thought to be the most extensive — if not the most creative — in the world. The government’s strongest tactic is a vast network of “bots” — parasitic software programs that allow their users to hijack networked computers. Individual bots can be building blocks for powerful conglomerations known as “botnets” or “bot armies,” which are fairly conventional formations engaged in a game of numbers not unlike traditional Chinese espionage. It is not the most innovative form of cyberwarfare, but China wields this relatively blunt instrument very effectively.
Indeed, China may well have the most extensive cyberwarfare capability in the world and the willingness to use it more aggressively than any other country. Such capability and intent are based on two key factors. One is the sheer size of China’s population, which is large enough to apply capable manpower to such a pervasive, people-intensive undertaking. In other words, one reason they do it is because they can.
Related Special Topic Page
Cyberwarfare
Another is the Chinese government’s innate paranoia about internal security, born of the constant challenge of extending central rule over a vast territory. This paranoia drove Beijing to build the “Great Firewall,” an ability to control Internet activity inside the country. (Virtually all information coming into and out of China is filtered and can be cut off by the flip of a switch.) This amount of control over the information infrastructure far surpasses the control that the United States and other Western countries — or even Russia — can wield over their infrastructures.
While much of China’s Internet spying is aimed at Taiwan, it is also driven by Beijing’s desire for global-power status. With the United States and Russia both investing in offensive and defensive cyberwarfare capability, China has a vested interest in applying its strengths and devoting its resources to staying ahead of the pack and not being caught in the middle. With its information infrastructure under tight governmental control, China can leverage its massive manpower resources in a manner that allows it to conduct far more direct and holistic cyberwarfare operations than any other country.
Today, with current technology, the Chinese government can hack into most anything, even without information on specific encryption programs. It can do this not only by breaking codes but also through less elaborate means, such as capturing information upstream on Internet servers, which, in China, are all controlled by the government and its security apparatus. If a foreign company is operating in China, it is almost a given that its entire computer system is or will be compromised. If companies or individuals are using the Internet in China, there is an extremely strong possibility that several extensive bots have already infiltrated their systems. STRATFOR sources in the Chinese hotel industry tell of extensive Internet networks in hotels that are tied directly to the Public Security Bureau (PSB, the Chinese version of the FBI). During the 2008 Olympics, Western hotel chains were asked to install special Internet monitoring devices that would give the PSB even more access to Internet activities.
The Chinese Internet spy network relies heavily on bots. Many Chinese Web sites have these embedded bots, and simply logging on to a Web site could trigger the download of a bot onto the host computer. Given that the Internet in China is centrally controlled by the government, these bots likely are on many common Web sites, including English-language news sites and expatriate blogs. It is important to note that the Chinese cyberwarfare capability is not limited by geography. The government can break into Web sites anywhere in the world to install bots.
China has invested considerable time and resources to developing its bot armies, focusing on quantity rather than quality and shying away from more creative forms of hacking such as SQL injections (injecting code to exploit a security vulnerability) and next-generation remote exploits (in such features as chat software and online games). The best thing about bots is that they are easy to spread. An extensive bot army, for example, can be employed both externally and internally, which puts China at a distinct advantage. If Beijing wanted to cut its Internet access to the rest of the world in a crisis scenario, it could still spy on computers beyond its national boundaries, with bots installed on computers around the world. The upkeep of the spy network could easily be accomplished by a few people operating outside of China. By comparison, according to STRATFOR Internet security sources, the United States does not have the ability to shut down its Internet network in a time of crisis, nor could it get into China’s network if it were shut down.
A bot army might be a large, blunt instrument, but finding a bot on a computer can be a Herculean task, beyond the capabilities of some of the most Internet-savvy people. Moreover, the Chinese have started to make their bots “user-friendly.” When bots were first introduced, they could slow down computer operating systems, eventually leading the computer user to reinstall the hard drive (and thus killing the bot). Sources say that Chinese bots now can be so efficient they actually make many computers run better by cleaning up the hard drive, trying to resolve conflicts and so on. They are like invisible computer housecleaners tidying things up and keeping users satisfied. The payment for this housecleaning, of course, is intelligence.
In addition to bots and other malware, the Chinese have many other ways to expand their Internet spy network. A great deal of the computer chips and other hardware used in manufacturing computers for Western companies and governments are made in China; and these components often come from the factory loaded with malware. It is also common for USB flash drives to come from the factory infected. These components make their way into all manner of computers operating in major Western companies and governments, even the Pentagon (which recently was forced to ban the use of USB thumb drives because of a computer security incident).
Recently, a STRATFOR source who formerly worked in Australia’s government was surprised that the Australian government was considering giving a national broadband contract to the Chinese telecommunications equipment maker Huawei Technologies, which is known to have ties to the Chinese government and military. Huawei was the subject of a U.S. investigation that eventually led it to withdraw a joint $2.2 billion bid to buy a stake in 3Com, a U.S. Internet router and networking company. Other STRATFOR sources are wary of Huawei’s relationship with the U.S. company Symantec, maker of popular anti-virus and anti-spyware programs.
For companies operating in China, the best course of action is simply to leave any sensitive materials outside of China and not allow computer networks inside China to come into contact with sensitive materials. A satellite connection would help mitigate the possibility of intrusion from targeted direct hacking, but such networks are not extensive in China and move data fairly slowly. It is really not a matter of what kind of network to use. Although there have been no reports of a next-generation 3G network being hacked in any country, the Chinese government can still access the traffic on the network because it owns the physical infrastructure — telephone wires and poles, fiber optics, switching stations — and maintains tight control over it. Moreover, most 3G-enabled devices also use Bluetooth, which is extremely vulnerable to attack. And neither 3G nor satellite connections necessarily reduce the threat from bots that are propagated over e-mail or by Web-browser exploits. In the end, if your computer or other data device is infected with malware, a secure network provides very little solace.
Even when a foreign traveler leaves sensitive materials at home, there is no guarantee of their safety. The pervasive Chinese bot armies are a formidable foe, and they frequently attack networks and systems in almost every part of the world (the Pentagon defends against thousands of such attacks every day). Although China lacks a certain innovative finesse when it comes to cyberwarfare, it has a massive program with a wide reach. Combating it, from within or without, is a daunting task for any individual, company or superpower.
-
Report: Islamist Radicals Use Web to Reach Asian Youth
Sunday , March 08, 2009
Extremist groups in Southeast Asia are increasingly using the Internet and social networking to radicalize the youth of the region, said a new security report released Friday.
Internet usage in Southeast Asia has exploded since 2000 and extremist groups have developed a sophisticated online presence, including professional media units.
"For extremist groups in our region, the internet is an increasingly important tool for recruitment to violence," said the report by the Australian Strategic Policy Institute and S. Rajaratnam School of International Studies in Singapore.
"Importantly, they aren't attacking only the West, but are drawing on their narrative to attack the governance arrangements of regional states," said the report titled "Countering internet radicalization in Southeast Asia" (www.aspi.org.au/).
The report said online extremism first appeared in Southeast Asia in early 2000, particularly in the Bahasa Indonesia and Bahasa Melayu language cyber-environment.
Since then Internet usage in the region has exploded and so too have extremist Web sites, chat rooms and blogs.
The number of radical and extremist Web sites in Bahasa Indonesia and Bahasa Melayu -- the official languages of Indonesia and Malaysia, which are very similar -- rose from 15 in 2007 to 117 in 2008.
Of those, sympathetic Web sites rose from 10 to 16 and sympathetic blogs and social networking rose from zero to 82.
Between 2006 and July 2007, radical regional websites have disseminated Al Qaeda and Southeast Asian militant group Jemaah Islamiah propaganda videos, pictures and statements, it said.
In Indonesia, which has battled extremist Muslim groups responsible for bombings, Internet usage rose from 2 million in 2000 to 20 million in January 2008.
The country now represents 80 to 90 percent of visitors to 10 radical and extremist Web sites in the region, said the report.
The Philippines, which has a Muslim insurgency, has seen Internet usage rise to 14 million from 2 million in 2000, Malaysia 14.9 million from 3.7 million and Thailand 8.5 million from 2.3 million in the same period.
"The Bahasa [Indonesia] and Malay language websites include sites manned by radical and extremist groups, Islamic boarding schools (pesantrens), and groups of individuals who sympathize with and support the ideology of violent jihad," said the report.
MEDIA SAVVY
One of the first appearances of a "tradecraft manual" was in August 2007 in the then forum, Jihad al-Firdaus. The forum had a section on electronic jihad, including several hacking manuals.
In 2008 the region's first sophisticated bomb-making manual and bomb-making video were posted on the Forum Al-Tawbah, which is registered in Shah Alam, Selangor and Malaysia, said the report.
But it said there had been no serious attempt to plan militant operations in these forums, adding further details of their activities were in private messages or personal emails.
Extremists were using a variety of technology to spread their message. "Blogs and personal social networking accounts provided more than half of the increase in 2008," said the report.
Militant groups have also become internet media savvy.
The Mujahidin Syura Council, an extremist group that claims to operate in southern Thailand, launched an official media wing in July 2008 as a blog on Google, said the report.
The Khattab Media Publication's blog is mainly written in Malay and was used to announce the start of a new military campaign, codenamed Operation Tawbah (Operation Repentance).
Another group, Hizbut Tahrir Indonesia, often produces high-quality videos of its activities and uploads them onto YouTube.
Many of the videos focus on the failings of the Indonesian government and the need to implement sharia law and establish an Islamic caliphate, said the report.
"Extremist groups without access to mainstream media place great value on having online media units to boost their reputations and recruit people via the internet," it said.
The report said that regional governments had done little to stop the rise of online radicalization, partly because attempts to regulate cyberspace have been a political minefield.
It said while Web sites inciting violence are subject to criminal laws in some countries, there are often no specific regulations covering the internet.
"Some governments don't want to appear un-Islamic by coming down hard on Islamist groups, and some don't want to appear undemocratic by seeming to rein in freedom of expression in cyberspace," it said. "The problem of online radicalization crosses national borders and will require a concerted international response."
-
Gentlemen," Henry Stimson once said, "don't read each other's mail." Neither do gentlemen hack into each other's computers, electric grids, military networks and other critical infrastructure.
MGM/UA/THE Kobal Collection
'War Games,' 1983. Next time there won't be a happy ending.
Ours is not a world of gentlemen.
Stimson was referring to cryptanalysis, or code-breaking, which he forbade as Herbert Hoover's Secretary of State. (He would revisit that opinion as Franklin Roosevelt's Secretary of War.) I am referring to Siobhan Gorman's front-page story in last Wednesday's Journal, in which she reported widespread cyberspying of the U.S. electricity grid, much of it apparently originating in China and Russia.
"Authorities investigating the intrusions," Ms. Gorman reported, "have found software tools left behind that could be used to destroy infrastructure components." A senior intelligence official told the Journal that, "If we go to war with them, they will try to turn them on."
To get a better sense of what all this is about, type the words "Cyber attack" and "generator" into YouTube. The first result should be a short clip from the Department of Homeland Security, leaked to CNN a couple of years ago, showing an electric generator under a simulated cyberattack at the Idaho National Laboratory. Within seconds the generator begins to shake violently. Within a minute, it's up in smoke.
Now imagine the attack being conducted against 60 large generators, simultaneously. Imagine, too, similar attacks against chemical plants, causing Bhopal-style toxic leaks. Imagine malicious software codes planted in U.S. weapons systems, which could lie undetected until triggered by a set of conditions similar to mobilization.
"It's as though we've entered something like the nuclear era without a Hiroshima," says Scott Borg, director and chief economist of the U.S. Cyber Consequences Unit, a nonprofit, nongovernmental organization that consults with government and industry about potential cyberattacks. "People aren't aware that everything has changed."
Today, the general perception of cyberattacks is that they amount to so much mischief-making by bored and spiteful 20-year-old computer geeks. Think of the 1998 Melissa computer virus. There's also some awareness of the uses of cyberpenetration for industrial espionage, though here cases are harder to name since victimized companies are often reluctant to go public. In April 2007, following a political row between Russia and Estonia over the latter's removal of a Soviet-era war memorial, a cyberattack paralyzed many of Estonia's key Web sites. The same happened in Georgia after Russia's invasion last August.
Still, none of this seems to amount to a strategic threat. Think again. In the early-1990s, the Chinese military resurrected the concept of Shashoujian, which loosely means any weapon or military strategy that can get the better of a seemingly invincible opponent. More often it's translated as "assassin's mace," or -- even better -- "killer ap."
The Chinese began investigating Shashoujian after noting how a highly networked, information-centric U.S. military easily bested Iraq in the 1991 Gulf War. The result was heavy investment in asymmetric weapons like an antisatellite missile, which China successfully tested in January 2007 and which could knock America's eyes out of the sky, as well as ultra-quiet, relatively inexpensive, diesel-electric submarines that could take out an aircraft carrier.
As for the penetrations into the U.S. electricity grid, the Chinese and Russians adamantly deny involvement. But the advantages to any potential enemy of shutting down large parts of the grid are huge, beginning with the fact that the nature of the Internet makes it virtually impossible confidently to pinpoint the author of the attack. As for consequences, Mr. Borg outlines a grim scenario.
"If you shut down power for about three days," he says, "it causes very little damage. We can handle a long weekend. But if you shut down power for longer, all kinds of other things begin to happen. After about 10 days the curve levels off with about 72% of all economic activity shut down. You don't have air conditioning in the summer; you don't have heating in the winter. Thousands of people die."
Among Mr. Borg's conceptual recommendations is for the U.S. to begin thinking about its critical infrastructure as the center of gravity in any future conflict. "This is no longer about perimeter defense," he stresses. As for who could pull off that kind of cyberattack, he names (besides the U.S. and other leading high-tech nations) China, Russia and Israel. And Iran? Probably not, he suspects, nor yet groups like al Qaeda. Then again, he adds, "the worry is that over the next six or seven years they will assemble this kind of expertise."
Under President George W. Bush, Congress secretly approved $17 billion in cyber-security spending. President Barack Obama's 2010 budget calls for an additional $355 million, and that's on the public side. Maybe it's helping. Then again, personal data involving 49,000 people was recently stolen from a Federal Aviation Administration data server, while the Los Alamos National Laboratory reports 13 computers lost or stolen and another 67 missing in the past year. Yes, it's that Los Alamos.
Plainly, we have a problem. And as we consider ever-more elaborate defenses for our vulnerable networks, here's a modest suggestion: Gently alert our non-NATO "partners" that we might be in their electricity grids, too.
-
When American forces in Iraq wanted to lure members of Al Qaeda into a trap, they hacked into one of the group’s computers and altered information that drove them into American gun sights.
When President George W. Bush ordered new ways to slow Iran’s progress toward a nuclear bomb last year, he approved a plan for an experimental covert program — its results still unclear — to bore into their computers and undermine the project. (WHY ON EARTH IS THIS INFO BEING DIVULGED?!?-- Marc)
And the Pentagon has commissioned military contractors to develop a highly classified replica of the Internet of the future. The goal is to simulate what it would take for adversaries to shut down the country’s power stations, telecommunications and aviation systems, or freeze the financial markets — in an effort to build better defenses against such attacks, as well as a new generation of online weapons.
Just as the invention of the atomic bomb changed warfare and deterrence 64 years ago, a new international race has begun to develop cyberweapons and systems to protect against them.
Thousands of daily attacks on federal and private computer systems in the United States — many from China and Russia, some malicious and some testing chinks in the patchwork of American firewalls — have prompted the Obama administration to review American strategy.
President Obama is expected to propose a far larger defensive effort in coming days, including an expansion of the $17 billion, five-year program that Congress approved last year, the appointment of a White House official to coordinate the effort, and an end to a running bureaucratic battle over who is responsible for defending against cyberattacks.
But Mr. Obama is expected to say little or nothing about the nation’s offensive capabilities, on which the military and the nation’s intelligence agencies have been spending billions. In interviews over the past several months, a range of military and intelligence officials, as well as outside experts, have described a huge increase in the sophistication of American cyberwarfare capabilities.
Because so many aspects of the American effort to develop cyberweapons and define their proper use remain classified, many of those officials declined to speak on the record. The White House declined several requests for interviews or to say whether Mr. Obama as a matter of policy supports or opposes the use of American cyberweapons.
The most exotic innovations under consideration would enable a Pentagon programmer to surreptitiously enter a computer server in Russia or China, for example, and destroy a “botnet” — a potentially destructive program that commandeers infected machines into a vast network that can be clandestinely controlled — before it could be unleashed in the United States.
Or American intelligence agencies could activate malicious code that is secretly embedded on computer chips when they are manufactured, enabling the United States to take command of an enemy’s computers by remote control over the Internet. That, of course, is exactly the kind of attack officials fear could be launched on American targets, often through Chinese-made chips or computer servers.
So far, however, there are no broad authorizations for American forces to engage in cyberwar. The invasion of the Qaeda computer in Iraq several years ago and the covert activity in Iran were each individually authorized by Mr. Bush. When he issued a set of classified presidential orders in January 2008 to organize and improve America’s online defenses, the administration could not agree on how to write the authorization.
A principal architect of that order said the issue had been passed on to the next president, in part because of the complexities of cyberwar operations that, by necessity, would most likely be conducted on both domestic and foreign Internet sites. After the controversy surrounding domestic spying, Mr. Bush’s aides concluded, the Bush White House did not have the credibility or the political capital to deal with the subject.
=================
(Page 2 of 4)
Cyberwar would not be as lethal as atomic war, of course, nor as visibly dramatic. But when Mike McConnell, the former director of national intelligence, briefed Mr. Bush on the threat in May 2007, he argued that if a single large American bank were successfully attacked “it would have an order-of-magnitude greater impact on the global economy” than the Sept. 11, 2001, attacks. Mr. McConnell, who left office three months ago, warned last year that “the ability to threaten the U.S. money supply is the equivalent of today’s nuclear weapon.”
The scenarios developed last year for the incoming president by Mr. McConnell and his coordinator for cybersecurity, Melissa Hathaway, went further. They described vulnerabilities including an attack on Wall Street and one intended to bring down the nation’s electric power grid. Most were extrapolations of attacks already tried.
Today, Ms. Hathaway is the primary author of White House cyberstrategy and has been traveling the country talking in vague terms about recent, increasingly bold attacks on the computer networks that keep the country running. Government officials will not discuss the details of a recent attack on the air transportation network, other than to say the attack never directly affected air traffic control systems.
Still, the specter of an attack that could blind air traffic controllers and, perhaps, the military’s aerospace defense networks haunts military and intelligence officials. (The saving grace of the air traffic control system, officials say, is that it is so old that it is not directly connected to the Internet.)
Studies, with code names like Dark Angel, have focused on whether cellphone towers, emergency-service communications and hospital systems could be brought down, to sow chaos.
But the theoretical has, at times, become real.
“We have seen Chinese network operations inside certain of our electricity grids,” said Joel F. Brenner, who oversees counterintelligence operations for Dennis Blair, Mr. McConnell’s successor as national intelligence director, speaking at the University of Texas at Austin this month. “Do I worry about those grids, and about air traffic control systems, water supply systems, and so on? You bet I do.”
But the broader question — one the administration so far declines to discuss — is whether the best defense against cyberattack is the development of a robust capability to wage cyberwar.
As Mr. Obama’s team quickly discovered, the Pentagon and the intelligence agencies both concluded in Mr. Bush’s last years in office that it would not be enough to simply build higher firewalls and better virus detectors or to restrict access to the federal government’s own computers.
“The fortress model simply will not work for cyber,” said one senior military officer who has been deeply engaged in the debate for several years. “Someone will always get in.”
That thinking has led to a debate over whether lessons learned in the nuclear age — from the days of “mutually assured destruction” — apply to cyberwar.
But in cyberwar, it is hard to know where to strike back, or even who the attacker might be. Others have argued for borrowing a page from Mr. Bush’s pre-emption doctrine by going into foreign computers to destroy malicious software before it is unleashed into the world’s digital bloodstream. But that could amount to an act of war, and many argue it is a losing game, because the United States is more dependent on a constantly running Internet system than many of its potential adversaries, and therefore could suffer more damage in a counterattack.
In a report scheduled to be released Wednesday, the National Research Council will argue that although an offensive cybercapability is an important asset for the United States, the nation is lacking a clear strategy, and secrecy surrounding preparations has hindered national debate, according to several people familiar with the report.
The advent of Internet attacks — especially those suspected of being directed by nations, not hackers — has given rise to a new term inside the Pentagon and the National Security Agency: “hybrid warfare.”
It describes a conflict in which attacks through the Internet can be launched as a warning shot — or to pave the way for a traditional attack.
=====================
Page 3 of 4)
Early hints of this new kind of warfare emerged in the confrontation between Russia and Estonia in April 2007. Clandestine groups — it was never determined if they had links to the Russian government — commandeered computers around the globe and directed a fire hose of data at Estonia’s banking system and its government Web sites.
The computer screens of Estonians trying to do business with the government online were frozen, if they got anything at all. It was annoying, but by the standards of cyberwar, it was child’s play.
In August 2008, when Russia invaded Georgia, the cyberattacks grew more widespread. Georgians were denied online access to news, cash and air tickets. The Georgian government had to move its Internet activity to servers in Ukraine when its own servers locked up, but the attacks did no permanent damage.
Every few months, it seems, some agency, research group or military contractor runs a war game to assess the United States’ vulnerability. Senior intelligence officials were shocked to discover how easy it was to permanently disable a large power generator. That prompted further studies to determine if attackers could take down a series of generators, bringing whole parts of the country to a halt.
Another war game that the Department of Homeland Security sponsored in March 2008, called Cyber Storm II, envisioned a far larger, coordinated attack against the United States, Britain, Canada, Australia and New Zealand. It studied a disruption of chemical plants, rail lines, oil and gas pipelines and private computer networks. That study and others like it concluded that when attacks go global, the potential economic repercussions increase exponentially.
To prove the point, Mr. McConnell, then the director of national intelligence, spent much of last summer urging senior government officials to examine the Treasury Department’s scramble to contain the effects of the collapse of Bear Stearns. Markets froze, he said, because “what backs up that money is confidence — an accounting system that is reconcilable.” He began studies of what would happen if the system that clears market trades froze.
“We were halfway through the study,” one senior intelligence official said last month, “and the markets froze of their own accord. And we looked at each other and said, ‘Our market collapse has just given every cyberwarrior out there a playbook.’ ”
Just before Mr. Obama was elected, the Center for Strategic and International Studies, a policy research group in Washington, warned in a report that “America’s failure to protect cyberspace is one of the most urgent national security problems facing the new administration.”
What alarmed the panel was not the capabilities of individual hackers but of nations — China and Russia among them — that experts believe are putting huge resources into the development of cyberweapons. A research company called Team Cymru recently examined “scans” that came across the Internet seeking ways to get inside industrial control systems, and discovered more than 90 percent of them came from computers in China.
Scanning alone does no damage, but it could be the prelude to an attack that scrambles databases or seeks to control computers. But Team Cymru ran into a brick wall as soon as it tried to trace who, exactly, was probing these industrial systems. It could not determine whether military organizations, intelligence agencies, terrorist groups, criminals or inventive teenagers were behind the efforts.
The good news, some government officials argue, is that the Chinese are deterred from doing real damage: Because they hold more than a trillion dollars in United States government debt, they have little interest in freezing up a system they depend on for their own investments.
Then again, some of the scans seemed to originate from 14 other countries, including Taiwan, Russia and, of course, the United States.
Bikini Atoll for an Online Age
Because “cyberwar” contains the word “war,” the Pentagon has argued that it should be the locus of American defensive and offensive strategy — and it is creating the kind of infrastructure that was built around nuclear weapons in the 1940s and ’50s.
Defense Secretary Robert M. Gates is considering proposals to create a Cyber Command — initially as a new headquarters within the Strategic Command, which controls the American nuclear arsenal and assets in space. Right now, the responsibility for computer network security is part of Strategic Command, and military officials there estimate that over the past six months, the government has spent $100 million responding to probes and attacks on military systems. Air Force officials confirm that a large network of computers at Maxwell Air Force Base in Alabama was temporarily taken off-line within the past eight months when it was put at risk of widespread infection from computer viruses.
================
Page 4 of 4)
But Mr. Gates has concluded that the military’s cyberwarfare effort requires a sharper focus — and thus a specific command. It would build the defenses for military computers and communications systems and — the part the Pentagon is reluctant to discuss — develop and deploy cyberweapons.
In fact, that effort is already under way — it is part of what the National Cyber Range is all about. The range is a replica of the Internet of the future, and it is being built to be attacked. Competing teams of contractors — including BAE Systems, the Applied Physics Laboratory at Johns Hopkins University and Sparta Inc. — are vying to build the Pentagon a system it can use to simulate attacks. The National Security Agency already has a smaller version of a similar system, in Millersville, Md.
In short, the Cyber Range is to the digital age what the Bikini Atoll — the islands the Army vaporized in the 1950s to measure the power of the hydrogen bomb — was to the nuclear age. But once the tests at Bikini Atoll demonstrated to the world the awesome destructive power of the bomb, it became evident to the United States and the Soviet Union — and other nuclear powers — that the risks of a nuclear exchange were simply too high. In the case of cyberattacks, where the results can vary from the annoying to the devastating, there are no such rules.
The Deterrence Conundrum
During the cold war, if a strategic missile had been fired at the United States, screens deep in a mountain in Colorado would have lighted up and American commanders would have some time to decide whether to launch a counterattack. Today, when Pentagon computers are subjected to a barrage, the origin is often a mystery. Absent certainty about the source, it is almost impossible to mount a counterattack.
In the rare case where the preparations for an attack are detected in a foreign computer system, there is continuing debate about whether to embrace the concept of pre-emption, with all of its Bush-era connotations. The questions range from whether an online attack should be mounted on that system to, in an extreme case, blowing those computers up.
Some officials argue that if the United States engaged in such pre-emption — and demonstrated that it was watching the development of hostile cyberweapons — it could begin to deter some attacks. Others believe it will only justify pre-emptive attacks on the United States. “Russia and China have lots of nationalistic hackers,” one senior military officer said. “They seem very, very willing to take action on their own.”
Senior Pentagon and military officials also express deep concern that the laws and understanding of armed conflict have not kept current with the challenges of offensive cyberwarfare.
Over the decades, a number of limits on action have been accepted — if not always practiced. One is the prohibition against assassinating government leaders. Another is avoiding attacks aimed at civilians. Yet in the cyberworld, where the most vulnerable targets are civilian, there are no such rules or understandings. If a military base is attacked, would it be a proportional, legitimate response to bring down the attacker’s power grid if that would also shut down its hospital systems, its air traffic control system or its banking system?
“We don’t have that for cyber yet,” one senior Defense Department official said, “and that’s a little bit dangerous.”
-
May 26, 2009
The First War In Cyberspace
By Ed Timperlake
Cyberwar is now a fact of life in 21st Century wars. Actual and potential enemies of America already know the dimensions of Cyberwar and have moved into full combat.
With a real world combat engagement in Georgia and Estonia, the Russians have shown skill. Make no mistake; in certain arenas the Russians are smart and capable, and as the invasion of Georgia shows, ruthless. They have world class scientists and engineers. It is well known they are excellent Cyber Warfighters who have now also apparently harnessed their criminal hackers to augment their worldwide reach. This melding of Russian conventional military might with reported state sponsored criminal cyber syndicates is ominous and powerful.
The Peoples Republic of China's attacks in United States Cyberspace are well known to even casual-mail and Google users, where viruses linked by the media to Chinese sources circle and wait for openings. If the dollar value of the troves of information reported by media to be carted off by the Chinese were toted up, the number could be many billions, if not a trillion. If George Washington and Thomas Jefferson could visit America in 2009 they would call the Chinese attacks Acts Of War.
America is awakened. The Pentagon is standing up a new Department of Defense major combat command This new Cyber Command will be headed by Lieutenant General Keith Alexander, who currently commands the National Security Agency (nickname "no such agency"). He will be promoted to four stars and be the first Commanding General of the Cyber Command to be Headquartered at Ft Meade, Maryland.
General Alexander, a warrior trained at West Point, has a well earned reputation as a visionary in 21st Century Warfare and the reach and power of technology. As Director of Technology Assessment, International Technology Security in the Office of the Secretary of Defense I visited and worked with the Army's Intelligence and Security Command then headed by Major General Alexander. It was clear that MG Alexander knew how to maneuver in cyberspace in cutting-edge ways.
If confirmed to his new position General Alexander will be standing on the shoulders of a giant -- his visionary fellow West Pointer Mike Wynne. Secretary of the Air Force Wynne launched the USAF Cyber Command, which created the template and many components of the new DOD Cyber Command. Secretary Wynne pronounced with clarity that Cyberspace is a war fighting domain like Air, Sea, Land, and Space, where Intelligence operations, like training, supply, and Medical operations are one component at work in the Domain
The fundamental principle of American Cyber Doctrine must emerge with focuses on Law Enforcement and war fighting, returning the Intelligence Community, which in the last century
extended into the Internet, to their primary role of cyber intelligence gathering and some cyber operations. This return to basics by the IC will be beneficial, since they completely missed the impending collapse of the old Soviet Empire and gave no apparent warning of the Russian attack on Georgia.
The two overall functions in Cyberspace are Law Enforcement and Investigation, the mission assigned to the Department of Homeland Security and the Federal Bureau of Investigation, and War Fighting, assigned to Cyber Command. Euphemistically, it can be said the first two are engaged in Dot.Gov and Dot.Com Cyberspace and DOD warriors fighting and defending our country from foreign attack are engaged in Dot.Mil Cyberspace.
The Wall Street Journal in a headline written on August 12 2008 perfectly captures the 21st Century warfare that the Russians have apparently employed in their invasion of Georgia: "Georgia States Computers hit by Cyber attacks. " The world has seen an opening chapter on how Russian cyber war capabilities are combined with Russian conventional forces. This chapter of war is being written in blood.
In our 1999 book "Red Dragon Rising" co-author William C. Triplett II and I postulated an electronic "Pearl Harbor" with The PRC attacking Taiwan. Using all their military capabilities, for example airborne and seaborne infantry, tactical air, naval armada, other elements of the attack could include: Surprise attack, Internet attack ("Cyber Attack was not in the lexicon then), Psychological Operations, and all tools of attack. That scenario now is at the center of US war planning.
The Chinese Peoples Liberation Army can in 2009 launch a massive Cyber assault on Taiwan. Some command and control networks would be destroyed while others would be deliberately spared so they could be manipulated from the inside. Radio and television signals can be jammed and false images of calls from Political Leaders advocating surrender broadcast. Banking systems and specific accounts can be targeted. Information war could also deliberately leave some radar signals intact to warn of "virtual assaults" feeding the confusion and bringing command and control systems to a halt. Finally, Fifth columns at home and abroad can spread rumors and try and keep Washington confused.
America will ultimately win any Cyber engagement if we keep our focus and dedicate sufficient resources. Mike Wynne knew this: It can take a while for the American military to get it right, but once warriors are recruited trained and focused we have the best military the world has ever seen.
Air Force Cyber Doctrine had an extremely attractive feature, and the new DOD Cyber Command can build on it: the US Cyber Command is a military fighting force that would interest 18-year-old men and women some who are already the most computer savvy individuals in the world. These young American men and women, who really enjoy Wired Magazine, have reached adulthood with an instinctive know how on how to use computers -- for good or ill. They are perfect warriors in this brave new world.
A great American General, later President, Andrew "Andy" Jackson in the War of 1812 understood the power of innovative American battle tactics. General Jackson augmented his regulars at the Battle of New Orleans with frontier sharpshooters and pirates. The poor Red Coats did not know what hit them.
A US Cyber Command can attract our best Cyberspace sharpshooters along with swashbuckling Cyber Buccaneers. Russia, the Peoples Republic of China, Iran and others will soon have a cold dose of reality that in awaking the American sleeping giant Cyber attacks can run two ways.
Page Printed from: http://www.americanthinker.com/2009/05/the_first_war_in_cyberspace.html at May 26, 2009 - 10:53:30 AM EDT
-
I read that BO has appointed a "Cyberwar Czar". Seems like we are getting to have a lot of Czars! But if this is a sign of serious intent then that is a very good thing.
-
At the risk of riling up GM, I hope the new "cyberczar" position doesn't morph into another crisis that is not put to waste. There is a lot of mischief a non-elected official charged with the security of all things networked could get into.
-
It's pretty interesting that ad hoc cyberwarriors are springing up around the globe to assist Iranian dissidents. . . .
Crisis in Iran Sparks Global Guerrilla Cyberwar
Tuesday , June 16, 2009
The election crisis in Iran has ignited a full-on guerrilla cyberwar, with Twitterers and techies across the globe pitching in to help protesters in that country access the Internet, and official Iranian government Web sites being knocked offline.
The U.S. State Department even reportedly weighed in, with an unnamed official telling Reuters Tuesday that it had asked Twitter not to "shut down its system in Iran."
Early on Monday, bloggers outside Iran began posting and tweeting links to Web proxy servers that Iranians could use to dodge censorship — and others put up how-to guides for setting up even more proxies.
Some efforts took a more aggressive tone, as "hacktivists" talked of taking down Iranian goverment Web sites, and at least one American blogger posted instructions on how to do so.
As of midday Tuesday, Web sites belonging to President Mahmoud Ahmadinejad and Supreme Leader Ayatollah Ali Khamenei were unreachable.
Twitter itself, realizing how vital it had become, put off a scheduled maintenance outage until 5 p.m. EDT Tuesday (1:30 a.m. Wednesday in Tehran) so that Iranians could get in a full day of uninterrupted tweeting.
Iranians used the proxy servers to upload dozens of video clips to YouTube, despite an official block on the Web site within the country.
One blurry YouTube clip, likely shot with a cell phone, showed what appeared to have been a member of the Basij paramilitary force firing down from a second-story window into a courtyard with an AK-47 as protests continued behind a high wall.
The footage broadly matched an incident in Tehran Monday evening, when protesters broke into a Basij compound. Seven were reported killed.
Back in the U.S., the Iran protests drew support, and maybe even some collateral damage.
"My website has been attacked by Iran. My servers are melting," wrote blogger Austin Heap, a San Francisco IT professional who's become one of the leaders of the cyberinsurrection.
"But individuals in the opposition are still able to use technology to mobilize each other," he wrote. "And the tech community around the world is still able to support them."
He at first posted proxy links late Sunday, then switched Monday to instructions on how to set them up, and finally posted code on how to disable Iranian official servers.
Also in San Francisco, Twitter sacrificed the convenience of millions of users in the Americas for the greater cause of Iranian freedom.
"A critical network upgrade must be performed to ensure continued operation of Twitter. In coordination with Twitter, our network host had planned this upgrade for tonight," co-founder Biz Stone wrote on the official Twitter blog Monday afternoon.
"However, our network partners at NTT America recognize the role Twitter is currently playing as an important communication tool in Iran. Tonight's planned maintenance has been rescheduled to tomorrow between 2-3p PST (1:30a in Iran)."
There was no comment from Twitter regarding the Reuters report that the State Dept. had asked it to keep Twitter up.
Late Monday, top Iranian crisis tweeter Moussavi1388, an unofficial mouthpiece for officially defeated presidential candidate Mir Hossein Moussavi, tweeted: "Twitter is currently our ONLY way to communicate overnight news in Iran, PLEASE do not take it down."
Meanwhile, #iranelection soared to the top of Twitter's most-searched-term list, with new tweets coming in even faster Tuesday than they had the day before.
"Unconfirmed rumours — army generals arrested — many rumours of coupdetat by army," posted PersianKiwi, another top Enlish-language Iranian Twitterer, on Tuesday morning.
One big question lay open — if Chinese officials were able to block Twitter just before the June 4 anniversary of the Tiananmen Square massacre, why couldn't Iran?
"[Users are] using proxies to break the filters. So twitter is even being blocked too," answered Michelle Moghtader of the National Iranian American Council, responding to a question during a live chat on WashingtonPost.com.
"You can say it's online warfare of constant censoring and breaking of filters," she added.
Internet expert Jonathan Zittrain, a law professor at Harvard, wrote on his blog that Twitter's own sloppiness helped it evade Iranian blockers.
"Twitter isn't just any particular Web site. It's an atom designed to be built into other molecules," said Zittrain. "More than most, Twitter allows multiple paths in and out for data."
"The very fact that Twitter itself is half-baked, coupled with its designers' willingness to let anyone build on top of it to finish baking it," he added, "is what makes it so powerful."
http://www.foxnews.com/printer_friendly_story/0,3566,526627,00.html
-
In a Monty Python skit from 1970, the Vercotti brothers, wearing Mafia suits and dark glasses, approach a colonel in a British military barracks. "You've got a nice army base here, Colonel," says Luigi Vercotti. "We wouldn't want anything to happen to it." Dino explains, "My brother and I have got a little proposition for you, Colonel," and Luigi elaborates, "We can guarantee you that not a single armored division will get done over for 15 bob a week."
If the idea of the military having to pay protection money to the mob seems silly, imagine what Monty Python could do with last week's White House decision on security. It announced a new "Cyber Command" to protect information infrastructure, but stipulated that the military is allowed to protect only itself, not the civilian Internet or other key communications networks. When President Barack Obama announced the plan, he stressed that it "will not -- I repeat -- will not -- include monitoring private-sector networks or Internet traffic." It's like telling the military if there's another 9/11 to protect the Pentagon but not the World Trade Center.
The announcement shows that our political system is still ambivalent about how to defend communications networks such as the Internet. We expect privacy, but we know that intrusive techniques are required to protect the system from cyber attacks. How to balance privacy with preventing attacks that would undermine the system altogether?
It's an open secret that the National Security Agency (NSA) must operate through civilian networks inside the U.S. in order to prevent millions of cyber attacks every year by foreign governments, terror groups and hackers. Likewise, the NSA must follow leads through computer networks that run through innocent countries. "How do you understand sovereignty in the cyber domain?" asked James Cartwright, vice chairman of the Joint Chiefs of Staff, in a recent speech. "It doesn't tend to pay a lot of attention to geographic borders."
The risks are real. Cyber attacks on Estonia and Georgia by Russia in recent years forced government, banking, media and other Web sites offline. In the U.S., the public Web, air-traffic control systems and telecommunications services have all been attacked. Congressional offices have been told that China has broken into their computers. Both China and Russia were caught having infiltrated the U.S. electric-power grid, leaving behind software code to be used to disrupt the system. The risk of attacks to create massive power outages is so serious that the best option could be unplugging the U.S. power grid from the Internet.
The military is far ahead of civilian agencies such as Homeland Security and is now focused on cyber offense as well as defense. Cyberspace, says Gen. Kevin P. Chilton, commander of the U.S. Strategic Command, is the new "domain," joining the traditional domains of air, land and sea. Each is a focus for both defense and attack. The U.S., a decade behind China, is now officially focused on using cyber warfare offensively as well as defensively.
The U.S. is an inventive nation, so we'll get to the right answer on security if we ask the right questions. What if the only way the military can block a cyber attack is to monitor domestic use of the Web, since foreigners use the Web to launch cyber attacks? What is a "reasonable" search in a virtual world such as a global communication network? What's the proper response to cyber attacks?
If cyber war is a new form of war, wouldn't most Americans adjust their expectations of reasonable privacy to permit the Pentagon to intrude to some degree on their communications, if this is necessary to prevent great harm and if rules protecting anonymity can be established? Finally, wouldn't it be better for politicians to encourage a frank discussion about these issues before a significant attack occurs instead of pretending there are no trade-offs?
Only the NSA, which operates within the Defense Department, has the expertise to protect all U.S. networks. It has somehow found ways to mine needed data despite pre-Web rules that restrict its activities domestically. But the question remains: How can the military get enough access to private, domestic networks to protect them while still ensuring as much privacy as possible? One logical approach is for Homeland Security to delegate domestic defense to the NSA, but for the domestic agency to maintain enough responsibility to have political accountability if privacy rights get violated in the process.
We'll look back on the current era, with the military constrained from defending vital domestic interests, as an artifact of an era when it was easy to point to what was foreign and what was domestic. In the digital world, as the cyber threat shows, physical distinctions such as political borders are unhelpful and can be dangerously confusing.
-
By JACK GOLDSMITH
Published: July 1, 2009
Cambridge, Mass.
NY Times
OUR economy, energy supply, means of transportation and military defenses are dependent on vast, interconnected computer and telecommunications networks. These networks are poorly defended and vulnerable to theft, disruption or destruction by foreign states, criminal organizations, individual hackers and, potentially, terrorists. In the last few months it has been reported that Chinese network operations have found their way into American electricity grids, and computer spies have broken into the Pentagon’s Joint Strike Fighter project.
Acknowledging such threats, President Obama recently declared that digital infrastructure is a “strategic national asset,” the protection of which is a national security priority.
One of many hurdles to meeting this goal is that the private sector owns and controls most of the networks the government must protect. In addition to banks, energy suppliers and telecommunication companies, military and intelligence agencies use these private networks. This is a dangerous state of affairs, because the firms that build and run computer and communications networks focus on increasing profits, not protecting national security. They invest in levels of safety that satisfy their own purposes, and tend not to worry when they contribute to insecure networks that jeopardize national security.
This is a classic market failure that only government leadership can correct. The tricky task is for the government to fix the problem in ways that do not stifle innovation or unduly hamper civil liberties.
Our digital security problems start with ordinary computer users who do not take security seriously. Their computers can be infiltrated and used as vehicles for attacks on military or corporate systems. They are also often the first place that adversaries go to steal credentials or identify targets as a prelude to larger attacks.
President Obama has recognized the need to educate the public about computer security. The government should jump-start this education by mandating minimum computer security standards and by requiring Internet service providers to deny or delay Internet access to computers that fall below these standards, or that are sending spam or suspicious multiple computer probes into the network.
The government should also use legal liability or tax breaks to motivate manufacturers — especially makers of operating systems — to improve vulnerability-filled software that infects the entire network. It should mandate disclosure of data theft and other digital attacks — to trusted private parties, if not to the public or the government — so that firms can share information about common weapons and best defenses, and so the public can better assess which firms’ computer systems are secure. Increased information production and sharing will also help create insurance markets that can elevate best security practices.
But the private sector cannot protect these networks by itself any more than it can protect the land, air or water channels through which foreign adversaries or criminal organizations might attack us. The government must be prepared to monitor and, if necessary, intervene to secure channels of cyberattack as well.
The Obama administration recently announced that it would set up a Pentagon cybercommand to defend military networks. Some in the administration want to use Cybercom to help the Department of Homeland Security protect the domestic components of private networks that are under attack or being used for attacks. Along similar lines, a Senate bill introduced in April would give the executive branch broad emergency authority to limit or halt private Internet traffic related to “critical infrastructure information systems.”
President Obama has tried to soothe civil liberties groups’ understandable worries about these proposals. In the speech that outlined the national security implications of our weak digital defenses, the president said the government would not monitor private sector networks or Internet traffic, and pledged to “preserve and protect the personal privacy and civil liberties we cherish as Americans.”
But the president is less than candid about the tradeoffs the nation faces. The government must be given wider latitude than in the past to monitor private networks and respond to the most serious computer threats.
These new powers should be strictly defined and regularly vetted to ensure legal compliance and effectiveness. Last year’s amendments to the nation’s secret wiretapping regime are a useful model. They expanded the president’s secret wiretapping powers, but also required quasi-independent inspectors general in the Department of Justice and the intelligence community to review effectiveness and legal compliance and report to Congress regularly.
Many will balk at this proposal because of the excesses and mistakes associated with the secret wiretapping regime in the Bush administration. These legitimate concerns can be addressed with improved systems of review.
But they should not prevent us from empowering the government to meet the cyber threats that jeopardize our national defense and economic security. If they do, then privacy could suffer much more when the government reacts to a catastrophic computer attack that it failed to prevent.
Jack Goldsmith, a professor at Harvard Law School who was an assistant attorney general from 2003 to 2004, is writing a book on cyberwar.
-
White House among targets of sweeping cyber attack - Yahoo! News
AP – An employee of Korea Internet Security Center works at a monitoring room in Seoul, South Korea, Wednesday, …
By LOLITA C. BALDOR, Associated Press Writer Lolita C. Baldor, Associated Press Writer – 1 hr 1 min ago
WASHINGTON – The powerful attack that overwhelmed computers at U.S. and South Korean government agencies for days was even broader than initially realized, also targeting the White House, the Pentagon and the New York Stock Exchange. Other targets of the attack included the National Security Agency, Homeland Security Department, State Department, the Nasdaq stock market and The Washington Post, according to an early analysis of the malicious software used in the attacks. Many of the organizations appeared to successfully blunt the sustained computer assaults.
The Associated Press obtained the target list from security experts analyzing the attacks. It was not immediately clear who might be responsible or what their motives were. South Korean intelligence officials believe the attacks were carried out by North Korea or pro-Pyongyang forces.
The attack was remarkably successful in limiting public access to victim Web sites, but internal e-mail systems are typically unaffected in such attacks. Some government Web sites — such as the Treasury Department, Federal Trade Commission and Secret Service — were still reporting problems days after the attack started during the July 4 holiday. South Korean Internet sites began experiencing problems Tuesday.
South Korea's National Intelligence Service, the nation's principal spy agency, told a group of South Korean lawmakers Wednesday it believes that North Korea or North Korean sympathizers in the South were behind the attacks, according to an aide to one of the lawmakers briefed on the information.
The aide spoke on condition of anonymity, citing the sensitivity of the information. The National Intelligence Service — South Korea's main spy agency — said it couldn't immediately confirm the report, but it said it was cooperating with American authorities.
The attacks will be difficult to trace, said Professor Peter Sommer, an expert on cyberterrorism at the London School of Economics. "Even if you are right about the fact of being attacked, initial diagnoses are often wrong," he said Wednesday.
Amy Kudwa, spokeswoman for the Homeland Security Department, said the agency's U.S. Computer Emergency Readiness Team issued a notice to federal departments and other partner organizations about the problems and "advised them of steps to take to help mitigate against such attacks."
New York Stock Exchange spokesman Ray Pellecchia could not confirm the attack, saying the company does not comment on security issues.
Attacks on federal computer networks are common, ranging from nuisance hacking to more serious assaults, sometimes blamed on China. U.S. security officials also worry about cyber attacks from al-Qaida or other terrorists.
This time, two government officials acknowledged that the Treasury and Secret Service sites were brought down, and said the agencies were working with their Internet service provider to resolve the problem. The officials spoke on condition of anonymity because they were not authorized to speak on the matter.
Ben Rushlo, director of Internet technologies at Keynote Systems, said problems with the Transportation Department site began Saturday and continued until Monday, while the FTC site was down Sunday and Monday.
Keynote Systems is a mobile and Web site monitoring company based in San Mateo, Calif. The company publishes data detailing outages on Web sites, including 40 government sites it watches.
According to Rushlo, the Transportation Web site was "100 percent down" for two days, so that no Internet users could get through to it. The FTC site, meanwhile, started to come back online late Sunday, but even on Tuesday Internet users still were unable to get to the site 70 percent of the time.
Web sites of major South Korean government agencies, including the presidential Blue House and the Defense Ministry, and some banking sites were paralyzed Tuesday. An initial investigation found that many personal computers were infected with a virus ordering them to visit major official Web sites in South Korea and the U.S. at the same time, Korea Information Security Agency official Shin Hwa-su said.
___
Associated Press writers Hyung-Jin Kim in Seoul, South Korea; Andrew Vanacore in New York; and Pan Pylas in London contributed to this report.
-
Here's a different POV:
North Korean Cyberattacks
To hear the media tell it, the United States suffered a major
cyberattack last week. Stories were everywhere. "Cyber Blitz hits U.S.,
Korea" was the headline in Thursday's Wall Street Journal. North Korea
was blamed.
Where were you when North Korea attacked America? Did you feel the fury
of North Korea's armies? Were you fearful for your country? Or did
your resolve strengthen, knowing that we would defend our homeland
bravely and valiantly?
My guess is that you didn't even notice, that -- if you didn't open a
newspaper or read a news website -- you had no idea anything was
happening. Sure, a few government websites were knocked out, but that's
not alarming or even uncommon. Other government websites were attacked
but defended themselves, the sort of thing that happens all the time. If
this is what an international cyberattack looks like, it hardly seems
worth worrying about at all.
Politically motivated cyber attacks are nothing new. We've seen UK vs.
Ireland. Israel vs. the Arab states. Russia vs. several former Soviet
Republics. India vs. Pakistan, especially after the nuclear bomb tests
in 1998. China vs. the United States, especially in 2001 when a U.S. spy
plane collided with a Chinese fighter jet. And so on and so on.
The big one happened in 2007, when the government of Estonia was
attacked in cyberspace following a diplomatic incident with Russia about
the relocation of a Soviet World War II memorial. The networks of many
Estonian organizations, including the Estonian parliament, banks,
ministries, newspapers and broadcasters, were attacked and -- in many
cases -- shut down. Estonia was quick to blame Russia, which was
equally quick to deny any involvement.
It was hyped as the first cyberwar, but after two years there is still
no evidence that the Russian government was involved. Though Russian
hackers were indisputably the major instigators of the attack, the only
individuals positively identified have been young ethnic Russians living
inside Estonia, who were angry over the statue incident.
Poke at any of these international incidents, and what you find are kids
playing politics. Last Wednesday, South Korea's National Intelligence
Service admitted that it didn't actually know that North Korea was
behind the attacks: "North Korea or North Korean sympathizers in the
South" was what it said. Once again, it'll be kids playing politics.
This isn't to say that cyberattacks by governments aren't an issue, or
that cyberwar is something to be ignored. The constant attacks by
Chinese nationals against U.S. networks may not be government-sponsored,
but it's pretty clear that they're tacitly government-approved.
Criminals, from lone hackers to organized crime syndicates, attack
networks all the time. And war expands to fill every possible theater:
land, sea, air, space, and now cyberspace. But cyberterrorism is nothing
more than a media invention designed to scare people. And for there to
be a cyberwar, there first needs to be a war.
Israel is currently considering attacking Iran in cyberspace, for
example. If it tries, it'll discover that attacking computer networks
is an inconvenience to the nuclear facilities it's targeting, but
doesn't begin to substitute for bombing them.
In May, President Obama gave a major speech on cybersecurity. He was
right when he said that cybersecurity is a national security issue, and
that the government needs to step up and do more to prevent
cyberattacks. But he couldn't resist hyping the threat with scare
stories: "In one of the most serious cyber incidents to date against our
military networks, several thousand computers were infected last year by
malicious software -- malware," he said. What he didn't add was that
those infections occurred because the Air Force couldn't be bothered to
keep its patches up to date.
This is the face of cyberwar: easily preventable attacks that, even when
they succeed, only a few people notice. Even this current incident is
turning out to be a sloppily modified five-year-old worm that no modern
network should still be vulnerable to.
Securing our networks doesn't require some secret advanced NSA
technology. It's the boring network security administration stuff we
already know how to do: keep your patches up to date, install good
anti-malware software, correctly configure your firewalls and
intrusion-detection systems, monitor your networks. And while some
government and corporate networks do a pretty good job at this, others
fail again and again.
Enough of the hype and the bluster. The news isn't the attacks, but that
some networks had security lousy enough to be vulnerable to them.
This essay originally appeared on the Minnesota Public Radio website.
http://minnesota.publicradio.org/display/web/2009/07/10/schneier/
A copy of this essay, with all embedded links, is here:
http://www.schneier.com/blog/archives/2009/07/north_korean_cy.html
-
Somehow, I doubt that NorK kiddies are behind the cyber-attacks. How many NorK households have a computer and access to the net?
-
This is Pravda on the Hudson writing here about exactly the sort of subject where it can be and often is at its most deceptive, so caveat lector. That said, I have no knowledge of these issues and cannot tell if this is simply the Obama people desperately giving up things they shouldn't be giving up (e.g. as they are currently doing in nuke negotiations with Russia) or whether there is something actually of merit going on here. I also note that the article does not mention China, which I understand to see our dependence on things cyper as a weak link in our military capabilities; and that they therefore are sedulously at work on their capabilities to seriously fcuk up our military comm capabilities. If we are busy keeping an agreement with the Russians, does that leave us more vulnerable to the Chinese?
================================
In Shift, U.S. Talks to Russia on Internet Security Recommend
JOHN MARKOFF and ANDREW E. KRAMER
Published: December 12, 2009
The United States has begun talks with Russia and a United Nations arms control committee about strengthening Internet security and limiting military use of cyberspace.
American and Russian officials have different interpretations of the talks so far, but the mere fact that the United States is participating represents a significant policy shift after years of rejecting Russia’s overtures. Officials familiar with the talks said the Obama administration realized that more nations were developing cyberweapons and that a new approach was needed to blunt an international arms race.
In the last two years, Internet-based attacks on government and corporate computer systems have multiplied to thousands a day. Hackers, usually never identified, have compromised Pentagon computers, stolen industrial secrets and temporarily jammed government and corporate Web sites. President Obama ordered a review of the nation’s Internet security in February and is preparing to name an official to coordinate national policy.
Last month, a delegation led by Gen. Vladislav P. Sherstyuk, a deputy secretary of the Russian Security Council and the former leader of the Russian equivalent of the National Security Agency, met in Washington with representatives from the National Security Council and the Departments of State, Defense and Homeland Security. Officials familiar with these talks said the two sides made progress in bridging divisions that had long separated the countries.
Indeed, two weeks later in Geneva, the United States agreed to discuss cyberwarfare and cybersecurity with representatives of the United Nations committee on disarmament and international security. The United States had previously insisted on addressing those matters in the committee on economic issues.
The Russians have held that the increasing challenges posed by military activities to civilian computer networks can be best dealt with by an international treaty, similar to treaties that have limited the spread of nuclear, chemical and biological weapons. The United States had resisted, arguing that it was impossible to draw a line between the commercial and military uses of software and hardware.
Now there is a thaw, said people familiar with the discussions.
“In the last months there are more signs of building better cooperation between the U.S. and Russia,” said Veni Markovski, a Washington-based adviser to Bulgaria’s Internet security chief and representative to Russia for the organization that assigns Internet domain names. “These are signs that show the dangers of cybercrime are too big to be neglected.”
Viktor V. Sokolov, deputy director of the Institute of Information Security in Moscow, a policy research group run by General Sherstyuk, said the Russian view was that the American position on Internet security had shifted perceptibly in recent months.
“There is movement,” he said. Before, bilateral negotiations were limited to the relevant Russian police agency, the Bureau of Special Technical Operations, the Internet division of the Ministry of Interior, and the F.B.I.
Mr. Sokolov characterized this new round of discussions as the opening of negotiations between Russia and the United States on a possible disarmament treaty for cyberspace, something Russia has long sought but the United States has resisted.
“The talks took place in a good atmosphere,” he said. “And they agreed to continue this process. There are positive movements.”
A State Department official, who was not authorized to speak about the talks and requested anonymity, disputed the Russian characterization of the American position. While the Russians have continued to focus on treaties that may restrict weapons development, the United States is hoping to use the talks to increase international cooperation in opposing Internet crime. Strengthening defenses against Internet criminals would also strengthen defenses against any military-directed cyberattacks, the United States maintains. An administration official said the United States was seeking common ground with the Russians.
The United Nations discussions are scheduled to resume in New York in January, and the two countries also plan to talk at an annual Russia-sponsored Internet security conference in Garmisch, Germany.
The American interest in reopening discussions shows that the Obama administration, even in absence of a designated Internet security chief, is breaking with the Bush administration, which declined to talk with Russia about issues related to military attacks using the Internet.
Many countries, including the United States, are developing weapons for use on computer networks that are ever more integral to the operations of everything from banks to electrical power systems to government offices. They include “logic bombs” that can be hidden in computers to halt them at crucial times or damage circuitry; “botnets” that can disable or spy on Web sites and networks; or microwave radiation devices that can burn out computer circuits miles away.
The Russians have focused on three related issues, according to American officials involved in the talks that are part of a broader thaw in American-Russian relations known as the "reset" that also include negotiations on a new nuclear disarmament treaty. In addition to continuing efforts to ban offensive cyberweapons, they have insisted on what they describe as an issue of sovereignty calling for a ban on “cyberterrorism.” American officials view the issue differently and describe this as a Russian effort to restrict “politically destabilizing speech.” The Russians have also rejected a portion of the Council of Europe Convention on Cybercrime that they assert violates their Constitution by permitting foreign law enforcement agencies to conduct Internet searches inside Russian borders.
In late October at a luncheon during a meeting on Security and Counter Terrorism at Moscow State University, General Sherstyuk told a group of American executives that the Russians would never sign the European Cybercrime Treaty as long as it contained the language permitting cross-border searches.
-
There was a big U.S. cyberattack exercise last month. We didn't do so well.
http://www.darkreading.com/security/cybercrime/showArticle.jhtml?articleID=222900775
or http://tinyurl.com/y9mqfj9
http://www.thenewnewinternet.com/2010/02/16/more-must-be-done-to-prepare-us-for-cyber-attack/
or http://tinyurl.com/ydv6e5f
-
Thank you for the commentary. I had planned to ask this quesetion on the Govt. Programs or Internet thread, but since I have you here and you mention the "bandwidth bottleneck" issue, would you help me understand the issues involved with the FCC/BO plans to fund/create "high speed interent for everyone" both from the perspective of the issues here and with regard to the economic performance i.e. is it going to be a clusterfcuk or is it going to actually do some good at a reasonable cost?
-
The Attack Coming From Bytes, Not Bombs
By MICHIKO KAKUTANI
Published: April 26, 2010
Blackouts hit New York, Los Angeles, Washington and more than 100 other American cities. Subways crash. Trains derail. Airplanes fall from the sky.
CYBER WAR
The Next Threat to National Security and What to Do About It
By Richard A. Clarke and Robert K. Knake
290 pages. Ecco/HarperCollins Publishers. $25.99.
Gas pipelines explode. Chemical plants release clouds of toxic chlorine. Banks lose all their data. Weather and communication satellites spin out of their orbits. And the Pentagon’s classified networks grind to a halt, blinding the greatest military power in the world.
This might sound like a takeoff on the 2007 Bruce Willis “Die Hard” movie, in which a group of cyberterrorists attempts to stage what it calls a “fire sale”: a systematic shutdown of the nation’s vital communication and utilities infrastructure. According to the former counterterrorism czar Richard A. Clarke, however, it’s a scenario that could happen in real life — and it could all go down in 15 minutes. While the United States has a first-rate cyberoffense capacity, he says, its lack of a credible defense system, combined with the country’s heavy reliance on technology, makes it highly susceptible to a devastating cyberattack.
“The United States is currently far more vulnerable to cyberwar than Russia or China,” he writes. “The U.S. is more at risk from cyberwar than are minor states like North Korea. We may even be at risk some day from nations or nonstate actors lacking cyberwar capabilities, but who can hire teams of highly capable hackers.”
Lest this sound like the augury of an alarmist, the reader might recall that Mr. Clarke, counterterrorism chief in both the Bill Clinton and George W. Bush administrations, repeatedly warned his superiors about the need for an aggressive plan to combat al Qaeda — with only a pallid response before 9/11. He recounted this campaign in his controversial 2004 book, “Against All Enemies.”
Once again, there is a lack of coordination between the various arms of the military and various committees in Congress over how to handle a potential attack. Once again, government agencies and private companies in charge of civilian infrastructure are ill prepared to handle a possible disaster.
In these pages Mr. Clarke uses his insider’s knowledge of national security policy to create a harrowing — and persuasive — picture of the cyberthreat the United States faces today. Mr. Clarke is hardly a lone wolf on the subject: Mike McConnell, the former director of national intelligence, told a Senate committee in February that “if we were in a cyberwar today, the United States would lose.”
And last November, Steven Chabinsky, deputy assistant director for the Federal Bureau of Investigation’s cyber division, noted that the F.B.I. was looking into Qaeda sympathizers who want to develop their hacking skills and appear to want to target the United States’ infrastructure.
Mr. Clarke — who wrote this book with Robert K. Knake, an international affairs fellow at the Council on Foreign Relations — argues that because the United States military relies so heavily upon databases and new technology, it is “highly vulnerable to cyberattack.” And while the newly established Cyber Command, along with the Department of Homeland Security, is supposed to defend the federal government, he writes, “the rest of us are on our own”:
“There is no federal agency that has the mission to defend the banking system, the transportation networks or the power grid from cyberattack.” In fact, The Wall Street Journal reported in April 2009 that the United States’ electrical grid had been penetrated by cyberspies (reportedly from China, Russia and other countries), who left behind software that could be used to sabotage the system in the future.
For more than a decade now, Mr. Clarke has been warning about “an electronic Pearl Harbor,” and he is familiar with the frustrations of a political bureaucracy. He notes that pressure from both the right and left over the hot-button issues of regulation and privacy have made it difficult for the government to get individual corporations (which control vital services like electricity, Internet access and transportation) to improve their ability to defend themselves against cyberattack.
Meanwhile, Mr. Clarke says, China has developed “the ability to disconnect all Chinese networks from the rest of the global Internet, something that would be handy to have if you thought the U.S. was about to launch a cyberwar attack on you.” After the first gulf war, he explains, the Chinese “began to downsize their military” — which reportedly has about one-eighth of the Pentagon’s budget (before adding in the costs of the wars in Afghanistan and Iraq) — and invest in new technologies, which they believed could give them an asymmetric advantage over the United States, despite America’s overwhelming conventional arsenal.
As for North Korea, Mr. Clarke says, it employs an Olympics-like approach to creating cyberwarriors, selecting “elite students at the elementary-school level to be groomed as future hackers.” North Korea is suspected of being behind the cyberattacks of July 2009 that took down the Web servers of the Treasury, Secret Service, Federal Trade Commission and Transportation Department and is thought to have placed “trapdoors” — code that allows hackers future access to a network — on computer networks on at least two continents.
============
Page 2 of 2)
Trapdoors are just one device that rival nation states and cyberterrorists can use. There are also “logic bombs” (code that can set off malicious functions when triggered), Distributed Denial of Service (D.D.O.S.) attacks (in which a site or server is flooded with more requests for data than it can process), and foreign-manufactured software and hardware that might have been tampered with before being shipped to the States.
CYBER WAR
The Next Threat to National Security and What to Do About It
By Richard A. Clarke and Robert K. Knake
290 pages. Ecco/HarperCollins Publishers. $25.99.
The Defense Department, Mr. Clarke says, began to embrace the cost-saving idea of using commercial off-the-shelf software (instead of applications custom-made in-house) in the ’90s, and it “brought to the Pentagon all the same bugs and vulnerabilities that exist on your own computer.” He says, for instance, that in 1997, when the Windows system on a retrofitted “smart ship” called the U.S.S. Yorktown crashed, “the cruiser became a floating i-brick, dead in the water.”
The United States’ lack of an effective cyberdefense system, Mr. Clarke ominously warns, “will tempt opponents to attack in a period of tensions,” and it could also tempt America to take pre-emptive action or escalate a cyberconflict very rapidly if attacked. Were such a war to start, it could easily jump international boundaries, causing cascades of collateral damage to unspool around the world.
How best to address this alarming situation? Mr. Clarke reports that a 2009 meeting of some 30 cyberspace “old hands” — former government officials, current bureaucrats, chief security officers of major corporations, academics and senior information technology company officials — came to the conclusion that critical infrastructure should be separated from “the open-to-anyone” Internet. They also came out in favor of more government involvement in cyber research and development and a heightened emphasis on building “resilience” into systems so as to enable recovery, post-attack.
In addition to these suggestions, Mr. Clarke adds some fairly common-sense — but not so easily achieved — recommendations of his own. He argues that America needs to “harden the important networks that a nation-state attacker would target” by putting automated scanning systems in place to look for malware. Also, it needs to make sure that the Pentagon enhances the security of its own networks; and to work toward cyberarms-control agreements with other nations.
“The reality is that a major cyberattack from another nation is likely to originate in the U.S.,” Mr. Clarke says, noting that logic bombs and trapdoors are quite likely already in place, “so we will not be able to see it coming and block it with the systems we have now or those that are planned. Yes, we may be able to respond in kind, but our nation will still be devastated by a massive cyberattack on civilian infrastructure that smacks down power grids for weeks, halts trains, grounds aircraft, explodes pipelines and sets fire to refineries.”
And should America then decide to cross the line from cyberwarfare to conventional warfare, he says near the end of this chilling book, the highly advanced technology in our military arsenal “may suddenly not work.”
-
LINK
General Says Military Needs Cyberwar Doctrine
Seeks defined boundaries
By Eli Lake, The Washington Times
The military needs to better define the boundaries of cyberwarfare to allow cyber forces to go beyond defending computers and networks against numerous attacks, the vice chairman of the Joint Chiefs of Staff said on Thursday.
Marine Corps Gen. James Cartwright said in a speech that "we have an entire architecture globally that is based on defense only, point defense only."
"Our defense is our virus protection software and our firewall. So if you are in uniform, what you've basically said is, 'I want to have this fight at my boundaries, inside my country, and I am willing to wait for that and when it gets catastrophic, we'll address it.' "
The general did not advocate conducting offensive cyberwarfare retaliation against foreign or domestic attacks. However, the newly-created U.S. Cyber Command combines both offensive and defensive cyber operations under one military unit.
Currently, military doctrine is unclear on what constitutes a computer or cyber-attack and what the consequences would be for countries or people who launched one on U.S. critical infrastructure. Branches of the armed forces, and in particular the Air Force, have conducted defensive and offensive actions in the realm of electronic or cyberwarfare. Individual branches of the armed services have developed their own cyberwarfare doctrine.
Gen. Cartwright said he supports the idea of cutting wasteful defense programs.
He also said he expects the current war against al Qaeda and Islamic extremism will last another five to 10 years.
The remarks on cyberwar sounded an alarm on the need for better doctrine.
The general compared the current lack of a doctrine on cyberwarfare to the Maginot Line, the concrete fortifications and stationary guns the French erected in World War II that failed to repel the Nazi tank blitz in the German invasion of France.
"Do you believe this network environment we are living in is going to persist for years to come?," he asked "If you believe those things, then we have to start thinking about the validity of a Maginot Line approach to cyber."
The comments on cyberwarfare doctrine were made as the Senate approved by voice vote the promotion of Gen. Keith Alexander, currently director of the National Security Agency, as the first new four-star chief of U.S. Cyber Command, located near NSA headquarters at Fort Meade, Md.
In a speech this week to Ogilvy Public Relations group, James N. Miller, deputy undersecretary of defense for policy, said the Defense Department is currently drafting a new cyberwarfare doctrine. He suggested that the military could respond to a cyber-attack by using conventional armed forces.
Mr. Miller also said that the military has lost enough data to fill the Library of Congress many times over every year due to cyber-attacks.
"Our systems are probed thousands of times a day and scanned millions of times a day," Mr. Miller said, according to the Reuters News Agency.
A U.S. defense contractor, who asked not to be named, said, "We are sitting on our hands waiting for someone to pick a fight with us. And guess what, they do it every day."
Retired Air Force Chief of Staff Gen. Ron Fogleman, speaking on a panel on defense in space and cyberspace, said that in the electronic realm, "it is very useful that every now and then you take a shot across the bow."
The military has said very little publicly about its offensive cyber operations.
According to U.S. officials, most modern militaries have both the ability to launch computer viruses or denial of service attacks.
However, because it is very difficult to trace the origins of such attacks most state-based cyber-attacks are still kept in secret. Military experts have said China, Russia, Iran and North Korea are among the states known to have military cyberwarfare programs.
John Rizzo, the recently retired CIA general counsel, said last week at a breakfast meeting of the American Bar Association that he was envious of the military's legal authorities to conduct attacks on computer networks.
He compared the CIA's cyber work to the military's Title 10 authority to "prepare the battlefield" the legal framework for most Pentagon cyber-attacks.
"I have always been envious of my colleagues at the Department of Defense, under the rubric of Title 10, of preparing the battlefield, they have always been able to operate to my lights with a much wider degree of discretion and autonomy than we lawyers at CIA have had to operate under," he said.
-
.The federal government is launching an expansive program dubbed "Perfect Citizen" to detect cyber assaults on private companies and government agencies running such critical infrastructure as the electricity grid and nuclear-power plants, according to people familiar with the program.
The surveillance by the National Security Agency, the government's chief eavesdropping agency, would rely on a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity suggesting an impending cyber attack, though it wouldn't persistently monitor the whole system, these people said.
Defense contractor Raytheon Corp. recently won a classified contract for the initial phase of the surveillance effort valued at up to $100 million, said a person familiar with the project.
An NSA spokeswoman said the agency had no information to provide on the program. A Raytheon spokesman declined to comment.
Some industry and government officials familiar with the program see Perfect Citizen as an intrusion by the NSA into domestic affairs, while others say it is an important program to combat an emerging security threat that only the NSA is equipped to provide.
"The overall purpose of the [program] is our Government...feel that they need to insure the Public Sector is doing all they can to secure Infrastructure critical to our National Security," said one internal Raytheon email, the text of which was seen by The Wall Street Journal. "Perfect Citizen is Big Brother."
Raytheon declined to comment on this email.
A U.S. military official called the program long overdue and said any intrusion into privacy is no greater than what the public already endures from traffic cameras. It's a logical extension of the work federal agencies have done in the past to protect physical attacks on critical infrastructure that could sabotage the government or key parts of the country, the official said.
U.S. intelligence officials have grown increasingly alarmed about what they believe to be Chinese and Russian surveillance of computer systems that control the electric grid and other U.S. infrastructure. Officials are unable to describe the full scope of the problem, however, because they have had limited ability to pull together all the private data.
Perfect Citizen will look at large, typically older computer control systems that were often designed without Internet connectivity or security in mind. Many of those systems—which run everything from subway systems to air-traffic control networks—have since been linked to the Internet, making them more efficient but also exposing them to cyber attack.
The goal is to close the "big, glaring holes" in the U.S.'s understanding of the nature of the cyber threat against its infrastructure, said one industry specialist familiar with the program. "We don't have a dedicated way to understand the problem."
The information gathered by Perfect Citizen could also have applications beyond the critical infrastructure sector, officials said, serving as a data bank that would also help companies and agencies who call upon NSA for help with investigations of cyber attacks, as Google did when it sustained a major attack late last year.
The U.S. government has for more than a decade claimed a national-security interest in privately owned critical infrastructure that, if attacked, could cause significant damage to the government or the economy. Initially, it established relationships with utility companies so it could, for instance, request that a power company seal a manhole that provides access to a key power line for a government agency.
With the growth in concern about cyber attacks, these relationships began to extend into the electronic arena, and the only U.S. agency equipped to manage electronic assessments of critical-infrastructure vulnerabilities is the NSA, government and industry officials said.
The NSA years ago began a small-scale effort to address this problem code-named April Strawberry, the military official said. The program researched vulnerabilities in computer networks running critical infrastructure and sought ways to close security holes.
That led to initial work on Perfect Citizen, which was a piecemeal effort to forge relationships with some companies, particularly energy companies, whose infrastructure is widely used across the country.
The classified program is now being expanded with funding from the multibillion-dollar Comprehensive National Cybersecurity Initiative, which started at the end of the Bush administration and has been continued by the Obama administration, officials said. With that infusion of money, the NSA is now seeking to map out intrusions into critical infrastructure across the country.
Because the program is still in the early stages, much remains to be worked out, such as which computer control systems will be monitored and how the data will be collected. NSA would likely start with the systems that have the most important security implications if attacked, such as electric, nuclear, and air-traffic-control systems, they said.
Intelligence officials have met with utilities' CEOs and those discussions convinced them of the gravity of the threat against U.S. infrastructure, an industry specialist said, but the CEOs concluded they needed better threat information and guidance on what to do in the event of a major cyber attack.
Experience WSJ professional Editors' Deep Dive: Cybercrime Risks Still GrowingSC MAGAZINE
Anti-Hack: Retaliatory Action Against Digital Attacks
.Information Technology Newsweekly
Many Professionals Leave Mobile Data Security to Chance
.The New York Times
Credit Card Hackers Visit Hotels All Too Often. Access thousands of business sources not available on the free web. Learn More .Some companies may agree to have the NSA put its own sensors on and others may ask for direction on what sensors to buy and come to an agreement about what data they will then share with the government, industry and government officials said.
While the government can't force companies to work with it, it can provide incentives to urge them to cooperate, particularly if the government already buys services from that company, officials said.
Raytheon, which has built up a large cyber-security practice through acquisitions in recent years, is expected to subcontract out some of the work to smaller specialty companies, according to a person familiar with the project.
Write to Siobhan Gorman at siobhan.gorman@wsj.com
-
http://news.yahoo.com/s/csm/20100921/ts_csm/327178
By Mark Clayton Mark Clayton – Tue Sep 21, 3:08 pm ET
Cyber security experts say they have identified the world's first known cyber super weapon designed specifically to destroy a real-world target – a factory, a refinery, or just maybe a nuclear power plant.
The cyber worm, called Stuxnet, has been the object of intense study since its detection in June. As more has become known about it, alarm about its capabilities and purpose have grown. Some top cyber security experts now say Stuxnet's arrival heralds something blindingly new: a cyber weapon created to cross from the digital realm to the physical world – to destroy something.
At least one expert who has extensively studied the malicious software, or malware, suggests Stuxnet may have already attacked its target – and that it may have been Iran's Bushehr nuclear power plant, which much of the world condemns as a nuclear weapons threat.
-
Found this topic first at the link listed immediately below. Sounded sorta wacky so I started exploring the links and settled on the Yahoo story. Big implications if this is true, though I'm curios how code this powerful would be so hard to find on say a thumb drive.
Doug, I'd like to hear your opinion of the zero hedge site listed below.
http://www.zerohedge.com/article/deadf007-stuxnet-secret-weapon-attack-irans-nukes-virus-about-revolutionize-modern-warfare
Stuxnet malware is 'weapon' out to destroy ... Iran's Bushehr nuclear plant?
Buzz up!
By Mark Clayton – Tue Sep 21, 3:08 pm ET
Cyber security experts say they have identified the world's first known cyber super weapon designed specifically to destroy a real-world target – a factory, a refinery, or just maybe a nuclear power plant.
The cyber worm, called Stuxnet, has been the object of intense study since its detection in June. As more has become known about it, alarm about its capabilities and purpose have grown. Some top cyber security experts now say Stuxnet's arrival heralds something blindingly new: a cyber weapon created to cross from the digital realm to the physical world – to destroy something.
At least one expert who has extensively studied the malicious software, or malware, suggests Stuxnet may have already attacked its target – and that it may have been Iran's Bushehr nuclear power plant, which much of the world condemns as a nuclear weapons threat.
The appearance of Stuxnet created a ripple of amazement among computer security experts. Too large, too encrypted, too complex to be immediately understood, it employed amazing new tricks, like taking control of a computer system without the user taking any action or clicking any button other than inserting an infected memory stick. Experts say it took a massive expenditure of time, money, and software engineering talent to identify and exploit such vulnerabilities in industrial control software systems.
Unlike most malware, Stuxnet is not intended to help someone make money or steal proprietary data. Industrial control systems experts now have concluded, after nearly four months spent reverse engineering Stuxnet, that the world faces a new breed of malware that could become a template for attackers wishing to launch digital strikes at physical targets worldwide. Internet link not required.
"Until a few days ago, people did not believe a directed attack like this was possible," Ralph Langner, a German cyber-security researcher, told the Monitor in an interview. He was slated to present his findings at a conference of industrial control system security experts Tuesday in Rockville, Md. "What Stuxnet represents is a future in which people with the funds will be able to buy an attack like this on the black market. This is now a valid concern."
A gradual dawning of Stuxnet's purpose
It is a realization that has emerged only gradually.
Stuxnet surfaced in June and, by July, was identified as a hypersophisticated piece of malware probably created by a team working for a nation state, say cyber security experts. Its name is derived from some of the filenames in the malware. It is the first malware known to target and infiltrate industrial supervisory control and data acquisition (SCADA) software used to run chemical plants and factories as well as electric power plants and transmission systems worldwide. That much the experts discovered right away.
But what was the motive of the people who created it? Was Stuxnet intended to steal industrial secrets – pressure, temperature, valve, or other settings –and communicate that proprietary data over the Internet to cyber thieves?
By August, researchers had found something more disturbing: Stuxnet appeared to be able to take control of the automated factory control systems it had infected – and do whatever it was programmed to do with them. That was mischievous and dangerous.
But it gets worse. Since reverse engineering chunks of Stuxnet's massive code, senior US cyber security experts confirm what Mr. Langner, the German researcher, told the Monitor: Stuxnet is essentially a precision, military-grade cyber missile deployed early last year to seek out and destroy one real-world target of high importance – a target still unknown.
"Stuxnet is a 100-percent-directed cyber attack aimed at destroying an industrial process in the physical world," says Langner, who last week became the first to publicly detail Stuxnet's destructive purpose and its authors' malicious intent. "This is not about espionage, as some have said. This is a 100 percent sabotage attack."
A guided cyber missile
On his website, Langner lays out the Stuxnet code he has dissected. He shows step by step how Stuxnet operates as a guided cyber missile. Three top US industrial control system security experts, each of whom has also independently reverse-engineered portions of Stuxnet, confirmed his findings to the Monitor.
"His technical analysis is good," says a senior US researcher who has analyzed Stuxnet, who asked for anonymity because he is not allowed to speak to the press. "We're also tearing [Stuxnet] apart and are seeing some of the same things."
Other experts who have not themselves reverse-engineered Stuxnet but are familiar with the findings of those who have concur with Langner's analysis.
"What we're seeing with Stuxnet is the first view of something new that doesn't need outside guidance by a human – but can still take control of your infrastructure," says Michael Assante, former chief of industrial control systems cyber security research at the US Department of Energy's Idaho National Laboratory. "This is the first direct example of weaponized software, highly customized and designed to find a particular target."
"I'd agree with the classification of this as a weapon," Jonathan Pollet, CEO of Red Tiger Security and an industrial control system security expert, says in an e-mail.
One researcher's findingsLangner's research, outlined on his website Monday, reveals a key step in the Stuxnet attack that other researchers agree illustrates its destructive purpose. That step, which Langner calls "fingerprinting," qualifies Stuxnet as a targeted weapon, he says.
Langner zeroes in on Stuxnet's ability to "fingerprint" the computer system it infiltrates to determine whether it is the precise machine the attack-ware is looking to destroy. If not, it leaves the industrial computer alone. It is this digital fingerprinting of the control systems that shows Stuxnet to be not spyware, but rather attackware meant to destroy, Langner says.
Stuxnet's ability to autonomously and without human assistance discriminate among industrial computer systems is telling. It means, says Langner, that it is looking for one specific place and time to attack one specific factory or power plant in the entire world.
"Stuxnet is the key for a very specific lock – in fact, there is only one lock in the world that it will open," Langner says in an interview. "The whole attack is not at all about stealing data but about manipulation of a specific industrial process at a specific moment in time. This is not generic. It is about destroying that process."
So far, Stuxnet has infected at least 45,000 industrial control systems around the world, without blowing them up – although some victims in North America have experienced some serious computer problems, Eric Byres, a Canadian expert, told the Monitor. Most of the victim computers, however, are in Iran, Pakistan, India, and Indonesia. Some systems have been hit in Germany, Canada, and the US, too. Once a system is infected, Stuxnet simply sits and waits – checking every five seconds to see if its exact parameters are met on the system. When they are, Stuxnet is programmed to activate a sequence that will cause the industrial process to self-destruct, Langner says.
Langner's analysis also shows, step by step, what happens after Stuxnet finds its target. Once Stuxnet identifies the critical function running on a programmable logic controller, or PLC, made by Siemens, the giant industrial controls company, the malware takes control. One of the last codes Stuxnet sends is an enigmatic “DEADF007.” Then the fireworks begin, although the precise function being overridden is not known, Langner says. It may be that the maximum safety setting for RPMs on a turbine is overridden, or that lubrication is shut off, or some other vital function shut down. Whatever it is, Stuxnet overrides it, Langner’s analysis shows.
"After the original code [on the PLC] is no longer executed, we can expect that something will blow up soon," Langner writes in his analysis. "Something big."
For those worried about a future cyber attack that takes control of critical computerized infrastructure – in a nuclear power plant, for instance – Stuxnet is a big, loud warning shot across the bow, especially for the utility industry and government overseers of the US power grid.
"The implications of Stuxnet are very large, a lot larger than some thought at first," says Mr. Assante, who until recently was security chief for the North American Electric Reliability Corp. "Stuxnet is a directed attack. It's the type of threat we've been worried about for a long time. It means we have to move more quickly with our defenses – much more quickly."
Has Stuxnet already hit its target?It might be too late for Stuxnet's target, Langner says. He suggests it has already been hit – and destroyed or heavily damaged. But Stuxnet reveals no overt clues within its code to what it is after.
A geographical distribution of computers hit by Stuxnet, which Microsoft produced in July, found Iran to be the apparent epicenter of the Stuxnet infections. That suggests that any enemy of Iran with advanced cyber war capability might be involved, Langner says. The US is acknowledged to have that ability, and Israel is also reported to have a formidable offensive cyber-war-fighting capability.
Could Stuxnet's target be Iran's Bushehr nuclear power plant, a facility much of the world condemns as a nuclear weapons threat?
Langner is quick to note that his views on Stuxnet's target is speculation based on suggestive threads he has seen in the media. Still, he suspects that the Bushehr plant may already have been wrecked by Stuxnet. Bushehr's expected startup in late August has been delayed, he notes, for unknown reasons. (One Iranian official blamed the delay on hot weather.)
But if Stuxnet is so targeted, why did it spread to all those countries? Stuxnet might have been spread by the USB memory sticks used by a Russian contractor while building the Bushehr nuclear plant, Langner offers. The same contractor has jobs in several countries where the attackware has been uncovered.
"This will all eventually come out and Stuxnet's target will be known," Langner says. "If Bushehr wasn't the target and it starts up in a few months, well, I was wrong. But somewhere out there, Stuxnet has found its target. We can be fairly certain of that."
http://news.yahoo.com/s/csm/327178
-
It really reminds me of something out of "Daemon" by Daniel Suarez.
-
http://hotair.com/greenroom/archives/2010/09/24/stuxnet-observations-on-a-worm/
Interesting analysis here.
-
http://www.theatlanticwire.com/opinions/view/opinion/Military-Grade-Malware-Spurs-Theories-on-New-Cyberwar-Threat-5158?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheAtlanticWire+%28The+Atlantic+Wire%29
Links to different articles.
-
September 23, 2010
Cyberwar Chief Calls for Secure Computer NetworkBy THOM
SHANKER<http://topics.nytimes.com/top/reference/timestopics/people/s/thom_shanker/index.html?inline=nyt-per>
FORT MEADE, Md. — The new commander of the military’s cyberwarfare
operations is advocating the creation of a separate, secure computer network
to protect civilian government agencies and critical industries like the
nation’s power grid against attacks mounted over the Internet.
The officer, Gen. Keith B. Alexander, suggested that such a heavily
restricted network would allow the government to impose greater protections
for the nation’s vital, official on-line operations. General Alexander
labeled the new network “a secure zone, a protected zone.” Others have
nicknamed it “dot-secure.”
It would provide to essential networks like those that tie together the
banking, aviation, and public utility systems the kind of protection that
the military has built around secret military and diplomatic communications
networks — although even these are not completely invulnerable.
For years, experts have warned of the risks of Internet attacks on civilian
networks. An article published a few months
ago<http://www.nae.edu/Publications/TheBridge/Archives/TheElectricityGrid/18868.aspx[http://www.nae.edu/Publications/TheBridge/Archives/TheElectricityGrid/18868.aspx]>
by
the National Academy of Engineering said that “cyber systems are the
‘weakest link’ in the electricity system,” and that “security must be
designed into the system from the start, not glued on as an afterthought.”
General Alexander, an Army officer who leads the military’s new Cyber
Command, did not explain just where the fence should be built between the
conventional Internet and his proposed secure zone, or how the gates would
be opened to allow appropriate access to information they need every day.
General Alexander said the White House hopes to complete a policy review on
cyber issues in time for Congress to debate updated or new legislation when
it convenes in January.
General Alexander’s new command is responsible for defending Defense
Department computer networks and, if directed by the president, carrying out
computer-network attacks overseas.
But the military is broadly prohibited from engaging in law enforcement
operations on American soil without a presidential order, so the command’s
potential role in assisting the Department of Homeland
Security<http://topics.nytimes.com/top/reference/timestopics/organizations/h/homeland_security_department/index.html?inline=nyt-org>,
the Federal Bureau of
Investigation<http://topics.nytimes.com/top/reference/timestopics/organizations/f/federal_bureau_of_investigation/index.html?inline=nyt-org>
or
the Department of Energy in the event of a major attack inside the United
States has not been set down in law or policy.
“There is a real probability that in the future, this country will get hit
with a destructive attack, and we need to be ready for it,” General
Alexander said in a roundtable with reporters at the National
Cryptologic<http://topics.nytimes.com/top/news/business/companies/cryptologic-ltd/index.html?inline=nyt-org>
Museum
here at Fort Meade in advance of his Congressional testimony on Thursday
morning.
“I believe this is one of the most critical problems our country faces,” he
said. “We need to get that right. I think we have to have a discussion about
roles and responsibilities: What’s the role of Cyber Command? What’s the
role of the ‘intel’ community? What’s the role of the rest of the Defense
Department? What’s the role of D.H.S.? And how do you make that team work?
That’s going to take time.”
Some critics have questioned whether the Defense Department can step up
protection of vital computer networks without crashing against the public’s
ability to live and work with confidence on the Internet. General Alexander
said, “We can protect civil liberties and privacy and still do our mission.
We’ve got to do that.”
Speaking of the civilian networks that are at risk, he said: “If one of
those destructive attacks comes right now, I’m focused on the Defense
Department. What are the responsibilities — and I think this is part of the
discussion — for the power grid, for financial networks, for other critical
infrastructure? How do you protect the country when it comes to that kind of
attack, and who is responsible for it?”
As General Alexander prepared for his testimony before the House Armed
Services Committee, the ranking Republican on the panel, Howard P. McKeon of
California, noted the Pentagon’s progress in expanding its cyber
capabilities.
But he said that “many questions remain as to how Cyber Command will meet
such a broad mandate” given the clear “vulnerabilities in cyberspace.”
The committee chairman, Rep. Ike Skelton, Democrat of Missouri, said that
“cyberspace is an environment where distinctions and divisions between
public and private, government and commercial, military and nonmilitary are
blurred.” He said that it is important “that we engage in this discussion in
a very direct way and include the public.”
--------------------------------------------------------------------------
-
http://news.yahoo.com/s/csm/20100921/ts_csm/327178
-
Breaking News Alert
The New York Times
Mon, September 27, 2010 -- 12:46 AM ET
-----
U.S. Is Working to Ease Wiretapping on the Internet
Federal law enforcement and national security officials are
preparing to seek sweeping new regulations for the Internet,
arguing that their ability to wiretap criminal and terrorism
suspects is "going dark" as people increasingly communicate
online instead of by telephone.
Essentially, officials want Congress to require all services
that enable communications -- including encrypted e-mail
transmitters like BlackBerry, social networking Web sites
like Facebook and software that allows direct "peer to peer"
messaging like Skype -- to be technically capable of
complying if served with a wiretap order. The mandate would
include being able to intercept and unscramble encrypted
messages.
Read More:
http://www.nytimes.com/2010/09/27/us/27wiretap.html?emc=na
-
second post of the morning:
http://www.infoworld.com/t/malware/stuxnet-worm-iran-mainstream-media-global-nuclear-meltdown-796?page=0,0
-
http://www.infowars.com/lieberman-china-can-shut-down-the-internet-why-cant-we/
This site is often quite irresponsible so read with care. Caveat lector!
-
In a Computer Worm, a Possible Biblical Clue
By JOHN MARKOFF and DAVID E. SANGER
Published: September 29, 2010
Deep inside the computer worm that some specialists suspect is aimed at slowing Iran’s race for a nuclear weapon lies what could be a fleeting reference to the Book of Esther, the Old Testament tale in which the Jews pre-empt a Persian plot to destroy them.
That use of the word “Myrtus” — which can be read as an allusion to Esther — to name a file inside the code is one of several murky clues that have emerged as computer experts try to trace the origin and purpose of the rogue Stuxnet program, which seeks out a specific kind of command module for industrial equipment.
Not surprisingly, the Israelis are not saying whether Stuxnet has any connection to the secretive cyberwar unit it has built inside Israel’s intelligence service. Nor is the Obama administration, which while talking about cyberdefenses has also rapidly ramped up a broad covert program, inherited from the Bush administration, to undermine Iran’s nuclear program. In interviews in several countries, experts in both cyberwar and nuclear enrichment technology say the Stuxnet mystery may never be solved.
There are many competing explanations for myrtus, which could simply signify myrtle, a plant important to many cultures in the region. But some security experts see the reference as a signature allusion to Esther, a clear warning in a mounting technological and psychological battle as Israel and its allies try to breach Tehran’s most heavily guarded project. Others doubt the Israelis were involved and say the word could have been inserted as deliberate misinformation, to implicate Israel.
“The Iranians are already paranoid about the fact that some of their scientists have defected and several of their secret nuclear sites have been revealed,” one former intelligence official who still works on Iran issues said recently. “Whatever the origin and purpose of Stuxnet, it ramps up the psychological pressure.”
So a calling card in the code could be part of a mind game, or sloppiness or whimsy from the coders.
The malicious code has appeared in many countries, notably China, India, Indonesia and Iran. But there are tantalizing hints that Iran’s nuclear program was the primary target. Officials in both the United States and Israel have made no secret of the fact that undermining the computer systems that control Iran’s huge enrichment plant at Natanz is a high priority. (The Iranians know it, too: They have never let international inspectors into the control room of the plant, the inspectors report, presumably to keep secret what kind of equipment they are using.)
The fact that Stuxnet appears designed to attack a certain type of Siemens industrial control computer, used widely to manage oil pipelines, electrical power grids and many kinds of nuclear plants, may be telling. Just last year officials in Dubai seized a large shipment of those controllers — known as the Simatic S-7 — after Western intelligence agencies warned that the shipment was bound for Iran and would likely be used in its nuclear program.
“What we were told by many sources,” said Olli Heinonen, who retired last month as the head of inspections at the International Atomic Energy Agency in Vienna, “was that the Iranian nuclear program was acquiring this kind of equipment.”
Also, starting in the summer of 2009, the Iranians began having tremendous difficulty running their centrifuges, the tall, silvery machines that spin at supersonic speed to enrich uranium — and which can explode spectacularly if they become unstable. In New York last week, Iran’s president, Mahmoud Ahmadinejad, shrugged off suggestions that the country was having trouble keeping its enrichment plants going.
Yet something — perhaps the worm or some other form of sabotage, bad parts or a dearth of skilled technicians — is indeed slowing Iran’s advance.
The reports on Iran show a fairly steady drop in the number of centrifuges used to enrich uranium at the main Natanz plant. After reaching a peak of 4,920 machines in May 2009, the numbers declined to 3,772 centrifuges this past August, the most recent reporting period. That is a decline of 23 percent. (At the same time, production of low-enriched uranium has remained fairly constant, indicating the Iranians have learned how to make better use of fewer working machines.)
Computer experts say the first versions of the worm appeared as early as 2009 and that the sophisticated version contained an internal time stamp from January of this year.
These events add up to a mass of suspicions, not proof. Moreover, the difficulty experts have had in figuring out the origin of Stuxnet points to both the appeal and the danger of computer attacks in a new age of cyberwar.
For intelligence agencies they are an almost irresistible weapon, free of fingerprints. Israel has poured huge resources into Unit 8200, its secretive cyberwar operation, and the United States has built its capacity inside the National Security Agency and inside the military, which just opened a Cyber Command.
But the near impossibility of figuring out where they came from makes deterrence a huge problem — and explains why many have warned against the use of cyberweapons. No country, President Obama was warned even before he took office, is more vulnerable to cyberattack than the United States.
=========
Page 2 of 2)
For now, it is hard to determine if the worm has infected centrifuge controllers at Natanz. While the S-7 industrial controller is used widely in Iran, and many other countries, even Siemens says it does not know where it is being used. Alexander Machowetz, a spokesman in Germany for Siemens, said the company did no business with Iran’s nuclear program. “It could be that there is equipment,” he said in a telephone interview. “But we never delivered it to Natanz.”
But Siemens industrial controllers are unregulated commodities that are sold and resold all over the world — the controllers intercepted in Dubai traveled through China, according to officials familiar with the seizure.
Ralph Langner, a German computer security consultant who was the first independent expert to assert that the malware had been “weaponized” and designed to attack the Iranian centrifuge array, argues that the Stuxnet worm could have been brought into the Iranian nuclear complex by Russian contractors.
“It would be an absolute no-brainer to leave an infected USB stick near one of these guys,” he said, “and there would be more than a 50 percent chance of having him pick it up and infect his computer.”
There are many reasons to suspect Israel’s involvement in Stuxnet. Intelligence is the single largest section of its military and the unit devoted to signal, electronic and computer network intelligence, known as Unit 8200, is the largest group within intelligence.
Yossi Melman, who covers intelligence for the newspaper Haaretz and is at work on a book about Israeli intelligence over the past decade, said in a telephone interview that he suspected that Israel was involved.
He noted that Meir Dagan, head of Mossad, had his term extended last year partly because he was said to be involved in important projects. He added that in the past year Israeli estimates of when Iran will have a nuclear weapon had been extended to 2014.
“They seem to know something, that they have more time than originally thought,” he said.
Then there is the allusion to myrtus — which may be telling, or may be a red herring.
Several of the teams of computer security researchers who have been dissecting the software found a text string that suggests that the attackers named their project Myrtus. The guava fruit is part of the Myrtus family, and one of the code modules is identified as Guava.
It was Mr. Langner who first noted that Myrtus is an allusion to the Hebrew word for Esther. The Book of Esther tells the story of a Persian plot against the Jews, who attacked their enemies pre-emptively.
“If you read the Bible you can make a guess,” said Mr. Langner, in a telephone interview from Germany on Wednesday.
Carol Newsom, an Old Testament scholar at Emory University, confirmed the linguistic connection between the plant family and the Old Testament figure, noting that Queen Esther’s original name in Hebrew was Hadassah, which is similar to the Hebrew word for myrtle. Perhaps, she said, “someone was making a learned cross-linguistic wordplay.”
But other Israeli experts said they doubted Israel’s involvement. Shai Blitzblau, the technical director and head of the computer warfare laboratory at Maglan, an Israeli company specializing in information security, said he was “convinced that Israel had nothing to do with Stuxnet.”
“We did a complete simulation of it and we sliced the code to its deepest level,” he said. “We have studied its protocols and functionality. Our two main suspects for this are high-level industrial espionage against Siemens and a kind of academic experiment.”
Mr. Blitzblau noted that the worm hit India, Indonesia and Russia before it hit Iran, though the worm has been found disproportionately in Iranian computers. He also noted that the Stuxnet worm has no code that reports back the results of the infection it creates. Presumably, a good intelligence agency would like to trace its work.
-
How Stuxnet is Scaring the Tech World Half to Death
BY Jonathan V. Last
September 30, 2010 2:30 PM
The computer worm Stuxnet broke out of the tech underworld and into the mass media this week. It’s an amazing story: Stuxnet has infected roughly 45,000 computers. Sixty percent of these machines happen to be in Iran. Which is odd. What is odder still is that Stuxnet is designed specifically to attack a computer system using software from Siemens which controls industrial facilities such as factories, oil refineries, and oh, by the way, nuclear power plants. As you might imagine, Stuxnet raises big, interesting geo-strategic questions. Did a state design it as an attack on the Iranian nuclear program? Was it a private group of vigilantes? Some combination of the two? Or something else altogether?
But it’s worth pausing to contemplate Stuxnet on its own terms, and understand why the tech nerds were so doomsday-ish about it in the first place. We should start at the beginning.
A computer worm is distinct from a virus. A virus is a piece of code which attaches itself to other programs. A worm is a program by itself, which exists on its own within a computer. A good (meaning really bad) worm must do several things quite subtly: It must find its way onto the first machine by stealth. While a resident, it must remain concealed. Then it must have another stealthy method of propagating to other computers. And finally, it must have a purpose. Stuxnet achieved all of these goals with astounding elegance.
The Stuxnet worm was first discovered on June 17, 2010 by VirusBlokAda, a digital security company in Minsk. Over the next few weeks, tech security firms began trying to understand the program, but the overall response was slow because Stuxnet was so sophisticated. On July 14, Siemens was notified of the danger Stuxnet posed to its systems. At the time, it was believed that Stuxnet exploited a “zero day” vulnerability (that is, a weak point in the code never foreseen by the original programmers) in Microsoft’s Windows OS. Microsoft moved within days to issue a patch.
By August, the details of Stuxnet were becoming clearer. Researchers learned troubling news: The virus sought to over-ride supervisory control and data acquisition (SCADA) systems in Siemens installations. SCADA systems are not bits of virtual ether—they control all sorts of important industrial functions. As the Christian Science Monitor notes, a SCADA system could, for instance, override the maximum safety setting for RPMs on a turbine. Cyber security giant Symantec warned:
Stuxnet can potentially control or alter how [an industrial] system operates. A previous historic example includes a reported case of stolen code that impacted a pipeline. Code was secretly “Trojanized’” to function properly and only some time after installation instruct the host system to increase the pipeline’s pressure beyond its capacity. This resulted in a three kiloton explosion, about 1/5 the size of the Hiroshima bomb.
As the days ticked by, Microsoft realized that Stuxnet was using not just one zero-day exploit but four of them. Symantec’s Liam O’Murchu told Computer World, “Using four zero-days, that’s really, really crazy. We’ve never seen that before.”
Still, no one knew where Stuxnet had come from. A version of the worm from June 2009 was discovered and when the worm’s encryption was finally broken, a digital time stamp on one of the components (the ~wtr4141.tmp file, in case you’re keeping score at home) put the time of compilation—the worm’s birthday—as February 3, 2009.
The functionality of Stuxnet is particularly interesting. The worm gains initial access to a system through a simple USB drive. When an infected USB drive is plugged into a machine, the computer does a number of things automatically. One of them is that it pulls up icons to be displayed on your screen to represent the data on the drive. Stuxnet exploited this routine to pull the worm onto the computer. The problem, then, is that once on the machine, the worm becomes visible to security protocols, which constantly query files looking for malware. To disguise itself, Stuxnet installs what’s called a “rootkit”—essentially a piece of software which intercepts the security queries and sends back false “safe” messages, indicating that the worm is innocuous.
The trick is that installing a rootkit requires using drivers, which Windows machines are well-trained to be suspicious of. Windows requests that all drivers provide verification that they’re on the up-and-up through presentation of a secure digital signature. These digital keys are closely-guarded secrets. Yet Stuxnet’s malicious drivers were able to present genuine signatures from two genuine computer companies, Realtek Semiconductor and JMichron Technologies. Both firms have offices in the same facility, Hsinchu Science Park, in Taiwan. No one knows how the Stuxnet creators got hold of these keys, but it seems possible that they were physically—as opposed to digitally—stolen.
So the security keys enable the drivers, which allow the installation of the rootkit, which hides the worm that was delivered by the corrupt USB drive. Stuxnet’s next job was to propagate itself efficiently, but quietly. Whenever another USB drive was inserted into an infected computer, it becomes infected, too. But in order to reduce visibility and avoid detection, the Stuxnet creators set up a system so that each infected USB drive could only pass the worm on to three other computers.
Stuxnet was not designed to spread over the Internet at large. (We think.) It was, however, able to spread over local networks—primarily by using the print spooler that runs printers shared by a group of computers. And once it reached a computer with access to the Internet it began communicating with a command-and-control server—the Stuxnet mothership. The C&C servers were located in Denmark and Malaysia and were taken off-line after they were discovered. But while they were operational, Stuxnet would contact them to deliver information it had gathered about the system it had invaded and to request updated versions of itself. You see, the worm’s programmers had also devised a peer-to-peer sharing system by which a Stuxnet machine in contact with C&C would download newer versions of itself and then use it to update the older worms on the network.
And then there’s the actual payload. Once a resident of a Windows machine, Stuxnet sought out systems running the WinCC and PCS 7 SCADA programs. It then began reprogramming the programmable logic control (PLC) software and making changes in a piece of code called Operational Block 35. It’s this last bit—the vulnerability of PLC—which is at the heart of the concern about Stuxnet. A normal worm has Internet consequences. It might eat up bandwidth or slow computers down or destroy code or even cost people money. But PLC protocols interact with real-world machinery – for instance, turn this cooling system on when a temperature reaches a certain point, shut that electrical system off if the load exceeds a given level, and so on.
To date, no one knows exactly what Stuxnet was doing in the Siemens PLC. “It’s looking for specific things in specific places in these PLC devices,” Digital Bond CEO Dale Peterson told PC World. “And that would really mean that it’s designed to look for a specific plant.” Tofino Security Chief Technology Officer Eric Byres was even more ominous, saying, “The only thing I can say is that it is something designed to go bang.” Even the worm’s code suggests calamity. Ralph Langner is the most prominent Stuxnet sleuth and he notes that one of the last bits of code in the worm is the line “DEADF007.” (Presumably a dark joke about “deadf*ckers” and the James Bond call-sign “007.") “After the original code is no longer executed, we can expect that something will blow up soon,” Langner says somewhat dramatically. “Something big.”
The most important question is what that “something big” might be.
But there is another intriguing question: How did Stuxnet spread as far as it did? The worm is, as a physical piece of code, very large. It’s written in multiple languages and weighs in at nearly half a megabyte, which is one of the reasons there are still many pieces of it that we don’t understand. And one of those puzzles is how Stuxnet found its way onto so many computers so far away from one another. Iran is the epicenter, but Stuxnet is found in heavy concentrations in Pakistan, Indonesia, and India, too, and even as far away as Russia, Uzbekistan, and Azerbaijan. By the standards of modern worms, the 45,000 computers infected by Stuxnet is piddling. But if Stuxnet really can only propagate via local networks and USB drives, how did it reach even that far?
Stuxnet is already the most studied piece of malware ever, absorbing the attention of engineers and programmers across the globe, from private companies to academics, to government specialists. And yet despite this intense scrutiny, the worm still holds many secrets.
Source URL: http://www.weeklystandard.com/blogs/how-stuxnet-scaring-tech-world-half-death
-
October 1, 2010, 11:25 AM
There's a new cyber-weapon on the block. And it's a doozy. Stuxnet, a malicious software, or malware, program was apparently first discovered in June.
Although it has appeared in India, Pakistan and Indonesia, Iran's industrial complexes - including its nuclear installations - are its main victims.
Stuxnet operates as a computer worm. It is inserted into a computer system through a USB port rather than over the Internet, and is therefore capable of infiltrating networks that are not connected to the Internet.
Hamid Alipour, deputy head of Iran's Information Technology Company, told reporters Monday that the malware operated undetected in the country's computer systems for about a year.
After it enters a network, this super-intelligent program figures out what it has penetrated and then decides whether or not to attack. The sorts of computer systems it enters are those that control critical infrastructures like power plants, refineries and other industrial targets.
Ralph Langner, a German computer security researcher who was among the first people to study Stuxnet, told various media outlets that after Stuxnet recognizes its specific target, it does something no other malware program has ever done. It takes control of the facility's SCADA (supervisory control and data acquisition system) and through it, is able to destroy the facility.
No other malware program has ever managed to move from cyberspace to the real world. And this is what makes Stuxnet so revolutionary. It is not a tool of industrial espionage. It is a weapon of war.
From what researchers have exposed so far, Stuxnet was designed to control computer systems produced by the German engineering giant Siemens. Over the past generation, Siemens engineering tools, including its industrial software, have been the backbone of Iran's industrial and military infrastructure. Siemens computer software products are widely used in Iranian electricity plants, communication systems and military bases, and in the country's Russian-built nuclear power plant at Bushehr.
The Iranian government has acknowledged a breach of the computer system at Bushehr. The plant was set to begin operating next month, but Iranian officials announced the opening would be pushed back several months due to the damage wrought by Stuxnet. On Monday, Channel 2 reported that Iran's Natanz uranium enrichment facility was also infected by Stuxnet.
On Tuesday, Alipour acknowledged that Stuxnet's discovery has not mitigated its destructive power.
As he put it, "We had anticipated that we could root out the virus within one to two months. But the virus is not stable and since we started the cleanup process, three new versions of it have been spreading."
While so far no one has either taken responsibility for Stuxnet or been exposed as its developer, experts who have studied the program agree that its sophistication is so vast that it is highly unlikely a group of privately financed hackers developed it. Only a nation-state would have the financial, manpower and other resources necessary to develop and deploy Stuxnet, the experts argue.
Iran has pointed an accusatory finger at the US, Israel and India. So far, most analysts are pointing their fingers at Israel. Israeli officials, like their US counterparts, are remaining silent on the subject.
While news of a debilitating attack on Iran's nuclear installations is a cause for celebration, at this point, we simply do not know enough about what has happened and what is continuing to happen at Iran's nuclear installations to make any reasoned evaluation about Stuxnet's success or failure. Indeed, The New York Times has argued that since Stuxnet worms were found in Siemens software in India, Pakistan and Indonesia as well as Iran, reporting, "The most striking aspect of the fast-spreading malicious computer program... may not have been how sophisticated it was, but rather how sloppy its creators were in letting a specifically aimed attack scatter randomly around the globe."
ALL THAT we know for certain is that Stuxnet is a weapon and it is currently being used to wage a battle. We don't know if Israel is involved in the battle or not. And if Israel is a side in the battle, we don't know if we're winning or not.
But still, even in our ignorance about the details of this battle, we still know enough to draw a number of lessons from what is happening.
Stuxnet's first lesson is that it is essential to be a leader rather than a follower in technology development. The first to deploy new technologies on a battlefield has an enormous advantage over his rivals. Indeed, that advantage may be enough to win a war.
But from the first lesson, a second immediately follows. A monopoly in a new weapon system is always fleeting. The US nuclear monopoly at the end of World War II allowed it to defeat Imperial Japan and bring the war to an end in allied victory.
Once the US exposed its nuclear arsenal, however, the Soviet Union's race to acquire nuclear weapons of its own began. Just four years after the US used its nuclear weapons, it found itself in a nuclear arms race with the Soviets. America's possession of nuclear weapons did not shield it from the threat of their destructive power.
The risks of proliferation are the flipside to the advantage of deploying new technology. Warning of the new risks presented by Stuxnet, Melissa Hathaway, a former US national cybersecurity coordinator, told the Times, "Proliferation is a real problem, and no country is prepared to deal with it. All of these [computer security] guys are scared to death. We have about 90 days to fix this [new vulnerability] before some hacker begins using it."
Then there is the asymmetry of vulnerability to cyberweapons. A cyberweapon like Stuxnet threatens nation-states much more than it threatens a non-state actor that could deploy it in the future. For instance, a cyber-attack of the level of Stuxnet against the likes of Hizbullah or al-Qaida by a state like Israel or the US would cause these groups far less damage than a Hizbullah or al-Qaida cyber-attack of the quality of Stuxnet launched against a developed country like Israel or the US.
In short, like every other major new weapons system introduced since the slingshot, Stuxnet creates new strengths as well as new vulnerabilities for the states that may wield it.
As to the battle raging today in Iran's nuclear facilities, even if the most optimistic scenario is true, and Stuxnet has crippled Iran's nuclear installations, we must recognize that while a critical battle was won, the war is far from over.
A war ends when one side permanently breaks its enemy's ability and will to fight it. This has clearly not happened in Iran.
Iranian President Mahmoud Ahmadinejad made it manifestly clear during his visit to the US last week that he is intensifying, not moderating, his offensive stance towards the US, Israel and the rest of the free world. Indeed, as IDF Deputy Chief of Staff Maj.-Gen. Benny Ganz noted last week, "Iran is involved up to its neck in every terrorist activity in the Middle East."
So even in the rosiest scenario, Israel or some other government has just neutralized one threat - albeit an enormous threat - among a panoply of threats that Iran poses. And we can be absolutely certain that Iran will take whatever steps are necessary to develop new ways to threaten Israel and its other foes as quickly as possible.
What this tells us is that if Stuxnet is an Israeli weapon, while a great achievement, it is not a revolutionary weapon. While the tendency to believe that we have found a silver bullet is great, the fact is that fielding a weapon like Stuxnet does not fundamentally change Israel's strategic position. And consequently, it should have no impact on Israel's strategic doctrine.
In all likelihood, assuming that Stuxnet has significantly debilitated Iran's nuclear installations, this achievement will be a one-off. Just as the Arabs learned the lessons of their defeat in 1967 and implemented those lessons to great effect in the war in 1973, so the Iranians - and the rest of Israel's enemies - will learn the lessons of Stuxnet.
SO IF we assume that Stuxnet is an Israeli weapon, what does it show us about Israel's position vis-à-vis its enemies? What Stuxnet shows is that Israel has managed to maintain its technological advantage over its enemies. And this is a great relief. Israel has survived since 1948 despite our enemies' unmitigated desire to destroy us because we have continuously adapted our tactical advantages to stay one step ahead of them. It is this adaptive capability that has allowed Israel to win a series of one-off battles that have allowed it to survive.
But again, none of these one-off battles were strategic game-changers. None of them have fundamentally changed the strategic realities of the region. This is the case because they have neither impacted our enemies' strategic aspiration to destroy us, nor have they mitigated Israel's strategic vulnerabilities. It is the unchanging nature of these vulnerabilities since the dawn of modern Zionism that gives hope to our foes that they may one day win and should therefore keep fighting.
Israel has two basic strategic vulnerabilities.
The first is Israel's geographic minuteness, which attracts invaders. The second vulnerability is Israel's political weakness both at home and abroad, which make it impossible to fight long wars.
Attentive to these vulnerabilities, David Ben- Gurion asserted that Israel's military doctrine is the twofold goal to fight wars on our enemies' territory and to end them as swiftly and as decisively as possible. This doctrine remains the only realistic option today, even if Stuxnet is in our arsenal.
It is important to point this plain truth out today as the excitement builds about Stuxnet, because Israel's leaders have a history of mistaking tactical innovation and advantage with strategic transformation. It was our leaders' failure to properly recognize what happened in 1967 for the momentary tactical advantage it was that led us to near disaster in 1973.
Since 1993, our leaders have consistently mistaken their adoption of the West's land-forpeace paradigm as a strategic response to Israel's political vulnerability. The fact that the international assault on Israel's right to exist has only escalated since Israel embraced the landfor- peace paradigm is proof that our leaders were wrong. Adopting the political narrative of our enemies did not increase Israel's political fortunes in Europe, the US or the UN.
So, too, our leaders have mistaken Israel's air superiority for a strategic answer to its geographical vulnerability. The missile campaigns the Palestinians and Lebanese have waged against the home front in the aftermath of Israel's withdrawals from Gaza and south Lebanon show clearly that air supremacy does not make up for geographic vulnerability. It certainly does not support a view that strategic depth is less important than it once was.
We may never know if Stuxnet was successful or if Stuxnet is Israeli. But what we do know is that we cannot afford to learn the wrong lessons from its achievements.
http://www.carolineglick.com/e/2010/10/the-lessons-of-stuxnet.php
-
I gather that the Chinese military has identified our reliance on cybertechnology to be a major weak link for our military and that therefore they are applying considerable effort and intelligence to how they can disable our capabilities via this sort of thing.
-
Yup. Part of the PLA's "Assassin's Mace" military doctrine.
http://blogs.forbes.com/jedbabbin/2010/09/24/the-cyberwar-surge/
According to the Pentagon’s 2007 Report on Chinese Military Power, “In 2005, the PLA began to incorporate offensive [Computer Network Operations] into its exercises, primarily in first strikes against enemy networks.”
Chinese military doctrine now includes what they call “assassin’s mace” (sha shou jian) programs which are asymmetric warfare strategies devised to take advantage of Chinese advantages in technology against vulnerabilities of potential adversaries. Cyberwar is first among equals among the assassin’s mace programs.
-
Politics
Internet Traffic from U.S. Government Websites Was Redirected Via Chinese Servers
By Joshua Rhett Miller
Published November 16, 2010
When 15 percent of the world's Internet traffic -- including the Pentagon, Defense Secretary Robert Gates office, the Senate and several U.S. government agencies — was redirected last April onto computer routers in China, it also may have left the sites vulnerable to surveillance — or worse.
Nearly 15 percent of the world's Internet traffic -- including data from the Pentagon, the office of Defense Secretary Robert Gates and other U.S. government websites -- was briefly redirected through computer networks in China last April, according to a congressional commission report obtained by FoxNews.com.
It was not immediately clear whether the incident was deliberate, but the April 18 redirection could have enabled malicious activities and potentially caused an unintended "diversion of data" from many U.S. government, military and commercial websites, the U.S.-China Economic and Security Review Commission states in a 316-page report to Congress.
A draft copy of the report was obtained on Tuesday by FoxNews.com. The final 2010 annual report to Congress will be released during a press conference in Washington on Wednesday.
According to the draft report, a state-owned Chinese telecommunications firm, China Telecom, "hijacked" massive volumes of Internet traffic during the 18-minute incident. It affected traffic to and from .gov and .mil websites in the United States, as well as websites for the Senate, all four military services, the office of the Secretary of Defense, the National Oceanic and Atmospheric Administration and "many others," including websites for firms like Dell, Yahoo, IBM and Microsoft.
"Although the Commission has no way to determine what, if anything, Chinese telecommunications firms did to the hijacked data, incidents of this nature could have a number of serious implications," the report reads. "This level of access could enable surveillance of specific users or sites."
Citing a separate cyberattack against Google's operations in China earlier this year, the report notes China's history of "malicious computer activities" that "raise questions about whether China might seek intentionally to leverage these abilities to assert some level of control over the Internet, even for a brief period."
The report continues, "Any attempt to do this would likely be counter to the interests of the United States and other countries. At the very least, these incidents demonstrate the inherent vulnerabilities in the Internet's architecture that can affect all Internet users and beneficiaries at home and abroad."
Chris Smoak, a research scientist at the Georgia Tech Research Institute, said, whether intentional or accidental, incidents like the one on April 18 occur "two or three times a year" as large amounts of data are routed through multiple nations. He declined to indicate whether he believes the incident was deliberate.
"There's no way to really say," Smoak said. "Due to the short duration, it's very difficult to say."
Smoak said security vulnerabilities pertaining to Internet routing processes is one of the more "unfortunate aspects" of the digital age.
"They weren't designed with security in mind, they were designed with performance in mind and the end result," he said referring to the routing system. "We're very susceptible in that anyone could do this at any time."
The report details how the Internet routing process is susceptible to manipulation and lists how the exchange of data between networking equipment typically relies on "trust-based" transactions.
The report reads: "If a computer user in California, for example, seeks to visit a website hosted in Texas, the data would likely make several 'hops' (that is, transit multiple servers) along the way," the report reads. "Data are supposed to travel along the most efficient route. However, Internet infrastructure does not necessarily correlate to the geographical world in a predictable way, so it would be unusual for data to transit a server physically located in Georgia, or some other somewhat removed location."
The process, however, could be subject to manipulation if networking equipment in a remote location, such as China, advertised a route claiming to be the most efficient data path. Effectively, Smoak said, the servers will try to get the information to its destination by the fastest means possible, but the data could conceivably be censored or changed altogether.
"It's an unfortunate aspect of the technology we use today," Smoak said. "It's all based on trust."
Sam Masiello, director of threat management at McAfee, said the security breach could have been potentially "very damaging" given the large amounts of data transferred across the Internet every second.
"It could potentially be very damaging, the reason being you don't know what traffic was being routed to those servers at the time," Masiello told FoxNews.com. "But if you're the criminal, how do you identify [sensitive information]? It's like trying to find a very small needle in a very, very large haystack."
Masiello said he did not find any evidence leading him to believe that the incident was intentional, but noted increasing number of cyberattacks emanating from China.
"We've certainly seen a lot of Internet crime coming out of China and a lot of criminals that are based out of China, but as far as an actual link back to China Telecom, it's very difficult to say," Masiello said. "Who's to say criminals did not get into China Telecom? But the fact of the matter remains, we've seen a lot of cybercrime emanating out of China in the past year."
Regardless of the intention behind the breach, Masiello concluded: "This type of attack shows there is a vulnerability in the Internet system, even if someone if able to hijack it for a very short period of time."
-
http://www.hstoday.us/content/view/15498/188/
By Michael Isikoff National investigative correspondent
NBC News NBC News
updated 11/22/2010 5:52:27 AM ET 2010-11-22T10:52:27
WASHINGTON — How did a hacker in Malaysia manage to penetrate a computer network operated by the Federal Reserve Bank of Cleveland?
And what was the same accused cybercriminal doing this summer when he allegedly tapped into the secure computers of a large Defense Department contractor that managed systems for military transport movements and other U.S. military operations?
Those are among the puzzling questions raised by allegations against Lin Mun Poo, a 32-year-old Malaysia native whose case illustrates the mounting national secrets threats posed by overseas cyberattacks, U.S. law enforcement and intelligence officials tell NBC News.
The U.S. government’s case against Poo, who was arraigned in federal court in Brooklyn on Monday and entered a plea of not guilty, has so far gotten little attention. But many of the allegations against him seem alarming on their face, according to cybercrime experts. "This is scary stuff," said one U.S. law enforcement official.
Poo was arrested by Secret Service agents last month shortly after flying into New York's John F. Kennedy airport with a "heavily encrypted" laptop computer containing a "massive quantity of stolen financial account data," including more than 400,000 credit card, debit card and bank account numbers, according to a letter filed by federal prosecutors last week laying out a "factual proffer" of their evidence against Poo. [ Click here to read the prosecutors' letter in PDF format.]
He later confessed to federal agents that he had gotten the credit and bank card data by tapping into the computer networks of "several major international banks" and companies, and that he expected to use the data for personal profit, either by selling it or trading it, according to the prosecutors' letter.
Poo's court-appointed lawyer did not respond to a request from NBC News for comment.
'Impressive level of criminal activity'
But far more disturbing, according to U.S. intelligence officials and computer crime experts, was his penetration of both a Federal Reserve network of 10 computers in Cleveland as well as the secure networks of a "major" Defense Department contractor. According to the prosecutors' letter, the Pentagon contractor, which has not been identified, provides system management for military transport and other "highly-sensitive military operations."
"To have the skills to break into highly sensitive systems like that is an impressive level of criminal activity," said Kurt Baumgartner, a senior security researcher for Kaspersky Lab, a computer security firm.
While there is much about Poo's alleged activities that remain unexplained — including his purpose in accessing the military contractor's computers — his case underscores the continued vulnerabilities of computer networks that are critical to the country’s national security, U.S. intelligence experts said.
"If a guy from Malaysia can get into networks like this, you can imagine what the Chinese and Russians, the people with real capabilities, are able to do," said one former senior U.S. intelligence official, who monitored cyberthreats and asked for anonymity in order to speak candidly.
In fact, the penetration of sensitive national security computers by overseas hackers — many of them believed to be state sponsored — is rapidly emerging as one of the country’s most alarming national security threats, officials said. And the threat is not just from foreign governments and for-profit hackers. Officials have also expressed worries that terrorist groups may be capable of the same sorts of sophisticated penetrations.
U.S. Undersecretary of Defense Bill Lynn recently disclosed in a Foreign Affairs article that the Pentagon suffered a significant compromise of its classified military computer networks in 2008, when officials discovered that a malicious computer code had been inserted into a U.S. military laptop at a base in the Middle East. ( Click here to read the Foreign Affairs article, registration required.)
The flash drive's code was placed there by a "foreign intelligence agency," Lynn wrote, and quickly spread to the classified network run by the U.S. Central Command. This in turn prompted a Pentagon operation to neutralize the penetration, which was code-named "Buckshot Yankee," according to Lynn’s article.
"There was massive concern about that," the former U.S. intelligence official said of the 2008 penetration. "People were freaked out."
The foreign intelligence agency was widely believed to be Russia's, the former official said. The country's agents were attempting to "exfiltrate" data from the classified Central Command computers, but Pentagon officials were never able to determine whether they had succeeded in doing so, the official added.
That same year, in an incident first reported by Newsweek in November and later amplified in Bob Woodward's recent book, "Obama's Wars," Chinese hackers penetrated the campaign computers of the Barack Obama and John McCain presidential campaigns, prompting the Bush White House to advise both camps to take countermeasures to protect their data.
Related article: China web hijacking shows Net at risk
As Lynn presented the problem in his article, the penetrations of U.S. military data are growing "exponentially," one of the key reasons the Pentagon recently set up the United States Cyber Command to beef up defenses.
"Every day, U.S. military and civilian networks are probed thousands of times and scanned millions of times," Lynn wrote. "Adversaries have acquired thousands of files from U.S. networks and from the networks of U.S. allies and industry partners, including weapons blueprints, operational plans and surveillance data."
So far, it is unclear whether Poo’s alleged hacking created any comparable compromise of sensitive U.S. government data. Federal prosecutors allege that he hacked into the Federal Reserve computers in Cleveland by transmitting "malicious" computer codes and commands and that the attack resulted in "thousands of dollars in damages" that affected "10 or more" Federal Reserve computers.
Advertisement | ad info
But June Gates, a spokeswoman for the Federal Reserve in Cleveland, said the penetration was restricted to a network of "test" computers used for checking out new software and applications and did not contain sensitive Federal Reserve data about banks in the region. She declined, however, to respond to questions about whether Federal Reserve officials were aware of the hacking attack when it occurred in June — or only learned about it last month after Secret Service agents seized Poo’s computer.
Troop movements compromised?
Pentagon officials said Sunday they were unable to respond immediately to questions about whether Poo's hacking of the contractor's computers had compromised military troop movements. But spokesman Bryan Whitman said in an e-mailed statement to NBC News: "We are keenly aware that our networks are being probed everyday. That's precisely why we have a very robust and layered active defense to protect our networks and preserve our freedom of movement in this domain."
Another critical question is whether Poo was working with a larger hacking network and, if so, who may have been a part of it. The indictment against him alleges that he acted "together with others." But the indictment does not identify any co-conspirators. It also does not indicate what Poo expected to do with the data he may have accessed by hacking into the Pentagon contractor computers. [ Click here to read the indictment in PDF format.]
Baumgartner, the computer crime expert, said that so far the information about Poo hacking into military contractor and Federal Reserve computers does not seem to square with the seemingly run-of-the-mill purpose behind his acquisition of stolen credit card and ATM data. He was arrested hours after his arrival at JFK when undercover Secret Service agents observed him allegedly selling stolen credit numbers for $1,000 at a diner in Brooklyn.
"It doesn’t add up," Baumgartner said. "This doesn't fit with a profile of somebody from overseas that has infiltrated a defense contractor and the Federal Reserve."
So far, almost nothing is known about who Poo really is, what his motivations are, and who his accomplices might be. But Baumgartner said he believes "that there's a lot more to do this story that hasn't come out."
-
By MORTIMER ZUCKERMAN
Several years ago, during the presidency of George W. Bush, many banks and Wall Street firms were knocked offline. The financial industry, which had long been considered to have the best safeguards against cyberinfections in the private sector, discovered its computers had been penetrated by a worm, so-called because a virus grown on one computer can worm its way to millions of others. Mr. Bush asked then Treasury Secretary Hank Paulson to examine what it would take to protect our critical infrastructures. The upshot was that steps were taken to strengthen the security of the military networks, but little else was done.
The major shock about the mischievous WikiLeaks—even more than the individual headline items—is that it dramatizes how vulnerable we still are. Digitization has made it easier than ever to penetrate messages and download vast volumes of information. Our information systems have become the most aggressively targeted in the world. Each year, attacks increase in severity, frequency, and sophistication. On July 4, 2009, for instance there was an assault on U.S. government sites—including the White House—as well as the New York Stock Exchange and Nasdaq. There were similar attacks that month on websites in South Korea. In 2008, our classified networks, which we thought were inviolable, were penetrated. Three young hackers managed to steal 170 million credit-card numbers before the ringleader was arrested in 2008.
The Internet was originally intended for thousands of researchers, not billions of users who did not know and trust one another. The designers placed a higher priority on decentralization than on security. They never dreamed the Internet could be used for commercial purposes or that it would eventually control critical systems and undergird the world of finance. So it is not surprising that the Internet creators were comfortable with a network of networks rather than separate networks for government, finance and other sectors.
A symbol to many of the open communication of American culture, the Internet has thus evolved into a two-edged sword. Our extensive systems facilitate control of pipelines, airlines and railroads; they energize commerce and private banking. They give us rapid access to medical and criminal records. But they also offer a growing target for terrorists and thieves.
View Full Image
Corbis
.Most people who experience "malware" have been victims of so-called phishing, whereby criminals pretending to be bank employees, for example, trick the gullible into revealing account numbers and passwords. But cyberwarriors can do damage on a much larger scale, as former White House counterterrorism czar Richard Clarke points out in his revealing book "CyberWar," published earlier this year. They can tap into these networks and move money, spill oil, vent gas, blow up generators, derail trains, crash airplanes, cause missiles to detonate, and wipe out reams of financial and supply-chain data. Havoc can be created at the blink of an eye from remote locations overseas. Criminal groups, nation-states, terrorists and military organizations are at work exfiltrating vast amounts of data from the U.S. public and private sectors.
Another worrisome threat is the distributed denial of service attack, a deluge of Internet traffic specifically intended to crash or jam networks. Hackers using malicious computer code can mobilize a "botnet," or robotic network, of hundreds of thousands of machines that simultaneously visit certain websites to shut them down.
More recently, a virus that targets special industrial equipment has become widely known as the "Stuxnet" attack. This is the worm that this fall reportedly infiltrated the computers controlling Iran's nuclear centrifuge facilities, thereby delaying or even destroying its nuclear-weapons program (the one Iran denies it has). It is the world's first-known super cyberweapon designed specifically to destroy a real-world target.
Similarly, many believe that the immobilization of hundreds of key sites in independent Georgia in 2008 was a Russian government operation accompanying its kinetic war in support of breakaway regions in the former Soviet republic. In a cyberattack on South Korea last year, an estimated 166,000 computers in 74 countries flooded the websites of Korean banks and government agencies, jamming their fiber optic cables.
Mr. Clarke argues in his book that China is one of the key players in developing a cyberwar capability. The Chinese use private hackers to engage in widespread penetration of U.S. and European networks, successfully copying and exporting huge volumes of data. That's on top of their capacity to attack and degrade our computer systems and shut down our critical networks. He believes that the secrets behind everything from pharmaceutical formulas, bioengineering designs, and nanotechnologies to weapons systems and everyday industrial products have been stolen by the Chinese army or private hackers who in turn give them to China.
The United States has done little to enhance the safety of the networks that bolster our economy. We urgently need to develop defensive software to protect these networks and create impermeable barriers to the profusion of malware. Network convergence—transporting all communications over a common network structure—increases the opportunities for and the consequences of disruptive cyberattacks. Hackers and cyberwarriors are constantly devising new ways to trick systems.
Not many people realize that all of our nation's air, land and sea forces rely on network technologies that are vulnerable to cyberweapons, including logistics, command and control, fleet positioning and targeting. If they are compromised or obliterated, the U.S. military would be incapable of operating. It does not help that there is a disproportion between offense and defense. The average malware has about 175 lines of code, which can attack defense software using between 5 million and 10 million lines of code.
It is currently incredibly challenging to figure out the source of an attack, and this in turn inhibits our capacity to prosecute the wrongdoers or retaliate. Malicious programmers are always able to find weaknesses and challenge security measures. The defender is always lagging behind the attacker.
The task is of such a scale that it needs nothing less than a souped-up Manhattan Project, like the kind that broke the scientific barriers to the bomb that ended World War II. Our vulnerabilities are increasing exponentially. Cyberterrorism poses a threat equal to that of weapons of mass destruction. A large scale attack could create an unimaginable degree of chaos in America.
We should think of cyberattacks as guided missiles and respond similarly—intercept them and retaliate. This means we need a federal agency dedicated to defending our various networks. You cannot expect the private sector to know how—or to have the money—to defend against a nation-state attack in a cyberwar. One suggestion recommended by Mr. Clarke is that the our government create a Cyber Defense Administration. He's right. Clearly, defending the U.S. from cyberattacks should be one of our prime strategic objectives.
Few nations have used computer networks as extensively as we have to control electric power grids, airlines, railroads, banking and military support. Few nations have more of these essential systems owned and operated by private enterprise. As with 9/11, we do not enjoy the luxury of a dilatory response.
Mr. Zuckerman is chairman and editor in chief of U.S. News & World Report.
-
China and its Double-edged Cyber-sword
December 9, 2010
By Sean Noonan
A recent batch of WikiLeaks cables led Der Spiegel and The New York Times to print front-page stories on China’s cyber-espionage capabilities Dec. 4 and 5. While China’s offensive capabilities on the Internet are widely recognized, the country is discovering the other edge of the sword.
China is no doubt facing a paradox as it tries to manipulate and confront the growing capabilities of Internet users. Recent arrests of Chinese hackers and People’s Liberation Army (PLA) pronouncements suggest that China fears that its own computer experts, nationalist hackers and social media could turn against the government. While the exact cause of Beijing’s new focus on network security is unclear, it comes at a time when other countries are developing their own defenses against cyber attacks and hot topics like Stuxnet and WikiLeaks are generating new concerns about Internet security.
One of the U.S. State Department cables released by WikiLeaks focuses on the Chinese-based cyber attack on Google’s servers that became public in January 2010. According to a State Department source mentioned in one of the cables, Li Changchun, the fifth highest-ranking member of the Communist Party of China (CPC) and head of the Party’s Propaganda Department, was concerned about the information he could find on himself through Google’s search engine. He also reportedly ordered the attack on Google. This is single-source information, and since the cables WikiLeaks released do not include the U.S. intelligence community’s actual analysis of the source, we cannot vouch for its accuracy. What it does appear to verify, however, is that Beijing is regularly debating the opportunities and threats presented by the Internet.
A Shift from Offensive Capabilities
On Nov. 2, the People’s Liberation Army Daily, the official paper for the PLA and the primary medium for announcing top-down policy, recommended the PLA better prepare itself for cyber threats, calling for new strategies to reduce Internet threats that are developing “at an unprecedented rate.” While the report did not detail any strategies, it quoted a PLA order issued for computer experts to focus on the issue.
The Nov. 2 PLA announcement is part of a long trend of growing network-security concerns in China. In 2009, Minister of Public Security Meng Jianzhu emphasized that the development of the Internet in China created “unprecedented challenges” in “social control and stability maintenance.” In June 2010, the State Council Information Office published a white paper on the growing threat of cyber crime and how to combat it. Clearly, these challenges have been addressed this year. The Ministry of Public Security (MPS) announced Nov. 30 that it had arrested 460 suspected hackers thought to have been involved in 180 cases so far in 2010. This is part of the MPS’ usual end-of-year announcement of statistics to promote its success. But the MPS announcement also said that cyber crime had increased 80 percent this year and seemed to blame the attacks only on hackers inside China.
These were cases mainly of producing and selling “Trojan” programs (malware that looks legitimate), organizing botnets, assisting others in carrying out denial-of-service attacks and invading government websites. The MPS also closed more than 100 websites that provided hackers with attack programs and taught them various tactics.
The PLA already has two notoriously large and capable network security units: the Seventh Bureau of the Military Intelligence Department (MID) and the Third Department of the PLA. In simple terms, the MID’s Seventh Bureau is an offensive unit, responsible for managing research institutes that develop new hacking methods, train hackers and produce new hardware and software. The PLA Third Department, defensive in nature, is the third largest signals intelligence-monitoring organization in the world. STRATFOR sources with expertise in network security believe that China’s government-sponsored hacking capabilities are the best in the world. But this perception is based in part on the fact that China demonstrates these capabilities quite often. The United States, on the other hand, is much more restrained in exercising its offensive cyber capabilities and is not inclined to do so until there is a dire and immediate need, such as war.
Piracy Vulnerability
The details of China’s escalating effort to improve network security are still murky, but one recently announced campaign against software piracy is notable. On Nov. 30, Deputy Commerce Minister Jiang Zengwei announced a new six-month crackdown on illegally copied products in China. He said the focus was on pirated software, counterfeit pharmaceuticals and mislabeled agricultural products. The Chinese public has pushed for more regulation of pharmaceuticals and food due to a rising number of cases in which people have become sick or even died because of falsely labeled or tainted products, such as melamine-contaminated milk. But Beijing seems to be even more concerned about the vulnerabilities created by running unlicensed and non-updated software, and publicizing the crackdown is clearly an attempt by Beijing to appease Western governments and businesses that are placing growing pressure on China.
Indeed, China has a sizable counterfeit economy, much to the ire of Western businesses. While Beijing may placate Westerners by announcing crackdowns for the benefit of international audiences, it takes more forceful measures when it sees a larger threat to itself, and the security emphasis now seems to be on the threat of running insecure software on government computers. The problem with unlicensed software is that it does not receive automatic updates from the manufacturer, which usually are sent out to fix vulnerabilities to malware. Unlicensed software is thus left open to viral infiltration. It is also cheap and easy to get, which makes it pervasive throughout both government and private computer networks.
One of the measures Beijing has started to implement is requiring licensed software to be installed on new computers before they are sold, which also gives the government an opportunity to install censorship measures like Green Dam. One persistent problem is that much of the pre-installed software still consists of pirated copies. While China has released statistics showing that the use of legitimate software in China has increased dramatically, the Business Software Alliance, an international software industry group, estimates that 79 percent of the software sold in China in 2009 was illegally copied, creating a loss to the industry of $7.6 billion in revenue. Even more important to Beijing, these statistics mean the vast majority of Chinese computer systems — government and private alike — remain vulnerable to malware.
At the same Nov. 30 news conference at which Jiang announced the new anti-piracy initiative, Yan Xiaohong, deputy head of the General Administration of Press and Publication and vice director of the National Copyright Administration, announced a nationwide inspection of local and central government computers to make sure they were running licensed software. While this suggests Beijing’s major concern is the security of government computers, it also emphasizes how widespread the unlicensed software problem is.
This new focus on using legitimate software, however, will not be a complete solution to China’s Internet vulnerabilities. There has been little effort to stop the selling of copied software, and it is still very easy to download other programs, licensed and unlicensed, and malware along with them (such as QQ). Moreover, the new security measures are dealing only with the symptoms, not the underlying problem, of a counterfeit-heavy economy. A six-month crackdown will not undermine or eliminate software piracy in China; to do so would require an immense and sustained investment of time, money and manpower. Indeed, China has been a hub for pirating software, films and other copyrighted material for so long that the enormous domestic economic base that has grown up around it would be virtually impossible to dismantle. In any case, vulnerabilities still exist in legitimate software, even if it is better protected against novice hackers. New vulnerabilities are constantly being found and exploited until software companies come up with the appropriate patches.
From Nationalist Hackers to Dissident Threats
China’s highly developed hacking capabilities, more offensive than defensive, include Internet censorship measures like the infamous Great Firewall, and the official police force run by the MPS specifically to monitor Chinese Internet traffic and censor websites is 40,000 strong. China also has developed two unofficial methods of censorship. First, operators of private websites and forums must follow certain government regulations to prevent statements critical of the government from being disseminated, which encourages private operators to be their own censors. Second, there is a veritable army of nationalistic computer users in China that include “hacktivist” groups such as the Red Hacker Alliance, China Union Eagle and the Honker Union, with thousands of members each. They became famous after the 1999 “accidental” bombing of the Chinese embassy in Belgrade, which prompted China-based hackers to attack and deface U.S. government websites. The Chinese government, state-owned enterprises and private companies also engage public relations firms to hire, deploy and manage what have become colloquially known as “Party of Five Maoists.” These are individuals who get paid half a yuan (5 mao) for every positive Internet post they write regarding government policy, product reviews and other issues.
But as China’s Internet-using population nears 400 million, with nearly 160 million using social networking, Beijing recognizes the risk of all this spiraling out of control. Censors have not been able to keep up on the social-networking front. Even with limited or banned access to sites like Twitter and Facebook, their Chinese versions, Weibo and Kaixin, for example, are expanding exponentially. While the government may exercise more control over the Chinese-based sites, it cannot keep up with the huge number of posts on topics the CPC considers disharmonious. The recent announcement of Liu Xiaobo’s Nobel Peace Prize is an example of news that was not reported at first in Chinese media but through social networking sites, spreading like wildfire. And the censorship is not exclusive; even non-dissidents can be censored, such as Prime Minister Wen Jiabao when he recently called for limited political reform.
China’s large Internet population will not all be nationalists. And if those who learn skills from informal hackers turn into dissidents, Beijing would consider them a serious threat. The Internet presents exactly the type of tool that could pose a major threat to the CPC because it spans regions, classes and ethnicities. Most social grievances are local and economic or ethnic-based. The potential for one opposition group to be united nationwide over the Internet is one of Beijing’s gravest concerns. It has realized that a weapon it once wielded so deftly against foreign powers and business entities can now be used against Beijing.
Outside Issues
At the same time Beijing reached this realization, WikiLeaks demonstrated the possibility for sensitive government information to be spread globally through the Internet. Beijing saw that if the United States, with its expertise in signals intelligence and security, could be vulnerable to such a threat, so could China. Stuxnet demonstrated the vulnerability of important infrastructure to cyber attack, one reason for China’s new emphasis on licensed software (Iran is known to run unlicensed Siemens software). China’s recent emphasis on network security is likely linked to all of these factors, or it may be due to a threat seen but as yet unpublicized, such as a cyber attack or leak inside China that the government has been able to keep quiet.
Other countries have also been implementing new network security measures, most notably the United States. On Oct. 31, the Maryland-based U.S. Cyber Command became fully operational, and its commander is also the head of the National Security Agency, the premier U.S. government entity for signals intelligence. (Thus, China’s giving Internet security responsibility to the PLA should come as no surprise to the United States.) And as China realizes the difficulties of defending against attacks in cyberspace, which tends to favor the offense, the United States is wrestling with the same problems and complexities as it tries to shield government, civilian and commercial computer systems, all of which require different degrees of control and operate under different laws. As cyber espionage and cyber sabotage become even greater concerns, China will be forced to face the far more difficult task of not only pecking away at the Pentagon’s firewalls but also providing for its own internal system security.
These new efforts all contradict China’s long-standing policy of cultivating a population of nationalistic computer users. This effort has been useful to Beijing when it sees a need to cause disruption, whether by attacking U.S. sites after perceived affronts like the Chinese embassy bombing in Belgrade or preventing access from powerful foreign entities like Google. But China has also recognized that developing these public capabilities can be dangerous. Nationalist Chinese hackers, if motivated by the right cause and united through the pervasive Internet, can always turn on the government. And the situation seems to have more and more governments on edge, where simple mistakes can raise suspicions. China’s redirection of a large amount of Internet traffic in April caused an outcry from the United States and other countries, though it may well have been an accident.
It is hard to tell what Beijing sees, specifically, as a first-tier cyber threat, but its decision to develop an effective response to all manner of threats is evident.
-
***We should think of cyberattacks as guided missiles and respond similarly—intercept them and retaliate. This means we need a federal agency dedicated to defending our various networks. You cannot expect the private sector to know how—or to have the money—to defend against a nation-state attack in a cyberwar. One suggestion recommended by Mr. Clarke is that the our government create a Cyber Defense Administration. He's right. Clearly, defending the U.S. from cyberattacks should be one of our prime strategic objectives.***
Ironic that th internet was born from the military. (DARPA?)
A single little twirp tucked away in some small bedroom can bring down whole portions of our economy, military, governement, etc.
-
http://blogs.forbes.com/firewall/2010/12/14/stuxnets-finnish-chinese-connection/
Stuxnet’s Finnish-Chinese Connection
Dec. 14 2010 - 8:07 am
Posted by Jeffrey Carr
Chinese flag
I recently wrote a white paper entitled “Dragons, Tigers, Pearls, and Yellowcake” in which I proposed four alternative scenarios for the Stuxnet worm other than the commonly held assumption that it was Israel or the U.S. targeting Iran’s Bushehr or Natanz facilities. During the course of my research for that paper, I uncovered a connection between two of the key players in the Stuxnet drama: Vacon, the Finnish manufacturer of one of two frequency converter drives targeted by this malware; and RealTek, who’s digital certificate was stolen and used to smooth the way for the worm to be loaded onto a Windows host without raising any alarms. A third important piece of the puzzle, which I’ll discuss later in this article, directly connects a Chinese antivirus company which writes their own viruses with the Stuxnet worm.
-
Intriguing hypothesis-- and chilling in its implications for the various penetrations Chinese has already accomplished of US military systems.
-
As I think about it, this would be a classically Chinese move.
-
Haven't read this yet but it comes well-recommended:
http://www.vanityfair.com/culture/features/2011/04/stuxnet-201104?currentPage=1
-
By CHRISTOPHER RHOADS
An Internet-security company said it was tricked into trying to lure Iranian users to fake versions of major websites, a sophisticated hack it suspects the Iranian government carried out.
Comodo Group Inc., a Jersey City, N.J., company that issues digital certificates to assure Internet users of websites' authenticity, said Wednesday it had issued nine such certificates to what turned out to be fraudulent websites set up in Iran.
The March 15 attack involved certificates for fake versions of Google Inc.'s Gmail site, Yahoo Inc.'s login page and websites run by Microsoft Corp., Firefox browser maker Mozilla Corp. and Internet telephone company Skype.
In theory, an Iranian attempting to log into his Yahoo account, for example, could have been misdirected to a fake site. That would allow the perpetrators to obtain a host of online information including contents of email, passwords and usernames, while monitoring activity on the dummy sites.
Since the targeted sites offer communication services, not financial transactions, Comodo said it seemed clear the hackers sought information, not money.
It wasn't clear whether anyone fell for the ruse. Comodo said it didn't know how many of the nine certificates were received by the attacker.
Iran's mission to the U.N. didn't reply to an emailed request for comment after business hours. Iran has said it is trying to combat Western culture and influence entering Iran via the Internet, a virtual clash it has called the "soft war."
The attack comes amid popular uprisings across the Middle East, where the Internet has played a critical role—not just in activists' efforts to stage protests, but also in state censorship and repression.
If Iran was involved, it suggests the government has stepped up electronic-monitoring efforts of its citizens, Internet security experts said. Iranian authorities got an early look at the power of social media during the mass protests following allegations of rigged elections in June 2009. It has since formed a "cyber army" to gain the upper hand over the Internet in Iran, which has more than 20 million users.
"This is a nightmare scenario," said Mikko Hypponen, head of research at F-Secure, a Helsinki, Finland-based Internet security firm. "You have to trust the companies selling these certificates and if we can't, then all bets are off."
Comodo said it traced the attack to an Internet service provider in Iran and concluded in an online post that the act was likely "state-funded" because the attacker would have needed access to critical Web infrastructure in the country.
While the company acknowledged the attacker could have been laying a false trail, it said the likely aim was to get online information about Iranian citizens.
"It does not escape notice that the domains targeted would be of greatest use to a government attempting surveillance of Internet use by dissident groups," the company said in the post.
Comodo said the attacker gained entry to its system by obtaining the password and username of a European affiliate. Once inside, it issued the certificates for the phony sites. Comodo said it detected the breach within hours of the attack and revoked the certificates immediately.
A Microsoft spokeswoman said the company issued an upgraded security patch to help protect against fraudulent digital certificates. Mozilla declined to comment. Skype said it was monitoring the situation but didn't expect any impact. Google said it took steps to protect its users, but didn't specify them. Yahoo also said it was monitoring the situation.
"This is not a random hacker tinkering around," said Mr. Hypponen of the Finnish security firm. "You have to plan it beforehand and know what you're doing."
Austin Heap, a San Franciso-based Internet activist who has developed anti-censoring tools for use in Iran, said the development seems to suggest the Iranian government is becoming more professional and organized in online repression.
"It shows they have a plan," he said. "They are getting to the point where China is, where they can exert total control."
Write to Christopher Rhoads at christopher.rhoads@wsj.com
Read more: http://online.wsj.com/article/SB10001424052748703362904576219321279603988.html#ixzz1HWCle7wO
-
The U.S. is vulnerable to a cyber attack, with its electrical grids, pipelines, chemical plants and other infrastructure designed without security in mind. Some say not enough is being done to protect the country.
Reporting from Washington—
When a large Southern California water system wanted to probe the vulnerabilities of its computer networks, it hired Los Angeles-based hacker Marc Maiffret to test them. His team seized control of the equipment that added chemical treatments to drinking water — in one day.
The weak link: County employees had been logging into the network through their home computers, leaving a gaping security hole. Officials of the urban water system told Maiffret that with a few mouse clicks, he could have rendered the water undrinkable for millions of homes.
"There's always a way in," said Maiffret, who declined to identify the water system for its own protection.
The weaknesses that he found in California exist in crucial facilities nationwide, U.S. officials and private experts say.
The same industrial control systems Maiffret's team was able to commandeer also run electrical grids, pipelines, chemical plants and other infrastructure. Those systems, many designed without security in mind, are vulnerable to cyber attacks that have the potential to blow up city blocks, erase bank data, crash planes and cut power to large sections of the country.
Terrorist groups such as Al Qaeda don't yet have the capability to mount such attacks, experts say, but potential adversaries such as China and Russia do, as do organized crime and hacker groups that could sell their services to rogue states or terrorists.
U.S. officials say China already has laced the U.S. power grid and other systems with hidden malware that could be activated to devastating effect.
"If a sector of the country's power grid were taken down, it's not only going to be damaging to our economy, but people are going to die," said Rep. Jim Langevin (D-R.I.), who has played a lead role on cyber security as a member of the House Intelligence Committee.
Some experts suspect that the U.S. and its allies also have been busy developing offensive cyber capabilities. Last year, Stuxnet, a computer worm some believe was created by the U.S. or Israel, is thought to have damaged many of Iran's uranium centrifuges by causing them to spin at irregular speeds.
In the face of the growing threats, the Obama administration's response has received mixed reviews.
President Obama declared in a 2009 speech that protecting computer network infrastructure "will be a national security priority." But the follow-through has been scant.
Obama created the position of federal cyber-security "czar," and then took seven months to fill a job that lacks much real authority. Several cyber-security proposals are pending in Congress, but the administration hasn't said publicly what it supports.
"I give the administration high marks for doing some things, but clearly not enough," Langevin said.
The basic roadblocks are that the government lacks the authority to force industry to secure its networks and industry doesn't have the incentive to do so on its own.
Meanwhile, evidence mounts on the damage a cyber attack could inflict. In a 2006 U.S. government experiment, hackers were able to remotely destroy a 27-ton, $1-million electric generator similar to the kind commonly used on the nation's power grid. A video shows it spinning out of control until it shuts down.
In 2008, U.S. military officials discovered that classified networks at the U.S. Central Command, which oversees military operations in the Middle East and Central Asia, had been penetrated by a foreign intelligence service using malware spread through thumb drives.
That attack led to the creation in 2009 of U.S. Cyber Command, a group of 1,000 spies and hackers charged with preventing such intrusions. They also are responsible for mounting offensive cyber operations, about which the government will say next to nothing.
The head of Cyber Command, Gen. Keith Alexander, also leads the National Security Agency, the massive Ft. Meade, Md.-based spy agency in charge of listening to communications and penetrating foreign computer networks.
Together, the NSA and Cyber Command have the world's most advanced capabilities, analysts say, and could wreak havoc on the networks of any country that attacked the U.S. — if they could be sure who was responsible.
It's easy to hide the source of a cyber attack by sending the malware on circuitous routes through computers and servers in third countries. So deterrence of the sort relied upon to prevent nuclear war — the threat of massive retaliation — is not an effective strategy to prevent a cyber attack.
Asked in a recent interview whether the U.S. could win a cyber war, Alexander responded, "I believe that we would suffer tremendously if a cyber war were conducted today, as would our adversaries."
Alexander also is quick to point out that his cyber warriors and experts are legally authorized to protect only military networks. The Department of Homeland Security is charged with helping secure crucial civilian infrastructure, but in practice, the job mostly falls to the companies themselves.
That would've been akin to telling the head of U.S. Steel in the 1950s to develop his own air defenses against Soviet bombers, writes Richard Clarke, who was President George W. Bush's cyber-security advisor, in his 2010 book, "Cyber War: The Next Threat to National Security and What to Do About It."
The comparison underscores the extent to which the U.S. lacks the laws, strategies and policies needed to secure its cyber infrastructure, experts say.
"If we don't get our act together, the consequences could be dire," said Scott Borg, who heads the U.S. Cyber Consequences Unit, which analyzes the potential damage from various scenarios.
The problem, though, is "there's nothing that everyone agrees on," said James Lewis, cyber-security expert at the Center for Strategic and International Studies in Washington.
For example, Lewis and other experts believe the government should mandate cyber-security standards for water systems, electric utilities and other crucial infrastructure. Some contend that major U.S. Internet service providers should be required to monitor patterns in Internet traffic and stop malware as it transits their servers.
But both ideas are viewed with suspicion by a technology industry that wants the government out of its business, and by an Internet culture that sees such moves as undermining privacy.
"There are a whole lot of things that can't be legislated," said Bob Dix, vice president of government affairs for Sunnyvale, Calif.-based Juniper Networks Inc., which makes routers and switches.
Yet Washington may be reaching a moment when the seriousness of the threat trumps political resistance. Sources familiar with the negotiations say the White House has promised Senate leaders that it will offer its own cyber-security legislation in a month. But any proposal that calls for far-reaching regulations would face an uphill battle.
CIA Director Leon E. Panetta told Congress recently that he worried about a cyber Pearl Harbor. Yet many who follow the issue believe that's what it will take to force Americans to awaken to the threat.
"The odds are we'll wait for a catastrophic event," said Mike McConnell, former director of National Intelligence and cyber-security specialist, "and then overreact."
-
Pasting here BBG's post in the Internet thread
China and Cybersecurity: Trojan Chips and U.S.–Chinese Relations
Published on May 5, 2011 by Dean Cheng and Derek Scissors, Ph.D. WEBMEMO #3242
One subject of the third round of the U.S.–China Strategic and Economic Dialogue will be cybersecurity. Part of Secretary of Defense Robert Gates’s proposed Strategic Security Dialogue, it reflects the growing prominence of cybersecurity in Sino-American strategic relations.
The concerns include computer network exploitation and computer network attacks, but also tampering with the physical infrastructure of communications and computer networks. Vulnerabilities could be introduced in the course of manufacturing equipment or created through purchase of malignant or counterfeit goods. Recent experience highlights these problems.
Such possibilities have brought calls for trade barriers, ranging from random entry-point inspections of various types of goods and equipment (e.g., chips and routers) to prohibition of some imports (e.g., communications hardware), especially from a major manufacturer, the People’s Republic of China (PRC).
The trade proposals tend to be vague because the cyber threat itself, while real, is vaguely presented. While an ill-defined threat certainly bears watching, it does not justify protectionism. Cybersecurity is largely classified, but trade is not, and trade policy cannot be held hostage to cybersecurity unless specific dangers are put forward.
What Is the Threat?
A longstanding fear has been that cyber attacks against the U.S. might result in disruptions to power, banking, and communications systems at a critical moment. The cyber attacks on Estonia and Georgia, which disrupted commerce and communications, raise the specter that the U.S. might undergo the equivalent of a cyber Pearl Harbor. Efforts by the Defense Advanced Research Projects Agency (DARPA) to improve verification capabilities highlight the limitations of current computer engineering skills in, for example, diagnosing cyber intrusions. Initial studies on the Trusted Integrated Circuit program, seeking to create a secure supply chain, were requested in 2007. As of late 2010, DARPA was still seeking new research proposals for determining whether a given chip was reliable, and whether it had been maliciously modified, as part of the Integrity and Reliability of Integrated Circuits (IRIS) program.[1]
A more recent worry is vulnerabilities “hardwired” into the physical infrastructure of the Internet. In the last several years, the FBI has warned that counterfeit computer parts and systems may be widespread.
This can manifest itself in two ways: fake parts and systems, which may fail at dangerously higher rates, or contaminated systems that might incorporate hardwired backdoors and other security problems, allowing a foreign power to subvert a system.[2] Similar problems have been identified by American allies; the U.K. has identified counterfeit parts entering into its military supply chain.
Much cyber-related attention has been focused on the PRC. China is reportedly the source of many of the hacking efforts directed at U.S. military and security computer networks. Chinese computer infiltration has reputedly obtained access to such sensitive programs as F-35 design information. Such efforts as Titan Rain, Ghostnet, and others have reportedly attacked U.S. and other nations’ information systems systematically and have infiltrated email servers and networks around the world. One example is the “Shadow network,” which affected “social networking websites, webmail providers, free hosting providers and services from some of the largest companies.”[3] Many have been traced back to the PRC—but attribution to any specific Chinese entity is extremely difficult.
A growing concern is that China can exploit its position as one of the world’s largest producers of computer chips, motherboards, and other physical parts of the Internet to affect American and allied infrastructure. China has apparently already demonstrated an ability to tamper with Domain Name System (DNS) servers based in China, “effectively poisoning all DNS servers on the route.”[4]
The fear is that they could now affect foreign-based routers. In this regard, the issue of Chinese counterfeit parts is compounded by uncertainty about whether fake parts are being introduced as part of a concerted intelligence campaign or simply the result of profiteering by local contractors.
Public Information Is Lacking
The arcane nature of the threat enhances uncertainty. Understanding the workings of computer viruses, patches, and the vulnerabilities of routers or microchips is difficult. Comprehending the intricacies of global supply chains and tracing the ultimate source of sub-systems and components can be equally difficult. Former NSA and CIA Director General Michael Hayden writes that “Rarely has something been so important and so talked about with less clarity and less apparent understanding.”[5]
Several studies highlight some of the myriad vulnerabilities.
The 2005 Defense Science Board Task Force on High Performance Microchip Supply identified the growing security problem of microchips being manufactured (and more and more often designed) outside the United States.
The 2007 Defense Science Board Task Force on Mission Impact of Foreign Influence on DOD Software noted that software frequently incorporates pieces of code from a variety of sources, any of which might be a point of vulnerability.
The 2008 National Defense Industrial Association’s handbook “Engineering for System Assurance” provides a comprehensive overview of system assurance, which in turn highlights how difficult it can be to achieve it.
Over-classification is also a problem. General Hayden notes that much of the information on cyber threats is “overprotected.” Greg Garcia, head of the Bush Administration’s efforts on cybersecurity, has similarly noted that “there was too much classified…Too much was kept secret.”[6]
Leave Trade Alone
The ambiguity on the security side actually clarifies the trade side. If the cyber threat is understood only tenuously, testing imported goods for cyber threats will be inadequate to identify compromised equipment. With ineffective testing, banning some importers would not be worthwhile. In a global economy, equipment will simply be re-routed. The U.S. does not have the resources necessary to track the true source of goods when dangerous items cannot be easily discovered—and discovery may even be impossible.
If the threat was well understood but national security argued against the disclosure of vital information, this at least suggests that the danger from trade is secondary to other dangers. America retains the option, of course, of simply restricting trade on national security grounds without disclosing its reasons. This would be unwise.
One drawback of restricting trade would be the costs incurred by the U.S. in terms of spending on import inspections and the loss of availability of certain goods. The defense community is often not well-positioned to anticipate the extent of these economic costs. People will not relinquish scarce resources voluntarily when the gains from doing so are not spelled out.
The second drawback is the reaction of American trade partners. American exports already suffer from undocumented national security justifications for protectionism. Were the U.S. to introduce a new set of potentially sweeping restrictions based on hidden national security requirements, the global trade environment would immediately and sharply deteriorate. Costs would be far higher than indicated by looking at American actions alone.
Balancing Economic and Security Responsibilities
Security. For policymakers and the public to properly comprehend the magnitude of the problem, the Department of Defense must be as transparent as possible. Some material will be classified. But the trade-off between security classification and the ability to promptly and adequately respond to a threat should be weighted more heavily to the transparency side than it is at present.
Trade. The Department of Commerce and United States Trade Representative should restrict trade only in accordance with what can be defended publicly and systematically. Introduction of ad hoc trade restrictions that claim a classified basis will harm the American economy.
For now, it is unreasonable to impose considerable economic costs for the sake of a serious but vaguely presented threat.
Dean Cheng is Research Fellow in Chinese Political and Security Affairs and Derek Scissors, Ph.D., is Research Fellow in Asia Economic Policy in the Asian Studies Center at The Heritage Foundation.
http://www.heritage.org/Research/Reports/2011/05/China-and-Cyber-Security-Trojan-Chips-and-US-Chinese-Relations
-
Interesting blog post on the security costs for the $50B Air Force
bomber program -- estimated to be $8B. This isn't all computer
security, but the original article specifically calls out Chinese
computer espionage as a primary threat.
http://taosecurity.blogspot.com/2011/04/apt-drives-up-bomber-cost.html
-
In the days immediately after 9/11, the U.S. sent tanks to surround the Federal Reserve Bank of New York and protect it from potential threats. In its basement is the largest depository of gold in the world, worth some $300 billion, almost all owned by foreign governments. The Fed's gold has only ever been stolen in the movies.
We know all about defending real-world treasure, but we are only beginning to understand threats to the 1s and 0s of the digital era. Vastly more capital and valuable information now flow digitally than through the real world, but Internet security is an afterthought
This month the White House issued a pair of reports on the problem, both years in the making. One includes proposals for new domestic rules to protect infrastructure and to give companies immunity for sharing information about data breaches with local and federal authorities.
The other report, "U.S. International Strategy for Cyberspace," is a warning shot directed at rogue countries and cyber terrorists. Released at an event with four cabinet secretaries present, the study defines the benefits of the Web as "prosperity, security and openness in a networked world." It warns countries that cut off their own citizens from the Web or use cyber weaponry against the U.S. or its allies. The goal is to make the Web secure "without crippling innovation, suppressing freedom of expression or association, or impeding global interoperability."
The report says that "hostile acts in cyberspace" are as much a threat as physical acts. "We reserve the right to use all necessary means," including military, to "defend our nation, our allies, our partners and our interests." It adds, "Certain hostile acts conducted through cyberspace could compel actions under the commitments we have with our military treaty partners."
This tough language would have been more forceful if the usual suspects, including China and Russia, had appeared by name somewhere in the 30-page document. It would also be helpful for the U.S. to disclose cyber attacks by the country of origin. But at least the White House pledges to "ensure that the risks associated with attacking or exploiting our networks vastly outweigh the potential benefits." The U.S. now spends some $16 billion a year for classified and unclassified work on cyber security, and this expense will grow.
There's a lot of catching up to do. There are constant cyber attacks against the Pentagon and other federal agencies, as well as against banks, electrical grids, dams and nuclear facilities. Over the past year, the U.S. failed to stop Chinese hackers from penetrating the Gmail accounts of American human rights activists. It also failed to prevent efforts to access Nasdaq's computers and a break-in at RSA, the cyber security company that provides SecurID access to private networks.
It's not surprising that our digital networks are vulnerable—they were planned to be. The Internet was created in the 1970s to solve the Pentagon problem of how to keep communications lines open during all-out war. The Darpanet-inspired Web moves packets of data around in an open, interconnected, decentralized and mostly unencrypted way. This is resilient, but also highly subject to infiltration.
There's cyber crime, such as the hacking of Sony PlayStations that revealed some 100 million accounts, including credit cards. Sony CEO Howard Stringer last week admitted he can't ensure the security of the videogame network, saying: "It's not a brave new world; it's a bad new world." There's also cyber war, which, at least so far, we seem to be winning. Israel apparently used the Stuxnet computer worm last year to undermine Iranian nuclear facilities, and in 2007 Israel may have activated a kill switch in Syrian air defenses before bombing Syria's nuclear facility.
The biggest unknown is cyber terrorism. The report doesn't say how many cyber attacks are by foreign governments as opposed to by terror groups, a dangerous known unknown.
The Washington response is the usual: too many agencies, more than a dozen, each claiming some cyber responsibilities. The result is that no one agency is being held accountable. There are proposals now to add the Securities and Exchange Commission to the bureaucracy by asking corporate lawyers to assess the materiality of data breaches by publicly traded companies.
A better approach includes proposals in "Cyber War," co-authored last year by former White House aide Richard Clarke. These include the U.S. maintaining its own "white hat" hackers tasked with trying to break into the grid. Another idea is to create a private government network for sensitive purposes accessible only by authorized officials.
Protecting the Web will never be as straightforward as dispatching tanks to protect gold bars. But it's progress for the U.S. to draw a line in the silicon warning enemies that digital attacks may be result in real-world responses.
-
Or we could withdraw from the IMF , , ,
By SUDEEP REDDY and SIOBHAN GORMAN
WASHINGTON—The International Monetary Fund is investigating a recent cyber attack that hit its network, the latest in a series of high-profile hacking incidents against major corporations and institutions.
The fund declined to disclose the nature of the attack, whether its systems were infiltrated or whether any confidential information had been compromised. The extent of any infiltration remains unclear.
"We had an incident," said IMF spokesman David Hawley. "We're investigating it and the fund is completely functional." He said IMF staff received a "routine notification" about the incident by email Wednesday asking them to contact their tech department "if they saw anything suspicious."
The threat against the institution is the latest in a recent series as it responds to economic turmoil in several European nations. Earlier this month, the IMF said it had taken precautions after a group called Anonymous indicated its hackers would target the IMF web site in response to the strict austerity measures in its rescue package for Greece.
The IMF has faced repeated cyber attacks in recent years. It routinely collects sensitive information about the financial conditions of its 187 member nations. Some data in its computer systems could conceivably be used to influence or trade currencies, bonds and other financial instruments in markets around the world.
The latest infiltration was sophisticated in that it involved significant reconnaissance prior to the attack, and code written specifically to penetrate the IMF, said Tom Kellermann, a former cybersecurity specialist at the World Bank who has been tracking the incident.
"This isn't malware you've seen before," he said, making it that much more difficult to detect. The concern, Mr. Kellermann said, is that hackers designed their attack to gain market-moving insider information.
The attackers appeared to have broad access to IMF systems, which would give them visibility into IMF plans, particularly as it relates to bailing out the economies of countries on shaky financial footing, Mr. Kellermann said.
The IMF spokesman wouldn't comment on any specific details of the incident, which was first reported Saturday by the New York Times.
The attack on the IMF led the World Bank this week to cut a network link between the two institutions, even though the tie is not used for confidential financial information or other sensitive data. The IMF and World Bank, whose headquarters are next door to each other in Washington, work closely together on economic concerns of their member nations around the world.
A World Bank official said Saturday the network link with the IMF "involved nonpublic, nonsensitive information and it was cut out of an abundance of caution."
The network link between the two institutions has been severed before due to attacks against the fund.
Cyber threats against the fund have increased in recent years, particularly after the global financial crisis. The IMF has been heavily involved with European governments in bailing out Greece, Ireland and Portugal as the nations struggle with sovereign-debt crises.
It's not clear whether the number of cyber attacks is increasing, but it is certainly the case that institutions have recently grown more comfortable about disclosing them. So widespread is the threat that the fear of embarrassment appears to have shrunk, security experts say.
Google Inc. recently said users of its Gmail email service had been hacked by unknown people in China. Lockheed Martin Corp. has acknowledged a breach that it linked to an attack on EMC Corp.'s RSA unit, a security company that makes the numerical tokens used by millions of corporate employees to access their network.
Read more: http://online.wsj.com/article/SB10001424052702304259304576380034225081432.html#ixzz1P3mXEIFH
-
This eems rather ominous , , ,
By RICHARD CLARKE
In justifying U.S. involvement in Libya, the Obama administration cited the "responsibility to protect" citizens of other countries when their governments engage in widespread violence against them. But in the realm of cyberspace, the administration is ignoring its primary responsibility to protect its own citizens when they are targeted for harm by a foreign government.
Senior U.S. officials know well that the government of China is systematically attacking the computer networks of the U.S. government and American corporations. Beijing is successfully stealing research and development, software source code, manufacturing know-how and government plans. In a global competition among knowledge-based economies, Chinese cyberoperations are eroding America's advantage.
The Chinese government indignantly denies these charges, claiming that the attackers are nongovernmental Chinese hackers, or other governments pretending to be China, or that the attacks are fictions generated by anti-Chinese elements in the United States. Experts in the U.S. and allied governments find these denials hard to believe.
Three years ago, the head of the British Security Service wrote to hundreds of corporate chief executive officers in the U.K. to advise them that their companies had in all probability been hacked by the government of China. Neither the FBI nor the Department of Homeland Security has issued such a notice to U.S. executives, but most corporate leaders already know it.
Some, like Google, have the courage to admit that they have been the victims of Chinese hacking. We now know that the "Aurora" attack (so named by the U.S. government because the English word appears in the attack software) against Google in 2009 also hit dozens of other information technology companies—allegedly including Adobe, Juniper and Cisco—seeking their source code. Aurora wasn't an isolated event. This month Google renewed its charge against China, noting that the Gmail accounts of senior U.S. officials had been compromised from a server in China. The targeting of specific U.S. officials is not something that a mere hacker gang could do.
The Aurora attacks were followed by systematic penetrations of one industry after another. In the so-called Night Dragon series, attackers apparently in China went after major oil and gas companies, not only in the U.S. but throughout the world. The German government claims that the personal computer of Chancellor Angela Merkel was hacked by the Chinese government. Australia has also claimed that its prime minister was targeted by Chinese hackers.
Recently the computer-security company RSA (a division of EMC) was penetrated by an intrusion which appears to have stolen the secret sauce behind the company's SecureID. That system is widely used to protect critical computer networks. And this month, the largest U.S. defense contractor, Lockheed, was subject to cyberespionage, apparently by someone using the stolen RSA data. Cyber criminals don't hack defense contractors—they go after banks and credit cards. Despite Beijing's public denials, this attack and many others have all the hallmarks of Chinese government operations.
In 2009, this newspaper reported that the control systems for the U.S. electric power grid had been hacked and secret openings created so that the attacker could get back in with ease. Far from denying the story, President Obama publicly stated that "cyber intruders have probed our electrical grid."
There is no money to steal on the electrical grid, nor is there any intelligence value that would justify cyber espionage: The only point to penetrating the grid's controls is to counter American military superiority by threatening to damage the underpinning of the U.S. economy. Chinese military strategists have written about how in this way a nation like China could gain an equal footing with the militarily superior United States.
What would we do if we discovered that Chinese explosives had been laid throughout our national electrical system? The public would demand a government response. If, however, the explosive is a digital bomb that could do even more damage, our response is apparently muted—especially from our government.
Congress hasn't passed a single piece of significant cybersecurity legislation. When the Chinese deny senior U.S. officials' claims (made in private) that Beijing is stealing terabytes of data in the U.S., Congress should not leave the American people in doubt. It should demand answers to basic questions:
What does the administration know about the role of the Chinese government in cyberattacks on public and private computer networks in the United States?
If there is widespread Chinese hacking of sensitive U.S. networks and critical infrastructure, what has the administration said about it to the Chinese government? Specifically, did President Obama raise concerns about these attacks with Chinese President Hu Jintao at the White House this spring?
Since defensive measures such as antivirus software and firewalls appear unable to stop the Chinese penetrations, does the administration have any plan to address these cyberattacks?
In private, U.S. officials admit that the government has no strategy to stop the Chinese cyberassault. Rather than defending American companies, the Pentagon seems focused on "active defense," by which it means offense. That cyberoffense might be employed if China were ever to launch a massive cyberwar on the U.S. But in the daily guerrilla cyberwar with China, our government is engaged in defending only its own networks. It is failing in its responsibility to protect the rest of America from Chinese cyberattack.
Mr. Clarke was a national security official in the White House for three presidents. He is chairman of Good Harbor Consulting, a security risk management consultancy for governments and corporations.
-
Have you read his book? It IS rather onimous.
-
August 12, 2011: Israel is apparently involved in a Cyber War with Iran, one that receives little official publicity. Not even all the damage is publicized, as a lot of the damage is undetected (often for a long time) by the victim. While Iran has made the most noise about this Cyber War, Israel is doing the most destruction. Israel wants to keep it that way, and keep it quiet. Partly, this is to keep the Iranians confused, but also to keep Israeli government lawyers happy. A lot of the tactics and weapons used in Cyber War are of uncertain legality. The traditional Laws of War have not caught up with Cyber War.
This process has been going on for some time, and some aspects of it do surface in the media. For example, three months ago, Israel established the National Cybernetic Taskforce, with orders to devise and implement defensive measures to protect the economy and government from Internet based attacks. The taskforce consists of about 80 people and is run by a retired general. Apparently, existing Internet security efforts, and military Cyber War organizations have discovered a growing number of vulnerabilities in the national Internet infrastructure. The only solution to this growing vulnerability is a large scale effort to monitor the national network infrastructure for vulnerabilities, and fix them as quickly as possible. You will never catch all the vulnerabilities, but in Cyber War, as in the more conventional kind, victory is not always a matter of who is better, but who is worse (more vulnerable to attack.)
Meanwhile, Israel makes no secret of what it thinks about its Cyber War capabilities. Over the last year, Israel has revealed that its cryptography operation (Unit 8200) has added computer hacking to its skill set. Last year, the head of Israeli Military Intelligence said that he believed Israel had become the leading practitioner of Cyber War. This came in the wake of suspicions that Israel had created the Stuxnet worm, which got into Iran's nuclear fuel enrichment equipment, and destroyed a lot of it. Earlier this year, Iran complained that another worm, called Star, was causing them trouble. Usually, intelligence organizations keep quiet about their capabilities, but in this case, the Israelis apparently felt it was more useful to scare the Iranians, with the threat of more stuff like Stuxnet. But the Iranians have turned around and tried to attack Israel, and are apparently determined to keep at it for as long as it takes.
This struggle between Israel and Iran is nothing new. Seven years ago, Israel announced that Unit 8200 had cracked an Iranian communications code, an operation that allowed Israel to read messages concerning Iranian efforts to keep its nuclear weapons program going (with Pakistani help), despite Iranian promises to UN weapons inspectors that the program was being shut down.
It's long been known that Unit 8200 of the Israeli army specialized in cracking codes for the government. This was known because so many men who had served in Unit 8200 went on to start companies specializing in cryptography (coding information so that no unauthorized personnel can know what the data is.) But it is unusual for a code-cracking organization to admit to deciphering someone's code. Perhaps the Iranians stopped using the code in question, or perhaps the Israelis just wanted to scare the Iranians. Israel is very concerned about Iran getting nuclear weapons, mainly because the Islamic conservatives that control Iran have as one of their primary goals the destruction of Israel. In response to these Iranian threats, Israel has said that it will do whatever it takes to stop Iran from getting nukes. This apparently includes doing the unthinkable (for a code cracking outfit); admitting that you had successfully taken apart an opponent's secret code.
Israel is trying to convince Iran that a long-time superiority in code-breaking was now accompanied by similarly exceptional hacking skills. Whether it's true or not, it's got to have rattled the Iranians. The failure of their counterattacks can only have added to their unease.
http://www.strategypage.com/htmw/htiw/articles/20110812.aspx
-
AMSTERDAM — The Dutch government said on Sunday it was investigating whether Iran may have been involved in hacking Dutch state websites after digital certificates were stolen.
Dutch Interior Ministry spokesman Vincent van Steen declined to say whether Iranian authorities in the Netherlands or Iran had been contacted, and said more details would be published in a letter to the Dutch parliament early next week.
But van Steen confirmed the veracity of a report by the Dutch news agency ANP saying the cabinet was looking into whether the Iranian government played a part in breaking into Dutch government websites.
Such web sites may no longer be safe after the digital theft of internet security certificates from Dutch IT company DigiNotar, the Interior Ministry said in a statement.
Officials at the Iranian embassy in The Hague were not immediately available for comment nor was there an immediate reply to emails asking for comment.
Google said in its security blog on August 29 that it had received reports of attacks on Google users, that "the people affected were primarily located in Iran," and that the attacker used a fraudulent certificate issued by DigiNotar.
DigiNotar's systems were hacked in mid-July and security certificates were stolen for a number of domains, DigiNotar and its owner, U.S.-listed VASCO Data Security International, said on August 30.
Relations between Iran and the Netherlands deteriorated early this year when a Dutch-Iranian woman was hanged in Iran in January and buried without her relatives being present. She had been arrested after taking part in demonstrations and accused of drug smuggling.
In April, the Iranian embassy in the Hague criticised the Dutch government after an Iranian asylum seeker who was being extradited set himself on fire in Amsterdam and died.
"MAN IN THE MIDDLE" CYBER ATTACK
A certificate guarantees that a web surfer is securely connected with a website and not being monitored by someone else. Breaking into a secure link is known as a "man-in-the-middle attack."
The stolen certificates were immediately revoked after detection of the theft but one, for the site Google.com, was only "recently" revoked after a warning from the Dutch government, DigiNotar and VASCO said.
Internet security experts said it was possible the hacking originated from Iran and involved state support.
"This is the second batch of fraudulent security certificates in the last six months with questionable links to Iranian actors," said John Bumgarner, a cyber researcher and chief technology officer for the non-profit U.S. Cyber Consequences Unit.
"The certificates in question would not only allow a state actor to access the email and skype accounts of dissenters, but also install monitoring software on their computers," Bumgarner said.
Experts use the term "cui bono test" to know who could benefit from an act and be the perpetrator.
"The 'cui bono?' test suggests Iranian state involvement. No doubt the government of Iran will try to blame some hacker group, if they say anything at all," said Ross Anderson, Professor in Security Engineering at Cambridge University.
It was possible, Anderson said, that a government used hacker groups as auxiliaries but it was not likely that a small group would do a man-in-the-middle attack on its own.
"To use the forged certificate to do a man-in-the-middle attack on gmail, you need to be in a position to be the man in the middle, which means you usually have to be an internet service provider (ISP), or in a position to compel an ISP to do your bidding. That means proximity to government," he said.
U.S.-listed VASCO said in a statement on Saturday that it had invited the Dutch government to "jointly solve the DigiNotar incident" and offered staff to solve the problem.
DigiNotar and VASCO were not immediately available for comment on Sunday.
P.C.
-
Interesting.
I suspect this thread is going to grow in importance as time goes by , , ,
-
The 'Worm' That Could Bring Down The Internet
Tweet Share Email
September 27, 2011 — 9:13 AM
Enlarge
Courtesy of the author
Mark Bowden is the author of several books, including Black Hawk Down, Killing Pablo: The Hunt for the World's Greatest Outlaw and Guests of the Ayatollah.
For the past three years, a highly encrypted computer worm called Conficker has been spreading rapidly around the world. As many as 12 million computers have been infected with the self-updating worm, a type of malware that can get inside computers and operate without their permission.
"What Conficker does is penetrate the core of the [operating system] of the computer and essentially turn over control of your computer to a remote controller," writer Mark Bowden tells Fresh Air's Terry Gross. "[That person] could then utilize all of these computers, including yours, that are connected. ... And you have effectively the largest, most powerful computer in the world."
The gigantic networked system created by the Conficker worm is what's known as a "botnet." The Conficker botnet is powerful enough to take over computer networks that control banking, telephones, security systems, air traffic control and even the Internet itself, says Bowden. His new book, Worm: The First Digital World War, details how Conficker was discovered, how it works, and the ongoing programming battle to bring down the Conficker worm, which he says could have widespread consequences if used nefariously.
"If you were to launch with a botnet that has 10 million computers in it — launch a denial of service attack — you could launch a large enough attack that it would not just overwhelm the target of the attack, but the root servers of the Internet itself, and could crash the entire Internet," he says. "What frightens security folks, and increasingly government and Pentagon officials, is that a botnet of that size could also be used as a weapon."
When Russia launched its attack on Georgia in 2008, Russian officials also took down communication lines and the Internet within Georgia. Egypt also took down its own country's Internet service during the uprisings last spring.
"It's the equivalent of shutting down the train system during the Civil War, where the Union troops and the Confederate troops used trains to shuttle arms and ammunition and supplies all over their area of control," says Bowden. "And if you could shut their trains down, you cripple their ability to function. Similarly, you could do that today by taking down the Internet."
The Conficker worm can also be used to steal things like your passwords and codes for any accounts you use online. Officials in Ukraine recently arrested a group of people who were leasing a portion of the Conficker worm's computers to drain millions of dollars from bank accounts in the United States.
"It raises the question of whether creating or maintaining a botnet is a criminal activity, because if I break into a safe at the bank using a Black & Decker drill, is Black & Decker culpable for the way I use the tool?" he says. "That's one of the tools you could use the botnet for. With a botnet of 25,000 computers, you could break the security codes for Amazon.com, you could raid people's accounts, you could get Social Security numbers and data — there's almost no commercial security system in place that couldn't be breached by a supercomputer of tens of thousands."
After Conficker was discovered in 2008 at Stanford, it prompted computer security experts from around the world to get together to try to stop the bot. The volunteer group of experts, which called itself the Conficker Working Group, also tried to get the government involved with their efforts. But they soon discovered that the government didn't have a very good understanding of what the worm could do.
"[They] began reaching out to the NSA [National Security Agency] and [the Pentagon] to see if they would be willing to loan their computers [to help them], and what [they] discovered was that no one in the government understood what was happening," says Bowden. "There was a very low level of cyberintelligence, even at agencies that ought to have been very seriously involved, who were responsible for protecting the country, its electrical grid, its telecommunications. These agencies lacked the sophistication not only to deal with Conficker, but even to understand what Conficker was."
At some point in early 2009, the Conficker Working Group learned that the Conficker worm could wreak havoc on April 1, 2009 — a date when the computers infected by Conficker would receive instructions from their remote-controlled operator.
"The assumption was that if Conficker was to do anything, that would be the day that it would be destructive to the Internet," says Bowden. "But on April 1, nothing happened."
The Conficker Working Group realized that the creator of Conficker had little interest in taking down the Internet or using its bot to create mass destruction.
"The people behind it apparently want to use it for criminal reasons — to make money," says Bowden.
But that doesn't mean that Conficker is controlled, says Bowden. No one knows yet who controls the worm or what its intentions might be.
"At any moment, Conficker could do something really threatening," he says. "[People fighting the bot] are trying to figure it out still. And every new day, as the worm makes its contacts, they generate long lists of computers that are infected — which still include big networks within the FBI, within the Pentagon, within large corporations. So they monitor it and keep track of where it's spread, and they're still working with the government to secure vital computer networks from botnets like Conficker."
-
A friend for whom I have high regard recommends this:
http://www.potomacbooksinc.com/Books/BookDetail.aspx?productID=207249
-
CRYPTO-GRAM
October 15, 2011
by Bruce Schneier
Chief Security Technology Officer, BT
schneier@schneier.com
http://www.schneier.com
A free monthly newsletter providing summaries, analyses, insights, and commentaries on security: computer and otherwise.
For back issues, or to subscribe, visit <http://www.schneier.com/crypto-gram.html>.
You can read this issue on the web at
<http://www.schneier.com/crypto-gram-1110.html>. These same essays and news items appear in the "Schneier on Security" blog at <http://www.schneier.com/blog>, along with a lively comment section. An RSS feed is available.
** *** ***** ******* *********** *************
In this issue:
Three Emerging Cyber Threats
Status Report: Liars and Outliers
News
Official Malware from the German Police
Domain-in-the-Middle Attacks
Schneier News
Insider Attack Against Diebold Voting Machines
National Cybersecurity Awareness Month
** *** ***** ******* *********** *************
Three Emerging Cyber Threats
Last month, I participated in a panel at the Information Systems Forum in Berlin. The moderator asked us what the top three emerging threats
were in cyberspace. I went last, and decided to focus on the top three
threats that are not criminal:
* The Rise of Big Data. By this I mean industries that trade on our data. These include traditional credit bureaus and data brokers, but also data-collection companies like Facebook and Google. They're collecting more and more data about everyone, often without their knowledge and explicit consent, and selling it far and wide: to both other corporate users and to government. Big data is becoming a powerful industry, resisting any calls to regulate its behavior.
* Ill-Conceived Regulations from Law Enforcement. We're seeing increasing calls to regulate cyberspace in the mistaken belief that this will fight crime. I'm thinking about data retention laws, Internet kill switches, and calls to eliminate anonymity. None of these will work, and they'll all make us less safe.
* The Cyberwar Arms Race. I'm not worried about cyberwar, but I am worried about the proliferation of cyber weapons. Arms races are fundamentally destabilizing, especially when their development can be so easily hidden. I worry about cyberweapons being triggered by accident, cyberweapons getting into the wrong hands and being triggered on purpose, and the inability to reliably trace a cyberweapon leading to increased distrust. Plus, arms races are expensive.
That's my list, and they all have the potential to be more dangerous than cybercriminals.
Big data:
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1926431
Internet kill switches:
http://www.schneier.com/essay-224.html
Calls to eliminate anonymity:
http://www.schneier.com/blog/archives/2010/02/anonymity_and_t_3.html
Cyberwar:
http://www.schneier.com/blog/archives/2010/12/cyberwar_and_th.html
-
I don't mind Schneier when he sticks to what he knows, like cybersecurity.
-
So, what is off here with the other offerings? I confess I haven't read them and simply posted them as a resource read.
-
So, what is off here with the other offerings? I confess I haven't read them and simply posted them as a resource read.
My complaint with Schneier is when he ventures into aviation security or other areas where he doesn't know what he is talking about.
-
WASHINGTON—The U.S. government accused the Chinese of being the world's "most active and persistent" perpetrators of economic spying, an unusual move designed to spur stronger U.S. and international action to combat rampant industrial espionage threatening U.S. economic growth.
Russian intelligence agents also are conducting extensive spying to collect U.S. economic data and technology, according to a U.S. intelligence report released Thursday that concluded China and Russia are "the most aggressive collectors" of U.S. economic information and technology.
"The nations of China and Russia, through their intelligence services and through their corporations, are attacking our research and development," said U.S. counterespionage chief Robert Bryant.
Mr. Bryant spoke at a rare public event Thursday to roll out the report by his staff at the Office of the National Counterintelligence Executive. The report focuses on spying primarily for commercial and economic purposes, as opposed to national security. "This is a national, long-term, strategic threat to the United States of America," he said. "This is an issue where failure is not an option."
The bulk of this theft of U.S. corporate and economic secrets is carried out in cyberspace, where vast volumes of data can be stolen in seconds, according to U.S. intelligence officials. The spying campaigns have reached a crescendo, they said, as U.S. government and business operations have grown extraordinarily reliant on communication technology.
The U.S. is a prime target of economic espionage by countries like China and Russia that seek to build up their domestic industries with stolen technology and intellectual property from more advanced U.S. firms, officials say. The leading areas of theft are components of the U.S. economy: information technology, military technology, and clean-energy and medical technology.
A lot of U.S. companies like to say they'll beat the Chinese at what the U.S. does best - innovation. They'll simply run faster than the Chinese. The problem is, they may not have history on their side. John Bussey has details on The News Hub.
It's illegal under U.S. law to steal corporate secrets from other companies, and there is less incentive for U.S. companies to pilfer from countries that are less developed.
Allies of the U.S. have also gotten in the game of stealing industrial secrets, the report said. It did not name those countries, but officials privately acknowledge that Israel and France have tried to steal U.S. secrets.
Thursday's report was unusual because it called out China and Russia by name as the top perpetrators of economic espionage, which is something U.S. officials have been reluctant to do for fear of harming diplomatic relations.
"When you hide these things, nobody does anything about them," said Alan Paller, director of research for the SANS Institute cybersecurity firm who also spoke at the rollout of the report.
A senior intelligence official said it was necessary to single out specific countries in order to confront the problem and attempt contain a threat that has gotten out of control. Economic espionage is condoned by both China and Russia and is part of each country's national economic development policy, the official said.
The Chinese government is believed to have been behind a number of recent high-profile cyber attacks, including multiple hacks of Google Inc. and the EMC Corp.'s RSA unit, a security company that makes the numerical tokens used by millions of corporate employees to access their network.
Cyberattacks revealed earlier this year on Lockheed Martin Corp. and the International Monetary Fund are also believed be traced to China.
The threat will accelerate in the coming years and presents "a growing and persistent threat" to U.S. economic security, according to the intelligence report, which reflects the views of 14 U.S. intelligence agencies.
At the Chinese Embassy in Washington, spokesman Wang Baodong called the U.S. charges "unwarranted allegations" that were part of a "demonizing effort against China." The Russian Embassy didn't respond to requests to comment but has in the past denied allegations of cyberspying.
The U.S government doesn't have calculations of the economic losses due to economic cyberespionage. The senior U.S. intelligence official cited estimates of $50 billion in losses in 2009 due to lost intellectual property and counterfeiting, through all means of theft, including cyber break-ins.
"If our research and development—$400 billion a year—is pilfered, frankly, it will destroy part of our economic viability in this country," Mr. Bryant said.
Industrial espionage poses a number of national-security threats to the U.S., including the risk that stolen military technology will be handed to hostile countries like North Korea or Iran, the intelligence report concluded.
WSJ's Chana Schoenberger has details of U.S. companies being deterred from taking advantage of easy access to the Chinese Yuan by bureaucracy and paperwork. Photo: STR/AFP/Getty Images
.Government-sponsored economic spying is growing, the senior official said. Officials wouldn't say, however, how much of the industrial spying is believed to be from government agents, though they said government, intelligence services, and private organizations and individuals all took part.
U.S. officials have confronted foreign counterparts with allegations of industrial espionage, the senior U.S. official said, but the official declined to provide an example or cite a particular country's government. More confrontations are necessary, the official said, to begin to curb the spying.
One proposal intelligence officials are considering is building the cyberattack equivalent of the National Counterterrorism Center, which merges terrorism data from intelligence agencies and state and local governments.
Write to Siobhan Gorman at siobhan.gorman@wsj.com
Read more: http://online.wsj.com/article/SB10001424052970203716204577015540198801540.html#ixzz1ck80QQuH
-
By SIOBHAN GORMAN
WASHINGTON—U.S. intelligence agencies have pinpointed many of the Chinese groups responsible for cyberspying in the U.S., and most are sponsored by the Chinese military, according to people who have been briefed on a U.S. intelligence investigation.
Enlarge Image
CloseREUTERS
U.S. Air Force personnel work in the Air Force Space Command Network Operations & Security Center at Peterson Air Force Base in Colorado Springs, Colorado in a July 2010 file photo.
.Armed with this information, the U.S. has begun to lay the groundwork to confront China more directly about its expansive cyberspying campaign. Two weeks ago, U.S. officials met with Chinese counterparts and warned China about the diplomatic consequences of economic spying, according to a former official familiar with the meeting.
The Chinese cyberspying campaign stems largely from a dozen groups connected to China's People's Liberation Army and a half-dozen nonmilitary groups connected to organizations like universities, said those who were briefed on the investigation. Two other groups play a significant role, though investigators haven't determined whether they are connected to the military.
In many cases, the National Security Agency has determined the identities of individuals working in these groups, which is a critical development that provides the U.S. the option of confronting the Chinese government more directly about the activity or responding with a counterattack, according to former officials briefed on the effort.
"It's actually a small number of groups that do most of the PLA's dirty work," said James Lewis, a cybersecurity specialist at the Center for Strategic and International Studies who frequently advises the Obama administration. "NSA is pretty confident of their ability to attribute [cyberespionage] to this set of actors."
In early November, the U.S. chief of counterintelligence issued a report that was unusually blunt in accusing China of being the world's "most active and persistent" perpetrator of economic spying. Lawmakers have also become more vocal in calling out China for its widening campaign of cyberespionage.
Still, diplomatic considerations may limit the U.S. interest in taking a more confrontational approach because some U.S. officials are wary of angering China, the largest holder of U.S. debt. Chinese officials regularly dispute U.S. allegations of cyberspying, saying they are the victims, not the perpetrators, of cybercrime and cyberespionage.
Identifying adversaries has been difficult because it is easy to fake identities and locations in cyberspace. An inability to tie cyberspying activities with precision to a certain actor has in the past limited the U.S.'s ability to respond because it is hard to retaliate or confront an unidentified adversary.
The U.S. government, led by the National Security Agency, has tracked the growing Chinese cyberspying campaign against the U.S. for decades. Past government efforts have had exotic names like "Titan Rain," and "Byzantine Hades.
"More recently, NSA and other intelligence agencies have made significant advances in attributing cyberattacks to specific sources—mostly in China's People's Liberation Army—by combining cyberforensics with ongoing intelligence collection through electronic and human spying, Mr. Lewis said.
The U.S. investigation of China's activities is the latest round of spy-versus-spy in cyberspace.
The activity breaks down into cyberspying efforts by 20 groups with different attack styles that are responsible for most of the cybertheft of U.S. secrets, said the people briefed on the investigation. U.S. intelligence officials have given different classified code names to each group.
U.S. intelligence officials can identify different groups based on a variety of indicators. Those characteristics include the type of cyberattack software they use, different Internet addresses they employ when stealing data, and how attacks are carried out against different targets. In addition to U.S. government agencies, major targets of these groups include U.S. defense contractors, according to former officials.
Collectively, these groups employ hundreds of people, according to former officials briefed on the effort. That number is believed to be small compared to the estimated 30,000 to 40,000 censors the Chinese government is believed to employ to patrol the Internet.
-
JEFF ST. JOHN: NOVEMBER 21, 2011
Reports Claim First-Ever Cyber Attack on US Utility
The first cyber attack on utility infrastructure may have finally arrived via a hacked SCADA system and a broken-down water pump in rural Illinois.
We’ve been reporting for years how linking the internet to grid communications and control technology could open the country’s utilities to cyber attack. On Friday came reports of what may be the first such hack to cause physical damage to the country’s electric, water or gas infrastructure -- a burned-out water pump at a small utility in Illinois.
That’s not such a big deal in terms of damage caused. But if the report is true, it indicates that nefarious actors may have strung together several key stages of security vulnerabilities to infiltrate, then take control of, a piece of automated utility infrastructure -- and that could be a very big deal indeed.
Here’s the story. Earlier this month, workers at a small utility in central Illinois found a problem with the SCADA industrial controls that manage their water system, including a damaged water pump. An investigation by an IT services company found that the SCADA system had been hacked into by a computer in Russia, according to Joe Weiss, managing partner of cybersecurity firm Applied Control Solutions in Cupertino, Calif.
Weiss, who cited a report he said came from the Illinois Statewide Terrorism and Intelligence Center (ISTIC), said that unknown hackers had taken over control of the SCADA system and turned the pump on and off until it burned out. The hackers had apparently stolen entry credentials from a company that makes software to access the SCADA system -- and Weiss said the same hackers could be planning future attacks using the same means and methods.
The U.S. Department of Homeland Security has told multiple news agencies reporting on this matter that it has no evidence that indicates there is a risk to utilities or public safety. Still, DHS and the FBI are investigating the matter.
Breaking Down the Risks
We need to wait for more facts to emerge on this murky matter. But there’s no getting around the fact that security is a major challenge for utilities that are seeking to secure legacy control systems that are being hooked up to the internet for the first time. Let’s break down the alleged SCADA hack in Illinois, and see how it could have happened, taking as examples some of the cybersecurity problems that have been identified for utilities over the past few years.
First, where could potential attackers have found the credentials they needed to access a utility SCADA system? One significant possibility is that the hackers took advantage of poor human management of security by fooling employees into turning over critical passwords or other credential information that they could exploit. That kind of “social engineering” is still a key concern for utility security, and requires employee training as much as software expertise to prevent.
Human failures can also open newly networked utility systems to remote attacks. Tom Parker, vice president at computer security firm FusionX, showed at a Black Hat conference in August how he could use simple code and Google searches to theoretically take control of a water treatment facility’s remote terminal units (RTUs), particularly when the RTUs are protected by the password “1234” -- the easiest password to guess besides the word “password” itself.
Even if SCADA system operators aren’t using idiotic passwords and are taking proper measures to protect their security credentials, there are harder-to-prevent ways to pull access and security data out of them. One scary possibility is that the hackers had accessed the utility’s SCADA system for months beforehand, and are currently worming their way into others, using more sophisticated cyber-intrusion tools.
Worming Into SCADA Systems?
Take Duqu and Stuxnet -- two words that are probably meaningless to most people, but which strike fear into SCADA system operators around the world. First came Stuxnet, a virus that is believed to have been targeting Iran’s nuclear materials program by infecting Windows computers and thence infiltrating SCADA systems built by Siemens, all with the goal of causing malfunctions in uranium enrichment centrifuge equipment.
It was just about a year ago that cybersecurity experts first discovered Stuxnet, but it’s believed that the virus may have been introduced years beforehand -- meaning that SCADA systems around the world may be carrying a version of it right now. While the hope is that the virus was targeting only Iranian centrifuges, the idea that similar viruses could use the same techniques to do more damage remains high on the list of concerns for smart grid cybersecurity experts.
More recently, those concerns have refocused on a computer virus known as Duqu. Whether or not it’s related to Stuxnet remains a point of contention, but it appears to operate in a similar way, by exploiting a vulnerability in Windows to lodge itself inside servers and collect data passing through them, which could allow for espionage or gathering security data for further exploitation.
The Duqu virus has been shifting around the world, from India to Europe, Africa and Indonesia (and reportedly back to Iran), as security experts seek to track it down and eliminate it. While no exploitation has been found in the utility industry as of yet, its ability to infect Windows machines should give it access to almost any industry out there.
Using Controls to Wreak Havoc
Unfortunately, once hackers have gotten access to a SCADA system, there are plenty of actions they can take to damage the system they’ve hijacked. Back in 2007, reports emerged of a DHS experiment that showed how the control system of gas-fired generator at the Department of Energy’s Idaho National Lab could be hacked in a way that destroyed the generator, using a mock-up of a typical power plant’s control system.
The U.S. utility industry has had four years since that demonstration to try to fix any similar vulnerabilities in their power plant controls systems, but it’s unclear if they’ve made much progress. The North American Electricity Reliability Council (NERC), an industry group in charge of setting critical infrastructure protection (CIP) guidelines for U.S. and Canadian utilities, has just this year begun auditing utilities on the compliance they’ve been self-reporting over the past few years.
NERC recently held a grid security exercise for utilities seeking to comply with its “critical infrastructure protection” program, which might provide some examples of the security precautions that are being tackled.
While outside attacks are the subject of much of our recent worries, it was an inside job that gave the world a sense of just how much havoc a SCADA system takeover could wreak. In 2000, a disgruntled former employee of a Queensland, Australia water treatment plant decided to remotely access the system and release millions of gallons of sewage into nearby streams and parks. Though he served two years in jail for the act, that didn’t stop it from happening.
To guard against these kinds of attacks, experts recommend multiple layers of security to detect and prevent such unusual and knowingly self-destructive commands. Preventing intrusion is the first line of defense, but stopping an attack in progress will be equally important. After all, the IT industry’s experience with hackers has shown that it’s almost impossible to anticipate all the clever ways hackers are working on their next exploits.
There’s little doubt that U.S. national security officials are worried about the potential threats that could come from connecting SCADA systems to the internet. Will utilities decide to cope with the threat by unplugging those systems, thus essentially turning back the clock on the smart grid? Or will they be able to manage the new security challenges that come along with the benefits of networking and integrating the grid? Looks like we’ll be talking a lot more about these subjects, thanks to a broken-down water pump in Illinois.
-
Woof,
This, along with a Sentinel stealth done losing it's satellite tether and gliding to a landing in Iran, might be of concern.
By Jason Ryan
@JasonRyanABC
Follow on Twitter
Nov 16, 2011 8:11pm
US Satellites Compromised by Malicious Cyber Activity
On at least two occasions, hackers have taken over U.S. satellites and targeted their command-and-control systems, a report by the U.S.-China Economic and Security Review Commission revealed today.
The incidents involved two Earth observation satellites. While it may be difficult to trace who hacked the satellites, U.S. officials acknowledged the incidents had to come from a nation power.
U.S. officials cannot clearly trace the incidents to China, but the report released by the by congressionally mandated commission noted that Chinese military writings made reference to attacks on ground-based space communications facilities.
“Chinese military writings advocate attacks on space-to ground communications links and ground-based satellite control facilities in the event of a conflict. Such facilities may be vulnerable,” the report noted, “In recent years, two U.S. government satellites have experienced interference apparently consistent with the cyber exploitation of their control facility.”
The report noted that some of the malicious cyber activity targeting the satellites involved NASA’s Terra EOS satellite being targeted in June 2008 and again in October 2008. The June incident resulted in the satellite being interfered with for two minutes and the October incident lasted at least nine minutes.
The report noted that in both instances, “The responsible party achieved all steps required to command the satellite but did not issue commands.”
NASA confirmed in a separate statement: “NASA experienced two suspicious events with the Terra spacecraft in the summer and fall of 2008. We can confirm that there was no manipulation of data, no commands were successfully sent to the satellite, and no data was captured. NASA notified the Department of Defense, which is responsible for investigating any attempted interference with satellite operations.”
The report noted that the Landsat-7 satellite operated by the U.S. Geological Survey experienced similar interference and events in 2007 and 2008 but added that the entity behind that incident did not achieve the ability to control the satellite.
Artist's rendering of the Terra Satellite (source: NASA)
The report mentions the serious implications the intrusions could have on the satellite systems, particularly if they were directed against more sensitive systems such as military or communications satellites.
“If executed successfully, such interference has the potential to pose numerous threats, particularly if achieved against satellites with more sensitive functions. For example, access to a satellite’s controls could allow an attacker to damage or destroy the satellite,” the report read.
“The attacker could also deny or degrade as well as forge or otherwise manipulate the satellite’s transmission,” the report added. “A high level of access could reveal the satellite’s capabilities or information, such as imagery, gained through its sensors. Opportunities may also exist to reconnoiter or compromise other terrestrial or space based networks used by the satellite.”
-
Iran claims its experts almost done recovering data from captured US drone
Nasser Karimi, The Associated Press Dec 12, 2011 13:45:00 PM
0
TEHRAN, Iran - Iranian experts are in the final stages of recovering data from the U.S. surveillance drone captured by the country's armed forces, state TV reported Monday.
Tehran has flaunted the capture of the RQ-170 Sentinel, a top-secret aircraft with stealth technology, as a victory for Iran and a defeat for the United States in a complicated intelligence and technological battle.
President Barack Obama said Monday that the U.S. was pressing Iran to return the aircraft, which U.S. officials say malfunctioned and was not brought down by Iran. But a senior commander of Iran's Revolutionary Guard said on Sunday that the country would not send it back, adding that "no one returns the symbol of aggression."
Iranian lawmaker Parviz Sorouri, a member of the parliament's national security and foreign policy committee, said Monday the extracted information will be used to file a lawsuit against the United States for what he called the "invasion" by the unmanned aircraft.
Sorouri also claimed that Iran has the capability to reproduce the drone through reverse engineering, but he did not elaborate.
State TV broadcast images Thursday of Iranian military officials inspecting what it identified as the drone. Iranian state media have said the unmanned spy aircraft was detected and brought down over the country's east, near the border with Afghanistan.
Officers in the Revolutionary Guard, Iran's most powerful military force, have claimed the country's armed forces brought down the surveillance aircraft with an electronic ambush, causing minimum damage to the drone.
American officials have said that U.S. intelligence assessments indicate that Iran neither shot the drone down, nor used electronic or cybertechnology to force it from the sky. They contend the drone malfunctioned. The officials spoke anonymously in order to discuss the classified program.
U.S. officials are concerned others may be able to reverse engineer the chemical composition of the drone's radar-deflecting paint or the aircraft's sophisticated optics technology that allows operators to positively identify terror suspects from tens of thousands of feet in the air.
They are also worried adversaries may be able to hack into the drone's database, although it is not clear whether any data could be recovered. Some surveillance technologies allow video to stream through to operators on the ground but do not store much collected data. If they do, it is encrypted.
Separately, in comments to the semi-official ISNA news agency, Sorouri said Iran would soon hold a navy drill to practice the closure of the strategic Strait of Hormuz at the mouth of the Persian Gulf, which is the passageway for about 40 per cent of the world's oil tanker traffic.
Despite Sorouri's comments and past threats that Iran could seal off the waterway if the U.S. or Israel moved against Iranian nuclear facilities, no such exercise has been officially announced.
"Iran will make the world unsafe" if the world attacks Iran, Sorouri said.
Both the U.S. and Israel have not rule out military option against Iran's controversial nuclear program, which the West suspects is aimed at making atomic weapons. Iran denies the charge, saying its nuclear activities are geared toward peaceful purposes like power generation.
In another sign of the increasing tensions between Iran and the U.S., Tehran said Monday it has asked Interpol to help seek the arrest of two former U.S. officials it accuses of supporting the assassinations of Iranian officials.
Iran's state prosecutor, Gholamhossein Mohseni Ejehei, told reporters that Iran has filed charges against retired U.S. Army Gen. Jack Keane and former CIA agent Reuel Marc Gerecht.
Ejehei said Iran sent a request to Interpol in Paris to help pursue the two Americans through its office in Washington.
Iran says the two men urged the Obama administration to use covert action against Iran and kill some of its top officials, including Brig. Gen. Ghassem Soleimani commander of the Quds Force, the special foreign operations unit of the Revolutionary Guard.
-
http://www.wired.com/threatlevel/2011/11/water-pump-hack-mystery-solved/
Exclusive: Comedy of Errors Led to False ‘Water-Pump Hack’ Report
Threat Level Privacy, Crime and Security Online Previous post Next post Exclusive: Comedy of Errors Led to False ‘Water-Pump Hack’ Report
By Kim Zetter November 30, 2011 | 5:54 pm | Categories: Cybersecurity, Hacks and Cracks
Jim Mimlitz on vacation in Russia last June with his wife and three daughters. Photo courtesy of Jim Mimlitz.
It was the broken water pump heard ’round the world.
Cyberwar watchers took notice this month when a leaked intelligence memo claimed Russian hackers had remotely destroyed a water pump at an Illinois utility. The report spawned dozens of sensational stories characterizing it as the first-ever reported destruction of U.S. infrastructure by a hacker. Some described it as America’s very own Stuxnet attack.
Except, it turns out, it wasn’t. Within a week of the report’s release, DHS bluntly contradicted the memo, saying that it could find no evidence that a hack occurred. In truth, the water pump simply burned out, as pumps are wont to do, and a government-funded intelligence center incorrectly linked the failure to an internet connection from a Russian IP address months earlier.
Now, in an exclusive interview with Threat Level, the contractor behind that Russian IP address says a single phone call could have prevented the string of errors that led to the dramatic false alarm.
“I could have straightened it up with just one phone call, and this would all have been defused,” said Jim Mimlitz, founder and owner of Navionics Research, who helped set up the utility’s control system. ”They assumed Mimlitz would never ever have been in Russia. They shouldn’t have assumed that.”
Mimlitz’s small integrator company helped set up the Supervisory Control and Data Acquisition system (SCADA) used by the Curran Gardner Public Water District outside of Springfield, Illinois, and provided occasional support to the district. His company specializes in SCADA systems, which are used to control and monitor infrastructure and manufacturing equipment.
Mimlitz says last June, he and his family were on vacation in Russia when someone from Curran Gardner called his cell phone seeking advice on a matter and asked Mimlitz to remotely examine some data-history charts stored on the SCADA computer.
Mimlitz, who didn’t mention to Curran Gardner that he was on vacation in Russia, used his credentials to remotely log in to the system and check the data. He also logged in during a layover in Germany, using his mobile phone.
“I wasn’t manipulating the system or making any changes or turning anything on or off,” Mimlitz told Threat Level.
But five months later, when a water pump failed, that Russian IP address became the lead character in a 21st-century version of a Red Scare movie.
Jim Mimlitz at the airport in Frankfurt, Germany, during a layover last June on his way to Russia. Courtesy of Jim Mimlitz.
On Nov. 8, a water district employee investigating the pump failure called in a contract computer repairman to check it out. The repairman examined the logs on the SCADA system and saw the Russian IP address connecting to the system in June. Mimlitz’s username appeared in the logs next to the IP address.
The water district passed the information to the Environmental Protection Agency, which governs rural water systems. “Why we did that, I think it was just out of an abundance of caution,” says Don Craven, a water district trustee. “If we had a problem we would have to report it to EPA eventually.”
But from there, the information made its way to the Illinois Statewide Terrorism and Intelligence Center, a so-called fusion center composed of Illinois State Police and representatives from the FBI, DHS and other government agencies.
Even though Mimlitz’s username was connected to the Russian IP address in the SCADA log, no one from the fusion center bothered to call him to ask if he had logged in to the system from Russia. Instead, the center released a report on Nov. 10 titled “Public Water District Cyber Intrusion” that connected the broken water pump to the Russian log-in five months earlier, inexplicably stating that the intruder from Russia had turned the SCADA system on and off, causing the pump to burn out.
“And at that point … all hell broke loose,” Craven said.
Whoever wrote the fusion center report assumed that someone had hacked Mimlitz’s computer and stolen his credentials in order to use them to hack into Curran Gardner’s SCADA system and sabotage the water pump. It’s not clear whether it was the computer repairman or the fusion center that first jumped to this conclusion.
A spokeswoman for the Illinois State Police, which is responsible for the fusion center, pointed the finger at local representatives of DHS, FBI and other agencies who are responsible for compiling information that gets released by the fusion center.
“We did not create the report,” said spokeswoman Monique Bond. “The report is created by a number of agencies, including the Department of Homeland Security, and we basically are just the facilitator of the report. It doesn’t originate from the [fusion center] but is distributed by the [fusion center].”
But DHS is pointing the finger back at the fusion center, saying if the report had been DHS-approved, six different offices would have had to sign off on it.
“Because this was an Illinois [fusion center] product, it did not undergo such a review,” a DHS official said.
The report was released on a mailing list that goes to emergency management personnel and others, and found its way to Joe Weiss, managing partner of Applied Control Solutions, who wrote a blog post about it and provided information from the document to reporters.
The subsequent media blitz identified the intrusion as the first real hack attack against a SCADA system in the U.S., something that Weiss and others in the security industry have been predicting would happen for years.
The hack was news to Mimlitz.
He put two and two together, after glancing through his phone records, and realized the Russian “hacker” the stories were referring to was him.
Teams from the FBI and DHS’s Industrial Control Systems-Cyber Emergency Response Team (ICS-CERT) subsequently arrived in Illinois to investigate the intrusion and quickly determined, after speaking with Mimlitz and examining the logs, that the fusion center report was wrong and should never have been released.
“I worked real close with the FBI and was on speakerphone with the fly-in team from CERT, and all of them were a really sharp bunch and very professional,” Mimlitz said.
DHS investigators also quickly determined that the failed pump was not the result of a hack attack at all.
“The system has a lot of logging capability,” Mimlitz said. “It logs everything. All of the logs showed that the pump failed for some electrical-mechanical reason. But it did not have anything to do with the SCADA system.”
Mimlitz said there was also nothing in the logs to indicate that the SCADA system had been turned on and off.
He cleared up another mystery in the fusion report as well. The report indicated that for two to three months prior to the pump failure, operators at Curran Gardner had noticed “glitches” in their remote access system, suggesting the glitches were related to the suspected cyber intrusion.
But Mimlitz said the remote access system was old and had been experiencing problems ever since it was modified by another contractor.
“They had made some modifications about a year ago that was creating problems logging in,” he said. “It was an old computer … and they had made network modifications that I don’t think were done correctly. I think that’s why they were seeing problems.”
Joe Weiss says he’s shocked that a report like this was put out without any of the information in it being investigated and corroborated first.
“If you can’t trust the information coming from a fusion center, what is the purpose of having the fusion center sending anything out? That’s common sense,” he said. “When you read what’s in that [report] that is a really, really scary letter. How could DHS not have put something out saying they got this [information but] it’s preliminary?”
Asked if the fusion center is investigating how information that was uncorroborated and was based on false assumptions got into a distributed report, spokeswoman Bond said an investigation of that sort is the responsibility of DHS and the other agencies who compiled the report. The center’s focus, she said, was on how Weiss received a copy of the report that he should never have received.
“We’re very concerned about the leak of controlled information,” Bond said. “Our internal review is looking at how did this information get passed along, confidential or controlled information, get disseminated and put into the hands of users that are not approved to receive that information. That’s number one.”
Additional reporting by Ryan Voyles in Illinois.
-
Woof GM,
Ha! Good update. :lol:
P.C.
-
Woof GM,
Ha! Good update. :lol:
P.C.
Even though that one wasn't an attack, the vulnerability of SCADA systems are a real concern.
-
Exclusive: Iran hijacked US drone, says Iranian engineer
In an exclusive interview, an engineer working to unlock the secrets of the captured RQ-170 Sentinel says they exploited a known vulnerability and tricked the US drone into landing in Iran.
By Scott Peterson, Payam Faramarzi* | Christian Science Monitor – 11 hrs agoEmail
Iran guided the CIA's "lost" stealth drone to an intact landing inside hostile territory by exploiting a navigational weakness long-known to the US military, according to an Iranian engineer now working on the captured drone's systems inside Iran.
Iranian electronic warfare specialists were able to cut off communications links of the American bat-wing RQ-170 Sentinel, says the engineer, who works for one of many Iranian military and civilian teams currently trying to unravel the drone’s stealth and intelligence secrets, and who could not be named for his safety.
Using knowledge gleaned from previous downed American drones and a technique proudly claimed by Iranian commanders in September, the Iranian specialists then reconfigured the drone's GPS coordinates to make it land in Iran at what the drone thought was its actual home base in Afghanistan.
"The GPS navigation is the weakest point," the Iranian engineer told the Monitor, giving the most detailed description yet published of Iran's "electronic ambush" of the highly classified US drone. "By putting noise [jamming] on the communications, you force the bird into autopilot. This is where the bird loses its brain."
The “spoofing” technique that the Iranians used – which took into account precise landing altitudes, as well as latitudinal and longitudinal data – made the drone “land on its own where we wanted it to, without having to crack the remote-control signals and communications” from the US control center, says the engineer.
The revelations about Iran's apparent electronic prowess come as the US, Israel, and some European nations appear to be engaged in an ever-widening covert war with Iran, which has seen assassinations of Iranian nuclear scientists, explosions at Iran's missile and industrial facilities, and the Stuxnet computer virus that set back Iran’s nuclear program.
Now this engineer’s account of how Iran took over one of America’s most sophisticated drones suggests Tehran has found a way to hit back. The techniques were developed from reverse-engineering several less sophisticated American drones captured or shot down in recent years, the engineer says, and by taking advantage of weak, easily manipulated GPS signals, which calculate location and speed from multiple satellites.
Western military experts and a number of published papers on GPS spoofing indicate that the scenario described by the Iranian engineer is plausible.
"Even modern combat-grade GPS [is] very susceptible” to manipulation, says former US Navy electronic warfare specialist Robert Densmore, adding that it is “certainly possible” to recalibrate the GPS on a drone so that it flies on a different course. “I wouldn't say it's easy, but the technology is there.”
In 2009, Iran-backed Shiite militants in Iraq were found to have downloaded live, unencrypted video streams from American Predator drones with inexpensive, off-the-shelf software. But Iran’s apparent ability now to actually take control of a drone is far more significant.
Iran asserted its ability to do this in September, as pressure mounted over its nuclear program.
Gen. Moharam Gholizadeh, the deputy for electronic warfare at the air defense headquarters of the Islamic Revolutionary Guard Corps (IRGC), described to Fars News how Iran could alter the path of a GPS-guided missile – a tactic more easily applied to a slower-moving drone.
“We have a project on hand that is one step ahead of jamming, meaning ‘deception’ of the aggressive systems,” said Gholizadeh, such that “we can define our own desired information for it so the path of the missile would change to our desired destination.”
Gholizadeh said that “all the movements of these [enemy drones]” were being watched, and “obstructing” their work was “always on our agenda.”
That interview has since been pulled from Fars’ Persian-language website. And last month, the relatively young Gholizadeh died of a heart attack, which some Iranian news sites called suspicious – suggesting the electronic warfare expert may have been a casualty in the covert war against Iran.
Iran's growing electronic capabilities
Iranian lawmakers say the drone capture is a "great epic" and claim to be "in the final steps of breaking into the aircraft's secret code."
Secretary of Defense Leon Panetta told Fox News on Dec. 13 that the US will "absolutely" continue the drone campaign over Iran, looking for evidence of any nuclear weapons work. But the stakes are higher for such surveillance, now that Iran can apparently disrupt the work of US drones.
US officials skeptical of Iran’s capabilities blame a malfunction, but so far can't explain how Iran acquired the drone intact. One American analyst ridiculed Iran’s capability, telling Defense News that the loss was “like dropping a Ferrari into an ox-cart technology culture.”
Yet Iran’s claims to the contrary resonate more in light of new details about how it brought down the drone – and other markers that signal growing electronic expertise.
A former senior Iranian official who asked not to be named said: "There are a lot of human resources in Iran.... Iran is not like Pakistan."
“Technologically, our distance from the Americans, the Zionists, and other advanced countries is not so far to make the downing of this plane seem like a dream for us … but it could be amazing for others,” deputy IRGC commander Gen. Hossein Salami said this week.
According to a European intelligence source, Iran shocked Western intelligence agencies in a previously unreported incident that took place sometime in the past two years, when it managed to “blind” a CIA spy satellite by “aiming a laser burst quite accurately.”
More recently, Iran was able to hack Google security certificates, says the engineer. In September, the Google accounts of 300,000 Iranians were made accessible by hackers. The targeted company said "circumstantial evidence" pointed to a "state-driven attack" coming from Iran, meant to snoop on users.
Cracking the protected GPS coordinates on the Sentinel drone was no more difficult, asserts the engineer.
US knew of GPS systems' vulnerability
Use of drones has become more risky as adversaries like Iran hone countermeasures. The US military has reportedly been aware of vulnerabilities with pirating unencrypted drone data streams since the Bosnia campaign in the mid-1990s.
Top US officials said in 2009 that they were working to encrypt all drone data streams in Iraq, Pakistan, and Afghanistan – after finding militant laptops loaded with days' worth of data in Iraq – and acknowledged that they were "subject to listening and exploitation."
Perhaps as easily exploited are the GPS navigational systems upon which so much of the modern military depends.
"GPS signals are weak and can be easily outpunched [overridden] by poorly controlled signals from television towers, devices such as laptops and MP3 players, or even mobile satellite services," Andrew Dempster, a professor from the University of New South Wales School of Surveying and Spatial Information Systems, told a March conference on GPS vulnerability in Australia.
"This is not only a significant hazard for military, industrial, and civilian transport and communication systems, but criminals have worked out how they can jam GPS," he says.
The US military has sought for years to fortify or find alternatives to the GPS system of satellites, which are used for both military and civilian purposes. In 2003, a “Vulnerability Assessment Team” at Los Alamos National Laboratory published research explaining how weak GPS signals were easily overwhelmed with a stronger local signal.
“A more pernicious attack involves feeding the GPS receiver fake GPS signals so that it believes it is located somewhere in space and time that it is not,” reads the Los Alamos report. “In a sophisticated spoofing attack, the adversary would send a false signal reporting the moving target’s true position and then gradually walk the target to a false position.”
The vulnerability remains unresolved, and a paper presented at a Chicago communications security conference in October laid out parameters for successful spoofing of both civilian and military GPS units to allow a "seamless takeover" of drones or other targets.
To “better cope with hostile electronic attacks,” the US Air Force in late September awarded two $47 million contracts to develop a "navigation warfare" system to replace GPS on aircraft and missiles, according to the Defense Update website.
Official US data on GPS describes "the ongoing GPS modernization program" for the Air Force, which "will enhance the jam resistance of the military GPS service, making it more robust."
Why the drone's underbelly was damaged
Iran's drone-watching project began in 2007, says the Iranian engineer, and then was stepped up and became public in 2009 – the same year that the RQ-170 was first deployed in Afghanistan with what were then state-of-the-art surveillance systems.
In January, Iran said it had shot down two conventional (nonstealth) drones, and in July, Iran showed Russian experts several US drones – including one that had been watching over the underground uranium enrichment facility at Fordo, near the holy city of Qom.
In capturing the stealth drone this month at Kashmar, 140 miles inside northeast Iran, the Islamic Republic appears to have learned from two years of close observation.
Iran displayed the drone on state-run TV last week, with a dent in the left wing and the undercarriage and landing gear hidden by anti-American banners.
The Iranian engineer explains why: "If you look at the location where we made it land and the bird's home base, they both have [almost] the same altitude," says the Iranian engineer. "There was a problem [of a few meters] with the exact altitude so the bird's underbelly was damaged in landing; that's why it was covered in the broadcast footage."
Prior to the disappearance of the stealth drone earlier this month, Iran’s electronic warfare capabilities were largely unknown – and often dismissed.
"We all feel drunk [with happiness] now," says the Iranian engineer. "Have you ever had a new laptop? Imagine that excitement multiplied many-fold." When the Revolutionary Guard first recovered the drone, they were aware it might be rigged to self-destruct, but they "were so excited they could not stay away."
* Scott Peterson, the Monitor's Middle East correspondent, wrote this story with an Iranian journalist who publishes under the pen name Payam Faramarzi and cannot be further identified for security reasons.
P.C.
-
This is very bad. I have no proof to back it up, but I suspect the big chicken shaped country in asia had a hand in this.
-
PC: Would you please move this to the Military Science thread? TIA.
-
http://www.cnn.com/video/?hpt=hp_c2#/video/us/2012/02/02/warnings-about-cyber-war.cnn
-
By RICHARD A. CLARKE
For most of this year, Arab-Israeli tensions have been spilling off the streets and airwaves and onto the region's fiber optic cables. Citizen hackers on both sides have engaged in tit-for-tat raids on Israeli, Saudi and other regional computer networks. Stock exchanges, airlines, government offices and even hospitals have had their websites defaced or shut down. Credit-card numbers and personal emails have been stolen and posted on the Internet. One Israeli official has labeled the escalating cyber hostility "terrorism" and called for it to be dealt with as such.
It has not been terrorism. No one has died and, so far, nothing has blown up as a result. Indeed, most of the activity has involved the use of relatively commonplace hacker tools and techniques. This ongoing cyber "hacktivism" has, however, demonstrated three things that should cause nations to act.
First, the ease with which the hacktivists have been able to steal data and to shut down Web pages suggests that companies (and perhaps governments) in the region have not yet taken cyber security seriously. Governments in other regions (Asia, Europe, North America) have been educating, assisting and regulating companies to improve their cyber security. There has been a notable lack of such government activity in the Middle East, and that inactivity has opened the way for citizen hackers to cause the mischief we see today.
If the hackers turn their attention to disruption and destruction, as some have threatened, they are likely to find the controls for electric power grids, oil pipelines and precious water systems inadequately secured. If a hacker causes real physical damage to critical systems in that region, it could quickly involve governments retaliating against each other with both cyber and conventional weapons. Middle Eastern governments need to get their citizen hackers under control and better protect their own critical networks, or they will eventually be dragged into unwanted conflict.
Second, the Arab-Israeli hacker exchanges have demonstrated again the lack of any effective international organization to assist in preventing cyber crime and de-escalating tensions among nations in cyberspace. The Budapest Convention on Cyber Crime, which entered into force in July 2004 and has been ratified by more than 40 countries including the U.S., does require nations to assume responsibilities for any attacks that originate in their cyberspace.
But there is still no operations center that a nation can call to get another nation to stop its citizens (or servers in its country) from causing problems. Nations, if they talk at all about these cyber attacks, do so at 19th-century speed with embassies requesting assistance either in person or through a letter.
An international Cyber Risk Reduction Center could be modeled on the Nuclear Risk Reduction Center (NRRC), which I once led at the end of the Cold War. It was created in 1987 to link Washington and Moscow operation centers so the two superpowers could immediately talk with someone on the other side when there appeared to be a nuclear threat or an event that could lead to one. The success of the centers depended on the ability of the two sides to act quickly to stop their own risky activity once they learned about it from the other side.
Now Washington and Moscow are beginning to explore using their NRRC channels to discuss cyber concerns, but neither side yet has the authority or capability quickly to stop malicious cyber activity originating in their own nation. Moreover, there is no international counterpart center.
If, as happened last month, Saudi Arabia's stock market is again knocked offline by a cyber attack originating in Israel (or vice versa), the Saudis should be able to call an international center and seek assistance. Israel, as a member of the international center, should be able to act promptly to see the attack and shut it down. All of that should happen in a few hours. Implicit in such a system would be an "obligation to assist" other members of the international system and to identify and prosecute the culprits. Failure to assist should have consequences such as financial damages or even outside filtering of message traffic to search for attack programs.
The recent hacker exchange should also remind us that just as hacking could escalate to the use of conventional force in the Middle East, the reverse is also true. Bombing Iran, for example, could unleash an Iranian government cyber attack. Israelis say they could handle that, despite the recent evidence to the contrary. Unfortunately, much of the critical infrastructure in the U.S. is still not ready for a sophisticated nation-state cyber attack either.
Mr. Clarke, who served three presidents as a senior White House national security official, now serves on the board of the Middle East Institute. He is the author of "Cyber War: The Next National Security Threat and What to Do About It" (Ecco, 2010).
-
Discussion of the Cyber Security Act of 2012, written by a former DHS general counsel.
http://thehill.com/blogs/congress-blog/technology/212049-cyber-security-act-of-2012-requires-a-liability-protection-bug-fix
-
In Attack on Vatican Web Site, a Glimpse of Hackers’ Tactics
By NICOLE PERLROTH and JOHN MARKOFF
SAN FRANCISCO — The elusive hacker movement known as Anonymous has carried out Internet attacks on well-known organizations like Sony and PBS. In August, the group went after its most prominent target yet: the Vatican.
The campaign against the Vatican, which did not receive wide attention at the time, involved hundreds of people, some with hacking skills and some without. A core group of participants openly drummed up support for the attack using YouTube, Twitter and Facebook. Others searched for vulnerabilities on a Vatican Web site and, when that failed, enlisted amateur recruits to flood the site with traffic, hoping it would crash, according to a computer security firm’s report to be released this week.
The attack, albeit an unsuccessful one, provides a rare glimpse into the recruiting, reconnaissance and warfare tactics used by the shadowy hacking collective.
Anonymous, which first gained widespread notice with an attack on the Church of Scientology in 2008, has since carried out hundreds of increasingly bold strikes, taking aim at perceived enemies including law enforcement agencies, Internet security companies and opponents of the whistle-blower site WikiLeaks.
The group’s attack on the Vatican was confirmed by the hackers and is detailed in a report that Imperva, a computer security company based in Redwood City, Calif., plans to release ahead of a computer security conference here this week. It may be the first end-to-end record of a full Anonymous attack.
Though Imperva declined to identify the target of the attack and kept any mention of the Vatican out of its report, two people briefed on the investigation confirmed that it had been the target. Imperva had a unique window into the situation because it had been hired by the Vatican’s security team as a subcontractor to block and record the assault.
“We have seen the tools and the techniques that were used in this attack used by other criminal groups on the Web,” said Amichai Shulman, Imperva’s chief technology officer. “What set this attack apart from others is it had a clear timeline and evolution, starting from an announcement and recruitment phase that was very public.”
The Vatican declined to comment on the attack. In an e-mail intended for a colleague but accidentally sent to a reporter, a church official wrote: “I do not think it is convenient to respond to journalists on real or potential attacks,” adding, “The more we are silent in this area the better.”
The attack was called Operation Pharisee in a reference to the sect that Jesus called hypocrites. It was initially organized by hackers in South America and Mexico before spreading to other countries, and it was timed to coincide with Pope Benedict XVI’s visit to Madrid in August 2011 for World Youth Day, an international event held every other year that regularly attracts more than a million Catholic youths.
Hackers initially tried to take down a Web site set up by the church to promote the event, handle registrations and sell merchandise. Their goal — according to YouTube messages delivered by an Anonymous figure in a Guy Fawkes mask — was to disrupt the event and draw attention to child sexual abuse by priests, among other issues.
The videos, which have been viewed more than 77,000 times, include a verbal attack on the pope and the young people who “have forgotten the abominations of the Catholic Church.” One calls on volunteers to “prepare your weapons, my dear brother, for this August 17th to Sunday August 21st, we will drop anger over the Vatican.”
Much as in a grass-roots lobbying campaign, the hackers spent weeks spreading their message through their own Web site and social sites like Twitter and Flickr. Their Facebook page called on volunteers to download free attack software and implored them to “stop child abuse” by joining the cause. It featured split-screen images of the pope seated on a gilded throne on one side and starving African children on the other. And it linked to articles about sexual abuse cases and blog posts itemizing the church’s assets.
It took the hackers 18 days to recruit enough people, the report says. Then the reconnaissance began. A core group of roughly a dozen skilled hackers spent three days poking around the church’s World Youth Day site looking for common security holes that could let them inside, the report says. Probing for such loopholes used to be tedious and slow, but the advent of automated tools made it possible for hackers to do this while they slept.
In this case, the scanning software failed to turn up any gaps. So the hackers turned to a brute-force approach — a so-called distributed denial-of-service, or DDoS, attack that involves clogging a site with data requests until it crashes. Even unskilled supporters could take part in this from their computers or smartphones.
“Anonymous is a handful of geniuses surrounded by a legion of idiots,” said Cole Stryker, an author who has researched the movement. “You have four or five guys who really know what they’re doing and are able to pull off some of the more serious hacks, and then thousands of people spreading the word, or turning their computers over to participate in a DDoS attack.”
Over the course of the campaign’s final two days, Anonymous enlisted as many as a thousand people to download attack software, or directed them to custom-built Web sites that let them participate using their cellphones. Visiting a particular Web address caused the phones to instantly start flooding the target Web site with hundreds of data requests each second, with no special software required, the report says.
On the first day, the denial-of-service attack resulted in 28 times the normal traffic to the church site, rising to 34 times the next day. Hackers involved in the attack, who did not identify themselves, said through a Twitter account associated with the campaign that the two-day effort succeeded in slowing the site’s performance and making the page unavailable “in several countries.” Imperva disputed that the site’s performance was affected and said its technologies had successfully siphoned the excess data away from the site.
Anonymous moved on to other targets, including an unofficial site about the pope, which the hackers were briefly able to deface.
Imperva executives say the Vatican’s defenses held up because, unlike Sony and other hacker targets, it invested in the infrastructure needed to repel both break-ins and full-scale assaults.
Researchers who have followed Anonymous say that despite its lack of success in this and other campaigns, recent attacks show the movement is still evolving and, if anything, emboldened. Threatened attacks on the New York Stock Exchange and Facebook last autumn apparently fizzled. But the hackers appeared to regain momentum in January after federal authorities shut down Megaupload, a popular file-sharing site.
In retaliation, hackers affiliated with Anonymous briefly knocked dozens of Web sites offline, including those of the F.B.I., the White House and the Justice Department. At one point, they were able to eavesdrop on a conference call between the F.B.I. and Scotland Yard.
“Part of the reason ‘Op Megaupload’ was so successful is that they’ve learned from their past mistakes,” said Gabriella Coleman, an associate professor at McGill University who has studied Anonymous. Professor Coleman said the hackers had been using a new tool to better protect their anonymity. “Finally people felt safe using it,” she said. “That could explain why it was so big.”
In recent weeks, Anonymous has made increasingly bold threats, at one point promising to “shut the Internet down on March 31” by attacking servers that perform switchboard functions for the Internet.
Security experts now say that a sort of open season has begun. “Who is Anonymous?” asked Rob Rachwald, Imperva’s director of security. “Anyone can use the Anonymous umbrella to hack anyone at anytime.”
Indeed, in the last six months, hackers have attacked everything from pornography sites to the Web portals of Brazilian airlines. And some hackers have been accused of trying to extort money from corporations — all under the banner of Anonymous.
“Anonymous is an idea, a global protest movement, by activists on the streets and by hackers in the network,” the hackers said through the Twitter account. “Anyone can be Anonymous, because we are an idea without leaders who defend freedom and promote free knowledge.”
-
...in Europe and South America.
http://www.msnbc.msn.com/id/46563704
-
http://online.wsj.com/article/SB10001424052702304177104577307773326180032.html?mod=WSJ_hp_mostpop_read
By DEVLIN BARRETT
WASHINGTON—The Federal Bureau of Investigation's top cyber cop offered a grim appraisal of the nation's efforts to keep computer hackers from plundering corporate data networks: "We're not winning," he said.
WSJ's Devlin Barrett reports the FBI is struggling to combat cyberattacks by hackers. "We're not winning," FBI executive assistant director Shawn Henry said. AP Photo/Haraz N. Ghanbari
.Shawn Henry, who is preparing to leave the FBI after more than two decades with the bureau, said in an interview that the current public and private approach to fending off hackers is "unsustainable.'' Computer criminals are simply too talented and defensive measures too weak to stop them, he said.
His comments weren't directed at specific legislation but came as Congress considers two competing measures designed to buttress the networks for critical U.S. infrastructure, such as electrical-power plants and nuclear reactors. Though few cybersecurity experts disagree on the need for security improvements, business advocates have argued that the new regulations called for in one of the bills aren't likely to better protect computer networks.
Mr. Henry, who is leaving government to take a cybersecurity job with an undisclosed firm in Washington, said companies need to make major changes in the way they use computer networks to avoid further damage to national security and the economy. Too many companies, from major multinationals to small start-ups, fail to recognize the financial and legal risks they are taking—or the costs they may have already suffered unknowingly—by operating vulnerable networks, he said.
Enlarge Image
CloseAssociated Press
'You never get ahead, never become secure, never have a reasonable expectation of privacy or security,' says Shawn Henry, executive assistant director of the FBI.
."I don't see how we ever come out of this without changes in technology or changes in behavior, because with the status quo, it's an unsustainable model. Unsustainable in that you never get ahead, never become secure, never have a reasonable expectation of privacy or security,'' Mr. Henry said.
James A. Lewis, a senior fellow on cybersecurity at the Center for Strategic and International Studies, said that as gloomy as Mr. Henry's assessment may sound, "I am actually a little bit gloomier. I think we've lost the opening battle [with hackers].'' Mr. Lewis said he didn't believe there was a single secure, unclassified computer network in the U.S.
"There's a kind of willful desire not to admit how bad things are, both in government and certainly in the private sector, so I could see how [Mr. Henry] would be frustrated,'' he added.
High-profile hacking victims have included Sony Corp., SNE -1.28%which said last year that hackers had accessed personal information on 24.6 million customers on one of its online game services as part of a broader attack on the company that compromised data on more than 100 million accounts. Nasdaq OMX Group Inc., NDAQ -2.57%which operates the Nasdaq Stock Market, also acknowledged last year that hackers had breached a part of its network called Directors Desk, a service for company boards to communicate and share documents. HBGary Federal, a cybersecurity firm, was infiltrated by the hacking collective called Anonymous, which stole tens of thousands of internal emails from the company.
Mr. Henry has played a key role in expanding the FBI's cybersecurity capabilities. In 2002, when the FBI reorganized to put more of its resources toward protecting computer networks, it handled nearly 1,500 hacking cases. Eight years later, that caseload had grown to more than 2,500.
Mr. Henry said FBI agents are increasingly coming across data stolen from companies whose executives had no idea their systems had been accessed.
"We have found their data in the middle of other investigations,'' he said. "They are shocked and, in many cases, they've been breached for many months, in some cases years, which means that an adversary had full visibility into everything occurring on that network, potentially.''
Mr. Henry said that while many company executives recognize the severity of the problem, many others do not, and that has frustrated him. But even when companies build up their defenses, their systems are still penetrated, he said. "We've been playing defense for a long time. ...You can only build a fence so high, and what we've found is that the offense outpaces the defense, and the offense is better than the defense,'' he said.
Testimony Monday before a government commission assessing Chinese computer capabilities underscored the dangers. Richard Bejtlich, chief security officer at Mandiant, a computer-security company, said that in cases handled by his firm where intrusions were traced back to Chinese hackers, 94% of the targeted companies didn't realize they had been breached until someone else told them. The median number of days between the start of an intrusion and its detection was 416, or more than a year, he added.
In one such incident in 2010, a group of Chinese hackers breached the computer defenses of the U.S. Chamber of Commerce, a major business lobbying group, and gained access to everything stored on its systems, including information about its three million members, according to several people familiar with the matter.
In the congressional debate over cybersecurity legislation, the Chamber of Commerce has argued for a voluntary, non-regulatory approach to cybersecurity that would encourage more cooperation and information-sharing between government and business.
Matthew Eggers, a senior director at the Chamber, said the group "is urging policy makers to change the 'status quo' by rallying our efforts around a targeted and effective information-sharing bill that would get the support of multiple stakeholders and come equipped with ample protections for the business community."
The FBI's Mr. Henry said there are some things companies need to change to create more secure computer networks. He said their most valuable data should be kept off the network altogether. He cited the recent case of a hack on an unidentified company in which he said 10 years worth of research and development, valued at more than $1 billion, was stolen by hackers.
He added that companies need to do more than just react to intrusions. "In many cases, the skills of the adversaries are so substantial that they just leap right over the fence, and you don't ever hear an alarm go off,'' he said. Companies "need to be hunting inside the perimeter of their network," he added.
Companies also need to get their entire leadership, from the chief executive to the general counsel to the chief financial officer, involved in developing a cybersecurity strategy, Mr. Henry said. "If leadership doesn't say, 'This is important, let's sit down and come up with a plan right now in our organization; let's have a strategy,' then it's never going to happen, and that is a frustrating thing for me,'' he said.
Write to Devlin Barrett at devlin.barrett@wsj.com
-
http://www.nytimes.com/2012/04/03/opinion/how-china-steals-our-secrets.html
"FOR the last two months, senior government officials and private-sector experts have paraded before Congress and described in alarming terms a silent threat: cyberattacks carried out by foreign governments. Robert S. Mueller III, the director of the F.B.I., said cyberattacks would soon replace terrorism as the agency’s No. 1 concern as foreign hackers, particularly from China, penetrate American firms’ computers and steal huge amounts of valuable data and intellectual property.
It’s not hard to imagine what happens when an American company pays for research and a Chinese firm gets the results free; it destroys our competitive edge. Shawn Henry, who retired last Friday as the executive assistant director of the F.B.I. (and its lead agent on cybercrime), told Congress last week of an American company that had all of its data from a 10-year, $1 billion research program copied by hackers in one night. Gen. Keith B. Alexander, head of the military’s Cyber Command, called the continuing, rampant cybertheft “the greatest transfer of wealth in history.” "
....
-
http://www.scmagazine.com/cyber-warfare-the-next-cold-war/article/232568/
Instead of military assaults, today's adversaries hire coders to create attacks that can run autonomously for years, says Stephen Lawton.
History books tell us that the Cold War ended in roughly 1991 after the dissolution of the Soviet Union. But, today's security practitioners say the Cold War has simply morphed from a threat of armed conflict among major world powers into a battle of computer-savvy “troops” fighting from the comfort of offices.
Instead of countries spending billions of dollars to create new weapons, supply massive armies and spend millions of dollars (or rubles, francs or yuan) fighting conventional attacks against political, economic, religious or commercial foes, today's adversaries hire code-writers to create attacks that can run autonomously for years with little or no human intervention. By repurposing code to spawn new attacks, the cost of cyber warfare can be a fraction of the cost of a conventional war.
While China and Russia generally are considered by industry experts to be the leaders in state-sponsored cyber attacks against the United States, they are not the only countries to have sophisticated espionage infrastructures in place, says Richard Bejtlich, chief security officer at Alexandria, Va.-based Mandiant. Other nations with sophisticated capabilities include North Korea, Iran, France, Israel and, of course, the United States.
North Korea, Bejtlich says, uses technology against its neighbor, South Korea, and to make political statements against the West, generally resulting in attacks against the United States, he says. Iran primarily uses its cyber weaponry to suppress internal dissidents.
In the past, he says, U.S. politicians spoke in general terms about cyber attacks, choosing not to name those believed to be responsible. That all changed late last year when the Office of the National Counter Intelligence Executive released a report, “Foreign Spies Stealing U.S. Economic Secrets in Cyber space,” which specifically identified China and Russia as key participants. However, the report also said U.S. allies are actively involved.
“Certain allies and other countries that enjoy broad access to U.S. government agencies and the private sector conduct economic espionage to acquire sensitive U.S. information and technologies,” the report states. “Some of these states have advanced cyber capabilities.”
It cited four factors that will shape the cyber environment over the next three to five years. These are: A technological shift, including the use of smartphones, laptops and other internet-connected devices; an economic shift that changes the way corporations, government agencies and other organizations share storage, computing, networking and application resources; a cultural shift in the U.S. workforce, where younger employees mix personal and professional activities; and a geopolitical shift as globalization of the supply chain and worker access increase the ability for malicious individuals to compromise the integrity and security of computing devices.
Jared Carstensen, manager of enterprise risk services at Deloitte in Dublin, Ireland, likes to differentiate between cyber crime and cyber espionage because the end goals differ significantly. For an attack to be considered a cyber crime, he says, the adversary does so for financial gain. This typically includes attacks designed to obtain credit card or bank data. Cyber espionage, on the other hand, is designed to steal intellectual property, and/or disable or attack critical infrastructure. It often is performed for political purposes.
Spying has been around since the dawn of man, Carstensen says. Early tribes snooped on other tribes to learn where they found food. Today's sleuths also are looking for the same competitive advantage over their enemies – and even their allies.
In some countries, such as North Korea, students believed to have a propensity for math or technology are trained at an early age as cyber warriors. These academies provide the students with respectability and good pay. In China, for example, the Communist Party codified cyber warfare in 2010, and President Hu Jintao deemed cyber war a priority. Author and retired U.S. Marine Corps Lt. Col. William Hagestad says in an upcoming book that China bases its policies on the Art of War, Sun Tzu's doctrine written around 500 B.C., one of whose tenets is: Keep your friends close, but keep your enemies closer. Chinese officials, however, regularly deny they are involved in any cyber spying efforts.
In the United States, the military is also shifting its war strategy to further prioritize cyber efforts. The soldiers who pilot military drones over Pakistan and Afghanistan actually sit in control rooms at Creech Air Force Base in Nevada. This, Carstensen says, is not unlike cyber attackers who might work out of a hotel to conduct assaults.
However, the level of expertise of foreign cyber attackers varies widely from so-called script-kiddies, who download exploit software that is widely available on the internet, to experienced computer engineers who have either religious or political reasons for staging actions.
Some of these attacks are advanced persistent threats (APTs) that are designed to enter a computer system and perhaps sit dormant for a period of time. The intrusions are designed not to be noticed.
This tactic varies significantly from those of hacktivists, who attack websites with the expressed purpose of drawing attention to the site being breached. Some groups, such as Anonymous and LulzSec, have claimed credit for damage to sites they have compromised.
Unlike hacktivists, cyber spies are so concerned about flying under the radar that once they successfully enter a target system, they actually install security patches to ensure that other attackers are unable to access the system using the same vulnerability, says Daniel Teal, founder and chief technology officer of Austin, Texas-based CoreTrace and a former officer at the Air Force Information Warfare Center (AFIWC). By installing fixes, he says, the attacker will have the compromised systems all to themselves and will not have to worry about a sloppy rival alerting the IT manager that there has been a breach.
Admins might actually see their network performance improve while the attacker ensures that others are unable to infect the environment, Teal says. Because the attacker does not want to draw attention, they simply can leave a back door open so that the malware payload is not accidentally identified by the target network.
Toney Jennings, CEO of CoreTrace, adds that companies might have the equivalent of a “cyber atomic bomb” in the server that “is not doing anything bad today.” That bomb could be set off by an intruder at a later date, well after the initial breach took place. Additionally, he says companies purchasing mission-critical hardware should spot check the “guts” of the new systems, including all device drivers, for malicious code before putting them into production.
Most hardware and software today is developed outside U.S controls, so ensuring it is safe is a good business practice. “It's a valid bit of paranoia,” Jennings says.
Underscoring this concern, an FBI presentation last year detailed how counterfeit Cisco Systems networking equipment originating in China – including network routers, switches, gigabit interface converters and WAN interface cards – was being sold in the United States. “Operation Cisco Raider” resulted in the recovery of 3,500 pirated network devices valued at $3.5 million, James Finch, assistant director of the FBI's cyber division, has said.
Teal says he once discovered, by accident, a malicious device driver for a keyboard he purchased for his daughter's computer. The driver was sending personal information off his home network. He contacted the system manufacturer, Hewlett-Packard, and discovered that the kernel driver was written by a third party. Further investigations by Teal and HP determined that the manufacturer was sending data off the network simply to ensure an internet connection – a task that easily could have been accomplished by sending random data bits without using personal information.
When Bejtlich was the director of incident response at General Electric, the company had an estimated half-million computers, and no shortage of defensive technologies and staff. Even still, he says, with the full resources of a sophisticated IT team and a corporate leader who recognized the need for IT security, the company still was unable to maintain 100 percent effectiveness against intruders or persistent threats.
And now, mobile and cloud
Mandiant's Bejtlich says that despite the best intentions of CISOs and IT staffs, it is nearly impossible to keep a network of a 1,000 or more endpoints safe from outside attacks.
Today, Bejtlich says, IT staffs need to address not only the needs of a company's primary computer systems, but also non-standard systems, such as smartphones and other mobile devices. While cyber espionage is normally thought of as an attack against a large computer system, many corporate executives and engineers have confidential data on their devices that might be useful to attackers.
Companies that believe they are too small or insignificant to be targeted are wrong, and do not necessarily understand how and why attacks work, says Erin Nealy Cox, managing director and deputy general counsel at Stroz Friedberg LLC and a former federal prosecutor and assistant U.S. attorney. While technology firms are obvious targets for attackers after intellectual property, small companies may be considered stepping stones.
Cox says security education is essential in companies of all sizes. Large organizations with established policies and procedures need to educate their employees on a regular basis not only about sound computing practices, but also about data and office security policies. For example, she says employees need to be reminded not to insert thumb drives they find in the parking lot or those handed to them at a trade show into a company computer. Such devices could be plants with malware on them.
“Typically,” she says, “security comes at the price of convenience.”
Even data security companies can fall prey to sophisticated attacks, she says. Within the past year, there have been several online raids on companies that specialize in data security. The reasons for the success vary, she says, but it generally falls into the category of an exploit that was allowed because someone was not paying attention to details. It might have been faulty website code or a misconfigured network, but generally the vulnerabilities could have been caught.
Scott Crawford, research director for security and risk management at Enterprise Management Associates, with corporate headquarters in Boulder, Colo., agrees that companies of all sizes could be targets. While smaller entities might not provide the breadth of information that a multinational corporation offers, it still could have secrets worth stealing, he says.
Crawford views this kind of cyber theft, be it from a state-sponsored or industrial source, to be similar to espionage conducted during the Cold War. There could be value in stealing information, he says, but “you don't want to kill the market.” One purpose for this type of espionage is to build a country's or company's own ability to compete against existing players in the field.
If it costs $50 million to develop a product, but only $2 million to steal it, some will opt for the less costly approach. This is particularly true for emerging nations that might have technical resources, but are not necessarily competitive enough to develop their own intellectual property.
Defense is all about managing a company's or a country's risk, Crawford says. Some organizations look for fast fixes to potential weaknesses without fully understanding their risk profile or the impact of their actions. A layered approach to security is necessary.
Crawford also blames guidance or regulations that do not match the threat. The Payment Card Industry Data Security Standard (PCI DSS), for example, is prescriptive and specifies to security officers how to maintain compliance, but this is only a point in time, he says. A company's compliance “can be passé or irrelevant” immediately after passing the audit.
-
Deibert, R. & Rohozinski, R. (2008). “Good for Liberty, Bad for Security? Global Civil Society and the Securitization of the Internet.” In Access Denied: The Practice and Policy of Global Internet Filtering, ed. Deibert R., Palfrey, J., Rohozinski, R., Zittrain, J. MIT Press.
The spectacular rise and spread of NGOs and other civil society actors over the past two decades is attributable in part to the emergence and rapid spread of the Internet, which has made networking among like-minded individuals and groups possible on a global scale.
But the technological explosion of global civil society has not emerged without unintended and even negative consequences. Just as progressive and social justice groups have made use of the Internet to advance global norms, so too have a wide variety of resistance networks, militant groups, extremists, criminal organizations, and terrorists. Whereas once the promotion of new information communications technologies (ICTs) was widely considered benign public policy, today states of all stripes have been pressed to find ways to limit and control them as a way to check their unintended and perceived negative public policy and national security consequences.
Full Report:
http://opennet.net/sites/opennet.net/files/Deibert_07_Ch06_123-150.pdf
-
http://www.dodbuzz.com/2012/03/26/has-the-cyber-pearl-harbor-already-happened/
Has the ‘Cyber Pearl Harbor’ already happened?
By Philip Ewing Monday, March 26th, 2012 10:54 am
Posted in Cyber Security
The Russians are picking our pockets, the Chinese are stealing our most vital secrets, and there’s nothing we can do about it – and it’s all going to get worse.
That was the basic conclusion after Friday’s Air Force Association cyber-conference, where speaker after speaker drove home the utter futility and helplessness of today’s cyber climate, all the while warning that the problem will only grow.
Richard Bejtlich, chief security officer for the info-security firm Mandiant, said 100 percent of the high-profile intrusions his company tracks were done with “valid credentials” – meaning the cyber bad-guys had been able to steal a real user’s login and password, obviating the need for more complex attacks.
The typical time between an intrusion and its discovery is 416 days, he said – down from two or three years – and the way most companies find out about them is when they get a visit from the FBI.
The publicly available malware in the so-called “cyber underground” is now so good that you can do a lot of damage without a dedicated team of code-writers coming up with their own stuff, speakers said. In fact, the much-discussed cyber attack against Georgia was carried out mostly with publicly known tools – “there was nothing sacred here,” said National Defense University iCollege chancellor Robert Childs.
Cyber-intrusions and compromise are so endemic, Bejtlich said, that many attackers don’t even bother with the wholesale vacuuming of information that used to characterize cyber-snooping. Now hackers go after very specific pieces of information, often data that is useless on its own, he said.
He described how a company had approached Mandiant befuddled that someone would want to steal a certain proprietary device, because it only worked in combination with a specific chemical formula owned by another company. Naturally, it wasn’t long before the second company discovered it was compromised, and also befuddled because its chemical formula would only be useful to someone who had information about the device manufactured by the first.
Online miscreants are also becoming more sophisticated at a strategic level, Bejtlich said: He described how they might target small companies that were merging with larger ones, to avoid trying to attack the bigger firm’s online security. Instead, by compromising a small company’s computer networks, the bad guys can then get into the new common network after a merger.
This can have profound financial as well as security implications, Bejtlich said – if you’re an aerospace giant and you want to acquire a small firm because its widget is worth $10 million, but then you discover it’s been cyber-stolen and no longer proprietary, the technology might only be worth $10,000, and that could put your shareholders and Wall Street in a bad mood.
And you can’t do anything about any of this. Government officials won’t talk about offensive cyber-attacks, so we can’t go there. Private sector clients in crisis with Mandiant often ask, how can we get back at these guys, or at least, can we destroy the data they’ve stolen, Bejtlich said.
“I’ve never seen somebody execute this, because of legal concerns,” he said. “The CEO says, ‘I wanna get these guys,’ but if there’s a lawyer in the room, what does he say? ‘Absolutely not.’”
Going after data that has been stolen from your network is like following a thief who has stolen your television and then breaking into his house to steal it back, Bejtlich said – “not authorized by our legal code.”
And the law can’t catch up with cyber, as we’ve seen so many times. And by the time the feds knock on your door to tell you about your compromise, it’s too late. And even though officials have been warning about cyber-dangers for more than a decade, the cyber-world has basically just been treading water this whole time, another speaker argued.
“I’ve been at this conference for 15 years,” said Jason Healey, an analyst with the Atlantic Council. He showed government reports warning of “computers at risk” from 1991 and before, and said although the technology involved has gotten much more advanced since then, the cyber doctrine, for lack of a better term, has not.
Healey argued that the U.S. can’t afford to keep being coy with China. It must build a coalition of cyber-victims and formally call out Beijing on the world stage, citing specific examples of Chinese hacking. Healey said Washington has never laid out its cyber-grievances in this way, and suggested that threatening to embarrass China might be one first step.
He also said the cyber-world must dispense with its worries over “attribution” – tracing the origins of attacks. Healey repeated the factoid that 178 countries were “involved” in the 2007 cyber-attack on Estonia: “Who cares?” he said. “That is completely meaningless.” In those situations, if the U.S. is affected, “the president needs to pick up the phone and call the Kremlin.”
(For what it’s worth, Bejtlich said the lines between Russian government and organized-crime cyber-mischief were so blurred as to be nonexistent. As for China, he said that if you want to know if you’ll be a cyber-target, see where your company falls on Beijing’s regular 5-year “industrial priorities” plans – it tracks very closely with hacking victims.)
An audience member’s question Friday crystallized all the speakers’ points at the cyber-conference: The much-feared “Cyber Pearl Harbor” has already happened, he said. Global cyber crime is more profitable than the drug trade. America’s onetime technological advantage is gone; much of its intellectual property secrets have been stolen.
“People just haven’t realized it yet,” the questioner said.
It’s a depressing thesis, but from all the public statements about cyber-losses, it sounds plausible. Unless a true “Cyber Pearl Harbor” — in which bad guys knock out the power grid or the financial system or our telecommunications — happens tomorrow. Even if it doesn’t, Healey proposed a new set of parallels: A “Cyber-Vietnam,” i.e. a prolonged campaign, rather than a single sneak attack; or a “Cyber Battle of Britain,” in which the government appeals to — or impresses — private citizens for help in responding to a major crisis.
Can anything be done? Healey called for “cyber-mindedness,” for users to be that much more careful when they use the network, and for military cyber-units to study their forebears as airmen study MiG Alley or Operation Linebacker.
Maj. Gen. Suzanne Vautrinot, commander of the 24th Air Force, said military networks must be “proactive in defense,” able to monitor intrusions and irregularities and turn them against attackers. She showed the infamous clip of New York Giants bruiser Lawrence Taylor tackling Washington Redskins great Joe Theismann – crushing his leg and ending his career. That’s what cyber-defense has to be, she said.
Bejtlich left attendees with perhaps the most hopeful metaphor: The best organizations turn cyber-security “into a manageable situation,” he said – “they go from being a volunteer fire department to a continuous business process.”
In other words, governments and businesses must treat cyber-security like a chronic disease, a condition that will always be there, but can be managed and even suppressed. Bejtlich said if he could, he’d mandate that everyone did an inspection every 30 days to see where their networks were compromised, then act appropriately once discovering the details.
Turning to the inevitable cyber-football analogy, Bejtlich said defenders have to stop permitting attackers to complete touchdown passes every time. Instead they’ve got to pressure the quarterback and defend downfield, forcing attackers to try for field goals instead.
“The bad guys are going to complete passes, they’re going to compromise your systems, get to your data, try to aggregate it, encrypt it, exfiltrate it, and you want to prevent them from getting to the point of the extrusion,” he said. “If you have fast identification, fast containment, if you can get to them before they complete their mission, it may not matter as much that they’re in your system.”
That, it appears, is the best diagnosis we can hope for. Congress can’t act – which means it can’t pass its own laws or ratify a theoretical international cyber-treaty. If the military and government are getting better at cyber-defense, the private sector remains more or less on its own. Here’s how Twitter user @hal_999999999 put it in a response to @DoDBuzz on Friday:
“It’s the old west, the Roaring Twenties, and the Cold War all rolled into one, w/some wires and CPUs… We’re gonna have to earn it.”
-
That's just depressing.
-
An Evaluation of Nation-State Cyber Attack Mitigation Strategies (w speaker)
[youtube]http://www.youtube.com/watch?v=zIlwynF3N1g[/youtube]
Speaker: Kenneth Geers Naval Criminal Investigative Service (NCIS), Cooperative Cyber Defence Centre of Excellence (CCD CoE)
This presentation argues that computer security has evolved from a technical discipline to a strategic concept. The world's growing dependence on a powerful but vulnerable Internet — combined with the disruptive capabilities of cyber attackers — now threatens national and international security.
Strategic challenges require strategic solutions. The author examines four nation-state approaches to cyber attack mitigation.
•Internet Protocol version 6
•Sun Tzu's Art of War
•Cyber attack deterrence
•Cyber arms control
The four threat mitigation strategies fall into several categories. IPv6 is a technical solution. Art of War is military. The third and fourth strategies are hybrid: deterrence is a mix of military and political considerations; arms control is a political/technical approach.
The Decision Making Trial and Evaluation Laboratory (DEMATEL) is used to place the key research concepts into an influence matrix. DEMATEL analysis demonstrates that IPv6 is currently the most likely of the four examined strategies to improve a nation's cyber defense posture.
There are two primary reasons why IPv6 scores well in this research. First, as a technology, IPv6 is more resistant to outside influence than the other proposed strategies, particularly deterrence and arms control, which should make it a more reliable investment. Second, IPv6 addresses the most significant advantage of cyber attackers today — anonymity.
For more information visit: http://bit.ly/defcon19_information
To download the video visit: http://bit.ly/defcon19_videos
Playlist Defcon 19: http://bit.ly/defcon19_playlist
-
Really good posts, Robert.
Thanks.
-
Thanks GM, interesting / scary stuff out there!
-
Robert:
You are posting some really good material about something that we may not like hearing but need to know. Keep up the good work.
Marc
PS: Please feel free to interject simple practical asides for the simple-minded amongst us!
-
I'm not quite sure if this belongs in this thread or the Internet thread:
http://net-security.org/malware_news.php?id=1922
Services for fraudsters utilizing malware are not new – AV checkers, malware encryption and malware infection services have existed in the criminal underground market for several years.
However, recent research has indicated changes in service scope and price due to service convergence and demanding buyers.
What's new?
One-stop-shop - Trusteer Research came across a new group that besides offering infection services (for prices between 0.5 and 4.5 cents for each upload, depending on geography) also provides polymorphic encryption and AV checkers. This new one-stop-shop approach for malicious services is a natural evolution of the market – if the customers need to infect, then they also need to evade AV. Why not sell the whole package?
For Polymorphic encryption of malware instances they charge from $25 to $50 and for prevention of malware detection by anti-virus systems (AV checking) they charge $20 for one week and $100 for one month of service.
It’s a buyer market. Researchers also came across advertisements published by prospective buyers of infection services. The ad basically presets the buying price, how it is charged and the scope of the service:
The advertiser pays only for unique uploads
The calculations will be conducted according to the advertiser's own Black Hole (exploit kit) stats module
The advertiser will pay in advance to the sellers with recommendations, i.e. those that have 1-10 "fresh" forum messages. Otherwise, the sellers will get paid afterwards
The domains are checked via a malware scan service website (scan4you) during the day. If the domain is recognized as blacklisted on anti-virus databases, the advertiser will automatically replace it with another.
The final paid price depends on percentage of infections:
$4.5 for 1,000 of traffic with 3% of infections
$6 for 1,000 of traffic with 4% of infections
$30 for 1,000 of traffic with more than 20% of infections.
In an attempt to stay competitive we came across an ad by an Encryption Service provider that sold its service for 20$ per file, and offered a money back guarantee if it fails an AV checker.
-
5 page article:
Richard Clarke on Who Was Behind the Stuxnet Attack
America's longtime counterterrorism czar warns that the cyberwars have already begun—and that we might be losing
By Ron Rosenbaum
Smithsonian magazine, April 2012,
Read more: http://www.smithsonianmag.com/history-archaeology/Richard-Clarke-on-Who-Was-Behind-the-Stuxnet-Attack.html#ixzz1sHWO229K
1st page below
-------------------------------
The story Richard Clarke spins has all the suspense of a postmodern geopolitical thriller. The tale involves a ghostly cyberworm created to attack the nuclear centrifuges of a rogue nation—which then escapes from the target country, replicating itself in thousands of computers throughout the world. It may be lurking in yours right now. Harmlessly inactive...or awaiting further orders.
A great story, right? In fact, the world-changing “weaponized malware” computer worm called Stuxnet is very real. It seems to have been launched in mid-2009, done terrific damage to Iran’s nuclear program in 2010 and then spread to computers all over the world. Stuxnet may have averted a nuclear conflagration by diminishing Israel’s perception of a need for an imminent attack on Iran. And yet it might end up starting one someday soon, if its replications are manipulated maliciously. And at the heart of the story is a mystery: Who made and launched Stuxnet in the first place?
Richard Clarke tells me he knows the answer.
Clarke, who served three presidents as counterterrorism czar, now operates a cybersecurity consultancy called Good Harbor, located in one of those anonymous office towers in Arlington, Virginia, that triangulate the Pentagon and the Capitol in more ways than one. I had come to talk to him about what’s been done since the urgent alarm he’d sounded in his recent book, Cyber War. The book’s central argument is that, while the United States has developed the capability to conduct an offensive cyberwar, we have virtually no defense against the cyberattacks that he says are targeting us now, and will be in the future.
Richard Clarke’s warnings may sound overly dramatic until you remember that he was the man, in September of 2001, who tried to get the White House to act on his warnings that Al Qaeda was preparing a spectacular attack on American soil.
Clarke later delivered a famous apology to the American people in his testimony to the 9/11 Commission: “Your government failed you.”
Clarke now wants to warn us, urgently, that we are being failed again, being left defenseless against a cyberattack that could bring down our nation’s entire electronic infrastructure, including the power grid, banking and telecommunications, and even our military command system.
“Are we as a nation living in denial about the danger we’re in?” I asked Clarke as we sat across a conference table in his office suite.
“I think we’re living in the world of non-response. Where you know that there’s a problem, but you don’t do anything about it. If that’s denial, then that’s denial.”
As Clarke stood next to a window inserting coffee capsules into a Nespresso machine, I was reminded of the opening of one of the great espionage films of all time, Funeral in Berlin, in which Michael Caine silently, precisely, grinds and brews his morning coffee. High-tech java seems to go with the job.
But saying Clarke was a spy doesn’t do him justice. He was a meta-spy, a master counterespionage, counterterrorism savant, the central node where all the most secret, stolen, security-encrypted bits of information gathered by our trillion-dollar human, electronic and satellite intelligence network eventually converged. Clarke has probably been privy to as much “above top secret”- grade espionage intelligence as anyone at Langley, NSA or the White House. So I was intrigued when he chose to talk to me about the mysteries of Stuxnet.
“The picture you paint in your book,” I said to Clarke, “is of a U.S. totally vulnerable to cyberattack. But there is no defense, really, is there?” There are billions of portals, trapdoors, “exploits,” as the cybersecurity guys call them, ready to be hacked.
“There isn’t today,” he agrees. Worse, he continues, catastrophic consequences may result from using our cyberoffense without having a cyberdefense: blowback, revenge beyond our imaginings.
“The U.S. government is involved in espionage against other governments,” he says flatly. “There’s a big difference, however, between the kind of cyberespionage the United States government does and China. The U.S. government doesn’t hack its way into Airbus and give Airbus the secrets to Boeing [many believe that Chinese hackers gave Boeing secrets to Airbus]. We don’t hack our way into a Chinese computer company like Huawei and provide the secrets of Huawei technology to their American competitor Cisco. [He believes Microsoft, too, was a victim of a Chinese cyber con game.] We don’t do that.”
Read more: http://www.smithsonianmag.com/history-archaeology/Richard-Clarke-on-Who-Was-Behind-the-Stuxnet-Attack.html#ixzz1sHWZNaV8
-
http://www.informationweek.com/news/security/encryption/229402923#
Security experts detail how the government will attempt to unlock the "trove of information" on devices recovered during the raid on Osama bin Laden's residence.
By Mathew J. Schwartz InformationWeek
May 05, 2011 06:38 PM
The weekend raid on Osama bin Laden's compound carried out by Navy Seals and CIA paramilitary operatives reportedly recovered numerous data storage devices.
According to the New York Times, "the team found a trove of information and had the time to remove much of it: about 100 thumb drives, DVDs and computer disks, along with 10 computer hard drives and five computers. There were also piles of paper documents in the house."
An unnamed U.S. official told Politico that the Navy Seals had recovered "the mother lode of intelligence," and that hundreds of people were already at work analyzing it at a secret base in Afghanistan.
"They're very likely to get a lot of really good, actionable intel off of these devices," since Osama bin Laden apparently had no direct connection to the Internet, said Greg Hoglund, CEO of security software and consulting firm HBGary, Inc., in a telephone interview. "So all of his work was done with outside couriers … and information that's coming and going is probably on thumb drives and DVDs, media like that," meaning that they likely stored important operational information.
According to Hoglund, the effort to recover Osama bin Laden's data likely started with--and was part of--the raid, in a process that's known as battlefield exploitation, which seeks to extract as much data as possible while in the field. That's because it's much easier to extract information from a computer that's still running. Even if a hard drive employs encryption, if the drive is still mounted, then it's vulnerable. Furthermore, if the team can take physical memory RAM snapshots of a live device, this can help crack any encryption.
Here's how the process works, said Rob Lee, a director at information security company Mandiant and a fellow at The SANS Institute, in a telephone interview: A military team will secure a location but not touch the computers. Next, computer experts--typically, contractors--traveling with the team come in and do a "clean takedown" of any machines. Little if any "deep dive" data analysis will be performed in the field, except perhaps some quick analysis in search of "low-hanging fruit," for example to note on a captured cell phone any phone numbers that the target recently called, or any recently sent emails. But the true payoff comes when intelligence analysts compare the captured data with "the hundreds of terabytes of data that they've already gathered over many years," for example to see how names, email addresses, and phone numbers match up.
The goal isn't just to recover data, but to rapidly understand its intelligence context. "Instead of standard forensics, the terminology is called media exploitation, and in the intel community, that word has a high value to it," said Lee. He said the practice dates from the start of the Iraq War.
Interestingly, both the data on the recovered devices as well as the devices themselves may provide valuable clues. That's because every USB storage device has its own serial number, which can be retrieved from any computer to which it's been connected. "You're able to track that USB device in every system it's touched," said Lee. That may help analysts better understand how the courier network operated, especially if the storage devices match up with previous PCs that they've encountered.
The raid on Osama bin Laden's compound reportedly lasted 38 minutes, and recent accounts suggest that the facility may have been secured relatively quickly. That would have left time for computer specialists to go to work.
"To process a computer that's in a running state, you're probably talking about 15 to 30 minutes," said HBGary's Hoglund. "A guy has a toolkit--a hardened briefcase, he sits down, plugs it in," and it provides him with a full view of what's on the RAM chips, and also allows him to image the hard drive. In addition, a subset of the information can be transmitted via VSAT--a very small, two-way satellite communications system--to intelligence analysts in for immediate study.
What happens, however, if computers are powered off, as well as encrypted?
"If you're doing encryption on the drive properly, meaning you've done your research, looked at the solutions, you follow best practices, have a strong key, and don't have a weak passphrase, then it will probably never be decrypted. Because drive encryption done properly is extremely difficult, it ends up being a brute-force problem," said Hoglund.
To try and recover data in such situations, he said one standard practice is to remove the drives to an analysis facility that has crackers built using large arrays of field-programmable gate array chips. If a strong passphrase can be broken, that approach will do it within a week, or not at all. "It's like the event horizon--it's the threshold of tolerance," he said.
But given Osama bin Laden's use of couriers--who might not be computer-savvy, and who may have needed to operate from places like Internet cafes--"I wouldn't be surprised to find out that they weren't using any type of encryption," said Hoglund.
-
http://latimesblogs.latimes.com/lanow/2012/03/jpl-computers-hacked-repeatedly-in-2010-and-2011-nasa-report-says.html
Hacker attacks have repeatedly penetrated NASA computers in the past, stealing user information from dozens of employees and gaining control over key networks at the Jet Propulsion Laboratory in La Cañada Flintridge, according to a federal report.
In written comments submitted to Congress this week, NASA Inspector General Paul K. Martin noted that between 2010 and 2011 the agency reported 5,408 computer security breaches, resulting in the spread of destructive software or unauthorized access to computer systems.
The inspector general also noted that NASA was victimized 47 times in 2011 by particularly stealthy and sophisticated attacks from well-funded sources hoping to steal or modify computers without detection. One such attack involved hackers from Chinese Internet addresses gaining access to networks at JPL.
Martin noted that intruders “gained full access to key JPL systems and sensitive user accounts,” allowing them to alter files, user accounts from mission critical JPL systems and upload tools to steal user credentials. “In other words, the attackers had full functional control over these networks," Martin wrote.
In a 2009 attack, an Italian hacker appears to have gained access to a pair of computer systems supporting NASA's Deep Space Network, a series of powerful antennae operated by JPL and based partly in the Mojave Desert. NASA officials assured Martin that critical space operations weren’t at risk.
Martin said the agency was plagued by hackers with a variety of backgrounds: individuals trying to boost their skills by attempting to break into NASA computers; criminal groups mining information for profit; and possibly state-sponsored attacks from foreign countries. Suspects have been arrested in China, Estonia, Great Britain, Italy, Nigeria, Portugal, Romania and Turkey.
Martin testified before Congress on Wednesday, using the report to back his statements. He urged increased NASA vigilance regarding cyber-attacks, warned of the agency’s slow pace of encryption for laptops and mobile device, and highlighted shortcomings in continuous security monitoring at NASA.
NASA spends more than $1.5 billion a year on information technology, including about $58 million for security, according to the report, which cautioned that those figures may not represent the full cost of expenditures because of the way the agency bundles funding.
-
http://www.mandiant.com/threat-landscape/anatomy-of-an-attack/
Follow the link and it gives a high level view of a spear phishing.
Sometimes the term high level is misleading and refers to a "simplistic" overview & low level would actually get into the "nitty gritty details"
I can move this into the Internet thread if you like but this could also provide some insight to one of the many ways how penetration is achieved.
-
A brainiac cousin (MD from Harvard and PhD from Stanford) worked at JPL for a time and I have forwarded the JPL piece to him.
Robert, I am sure I am not alone in being glad for your contributions to this area. Please feel free to develop these themes as you think best. Your good subject line headings to facilitate search commands are additionally appreciated. Some other folks around here could do well to model this :-D
-
FWIW, I'd think any sort of hacking/computer crime would be best to post in this thread.
-
But what about ordinary hacking crimes?
What do you suggest Robert?
-
But what about ordinary hacking crimes?
What do you suggest Robert?
The line between ordinary hacking and infowar is often quite blurry.
-
How do we define "regular" would this classify as regular?
http://www.wired.com/threatlevel/2011/07/hacking-neighbor-from-hell/ (http://www.wired.com/threatlevel/2011/07/hacking-neighbor-from-hell/)
I think anything large scale as in Viruses on Facebook, spearphishing is done by organized crime...
or wait
maybe I misinterpret Crafty suggestion.. should we put regular crime such as the above article in this thread? I kind of like how this thread is separate where we can read about the cyber war outside of our personal space, I think guarding your "personal cyberspace" at home and on your personal devices may be worthy of separate thread for personal awareness. There are times I post general awareness information such as Mistakes People Make that Lead to Security Breaches http://www.sans.org/security-resources/mistakes.php?ref=3816 (http://www.sans.org/security-resources/mistakes.php?ref=3816) in the "Security, Surveillance issues" in the Martial Arts topics.
-
Robert:
I hereby delegate to you the authority to take the lead on this. Start newe threads if you wish. Name them. If you want me to modify the names of existing threads please let me know what you have in mind.
Marc
-
http://thehill.com/blogs/hillicon-valley/technology/223737-white-house-threatens-to-veto-cybersecurity-bill-cispa
"Citizens have a right to know that corporations will be held legally accountable for failing to safeguard personal information adequately," the White House said.
The administration emphasized that a civilian agency such as the Homeland Security Department — not military spy agencies — should have a central role in handling the cyber threat information.
-
I can see this is going to be a very tricky area of law going forward.
I don't want recourse after a breach of privacy. I want privacy without breaches.
-
Without recourse, motivation to not breach may be missing , , ,
-
"Without recourse, motivation to not breach may be missing , , ,"
Agree. As I gave out my birth date, ss no. and other details multiple times today, it is hard to say anymore what is private. How could anyone diagnose a knee without a social security number, birth date, driver's license, employer and next of kin? I would like them to quit requiring my information rather than to add layers of officers, lawyers, costs and red tape to protect it. All you would need is a radio shack recording device on one appointment phone line for one day to steal dozens of identities before they ever got into the system for encription.
What ever became of the credit card numbers lost by Stratfor? My feeling there was that they learned their lesson, admitted not taking good enough precautions and won't let it happen again. Would a federal law enabling civil (or criminal) penalties be helpful in that instance?
-
Whew.. havent been on the forums, been busy at work due to this event https://www.ida.org/upload/research%20notes/05-redteaming.pdf and at home but the adventure continues... Ill have more time to find more interesting articles once this week is finished. I think.
-
http://www.msnbc.msn.com/id/47310697
"A major cyber attack is currently under way aimed squarely at computer networks belonging to US natural gas pipeline companies, according to alerts issued to the industry by the US Department of Homeland Security.
At least three confidential "amber" alerts – the second most sensitive next to "red" – were issued by DHS beginning March 29, all warning of a "gas pipeline sector cyber intrusion campaign" against multiple pipeline companies. But the wave of cyber attacks, which apparently began four months ago – and may also affect Canadian natural gas pipeline companies – is continuing."
-
Source: http://keranews.org/post/bill-would-have-businesses-foot-cost-cyber-war
Tuesday, May 08, 2012
Contributed By:
Headlines
Cybersecurity legislation supported by the likes of Senators Joe Lieberman of Connecticut and Susan Collins of Maine would create a regulatory environment that essentially would require businesses to pick up the majority of the cost for defending against ever increasing threats.
A great deal of cyber espionage is directed at private companies who have a wealth of sensitive information and intellectual property worth tens of billions to foreign governments and represents a national security issue both militarily and economically.
"Let's fast forward to the 21st century. We're an information-based society now. Information is everything. That makes you, as company executives, the front line — not the support mechanism, the front line," said U.S. counterintelligence official Frank Montoya.
The question is, who should ultimately be responsible for picking up the tremendous costs involved with securing critical data maintained by the private sector?
While private sector leaders like Internet Security Alliance president Larry Clinton acknowledge that companies have a responsibility to protect critical systems and data in order to satisfy their obligations to shareholders, the notion that businesses can allocate unlimited resources at the expense of those same shareholders is not feasible.
Clinton and other experts were interviewed on National Public Radio’s “Morning Edition” on Tuesday, May 8th.
"The legally mandated role of the government is to provide for the common defense, and they're willing to spend pretty much whatever it takes to do that. If you're in a private organization, your legally mandated responsibility is to maximize shareholder value. You can't spend just anything on the cyberthreat. You have an entirely different calculus that you have to put into effect," Clinton explained.
Clinton argues that mandating companies to pick up the bill for defending what is really a national security threat puts an unsustainable burden on businesses.
"If the government was interested in paying the private sector to do all these things, probably we would go a long way toward doing it. But the government so far, [with] the Lieberman-Collins bill, wants it all done for free. They want the businesses to simply plow that into their profit and loss statement, and the numbers are staggering. You simply can't do it," Clinton said.
Clinton has led ISA since 2007, and is frequently called upon to offer expert testimony and guidance to Congress, the White House, and numerous Federal Agencies on policy and legislative efforts.
The Internet Security Alliance (ISA) is a unique multi-sector trade association which provides thought leadership and strong public policy advocacy as well as business and technical services to its membership.
The ISA represents enterprises from the aviation, banking, communications, defense, education, financial services, insurance, manufacturing, security, and technology industries.
Clinton believes the current legislation under consideration is far too punitive in nature, and would disincentivize companies from both investing in better security measures and from disclosing data loss events, as well as creating a regulatory and bureaucratic nightmare.
"The major concern is the vast regulatory structure that would be set up at the Department of Homeland Security," says Larry Clinton.
Clinton maintains that the best approach for both the public and private sectors is to devise a cyber defense strategy that does not unfairly burdon companies with unsustainable costs through regulatory mandates.
"Whether we like it or not, we are going to have to figure out a way to get private companies to make, on a sustainable basis, investments that are not justified by their business plans. Simply telling them, 'You have to ignore your business plan,' is not a sustainable model. We have to find a way to make it economic," Clinton continued.
-
Tuesday, May 08, 2012
Presidential Policy Directive 8: National Preparedness (PPD-8) describes the Nation’s approach to preparing for the threats and hazards that pose the greatest risk to the security of the United States.
The Directive requires a National Preparedness Report (NPR), an annual report summarizing the progress made toward building, sustaining, and delivering the 31 core capabilities described in the National Preparedness Goal.
Cybersecurity Key Finding: Cyber attacks have increased significantly in number and sophistication in recent years, resulting in the Federal Government and private sector partners expanding their cybersecurity efforts.
The U.S. Computer Emergency Readiness Team (US-CERT) reported an over 650-percent increase in the number of cyber incidents reported by federal agencies over a five-year period, from 5,503 in FY 2006, to 41,776 in FY 2010.
Almost two-thirds of U.S. firms report that they have been the victim of cybersecurity incidents or information breaches. Moreover, this serious problem may be subject to underreporting: only 50 percent of owners and operators at high-priority facilities participating in the ECIP security survey said that they report cyber incidents to external parties.
DHS’s Strategic National Risk Assessment notes that cyber attacks can have catastrophic consequences and trigger cascading effects across critical infrastructure sectors.
To counter these and related threats, federal and private sector partners have accelerated initiatives to enhance data collection, detect events, raise awareness, and respond to cyber incidents. In fact, most infrastructure protection stakeholders now identify cybersecurity as a priority issue for their programs.
At least 10 different critical infrastructure sectors have established joint public-private working groups through the SCCs and GCCs focused on cyber issues. In FY 2011, facility owners and operators from all 18 critical infrastructure sectors conducted assessments using the DHS Cyber Security Evaluation Tool.
This free software helps users assess their systems and networks through a series of guided questions. In addition, DHS and DOD are jointly undertaking a proof-of-concept called the Joint Cybersecurity Services Pilot.
The purpose of this pilot program is to enhance the cybersecurity of participating Defense Industrial Base (DIB) critical infrastructure entities and to protect sensitive DOD information and DIB intellectual property that directly supports DOD missions or the development of DOD capabilities from unauthorized access, exfiltration, and exploitation.
By the end of FY 2011, the National Cybersecurity Protection System was monitoring cyber intrusions with advanced technology for 37 of 116 federal agencies (32 percent), exceeding the proposed target of 28 percent. DHS’s National Cyber Security Division (NCSD) and Science and Technology Directorate also contribute to the development of international cybersecurity standards by participating in standards bodies such as the International Telecommunication Union, the International Organization for Standardization, and the Internet Engineering Task Force.
DHS operates the National Cybersecurity and Communications Integration Center, a 24-hour center responsible for coordinating cyber and communications warning information across federal, state, and local governments, intelligence and law enforcement communities, and the private sector.
DHS has also established the Cybersecurity Information Sharing and Collaboration Program (CISCP), a systematic approach to cyber information sharing and cooperation with critical infrastructure owners and operators. The program incorporates government participants, Information Sharing and Analysis Centers (ISACs), and other critical infrastructure owners and operators, and facilitates the fusion of data through collaboration among CISCP entities to develop and share cross-sector information products through a secure portal.
In addition, the National Cyber Investigative Joint Task Force (NCIJTF) facilitates federal interagency collaboration and serves as a central point of entry for coordinating, integrating, and sharing pertinetinformation related to cyber-threat investigations. The FBI oversees the NCIJTF, which includes representation from 18 partner agencies from the intelligence and law enforcement communities.
The FBI also runs 65 cyber task forces across the country that integrate federal, state, and local assets. At the state, local, tribal, and territorial levels, the Multi-State Information Sharing and Analysis Center is a cybersecurity focal point, including a cybersecurity operations center that provides real-time network monitoring, early cyber threat warnings and advisories, vulnerability identification and mitigation, and incident response.
The Secret Service has successfully dismantled some of the largest known cybercriminal organizations by working through the agency’s established network of 31 Electronic Crimes Task Forces (ECTFs). With the recent addition of two international ECTFs in Rome, Italy, and London, England, local law enforcement can leverage ECTF participation in Europe, a hub of cybercriminal activity.
Despite progress achieved through these efforts, the SPR survey shows that cyber capabilities are lagging at the state level. Results indicated that Cybersecurity was the single core capability where states had made the least amount of overall progress, with an average capability level of 42 percent. In addition, DHS’s 2011 Nationwide Cybersecurity Review highlighted gaps in cyber-related preparedness among 162 state and local entities.
For example, though 81 percent of respondents had adopted cybersecurity control frameworks and/or methodologies, 45 percent stated they had not implemented a formal risk management program. Moreover, approximately two-thirds of respondents had not updated information security or disaster recovery plans in at least two years. The challenges identified in these reviews likely apply across sectors.
The full National Preparedness Report can be downloaded here:
http://www.infosecisland.com/download/index/id/85.html
-
Any comments on this Robert?
-
Morris flogs his latest book here, but the point made seems quite sound to me.
=============
China Has Hacked Our Electric Power Grid: Read About It In Screwed!
By DICK MORRIS
Published on DickMorris.com on May 10, 2012
In our new book Screwed!, we report that almost unnoticed and with no threat of retaliation, China has likely hacked into the United States electric grid, potentially giving it the ability to paralyze our economy and our nation by tapping a few keys on a computer.
Writing in the Wall Street Journal, Bush's anti-terrorism coordinator Richard Clarke reports that "in 2009, the control systems for the U.S. electric power grid [were] hacked and secret openings created so that the attacker could get back in with ease. One expert noted that the hackers "left behind software that could be used to cause disruptions or even shut down the system."
While we cannot confirm that it was China that did the hacking, it is the only country with the technical expertise in hacking to have accomplished it.
What were the hackers after? Clarke notes that "there is no money to steal on the electrical grid, nor is there any intelligence value that would justify cyber espionage. The only point to penetrating the grid's controls is to counter American military superiority by threatening to damage the underpinning of the U.S. economy. Chinese military strategists have written about how in this way a nation like China could gain an equal footing with the militarily superior United States."
Anti-terror watchdogs have long been aware of the danger of an electromagnetic pulse triggered by the explosion of a nuclear device in the atmosphere over the United States. But by acquiring the ability to enter our grid anytime it wishes and disable it, China has likely acquired the ability to accomplish the same result without exploding a bomb.
Not only has Beijing likely hacked into our grid but, according to authors Brett M. Decker and William C. Triplett II in their excellent book Bowing to Beijing, China has even hacked into the Pentagon computer network "including the one serving [then] Defense Secretary Robert Gates."
James Lewis, director of the technology and policy program at the Washington think tank Center for Strategic and International Studies called the Chinese hacking "an espionage Pearl Harbor." Lewis told 60 minutes that China had downloaded vast amounts of information from every major U.S. agency saying that we have lost more information than is stored in the entire Library of Congress through Chinese hacking.
What is the U.S. doing about it? Nothing. The modern day story of appeasement is not Obama's kowtowing to Muslim extremists as much as his total failure to confront China.
The president and Secretary of State Clinton fret over alienating China for fear that they will stop lending us money. Romney, who understands these things better than either Obama or Clinton, emphasizes China's vulnerability. "We sell then $50 billion. They sell us $400 billion. They want a trade war? Bring it on!"
The Chinese lend us money because they have to. They buy dollars to make our currency artificially expensive and theirs' commensurately cheap. With their currency manipulation, our products are 40% more costly in their markets and theirs' are 40% cheaper in our stores, fueling the imbalance of trade. Once they own the dollars, what are they going to do with them? The only safe thing is to buy U.S. Treasury notes, hence they "lend" us money. If they stopped buying dollars and acquiring an unfair trade advantage over us, we wouldn't need them to keep lending us money, our economy would be thriving.
We cannot sit by complacently and let China rob us blind, hacking our technology, our military secrets, and our power grid. We need a president who will stand up for America.
To grasp the appalling extent of Chinese hacking and espionage against the U.S. commercial and military sectors, read about it in Screwed!, on sale now!
-
No comment on "DHS: National Preparedness Report and Cybersecurity" yet but that book "China Has Hacked Our Electric Power Grid: Read About It In Screwed!" seems interesting I can tell you that just through job searching the DoE has been ramping up.
-
Last week on 20/20 or 60 minutes or one of those shows was a segment on how military computers were all compromised in 2007 by a thumb drive and "terabytes" of military and other government data was all downloaded to some foreign entity. The foreign entity was not named. I thought they were implying it was Chinses but this suggests Russian. Basically they got EVERYTHING from what sounded like the entire US governnent/military.
This sounds like what they were talking about. They pointed out it was when W was President:
http://www.nytimes.com/2010/08/26/technology/26cyber.html?_r=1&src=busln
-
WASHINGTON D.C. – Teresa M. Takai, Acting Assistant Secretary of Defense for Networks and Information Integration, the Department of Defense’s Chief Information Officer, said in an interview that cyber defense is a major part of the DOD’s technology agenda. But she declined to characterize the current climate of often state-sponsored cyber attacks as cyber war.
“The whole question of advanced persistent threats and the kinds of threat we face at the Department is something we’re very focused on,” Takai told MITechNews.Com Editor Mike Brennan. ”Cyber is a domain much like air, sea and space that we have to be prepared to defend.”
Takai, the former state CIO for Michigan and then California, was recruited 18 months ago to serve as the principal advisor to the Secretary of Defense for Information Management, Information Technology and Information Assurance as well as non-intelligence Space systems, critical satellite communications, navigation, and timing programs, spectrum and telecommunications. She provides strategy, leadership, and guidance to create a unified information management and technology vision for the Department and to ensure the delivery of information technology based capabilities required to support the broad set of Department missions, including technology delivered to the battlefield for war fighters.
“I advise Defense Secretary Leon Panetta as well as senior staff on how we should be spending $37 billion a year on IT,” she said. “In the simplest form, those duties, if we compare and contrast, in Michigan on an annual basis we were spending $500 million on IT. The biggest difference on what we do at the state level and now at the DOD is the kinds of systems we use are not traditional business support systems. Instead, we’re responsible for oversight of the military version of a police radio system. We’re responsible for everything up to where the information is shared. We manage the Department’s use of the spectrum. We are responsible for technologies that read out to the battlefield and for those individuals dealing with technology in the theater. So my responsibilities are more operational.”
But in this digitally connected world where state and local governments reach out online to their respective constitutes, trying to reach back into their networks are hackers, organized crime, and state-driven cyber spies. These bad guys want to tap the treasure trove of rich intellectual data and financial information inside. Among her many former duties, Takai is the Past-President of the National Association of State Chief Information Officers so she knows first-hand the cyber threats state and local CIOs and CISOs deal with.
“I think the states are concerned around privacy protection,” she said. “At the DOD, we deal with all aspects of cyber security. How to defend all our information. We have a lot of R&D to protect. There are those who want to get in and maliciously disable or damage or change information. We’re so heavily dependent on our network for a national security role.”
As such, she works closely with Gen. Keith B. Alexander, who runs United States Cyber Command (USCyberCom), an armed forces sub-unified command subordinate to U.S. Strategic Command. Alexander also runs the National Security Agency, a crypto logic intelligence agency at the Pentagon. While CyberCom is developing cyber defense strategies, NSA collects and analyzes foreign – and some say domestic – communications. Both also try to protect their respective computer networks from cyber intrusion, an increasingly difficult problem.
Lately, Cyber Command has been in the headlines as the government tries to redefine its role and transform the roughly 1,400 person command into a cyber war fighting unit, on par with the armed services. This week, there were reports U.S. Cyber Command has been using special, classified briefings with private sector CEOs to scare them into greater vigilance about the threat of cyber attacks. The briefings are part of a three year-old program dubbed the "Enduring Security Framework" that was designed to foster closer coordination between private sector executives and Washington, so they predate Takai’s arrival at the Defense Department.
“One way to describe cyber command is we have regional combatant commands, such as the Pacific Region, who understands the Pacific region,” Takai said. “When you compare that to CyberCom, they have the unique understanding of cyber space and they have the responsibility to take actions, and advise the Defense Secretary on all cyber activities. CyberCom protects the Department and is responsible for directing activities as they relate to cyber security.”
Takai also confirmed published reports that the Pentagon has carved out a new secret spy group that press reports called the Defense Covert Intelligence unit. She, however, clarified those reports by calling the new unit, a function, instead.
“One of the things we do is to look at the challenges and threats and organize to address them,” Takai said. “There wasn’t the establishment of a new agency or department at the Pentagon, but organizing around a new function they thought was important. It was the establishment of a specific group that focused on a problem we anticipate happening in the future. One example is looking at a specific time for draw-down in Afghanistan. It also performs future planning activities - how to do intelligence - and then restructures how to use these new resources. “
Other duties include interfacing with the North Atlantic Treaty Organization (NATO) on their cyber preparedness. She will fly to Brussels, Belgium, later this month for the semiannual NATO board meeting to talk directly with her NATO counterparts.
“I’m the U.S. rep to the NATO board that oversees all the technology that NATO develops,” she said. “If we think we move slowly at the Defense Department, try getting multiple nations together on technology. It is a challenging job.”
Another challenging job is making the Defense Department’s IT management more centralized, she said. Right now DOD is very decentralized. When she was CIO in Michigan, IT management was just the opposite, very centralized. While In California, she said, she had to deal with 130 CIOs all with different agendas.
“I think the challenge here is because the Department is so much bigger, that going to a completely centralized strategy does not make sense,” she said. “But we do want a level of centralization. War fighters want to operate across the Navy, Marines, Air Force and Army using the same technology base. The way we’re structured now is each service has the money to put out technology. We have to figure out a way to do it so when there is a joint operation. We have to figure out how to provide the right services so a war fighter has what he needs?”
Another big difference is at the state level, the interaction is with citizens. At the Defense Department, the bulk of the interaction is internal. But one things remains the same in both worlds: Information silos.
“It’s just different silos,” she said. “Each individual service has its own CIO. They don’t report to me, but they are required to follow the direction and policy I put out.”
Also at the federal level, politicians are much more involved in IT policy than in the states, she said. “Politicians here like to know how we are spending their money,” Takai said. “And sometimes they want to get into the middle of it, but usually just for doing good accountability. The military folks are skilled technologists. It’s a little different with staff people and political appointees, whose philosophy is more, ‘Just go make it run and call me if you need me.’ “
She declined to say much about the Cyber Intelligence Sharing and Protection Act (CISPA), which would allow for the sharing of internet traffic information between the U.S. government and certain technology and manufacturing companies. The stated aim of the bill is to help the U.S Government investigate cyber threats and ensure the security of networks against cyber attack.
“We are supportive of the president’s agenda and do feel this legislative action is important going forward,” she said “Based on what we see at the Defense Department, there needs to be more action to protect our critical infrastructure. There are both military and civilians aspects to this.”
What has been her biggest surprise at the Pentagon?
“You can’t grasp the enormity of what the Department does until you get here,” Takai said. “It just has so many nuisances and cultures about it; I’m learning something new every day. “The most rewarding part of the job is when you see the areas you’re working in make a difference to the men and woman actually protecting this country,” she said. “It is the most phenomenal feeling to talk with people about what their needs are and work on things that will make a difference for those young men and woman who are away from their families’ months at a time. They do the work without complaining. And the level of dedication is just phenomenal. You can see the passion.”
What advice does she have for somebody graduating from college with a degree in computer science who wants to get into government cyber security?
“First of all, there are multiple jobs in cyber security,” Takai said. “It isn’t just about cryptologist, writing software, or monitoring networks. Second, it is good to have a technical background. Some engineering background would be preferable. Three, look around and see how many universities are developing cyber security curriculums. Some offer degree programs. Lastly, companies are looking for bright young people with engineering or computer science background to get into this field.”
What about experienced security professionals. How can they get involved helping the government?
“We all post our jobs on our government web sites,” she said. “Someone like Dan Lohrmann (Michigan CISO) has a lot of opportunities at the state level. If someone wants to come to Washington, there are jobs here, too. I would encourage people to go online and look at military base postings. We also are heavily dependent on our defense industrial base. General Electric has a large presence in Michigan. So there are any number of ways an individual can take a look at what opportunities exist within government or companies that do business with the government. “
Both the DOD and NSA also are actively recruiting cyber security and technology specialists, and educating the present work force on the dangers posed by the Internet today.
“We think we’ll have to grow in a couple ways at the Department of Defense,” she said. “We plan to train our entire workface to be cognoscente of the cyber threats and we need more specialists to monitor and defend our networks.”
This interview was conducted by MITechNews.Com Editor & Publisher Mike Brennan. To read more about Assistant Secretary Takai, click on CIO.Gov
Author: Mike Brennan
Source: Editor, MITechNews.Com
-
Source: http://www.infosecisland.com/blogview/21400-CyLab-Utilities-Rank-Worst-in-Governance-and-Security.html
Report: http://www.rsa.com/innovation/docs/CMU-GOVERNANCE-RPT-2012-FINAL.pdf
In a new report from Carnegie Mellon's CyLab, the energy and utilities sector rankis lowest in IT government and security in comparison to other industries.
The study, titled “The Governance of Enterprise Security: CyLab 2012 Report”, found that cyber security as a priority was lowest among those organizatons who administer aspects of the nation's critical infrastructure.
The report provides a side-by-side analysis of governance and security oversight across several industries including utiliities, the financial and industrial production sectors, and was co-sponsored by Forbes and security provider RSA.
“Of the critical infrastructure respondents, the energy/utilities sector had the poorest governance practices. When asked whether their organizations were undertaking six best practices for cyber governance, the energy/utilities sector ranked last for four of the practices and next to last for the other two,” wrote the study's author Jody Westby.
The findings reported by Forbes are as follows:
71 percent of their boards rarely or never review privacy and security budgets.
79 percent of their boards rarely or never review roles and responsibilities.
64 percent of their boards rarely or never review top-level policies.
57 percent of their boards rarely or never review security program assessments.
“What is disturbing about these findings is that the energy/utilities sector is one of the most regulated industry sectors and one of the most important to business continuity,” Westby said.
She also noted that Industrial Control Systems (ICS) and SCADA controls "were not designed for security and have no logging functions to enable forensic investigations of attacks."
Also of concern was the finding that the energy and utility sector “placed the least value on IT experience when recruiting board members,” Westby noted.
While the energy and utility sector rated poorly in the study, the other sectors surveyed did not fare much better, and the report further iterates the disconnect between the Board of Directors and organizational security.
In March, CyLab issued the third in a series of reports examining information security governance from the standpoint of corporate Boards.
The report, which utilized a data pool selected from the Forbes Global 2000 list, shows that little has changed in the way of a concerted focus on cyber security by those at the highest levels of leadership in some of the world's largest corporate entities.
"Boards and senior management still are not exercising appropriate governance over the privacy and security of their digital assets. Even though there are some improvements in key “regular” board governance practices, less than one-third of the respondents are undertaking basic responsibilities for cyber governance. The 2012 gains against the 2010 and 2008 findings are not significant and appear to be attributable to slight shifts," the report noted.
The findings showed that around half of the respondents indicated that the Boards of Directors rarely or never engage in policy reviews for IT security, assessments of the roles and responsibilities for senior level security managers, or actively exercise oversight of annual security budgets.
In addition, only about a third of respondents regularly or occasionally receive and review reports regarding the state of enterprise information security risk management.
The report also found that on average less than two-thirds of the corporations examined did not have senior level security and privacy personnel in place, such as a CSO or CISO, and only about thirteen percent had a Chief Privacy Officer in place.
Overall, the report did show slight improvements over the results from the 2008 and 2010 studies, but the long and short of it is that corporate Boards of Directors have still not embraced privacy and security matters adequately, even in the wake of well publicized and obviously damaging security events.
The lack of urgency in addressing enterprise security issues ultimately leaves companies and their stakeholders at risk of impact from a catastrophic data loss event.
-
When reading this sort of thing, I get a gloomy apocalyptic feeling that in a moment of high tension with China (e.g. they decide it is time for us to abandon Taiwan) we will get some warning shots across bow letting us know that our entire grid and much more can be mightily disrupted.
Apparently there are serious security issues of this sort in the chips and such that we buy from China to build our missiles and advanced military aircraft.
-
After attempting to cut and paste the article I decided it was easier to just add the forward and direct people to the link because the article is easier to read in PDF format.
Article:
http://www.f-secure.com/weblog/archives/ghostnet.pdf
Wikipedia Reference:
http://en.wikipedia.org/wiki/GhostNet
Cyber espionage is an issue whose time has come. In this second report from the Information Warfare Monitor, we lay out the findings of a 10-month investigation of alleged Chinese cyber spying against Tibetan institutions. The investigation, consisting of fieldwork, technical scouting, and laboratory analysis, discovered a lot more.
The investigation ultimately uncovered a network of over 1,295 infected hosts in 103 countries. Up to 30% of the infected hosts are considered high-value targets and include computers located at ministries of foreign affairs, embassies, international organizations, news media, and NGOs. The Tibetan computer systems we manually nvestigated, and from which our investigations began, were conclusively compromised by multiple infections that gave attackers unprecedented access to
potentially sensitive information. But the study clearly raises more questions than it answers. From the evidence at hand, it is not clear whether the attacker(s) really knew what they had penetrated, or if the information was ever exploited for commercial or intelligence value. Some may conclude that what we lay out here points definitively to China as the culprit. Certainly Chinese cyber-espionage is a major global concern. Chinese authorities have made it clear that they consider cyberspace a strategic domain, one which helps redress the military imbalance between China and the rest of the world (particularly the United States). They have correctly identified cyberspace as the strategic fulcrum upon which U.S. military and economic dominance depends. But attributing all Chinese malware to deliberate or targeted intelligence gathering operations by the Chinese state is wrong and misleading. Numbers can tell a different story. China is presently the world’s largest Internet population. The sheer number of young digital natives online can more than account for the increase in Chinese malware. With more creative people using computers, it’s expected that China (and Chinese individuals) will account for a larger proportion of cybercrime. Likewise, the threshold for engaging in cyber espionage is falling. Cybercrime kits are now available online, and their use is clearly on the rise, in some cases by organized crime and other private actors. Socially engineered malware is the most common and potent; it introduces Trojans onto a system, and then exploits social contacts and files to propagate infections further. Furthermore, the Internet was never built with security in mind. As institutions ranging from governments through to businesses and individuals depend on 24-hour Internet connectivity, the opportunities for exploiting these systems increases.
JR02-2009 Tracking GhostNet - FOREWORD Ron Deibert, Director, the Citizen Lab, Munk Centre for International Studies, University of Toronto.
JR02-2009 Tracking GhostNet - FOREWORD Rafal Rohozinski, Principal and CEO, The SecDev Group, Ottawa, Canada.
This report serves as a wake-up call. At the very least, a large percentage of high-value targets compromised by this network demonstrate the relative ease with which a technically unsophisticated approach can quickly be harnessed to create a very effective spynet…These are major disruptive capabilities that the professional information security community, as well as policymakers, need to come to terms with rapidly. These are major disruptive capabilities that the professional information security community, as well as policymakers, need to come to terms with rapidly.
-
The discovery of a malicious computer program that appears to be collecting sensitive information from Iran and others indicates the global cyberwar has moved to a new level, warn security experts. Kaspersky Labs, the Russian internet security company that discovered the malware, codenamed Flame, said it was more complex and sophisticated than any of the cyberweapons it has seen to date. “The Flame malware looks to be another phase in this war,” said Eugene Kaspersky, co-founder of Kaspersky Lab.
High quality global journalism requires investment. Please share this article with others using the link below, do not cut & paste the article. See our Ts&Cs and Copyright Policy for more detail. Email ftsales.support@ft.com to buy additional rights. http://www.ft.com/cms/s/0/8a0fab7a-a8e1-11e1-b085-00144feabdc0.html#ixzz1wD82PDdN
-
(Did I post this already?)
M-Trends Report:
http://fred.mandiant.com/M-Trends_2012.pdf?elq=009a0e662f4a4b81ac0f6fd2fb5d3ceb&elqCampaignId=
Written by Grady Summers
When I joined Mandiant earlier this year, I was given the opportunity to help write our annual M-Trends report. This is the third year Mandiant has published the report, which is a summary of the trends we’ve observed in our investigations over the last twelve months.
I remember reading Mandiant’s first M-Trends report when it came out in 2010 and recall being surprised that Mandiant didn’t pull any punches. They talked about the advanced persistent threat or APT (they had been using that term for several years…long before it was considered a cool marketing, buzz word), and they were open about the origin of the attacks. The report summarized what I’d been seeing in industry, and offered useful insights for detection and response. Needless to say, I enjoyed the opportunity to work on the latest version.
In this year’s report it details six trends we identified in 2011. We developed the six trends for the report very organically. That is, I spent quite a few days and nights reading all of the reports from our outstanding incident response team and wrote about what we saw—we didn’t start with trends and then look for evidence to support them.
If you haven’t picked up a copy of the report yet, you can do so here. I will be blogging on each of the six trends over the next two weeks; you can even view the videos we’ve developed for each trend as each blog post is published:
Malware Only Tells Half the Story.
Of the many systems compromised in each investigation, about half of them were never touched by attacker malware.
In so many cases, the intruders logged into systems and took data from them (or used them as a staging point for exfiltration), but didn’t install tools. It is ironic that the very systems that hold the data targeted by an attacker are probably the least likely to have malware installed on them. While finding the malware used in an intrusion is important, it is impossible to understand the full scope of an intrusion if this is the focal point of the investigation. We illustrate actual examples of this in the graphical spread on pages 6-7 of the report.
What does this mean for victim organizations?
You could start by looking for malware, but don’t end there! A smart incident response process will seek to fully understand the scope of compromise and find all impacted systems in the environment. This could mean finding the registry entries that identify lateral movement, traces of deleted .rar files in unallocated space, or use of a known compromised account. It turns out that Mandiant has a product that does all of this, but the footnote on page 5 is the only mention you’ll see in the entire report (and even that was an afterthought).
[youtube]http://www.youtube.com/watch?v=vwj033-ES_c[/youtube]
-
SRC: http://www.infosecisland.com/blogview/21463-Flame-Another-Holiday-Another-Super-Virus.html
Another holiday here in upstate New York, another roll of the fire trucks while some were supposed to be kicking back and enjoying a barbeque.
It's times like this when I'm glad I'm not in the antivirus business anymore and doubly relieved that none of our machines run Windows. No flames here.
Computer security people however may have to reach for the extinguisher this morning as the latest conflagration in the news bounces across their desk, the discovery of yet another "super virus" called "FLAME" as reported by this BBC article.
Only problem is that according to Kaspersky, who made the discovery in coordination with the U.N.'s International Telecommunications Union (ITU), this one's been in the wild since at least December of 2010 and has only been detected now.
Here we go... again.
FLAME is described by Kaspersky as "one of the most complex threats ever discovered". And it's a huge mother. 20 modules and 20 megabytes worth.
Stranger yet is that the infector is an ActiveX control in the form of an OCX (OLE Control Extensions) file which apparently has run completely undetected for years. The worm runs as a Windows service, and most of the files are visible when running, making this even more of a surprise.
The Maher Center and Iran's CERTCC published this report identifying the worm and its components. What I find amusing from a researcher's standpoint is Kaspersky's theory that this too is a "state-sponsored" worm, but when you look at the code snippets which Kaspersky published, in addition to the various use of the word "flame" in the code, there are also variables called "gator" and "frog" in there as well.
When I've examined "officially" produced malware, such names for variables published within the code just do not happen. Another thing that doesn't smell right is that Israel has also been a target of this worm in numbers only exceeded by Iran as shown in this article in Australia's Herald Sun newspaper.
Kaspersky shared their find on Monday with the other antivirus companies and so hopefully it will be detected by the other antiviruses out there soon. I'll be enjoying the rest of the lemonaide from yesterday myself, that stuff can't run on our own stuff here.
About the author: Kevin McAleavey is the architect of the KNOS secure operating system ( http://www.knosproject.com ) in Albany, NY and has been in antimalware research and security product development since 1996.
-
Flame: Massive cyber-attack discovered, researchers say
By Dave Lee
SRC: http://www.bbc.com/news/technology-18238326
A complex targeted cyber-attack that collected private data from countries such as Israel and Iran has been uncovered, researchers have said.
Russian security firm Kaspersky Labs told the BBC they believed the malware, known as Flame, had been operating since August 2010.
The company said it believed the attack was state-sponsored, but could not be sure of its exact origins.
They described Flame as "one of the most complex threats ever discovered".
Research into the attack was carried out in conjunction with the UN's International Telecommunication Union.
They had been investigating another malware threat, known as Wiper, which was reportedly deleting data on machines in western Asia.
In the past, targeted malware - such as Stuxnet - has targeted nuclear infrastructure in Iran.
Others like Duqu have sought to infiltrate networks in order to steal data.
This new threat appears not to cause physical damage, but to collect huge amounts of sensitive information, said Kaspersky's chief malware expert Vitaly Kamluk.
"Once a system is infected, Flame begins a complex set of operations, including sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and so on," he said.
More than 600 specific targets were hit, Mr Kamluk said, ranging from individuals, businesses, academic institutions and government systems.
Iran's National Computer Emergency Response Team posted a security alert stating that it believed Flame was responsible for "recent incidents of mass data loss" in the country.
The malware code itself is 20MB in size - making it some 20 times larger than the Stuxnet virus. The researchers said it could take several years to analyse.
Iran and Israel
Mr Kamluk said the size and sophistication of Flame suggested it was not the work of independent cybercriminals, and more likely to be government-backed.
Continue reading the main story
Analysis
Professor Alan Woodward
Department of Computing, University of Surrey
This is an extremely advanced attack. It is more like a toolkit for compiling different code based weapons than a single tool. It can steal everything from the keys you are pressing to what is on your screen to what is being said near the machine.
It also has some very unusual data stealing features including reaching out to any Bluetooth enabled device nearby to see what it can steal.
Just like Stuxnet, this malware can spread by USB stick, i.e. it doesn't need to be connected to a network, although it has that capability as well.
This wasn't written by some spotty teenager in his/her bedroom. It is large, complicated and dedicated to stealing data whilst remaining hidden for a long time.
Prof Alan Woodward on Twitter
He explained: "Currently there are three known classes of players who develop malware and spyware: hacktivists, cybercriminals and nation states.
"Flame is not designed to steal money from bank accounts. It is also different from rather simple hack tools and malware used by the hacktivists. So by excluding cybercriminals and hacktivists, we come to conclusion that it most likely belongs to the third group."
Among the countries affected by the attack are Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.
"The geography of the targets and also the complexity of the threat leaves no doubt about it being a nation-state that sponsored the research that went into it," Mr Kamluk said.
The malware is capable of recording audio via a microphone, before compressing it and sending it back to the attacker.
It is also able to take screenshots of on-screen activity, automatically detecting when "interesting" programs - such as email or instant messaging - were open.
'Industrial vacuum cleaner'
Kaspersky's first recorded instance of Flame is in August 2010, although it said it is highly likely to have been operating earlier.
Prof Alan Woodward, from the Department of Computing at the University of Surrey said the attack is very significant.
"This is basically an industrial vacuum cleaner for sensitive information," he told the BBC.
He explained that unlike Stuxnet, which was designed with one specific task in mind, Flame was much more sophisticated.
"Whereas Stuxnet just had one purpose in life, Flame is a toolkit, so they can go after just about everything they can get their hands on."
Once the initial Flame malware has infected a machine, additional modules can be added to perform specific tasks - almost in the same manner as adding apps to a smartphone
-
SRC: http://www.bbc.com/news/technology-18253331
Iran says it has developed tools that can defend against the sophisticated cyber attack tool known as Flame.
The country is believed to have been hit hard by the malicious programme which infiltrates networks in order to steal sensitive data.
Security companies said Flame, named after one of its attack modules, is one of the most complex threats ever seen.
Iran says its home-grown defence could both spot when Flame is present and clean up infected PCs.
Hard work
Iran's National Computer Emergency Response Team (Maher) said in a statement that the detection and clean-up tool was finished in early May and is now ready for distribution to organisations at risk of infection.
Flame was discovered after the UN's International Telecommunications Union asked for help from security firms to find out what was wiping data from machines across the Middle East.
An investigation uncovered the sophisticated malicious programme which, until then, had largely evaded detection.
An in-depth look at Flame by the Laboratory of Cryptography and System Security at Hungary's University of Technology and Economics in Budapest, said it stayed hidden because it was so different to the viruses, worms and trojans that most security programmes were designed to catch.
Continue reading the main story
“
Start Quote
Flame is not a widespread threat”
Graham Cluley
Sophos
In addition, said the report, Flame tried to work out which security scanning software was installed on a target machine and then disguised itself as a type of computer file that an individual anti-virus programme would not usually suspect of harbouring malicious code.
Graham Cluley, senior technology consultant at security firm Sophos, said the programme had also escaped detection because it was so tightly targeted.
"Flame isn't like a Conficker or a Code Red. It's not a widespread threat," he told the BBC. "The security firm that talked a lot about Flame only found a couple of hundred computers that appeared to have been impacted."
Mr Cluley said detecting the software was not difficult once it had been spotted.
"It's much much easier writing protection for a piece of malware than analysing what it actually does," he said. "What's going to take a while is dissecting Flame to find out all of its quirks and functionality."
It is not yet clear who created Flame but experts say its complexity suggests that it was the work of a nation state rather than hacktivists or cyber criminals.
Iran suffered by far the biggest number of Flame infections, suggest figures from Kaspersky Labs in a report about the malicious programme.
Kaspersky said 189 infections were reported in Iran, compared to 98 in Israel/Palestine and 32 in Sudan. Syria, Lebanon, Saudia Arabia and Egypt were also hit.
In April, Iran briefly disconnected servers from the net at its Kharg island oil terminal as it cleared up after a virus outbreak - now thought to be caused by Flame.
In the same statement that announced its home-grown detection tool, Iran said Flame's "propagation methods, complexity level, precise targeting and superb functionality" were reminiscent of the Stuxnet and Duqu cyber threats to which it had also fallen victim.
Stuxnet is widely believed to have been written to target industrial equipment used in Iran's nuclear enrichment programme.
-
Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains
SRC: http://papers.rohanamin.com/wp-content/uploads/papers.rohanamin.com/2011/08/iciw2011.pdf
Tried to cut and paste again but its easier to read in PDF format.
-
Two articles:
http://www.washingtonpost.com/world/national-security/with-plan-x-pentagon-seeks-to-spread-us-military-might-to-cyberspace/2012/05/30/gJQAEca71U_story.html?hpid=z1
http://english.al-akhbar.com/content/israel-iran-lebanon-hit-flame-super-virus?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+AlAkhbarEnglish+(Al+Akhbar+English)
-
Two interesting blog posts:
Bogus story: no Chinese backdoor in military chip (2012)
http://erratasec.blogspot.com/2012/05/bogus-story-no-chinese-backdoor-in.html
Cyberwar is fiction (2010)
http://erratasec.blogspot.com/2010/06/cyberwar-is-fiction.html
-
Bogus story concludes with this:
"The Chinese might subvert FPGAs so that they could later steal intellectual-property written to the chips, but the idea they went through all this to attack the US military is pretty fanciful."
Ummm , , , why would that be fanciful?
Also, I found the Updates at the end of the article interesting. I respect the author for posting material that seems to lessen the force of his argument considerably.
-
A very long piece:
http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?nl=todaysheadlines&emc=edit_th_20120601
Obama Order Sped Up Wave of Cyberattacks Against Iran
By DAVID E. SANGER
Published: June 1, 2012 55 Comments
•
WASHINGTON — From his first months in office, President Obama secretly ordered increasingly sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment facilities, significantly expanding America’s first sustained use of cyberweapons, according to participants in the program.
Mr. Obama decided to accelerate the attacks — begun in the Bush administration and code-named Olympic Games — even after an element of the program accidentally became public in the summer of 2010 because of a programming error that allowed it to escape Iran’s Natanz plant and sent it around the world on the Internet. Computer security experts who began studying the worm, which had been developed by the United States and Israel, gave it a name: Stuxnet.
At a tense meeting in the White House Situation Room within days of the worm’s “escape,” Mr. Obama, Vice President Joseph R. Biden Jr. and the director of the Central Intelligence Agency at the time, Leon E. Panetta, considered whether America’s most ambitious attempt to slow the progress of Iran’s nuclear efforts had been fatally compromised.
“Should we shut this thing down?” Mr. Obama asked, according to members of the president’s national security team who were in the room.
Told it was unclear how much the Iranians knew about the code, and offered evidence that it was still causing havoc, Mr. Obama decided that the cyberattacks should proceed. In the following weeks, the Natanz plant was hit by a newer version of the computer worm, and then another after that. The last of that series of attacks, a few weeks after Stuxnet was detected around the world, temporarily took out nearly 1,000 of the 5,000 centrifuges Iran had spinning at the time to purify uranium.
This account of the American and Israeli effort to undermine the Iranian nuclear program is based on interviews over the past 18 months with current and former American, European and Israeli officials involved in the program, as well as a range of outside experts. None would allow their names to be used because the effort remains highly classified, and parts of it continue to this day. (However they did consider it even more important that US voters know how tough President Obama is and so they blab to the press despite the cost to US security)
These officials gave differing assessments of how successful the sabotage program was in slowing Iran’s progress toward developing the ability to build nuclear weapons. Internal Obama administration estimates say the effort was set back by 18 months to two years, but some experts inside and outside the government are more skeptical, noting that Iran’s enrichment levels have steadily recovered, giving the country enough fuel today for five or more weapons, with additional enrichment.
Whether Iran is still trying to design and build a weapon is in dispute. The most recent United States intelligence estimate concludes that Iran suspended major parts of its weaponization effort after 2003, though there is evidence that some remnants of it continue.
Iran initially denied that its enrichment facilities had been hit by Stuxnet, then said it had found the worm and contained it. Last year, the nation announced that it had begun its own military cyberunit, and Brig. Gen. Gholamreza Jalali, the head of Iran’s Passive Defense Organization, said that the Iranian military was prepared “to fight our enemies” in “cyberspace and Internet warfare.” But there has been scant evidence that it has begun to strike back.
The United States government only recently acknowledged developing cyberweapons, and it has never admitted using them. There have been reports of one-time attacks against personal computers used by members of Al Qaeda, and of contemplated attacks against the computers that run air defense systems, including during the NATO-led air attack on Libya last year. But Olympic Games was of an entirely different type and sophistication.
It appears to be the first time the United States has repeatedly used cyberweapons to cripple another country’s infrastructure, achieving, with computer code, what until then could be accomplished only by bombing a country or sending in agents to plant explosives. The code itself is 50 times as big as the typical computer worm, Carey Nachenberg, a vice president of Symantec, one of the many groups that have dissected the code, said at a symposium at Stanford University in April. Those forensic investigations into the inner workings of the code, while picking apart how it worked, came to no conclusions about who was responsible.
A similar process is now under way to figure out the origins of another cyberweapon called Flame that was recently discovered to have attacked the computers of Iranian officials, sweeping up information from those machines. But the computer code appears to be at least five years old, and American officials say that it was not part of Olympic Games. They have declined to say whether the United States was responsible for the Flame attack.
Mr. Obama, according to participants in the many Situation Room meetings on Olympic Games, was acutely aware that with every attack he was pushing the United States into new territory, much as his predecessors had with the first use of atomic weapons in the 1940s, of intercontinental missiles in the 1950s and of drones in the past decade. He repeatedly expressed concerns that any American acknowledgment that it was using cyberweapons — even under the most careful and limited circumstances — could enable other countries, terrorists or hackers to justify their own attacks.
(Which makes the leakers even more irresponsible , , ,)
Page 2 of 5)
“We discussed the irony, more than once,” one of his aides said. Another said that the administration was resistant to developing a “grand theory for a weapon whose possibilities they were still discovering.” Yet Mr. Obama concluded that when it came to stopping Iran, the United States had no other choice.
Multimedia
If Olympic Games failed, he told aides, there would be no time for sanctions and diplomacy with Iran to work. Israel could carry out a conventional military attack, prompting a conflict that could spread throughout the region.
A Bush Initiative
The impetus for Olympic Games dates from 2006, when President George W. Bush saw few good options in dealing with Iran. At the time, America’s European allies were divided about the cost that imposing sanctions on Iran would have on their own economies. Having falsely accused (well “mistaken accused due to SH’s efforts to pretend he had a program in order to bluff the Iranians would be more accurate, but that would not serve the purposes of Prada on the Hudson) Saddam Hussein of reconstituting his nuclear program in Iraq, Mr. Bush had little credibility in publicly discussing another nation’s nuclear ambitions. The Iranians seemed to sense his vulnerability, and, frustrated by negotiations, they resumed enriching uranium at an underground site at Natanz, one whose existence had been exposed just three years before.
Iran’s president, Mahmoud Ahmadinejad, took reporters on a tour of the plant and described grand ambitions to install upward of 50,000 centrifuges. For a country with only one nuclear power reactor — whose fuel comes from Russia — to say that it needed fuel for its civilian nuclear program seemed dubious to Bush administration officials. They feared that the fuel could be used in another way besides providing power: to create a stockpile that could later be enriched to bomb-grade material if the Iranians made a political decision to do so.
Hawks in the Bush administration like Vice President Dick Cheney urged Mr. Bush to consider a military strike against the Iranian nuclear facilities before they could produce fuel suitable for a weapon. Several times, the administration reviewed military options and concluded that they would only further inflame a region already at war, and would have uncertain results.
For years the C.I.A. had introduced faulty parts and designs into Iran’s systems — even tinkering with imported power supplies so that they would blow up — but the sabotage had had relatively little effect. General James E. Cartwright, who had established a small cyberoperation inside the United States Strategic Command, which is responsible for many of America’s nuclear forces, joined intelligence officials in presenting a radical new idea to Mr. Bush and his national security team. It involved a far more sophisticated cyberweapon than the United States had designed before.
The goal was to gain access to the Natanz plant’s industrial computer controls. That required leaping the electronic moat that cut the Natanz plant off from the Internet — called the air gap, because it physically separates the facility from the outside world. The computer code would invade the specialized computers that command the centrifuges.
The first stage in the effort was to develop a bit of computer code called a beacon that could be inserted into the computers, which were made by the German company Siemens and an Iranian manufacturer, to map their operations. The idea was to draw the equivalent of an electrical blueprint of the Natanz plant, to understand how the computers control the giant silvery centrifuges that spin at tremendous speeds. The connections were complex, and unless every circuit was understood, efforts to seize control of the centrifuges could fail.
Eventually the beacon would have to “phone home” — literally send a message back to the headquarters of the National Security Agency that would describe the structure and daily rhythms of the enrichment plant. Expectations for the plan were low; one participant said the goal was simply to “throw a little sand in the gears” and buy some time. Mr. Bush was skeptical, but lacking other options, he authorized the effort.
Breakthrough, Aided by Israel
Page 3 of 5)
It took months for the beacons to do their work and report home, complete with maps of the electronic directories of the controllers and what amounted to blueprints of how they were connected to the centrifuges deep underground.
Then the N.S.A. and a secret Israeli unit respected by American intelligence officials for its cyberskills set to work developing the enormously complex computer worm that would become the attacker from within.
The unusually tight collaboration with Israel was driven by two imperatives. Israel’s Unit 8200, a part of its military, had technical expertise that rivaled the N.S.A.’s, and the Israelis had deep intelligence about operations at Natanz that would be vital to making the cyberattack a success. But American officials had another interest, to dissuade the Israelis from carrying out their own pre-emptive strike against the Iranian nuclear facilities. To do that, the Israelis would have to be convinced that the new line of attack was working. The only way to convince them, several officials said in interviews, was to have them deeply involved in every aspect of the program.
Soon the two countries had developed a complex worm that the Americans called “the bug.” But the bug needed to be tested. So, under enormous secrecy, the United States began building replicas of Iran’s P-1 centrifuges, an aging, unreliable design that Iran purchased from Abdul Qadeer Khan, the Pakistani nuclear chief who had begun selling fuel-making technology on the black market. Fortunately for the United States, it already owned some P-1s, thanks to the Libyan dictator, Col. Muammar el-Qaddafi.
When Colonel Qaddafi gave up his nuclear weapons program in 2003, he turned over the centrifuges he had bought from the Pakistani nuclear ring, and they were placed in storage at a weapons laboratory in Tennessee. The military and intelligence officials overseeing Olympic Games borrowed some for what they termed “destructive testing,” essentially building a virtual replica of Natanz, but spreading the test over several of the Energy Department’s national laboratories to keep even the most trusted nuclear workers from figuring out what was afoot.
Those first small-scale tests were surprisingly successful: the bug invaded the computers, lurking for days or weeks, before sending instructions to speed them up or slow them down so suddenly that their delicate parts, spinning at supersonic speeds, self-destructed. After several false starts, it worked. One day, toward the end of Mr. Bush’s term, the rubble of a centrifuge was spread out on the conference table in the Situation Room, proof of the potential power of a cyberweapon. The worm was declared ready to test against the real target: Iran’s underground enrichment plant.
“Previous cyberattacks had effects limited to other computers,” Michael V. Hayden, the former chief of the C.I.A., said, declining to describe what he knew of these attacks when he was in office. “This is the first attack of a major nature in which a cyberattack was used to effect physical destruction,” rather than just slow another computer, or hack into it to steal data.
“Somebody crossed the Rubicon,” he said.
Getting the worm into Natanz, however, was no easy trick. The United States and Israel would have to rely on engineers, maintenance workers and others — both spies and unwitting accomplices — with physical access to the plant. “That was our holy grail,” one of the architects of the plan said. “It turns out there is always an idiot around who doesn’t think much about the thumb drive in their hand.”
In fact, thumb drives turned out to be critical in spreading the first variants of the computer worm; later, more sophisticated methods were developed to deliver the malicious code.
The first attacks were small, and when the centrifuges began spinning out of control in 2008, the Iranians were mystified about the cause, according to intercepts that the United States later picked up. “The thinking was that the Iranians would blame bad parts, or bad engineering, or just incompetence,” one of the architects of the early attack said.
CONTINUED
-
Nice find, printing it out to read at my leisure.
-
SRC - http://www.csmonitor.com/USA/2012/0601/Obama-ordered-Stuxnet-cyberattack-reports-say.-Did-it-leave-US-vulnerable
(If you follow the link there are some interesting links in the "related stories" sidebar along with a quiz about Cyber Security.)
Obama ordered Stuxnet cyberattack, reports say. Did it leave US vulnerable?
A New York Times report claims that President Obama used the Stuxnet cyberweapon to set back Iran's nuclear program. But experts caution that the worm could be reverse-engineered.
Stuxnet, the world's first publicly identified cyber superweapon, was unleashed against Iran's nuclear fuel-enrichment facility as part of a joint US-Israel cybersabotage operation, according to press reports Friday citing anonymous administration officials.
The news reports, which seem to remove any fig leaf of plausible deniability, could in the near term undermine ongoing nuclear talks with Iran. It could even provide Iran with internal justification for a cyber counterstrike against the US.
In the longer run, however, it also raises questions about how a US national policy of using powerful digital weapons could impact American security. Of particular concern is the possibility that such attacks could provide a digital copy of the cyberweapon to rogue nations or that hacktivists could reverse-engineer the weapon for use against the power grid or other key US infrastructure.
"Certainly we have thought Stuxnet was very likely to be a US-Israel operation – and that assumption has now turned out to be the case," says Stewart Baker, a lawyer and former senior official at the National Security Agency and the Department of Homeland Security. "In some ways, I do feel as though we've been living in a glass house for years and now we've decided we're going to invent rocks."
In the New York Times account, the cyberweapon was developed under a program initiated by President George W. Bush. President Obama then gave the go-ahead for a cyberweapon dubbed "the bug" to be unleashed in an attempt to derail Iran's bid to make nuclear-weapons fuel. The thrust of the account was separately confirmed by administration officials in a Washington Post report Friday.
But in summer 2010, after it became clear to the White House that "the bug" had inadvertently escaped the isolated network of Iran's Natanz uranium-enrichment plant and spread to computers worldwide, top administration officials held a "tense meeting" in the White House Situation Room, the Times said.
“Should we shut this thing down?” Obama asked, according to sources. It was unclear how much the Iranians knew about the code, and there was evidence that it was still vexing the Iranians, he was told. "Mr. Obama decided that the cyberattacks should proceed," the Times reported
By late summer 2010, cybersecurity companies and the trade press were actively analyzing and debating the purpose of the strange piece of malicious software, dubbed "Stuxnet" after a file name inside the software. On Sept. 21, 2010, Ralph Langner, a German industrial-control systems cybersecurity expert from Hamburg, publicly identified Stuxnet as the world's first cyberweapon and named its likely target as Iran's nuclear facilities, as first reported and confirmed with other systems experts by the Monitor. Not long after, he postulated that the US and likely Israel, too, were behind the attacks.
Although Stuxnet is estimated to have eventually destroyed as many as 1,000 high-speed Iranian gas centrifuges designed to enrich uranium, its importance was far larger than that, Mr. Langner warned. It demonstrated that a cyberweapon could physically destroy critical infrastructure, and that process could also work in reverse.
"One important difference between a cyber offensive weapon and some kind of advanced bomb, for example, is that when the bomb blows up you can't examine or reverse-engineer it," says Joel Brenner, a former national counterintelligence executive in the Office of the Director of National Intelligence.
"Once you find the malware, on the other hand, once you find the code, you can see how it was done," he says. "So we are going to see more operations of this kind – and the US's critical infrastructure is undoubtedly going to be targeted. I still don't think that the owners and operators of most of that infrastructure understand the gravity of this threat."
According to the Times, participants in the many Situation Room meetings say Obama "was acutely aware that with every attack he was pushing the United States into new territory, much as his predecessors had with the first use of atomic weapons in the 1940s, of intercontinental missiles in the 1950s and of drones in the past decade. He repeatedly expressed concerns that any American acknowledgment that it was using cyberweapons – even under the most careful and limited circumstances – could enable other countries, terrorists or hackers to justify their own attacks."
In the end, Obama concluded the US had little choice, the presidential aides told the Times. The alternative could be a nuclear Iran. But the attacks could also provoke Iran to retaliate.
"There are real risks here," Mr. Baker says. "The most immediate and obvious one is that the Iranians will feel even more motivated to respond in kind. This is not a particularly restrained Iranian administration. It's used terrorists and terrorist proxies for years. It may feel that [Stuxnet] gives them one free shot at the American industrial-control system of their choice. And the consequences might not be 10 years down the road either. It might be next week."
Another key takeaway is that cyberwar is unlikely to remain anonymous.
"The world we're moving into is one where attribution for such attacks will not be a problem," says James Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies in Washington. "A nation might not be able to block an attack immediately, but you will be able to find out who's responsible."
RECOMMENDED: From the man who discovered Stuxnet, dire warnings one year later
Related stories
How much do you know about cybersecurity? Take our quiz.
Beyond Stuxnet: massively complex Flame malware ups ante for cyberwar
Stuxnet malware is 'weapon' out to destroy ... Iran's Bushehr nuclear plant?
Cybersecurity: How US utilities passed up chance to protect their networks
Previous
-
Some interesting comments on the article that Guro Crafty posted.
Also this quote is very true.
"“That was our holy grail,” one of the architects of the plan said. “It turns out there is always an idiot around who doesn’t think much about the thumb drive in their hand.”
In fact, thumb drives turned out to be critical in spreading the first variants of the computer worm; later, more sophisticated methods were developed to deliver the malicious code."
Thumb Drive Attack in 2008 Compromised Classified U.S. Networks
http://threatpost.com/en_us/blogs/thumb-drive-attack-2008-compromised-classified-us-networks-082610
-
I was surprised at the intel/information that was leaked in that NYT piece. Why do you think that was done Robert?
-
Deleted the wrong response, but... it all works out.
I was surprised at the intel/information that was leaked in that NYT piece. Why do you think that was done Robert?
I don't know off hand why so much info was released in that article, but perhaps it's to encourage some activity in order to better study.
Perhaps it's in relation to "Flame \ sKyWIper"
Flame linked to Stuxnet, Duqu; blamed for attacks on Iran's oil industry
http://gcn.com/Articles/2012/05/29/Flame-flamer-spyware-Iran-Middle-East.aspx?admgarea=TC_HLS&Page=1
sKyWIper (a.k.a. Flame a.k.a. Flamer):
A complex malware for targeted attacks
v1.05 (May 31, 2012) – It’s a live document modified all the time
http://www.crysys.hu/skywiper/skywiper.pdf
-
Ah. I was wondering if the reason was to give the impression of toughness on Iran by Baraq i.e. he sacrificed national security for his perceived political benefit.
-
Ah. I was wondering if the reason was to give the impression of toughness on Iran by Baraq i.e. he sacrificed national security for his perceived political benefit.
It could be that too, I was wondering if it was supposed to somehow help him with re-election as well and like you said a lot of info was released.
-
(June 5 & 6, 2012)
Saying that she is "deeply disturbed by the continuing leaks of
classified information to the media, most recently regarding alleged
cyber efforts targeting Iran's nuclear program," US Senator Dianne
Feinstein (D-California) is calling for legislative hearings about the
leaks regarding the US's involvement with the Stuxnet worm. Senator
Feinstein is not asking for the hearings to address the actual attacks.
Senator Carl Levin (D-Michigan), who chairs the Senate Armed Services
Committee, has agreed to hold a hearing on the matter. The FBI has
reportedly launched an investigation into the leaks. There is concern
that the revelation will encourage copycat attacks against the US.
http://www.wired.com/threatlevel/2012/06/stuxnet-leak-investigation/
http://www.theatlantic.com/national/archive/2012/06/did-americas-cyber-attack-on-iran-make-us-more-vulnerable/258120/
http://www.nextgov.com/cybersecurity/2012/06/senators-blast-publicity-cyberattack-iran/56121/?oref=ng-channeltopstory
http://arstechnica.com/tech-policy/2012/06/stuxnet-expert-calls-us-the-good-guys-in-cyber-warfare/
-
SRC: http://www.infosecisland.com/blogview/21578-Flame-On-Cry-Havoc-and-Let-Loose-the-Dogs-of-Cyberfoolery.html
OTUS Has Dialed Into The W.O.P.P.R.
Scene: POTUS stands silhouetted in the doorway of the SITROOM looking intently at a small tablet screen. Around him his cyber generals sit shifting uncomfortably from time to time in the long pregnant pause.
POTUS: “Clarke, so, you say this is the only way that we can get into and destroy their capability?”
Clarke: “Yes,” he says lugubriously
POTUS: “Well then, let’s send them the stick... Someone will be stupid enough to plug it in.”
Scene: The generals all rise and leave single file out the door falling into the darkness of the hallway in the bowels of the White House. POTUS looks up at Clarke who is fixing his one black leather glove.
POTUS: “You know, if this goes wrong we’ll just blame it on Israel right?”
Clarke: “That contingency has already been taken care of, I have primed the veep… He’ll fbomb that stuff like a Torrettes patient off his meds.”
POTUS: “God love that crazy mick”
Cut scene: Screen goes dark
Stuxies Midnight Emissions
Well, it’s been a crazy week or so in the news cycle. With the revelations that POTUS personally had a hand in the destruction of Iranian nuclear centrifuges with malware, the floodgates of stupid have opened up and we have a wave as high as the biblical one that wiped the earth clean of people (if you believe that kind of crap).
Since this came to light in the NY Times, we have had all sorts of characters pontificating on the subject. Everyone has their opinion and unfortunately, all of them mean nothing to anyone of note because the real decisions of state have already been made haven’t they?
Onward we will sally forth though, with vigorous words on how we are the pre-eminent power on earth and how we are blessed by God him/her/itself and looking back be damned. We had the coders and we had the will so we did it.
Now, don’t get me wrong, I agree with the end result of the Stuxnet malware itself. I think though we could have been more subtle and manipulated their product instead of just causing the centrifuges to eat themselves, but, that is another story. No, we did what I think was a nice little piece of work against a regime that is unstable enough to do more with nuclear weapons than just stockpile them.
Frankly, one way or another, Iran will eventually get the nuclear bomb, but, we seem to have slowed them down a bit at the very least with this attack. Or, I should say, did slow them down, for a little while. Now though, after this report in the Times and the non attributable crowing of the administration that was behind it attributing themselves as the culprits, I think that Iran will just redouble their efforts on this issue as well as the development of Stuxnet II “This Time It’s Personal” as the movie poster will declare.
Nope, for me the issue I have with all of this is that the admin is using this as a cudgel to win an election. This and this alone is the bone of contention I have with POTUS and company. A POTUS that ostensibly is SOOOOOO upset over leakers and prosecutes them to the fullest of the law...That is, until it serves their personal or political needs that is.
I find it comical now that there are calls in the senate to investigate the “leaks and leakers” within the White House who talked to Sanger about their digital daring do. All you really need to do Mr. senator is walk up to 1600 Pennsylvania Ave and knock on the oval office door. You can find the leaker there I can assure you.
Hubris, thy name is “Politician”.
Politics, Pedantry, and Hucksterism
So, there you have it, we created Stuxnet with much secrecy, so much secrecy that it got leaked to the New York Times! Well, not so much leaked as much as planted in the Times by the spinmeisters as a political pogramme on us all to sway our vote.
The Times story is rife with allegory on how the admin was taking care with this operation and that they wanted as little collateral damage as possible. The program was tested on an analogous testbed with equipment that we got from Libya, the results of which were the destroyed remains of the centrifuges, all was in preparation. All we need then do was get an asset on the ground to plug in a USB stick and viola! Instant PWNAGE!
I’m sure there will be a full length feature film soon and it will be fueled by the leaks that this Times article and subsequent book were as well. Do you suppose they will be filming at Ft. Meade? Will Mike Hayden make a guest appearance? We all want to know! Suffice to say, that the media, the pundits and the other nations of the world will be taking note and working out their responses to all of the revelations from POTUS and company. For me though, my response is already quite clear…
“We’re fraked”
This whole escapade was ruined by the need of the admin to tattle on itself. I personally highly doubt that this was leaked by one person and all by themselves outing a whole clandestine operation. No, this was a political move, one that will I think, have some blowback on us all. Some will make the argument that the US wanted the Iranians to know, so we could be the “Babe Ruth” pointing at the backfield as if to say “That’s right muthafrakers… We are the shit and we will frak you up.”
I do not ascribe to that being the case as a tactic, hell, Biden then throws the Israeli’s under the bus twice in that article! It was the equivalent of verbal chaff and anyone with half a brain can see that.
“Well we did this because we wanted to settle the Israeli’s down, or they would have gone in hot.”
Uhh yeah, nice way to say we did it “only because we had to.”
Say, didn’t I see an ad by you offering a sweet price on a bridge somewhere?
Tell the truth, you wanted this out on that particular Friday because the jobs numbers were EPIC SUCK ok? Just please, admit it! C’mon, somewhere in your addled minds you know you want to tell the truth sometime!
FLAME ON YOU CRAZY DIAMOND!
Meanwhile, the FLAME debacle came into focus. An uber malware designed in the future by mad scientists and SKYNET with a 18 meg LUA decoder! This little gem has been perfectly timed to coincide with the STUXNET. Well, maybe, since it was Eugene Kaspersky ringing the bell on this one, perhaps not.
However, the FLAME seems to be all about stealing every conceivable piece of data it can get its hands on. It was a welll run operation that has been going on since at least 2010 and bears the hallmarks of an intelligence agency running it. The use of cutout accounts with multiple names and locations as well as payment schemes shows that it wasn’t just Joe botnet herder. No, this one also was nation state most likely, but who’s?
More importantly, how many of you out there would like to take odds on just when POTUS will leak the details of how we did this one to the Times? Takers? Anyone? C’mon I can bet bitcoins! Aww shucks… Guess you are all too smart and know that soon enough we will be reading about this “super secret black operation” in the papers. Even today more facts have come out of the reverse engineers saying that FLAME has a novel MD5 attack that has been known about since 2008 was it?
“Oooh sekret”
Be assured, that the FLAME will burn on as will the stupid around it from all sides.. Media.. Pundits… Politicians... Malware vendors… I don’t care if FLAME is LAME, I only care that this escalation is getting out of proportion and those running the programs are leaking the details to effect their political efforts.
Let’s CYBER Like It’s 1999
Now on to the word “CYBER” and its unfortunate tagging with “WAR” right after it. I have railed against this word for some time now but even with the best of my efforts, the douchery abounds. In fact, the douchery seems to know NO bounds frankly. I remember a time when CYBER was only followed by SEX and really wish it would just go back to being that.
Instead, we now have doctrine being written for “Cyberspace” and plans being made to militarize it all. All the while though not many really understand the space or the technology that they want to “CYBER” in! I can smell the fail now and it smells of cheap political and capitalist cologne.
Aside from the nomenclature issues here, I feel like others I have seen, that this has all been one giant mistake. We have opened “Pandora’s Box” as Mikko put it, and we are not ready for the consequences. I am damn sure that our infrastructure isn’t never mind the people and companies that run and own it all.
Try getting all of these players to secure their shit even on a microcosmic scale and you will see my pain. We in the business have known all too well that too many times within the mental calculus that management makes, security is a lesser understood or cared about concern over the bottom line in the world of black ink in the books.
So, my prognosis for this patient is “you’re fraked” but, with the caveat that we have been for a long long time. Will all the antics with the declaration of “CYBERWAR” by the Obama administration really make a difference in the tempo of battle already ongoing? Will nation states and others speed up their efforts to bring down parts of our grid? To what end? What are we producing that is equivalent to a small vector like Natanz and nuclear fuel? I guess what I am asking is, just what are the odds of the first great CYBERWAR being brought to our digital shores? Can I expect to turn on the light switch soon to find that there is no power?
Or even worse… Will they STUXNET Apple’s facilities so the kiddies can’t get their new shiny MacBooks?
OH THE HUMANITY!
I guess this is all being mapped out, kinda like the PROJECT X that plans on mapping the whole of the internet... So they can attack it. Time will tell I suppose, but, in the meantime, your fool forecast is for a high probability of foolishness at levels never before seen. So wear your rubbers kids.
We’re Doomed
But seriously, I think that we are doomed. Not the kind of doom where the world will end in a zombie apocalypse though. Hell, I would love to have that instead of what we are going to get. Instead we will have more stupidity, more controls being placed on the internet, and a slew of half baked ideas that will only serve to make us all more constrained in our daily affairs online.
Oh, and we will also live every day more in fear that some nation state, corporation, or crazy group of terrorists, will attempt to destroy something in our infrastructure… Because they can and feel the need to.
Welcome to the CYBERWARS! Please keep all hands and feet inside the ride at all times.
Barf bags will be available for fifty cents at the ride’s end.
K.
-
SRC: http://krypt3ia.wordpress.com/2012/05/29/the-biggest-attack-surface-is-us-humint-and-human-nature-as-a-paradigm-for-infosec/
The Biggest Attack Surface is US
“I have met the enemy of information security, and that enemy is us.”
With the new spate of malware attacks (alleged by nation state actors) as well as other attacks by the likes of Anonymous on down to the usual cast of criminal characters, I have been taking stock of the “bigger picture” What I have come to the conclusion of, is that we, out of all things, the creators of the internet, the computers, the code, and the universe in general (probabilistic, newtonian, quantum, etc if you believe we in fact create our consensual reality) are the one common flaw in security.
Take that statement in a bit… I’ll be back in a moment while you ponder….
Ok, thought that through a bit? For me, the statement us an ultimate truth. We create all these things (for me universe included by perception) and in the case of the security over or within the systems that we make and use, are it’s core failing. We, for a lack of a better term, are “flawed” and thus, our systems will always be so. In the case of security today, we can see this from many angles, not just within the realm of computer security or data security, but also our efforts in war or protection from terror (ala DHS and the TSA) There are inherent flaws and unpredictable outcomes vis a vis human nature that really have to be taken account of before we can really even consider something to be more secure than not.
This is an issue that I think many are overlooking as they seek to make the better mousetrap cum Rube Goldberg device that will then sit blinking in your rack at the NOC. Boiling it all down to the sum total of security issues, we have the human being and their “nature” to consider as the driver of the ill as well as the arbiter of demise in any security scenario we can think up here. This is why I have decided to write this post, I want you all to stop, take a look around you, and see the problem from the macroverse instead of the microverse of code and hardware.
It’s all in the wetware man.
Human Nature, It’s Anathema To Security
Human nature… What a many splendored thing huh? It gives us so much latitude as a species to be dominant on this planet and yet, we still seem to be unable to overcome it and protect ourselves from it’s down side. Of course it isn’t just that our natures precludes us from attempting to secure things today, it’s also that we are using technologies that we built, us, fallible beings who tend to code in error and without foresight into how it could be abused. On that note, the abuse of the code itself is also human nature, we are always pushing the bounds trying to outdo others or just test the bounds of our realities so, it’s a natural progression really. Of course then there is also criminality, and the darker tendencies that we all have… We are just a pile of trouble aren’t we?
On the other hand, there is also the tendency for laziness today that we all have, whether that be intellectual or other slothly behaviors that can be and often times, are the cause for security failures. It is laziness in coding and a desire to work faster and maximize profits for example, that lead many people down the path of sloppy code and massive vulnerabilities therein. Couple this with the need for speed that today’s work environment (time is money calculations aside) demands, and we have the mix for epic failure much of the time. Oh, and lest we forget hubris, like that of Microsoft. coming so late to the security game in their coding and testing of operating systems, that, in effect are the most frequently vulnerable as well as the biggest target from user base perspectives.
Oh, and there are also the basics of human nature such as being helpful, or other more base desires that often are the unraveling of security measures. You can have all the defenses in the world, but all it takes is one person saying “Gee! Look! A USB stick in the parking lot! ITS ALL MINE!!! I MUST PLUG IT IN NOW!” How often have you pentesters out there reading this now have used that very exploit? Over and Over and Over again and had success each time. How many of us have had the door held for us even when we don’t have a badge? Yeah, I know, many have and though have been warned on the perils of doing so, still do it out of instinct or perhaps social programming.
It’s human nature that is the undoing of the best laid plans of mice and men…
What I am getting at is a simple truth, we are the problem. If we aren’t creating the poorly coded software, then we are the ones opening the gates to the Hun hoard, or worse, we are in fact that Hun hoard and are exploiting those weaknesses for our own gains (whether it be nation state, pentester as a job, or criminal to make a buck) it’s all driven by our nature.
HUMINT and The Push Of Social Media
So enters the era of “Social Media” and wow, we are a social animal aren’t we? We have Facebook, where we seemingly just expose all of our foibles, secrets, and other trivia daily, no, wait, by the second, every day. Who knew we would be so in need of telling everyone (not to mention showing everyone screen shots of our meals) about every little thing we do? Our location at that time, or perhaps that little Timmy took his first solid dump. *shudder* It’s little wonder that you see how much the government is interested in our “social” data huh? We are so willing to just give it up without a thought to it.
It’s our nature I guess… Tribes around a digital fire now…
Back to social media and HUMINT though, you see, this is the next wave. Since everyone wants to communicate on the Internet, then its easier to communicate with everyone and everyone in a way that, as we have seen, allows for a lot of data gathering, and manipulation. See, now we have the infrastructure populated, we will now use it, subvert it, for goals other than just befriending someone. Hell, we now have bots that do it for us right? How do you know that that person you are talking to on Twitter is a person or a heuristically adept bot? Give it some pause…
Think about the potentials here for every kind of abuse or manipulation. Anything from online advertising using Turing bots to intelligence agencies and others gathering data on you all for whatever purpose serves their needs, and you, you are the commodity.. The “asset” So, yes, as the technologies advance and the human nature side of things continues to allow for strides in security as well as the inevitable setbacks, you, will become the ultimate target of the easy score for data that could lead to compromise. After all, what do you think the real persistent threats rely on? Human nature, our nature and proclivities for social interaction, which, really, is what the Internet is all about huh?
Now, as you go to post on Facebook about your last meal.. Ponder this…
So, How Do We Remediate All of This?
Is remediation possible? Can we change the vagaries of human nature to the point where we can actually not only secure systems adeptly, but also secure the end users to disallow the lowest of the low hanging fruit? Can we get coding initiatives that work and for God’s sake, come up with non Turing complete machines and code? One wonders if it ever really a possibility, and frankly, the sense I get of things lately in the security community is no. We will never win the battle, the war will rage on forever and at least we will have jobs, but, we must get used to failure in the grander scheme of things.
Once again, human nature is the arbiter here and, well, we are human aren’t we? I guess the answer is no, we will never be able to remediate it all. As we move forward with an uncertain digital world, one where we have put all our eggs in one digital basket (yes, power, light, water, control) we all must look at the nature of it all and ponder what have we done to ourselves here? Has our nature and a propensity for laxity in thought and deed placed us in greater jeopardy? Will we ever learn from the things we have seen already and try to remedy the situations? Or will we just go on blithely until such time as there is an epic failure that causes us pain?
This is not to say it will happen, nor that I believe it will be as epic as some on capitol hill would have you think, nor those in the shadows selling them the digital snake oil in the first place. What I see though is that unless we get smarter and try to manage our natures here, some will end up exploiting them to our collective detriment. Whether it be the laws around our privacy, or lack thereof, or the connecting of systems upon systems that, should one fail in a cascade, we really could have an problem, we all have to take a step back and look in the mirror.
We are the problem.
K.
-
The people behind the Flame malware network appear to have responded to
recent publicity by sending out a command that has caused it to
self-destruct. Some of the command-and-control servers in Flame's
infrastructure sent out a file that is essentially a Flame
uninstaller, which also overwrites the disk with random characters to
help disguise its footprint.
http://www.theregister.co.uk/2012/06/07/flame_suicide_command/
http://news.cnet.com/8301-1009_3-57448813-83/flame-authors-force-self-destruct/
[Editor's Note (Honan): This malware contains lots of interesting
techniques including its ability to use a MD5 chosen-prefix collision
attack. "Crypto breakthrough shows Flame was designed by world-class
scientists"
http://arstechnica.com/security/2012/06/flame-crypto-breakthrough/]
-
http://www.theblaze.com/stories/charles-krauthammer-analyzes-president-obamas-reaction-to-white-house-leaks-question/
After President Obama’s news conference Friday morning, a Fox News panel, including Pulitzer Prize-winning columnist Charles Krauthammer, took a moment to analyze one of the most talked-about portions of the presser: the president’s reaction to being asked about whether members of his administration were leaking classified information to help his reelection bid.
“The notion that my White House would purposely release classified national security information is offensive,” the president said.
Krauthammer believes the president’s response was a misstep.
“I think he’ll regret having made this statement the same way he’ll regret the idea about the private sector doing okay,” said the columnist.
Watch Krauthammer’s analysis at the 2:33 mark (via Fox News):
He continued:
If it is offensive, the idea that it would’ve been leaked, when we know that in the report itself it included White House officials, then let him prove it by having a special council appointed. From what you said, they would’ve said ‘appoint a special council’ (had it been the equivalent of a “Scooter” Libby investigation).
So what does Krauthammer think is the next step in this growing story?
“The key here is (Senator) Dianne Feinstein. If she demands it, it’ll be done,” Krauthammer said.
“And she’s the Democratic Chair of the Senate Intelligence [Committee],” Fox host Chris Wallace clarified.
“She’s the democratic, liberal chair. She’s extremely angry over these leaks, she should be, and she’s the one who needs to speak out right now,” Krauthammer added.
-
Last week the Wall Street Journal reported that the FBI opened an investigation into the source of recently leaked information regarding covert operations conducted by the U.S. government.
Now Attorney General Eric Holder has appointed two federal prosecutors to lead the investigation into leaks concerning the government's use of a sophisticated cyber weapon known as Stuxnet and a foiled attack by al Qaeda in the Arabian Peninsula.
“These two highly-respected and experienced prosecutors will be directing separate investigations currently being conducted by the FBI. I have every confidence in their abilities to doggedly follow the facts and the evidence in the pursuit of justice, wherever it leads,” Holder said.
Previously, FBI Director Robert Mueller had announced an investigation into the leaking of information surrounding the disruption of the a planned attack using a bomb concealed in under garments.
With the appointment of special investigators by Holder, the probe has widened to include the disclosure of the development of the Stuxnet virus, which infected systems that provided operations control for Iranian production networks, and was most likely produced to stifle Iran's nuclear weapons program.
“Leaks such as this threaten ongoing operations, puts at risk the lives of sources, makes it much more difficult to recruit sources, and damages our relationships with our foreign partners.” Mueller said last month.
Stuxnet, which emerged in 2010, targeted Siemens Programmable Logic Controllers (PLCs) and is thought to have caused severe damage to equipment at Iranian uranium enrichment facilities, setting back the nation's weapons program by as much as several years.
Stuxnet is largely considered to be a game changer in the world of information security, as the infection did not merely cause problems with the tainted systems, but actually affected kinetic damage on the equipment those systems controlled.
The leaked information about the development of the Stuxnet virus was revealed in an article by New York Times' writer David Sanger, which prompted Holder's move to appoint special investigators.
“Leaks such as this have … a huge impact on our ability to do our business, not just on a particular source and the threat to the particular source, but your ability to recruit sources is severely hampered,” Mueller said.
“In cases such as this, the relationship with your counterparts overseas are damaged and which means that an inhibition in the willingness of others to share information with us where they don’t think that information will remain secure. So it also has some long-term effects, which is why it is so important to make certain that the persons who are responsible for the leak are brought to justice," Mueller maintains.
Senator John McCain of Arizona suggested that the leaks may have been intentional on the part of the White House in "an attempt to further the president's political ambitions for the sake of his re-election at the expense of our national security."
White House spokesman Josh Earnest rebutted the speculation, stating "It's classified for a reason, because publicizing that information would pose a significant threat to national security."
President Obama also denied there was an intentional leak emanating from the White House, stating that “the notion that my White House would purposefully release classified national security information is offensive. It’s wrong."
The investigation could result in multiple subpoenas, including those directed at White House officials and Time reporter Sanger.
“[The reporters] are going to fight you tooth and nail but, eventually … you can actually subpoena them - but there are strict guidelines," said former federal prosecutor Peter Zeidenberg.
Source: http://abcnews.go.com/blogs/politics/2012/06/attorney-general-eric-holder-appoints-federal-prosecutors-for-leak-investigations/
-
According to an Associated Press report here, contrary to previous reports that Stuxnet and Flame were unrelated, the authors of Stuxnet and Flame apparently worked together at one point.
(Link ref: http://www.google.com/hostednews/ap/article/ALeqM5h2qJuQN6rTv4JCc1Tbf6--bl5q4g?docId=cf1e28cdc626482da71d6342b013a548 )
There is evidence that “does suggest that very early on there was some sharing”.
According to an ABC News Report by Lee Ferran and Kirit Radia here, a block of code was shared between the two programs, sometime around 2009.
(Link reference: http://abcnews.go.com/Blotter/proof-links-flame-stuxnet-super-cyber-weapons-researchers/story?id=16541102#.T9cCvuJYvgp )
If this is the case we might begin looking for evidence of more code from Operation Olympic Games floating around in cyberspace. Flame provides a framework for future warfare in cyberspace, as proposed by eScan Blog here.
(Link ref: http://blog.escanav.com/2012/05/31/flame/ )
According to the report:
"Its only objective is to gather intelligence i.e. data . Usernames, password hashes, url-cache, network drives, Cached passwords, Bluetooth devices, Instant Messenger traffic, Browser traffic et al. And it also comes with its own SQLLite database."
Flame appears to capture information useful for future exploits, much like hacking 101, but on steroids.
Stuxnet seems to capitalize on detailed information about targeted systems, in this case, the nuclear enhancement facility near Natanz, Iran at 33°43′N 51°43′E.
(Link ref: http://toolserver.org/~geohack/geohack.php?pagename=Natanz¶ms=33_43_N_51_43_E_ )
It does not appear that Flame is used to feed information to Stuxnet, so for what is the information obtained by Flame used?
Ah, that is the $64,000 dollar question. There appears to be other programs floating around therefore, using the information obtained by Flame. We know the information obtained by Flame comes from systems connected with the internet, so offline facilities, such as Natanz, should not provide any information.
I can speak only for the US, where the vast majority of military equipment is not connected to the internet, they are on separate networks. I am assuming Iranian systems are the same. This leaves critical infrastructure, such as electrical facilities, power sources, transportation and such, which can all have military applications.
As I am careful to state, time and again, the targets must be used solely by the military to comply with the Laws of Armed Conflict. From experience we have seen that Iran might not apply their targeting criteria so studiously, especially when they have proclaimed their nuclear program is entirely for civilian use.
When targeting electrical systems that supply power to the military, it is difficult to avoid civilian bleedover. It will be interesting to observe what the Iranians will target.
When will we begin calling it Cybergate?
Cross-posted from To Inform is to Influence
(Link ref: http://toinformistoinfluence.com/2012/06/11/cybergate-stuxnet-and-flame-are-related/ )
-
http://pjmedia.com/blog/are-telecom-companies-helping-china-spy-on-america/
-
http://www.theblaze.com/stories/defense-secretary-cyberattacks-have-the-potential-for-another-pearl-harbor/
-
TOP OF THE NEWS
--US Senators Draft Proposed a Cybersecurity Bill Compromise
(June 7, 2012)
US Senators Sheldon Whitehouse (D-Rhode Island) and John Kyl (R-Arizona)
are circulating a draft proposal for a cybersecurity bill that aims at
satisfying legislators on both sides of the aisle. Democrats support
legislation that would impose mandatory cybersecurity standards on
systems that are part of the country's critical infrastructure, while
Republicans support legislation that encourages threat information
sharing but does not compel the utility companies to comply with
requirements. The draft legislation treads a middle ground, offering
incentives for companies that meet established "baseline performance
goals" of cybersecurity. The incentives would include liability
protections, edges in acquiring government funding, and they would
receive technical cybersecurity assistance.
http://thehill.com/blogs/hillicon-valley/technology/231601-senators-float-compromise-on-cybersecurity-mandates-
-
Anonymous, a loosely organized group of hackers that has targeted big businesses and governments, could be co-opted by nation states and terrorist groups that want to use it for their own ends, cybersecurity experts said May 17.
Anonymous reportedly has some 50,000 members. It is generally believed to not have a central leadership. That leaves it open for infiltration by hackers affiliated with nations such as China, Russia or Iran. They could surreptitiously use or manipulate the organization to carry out attacks on their behalf, said Lewis Shepherd, director of the Microsoft Institute for Advanced Technology in Governments.
"There is evidence of this, but it is classified," Shepherd said at the Counter Terror Expo in Washington, D.C. Al-Qaida in its literature has also expressed interest in using the group, he added.
Anonymous has been called everything from hacktavists, to terrorists, and has attacked governments of all types. The group is also well known for going after child pornographers. On Tuesday, it was reported in the Indian press, that Anonymous was suspected of taking down the nation's Supreme Court website after the Indian government announced some new Internet policies. About three dozen of its members have been arrested.
SRC: http://www.nationaldefensemagazine.org/blog/Lists/Posts/Post.aspx?ID=791
There is precedence for such groups being infiltrated, Shepherd said. The Soviet Union and China in the 1950s and 1960s were adept at infiltrating and sometimes taking over home grown national liberation movements in developing nations and using them in their global rivalry against the West.
"They didn't always have complete control of the operations of these national liberation movements, but strategically they were certainly able to exploit their activities," he said.
The degree of state sponsored influence or guidance in Anonymous' ranks is unknown, and hasn't received a lot of attention yet, he added. Companies who find themselves the target of Anonymous should take responsibility for protecting their own data, he said. But stopping a nation state from an attack is something different. In that case, there has to be a close partnership between industry and government.
David J. Smith, director of the Potomac Institute Cyber Center, said Anonymous' greatest strength is also its greatest weakness: it is leaderless, it is amorphous and nobody knows who they are.
"If somebody decides they are going to be Anonymous, they are anonymous. So you could get Russians, Chinese, Iranians. You could start getting a nation-state threat, or ... an Al-Qaida getting into the business of masquerading, literally, as Anonymous," Smith said. "I think that is something we really need to take a look at.
-
SRC: http://www.nationaldefensemagazine.org/blog/Lists/Posts/Post.aspx?ID=681
There could be a day when the United States decides to retaliate in cyberspace for a computer-based attack on its networks or infrastructure.
Normally, two nations at war would garner 24-hour news coverage, boldface headlines and Pentagon briefings. But this would be a conflict waged with “ones” and “zeros” across computer networks. The damage may be unseen, and even “fixed” within a few short hours. The public may not even realize that it’s occurring.
It’s fashionable to use the same lexicons and to make comparisons, but cyberwar is nothing like real “kinetic” war, said Martin C. Libicki, a researcher and author of a new Rand Corp. book, Cyberdeterrence and Cyberwar, which takes an in-depth look at what would have to occur for two state actors to engage in such a conflict. (Correction: The book was initially published in 2009).
“Cyberwar is not simply kinetic war in another dimension. It’s got a different set of rules, a different set of parameters, a different set of questions, a different set of answers,” he said at a Capitol Hill briefing Feb. 22.
That’s one reason why a cyberwar could play out unseen by most people. The shutting down of electrical grids would be noticed, but the manipulation of data on other systems may not immediately come to light. It took one full year for Iranian scientists to realize that the software had been compromised by the Stuxnet virus, Libicki noted.
There have only been four known acts of cyberwar, Libicki said. The denial of service attacks on Estonia in 2007 and on Georgia during its war with Russia in 2008, an Israeli attack on Syrian air defense radars in 2007, and the Stuxnet virus that was aimed at damaging Iranian centrifuges associated with its nuclear energy program.
Cyberattacks cannot be confused with cyberespionage, he noted. Nations do not go to war over spying, he said. The book examines large-scale, tit-for-tat cyber-assaults between two nations. It does not ponder the implications of an attack by terrorists because there are few opportunities for retaliation. If al-Qaida were to shut down a U.S. electrical grid, the United States could not respond in kind because the group has no infrastructure, he said.
Libicki also does not address tactical actions, or what he calls an “operational cyberwar” during a real-world conflict where an adversary may try to take down networked-enabled systems to gain an advantage on the battlefield. “In the context of a physical war, that makes a certain amount of sense,” he said.
Attribution is one of the keys to retaliating against a cyberattack, he noted. It is also one of the hardest aspects. It is difficult to know who is attacking a network. Once the identity of the attackers is verified, and if they are indeed a nation-state, then the United States must decide if retaliation is necessary.
In the event of a cyberwar, there is unlikely to be long-term damage. An attack or counter-attack can only occur if there is a vulnerability in a computer system. Vulnerabilities can be patched up quickly, or traffic can be rerouted away from the system — in most cases within hours and days. In regular warfare, the ability to hit the same target several times, known as “serial reapplication,” is a part of warfare and can be a deterrent. But once a counter-attack occurs, it tips the adversary off and subsequent attacks may not be as effective, he said.
Battle damage assessment is hard to determine. The decision to launch a counter-attack may hinge on knowing how much harm to the opponent’s system could be inflicted. That is difficult to assess, he added.
“Are the effects obvious to the public?” is a question that needs to be asked. “If the effects are not obvious to the public, you don’t lose public face by not retaliating,” he said. However, the United States could launch a counter-attack in ways that are not obvious to the opponent’s public. There needs to be a message conveyed to the leadership “about the lack of wisdom in attacking the United States in cyberspace.”
Another reason why the public may not be informed of a cyberwar is the risk that a third party could insert itself into the conflict. If the United States and China were engaged in such a war, for example, a hacker — someone sitting on a couch in a basement somewhere — or a third nation interested in seeing a prolonged conflict, could surreptitiously launch computer assaults and escalate the war.
“An exchange of cyber-attacks between states may also excite the general interest of superpatriot hackers or those who like to dogpile — particularly if the victim of the attack or the victim of retaliation, or both, are unpopular in certain circles,” Libicki wrote in the book, which was commissioned by the Air Force. The two adversaries may blame each other for the attacks, and not be aware that they are being manipulated.
A cyberwar that flies under the radar of the general public is possible, but unlikely, simply because these incidents tend to bubble to the surface despite the best efforts of the government, he said.
“There is a tendency in some communities to believe that every thing they do is covert, and no one is ever going to hear about it, and then mistakes get made,” he said.
Deterrence worked well in the nuclear age. The Soviet Union and the United States never engaged in a nuclear conflict. “The best defense is a good offense,” is one of the axioms U.S. leadership has said about thwarting a large-scale cyber-attack.
So how good is the United States? It’s cyber-offense capabilities have been largely kept out of the public eye. Libicki didn’t want to reveal much in a nonclassified setting, saying only that, “We’re really good. ... In fact, I think we’re better than anybody else. We’re also very professional about this. The state of our tradecraft is very good.”
A cyberwar is not something that keeps Libicki up at night. Like nuclear war, it is a low probability, high-consequence scenario. The number of potential adversaries that have the ability to carry out such an attack, as well as the desire to pull the trigger and risk the ire of the United States, are few, he noted.
“This is one of these cases where you have to look at defense and offense and somehow come up with a happy medium,” he said. Shoring up defenses in the nation’s electrical grids would be a good place to start, he noted. But to not have a good offense would result in “ a hollow deterrence policy,” he noted.
-
Fascinating stuff!
Forgive me the moment of Captain Obvious but "It is difficult to know who is attacking a network. Once the identity of the attackers is verified, and if they are indeed a nation-state, then the (attacked state) must decide if retaliation is necessary."
So, thanks to Pravda on the Hudson working in conjunction with CiC Obama and his inner circle, the Iranians now have confirmation stuxnet was us AND they have been publicly humiliated.
-
Fascinating stuff!
Forgive me the moment of Captain Obvious but "It is difficult to know who is attacking a network. Once the identity of the attackers is verified, and if they are indeed a nation-state, then the (attacked state) must decide if retaliation is necessary."
So, thanks to Pravda on the Hudson working in conjunction with CiC Obama and his inner circle, the Iranians now have confirmation stuxnet was us AND they have been publicly humiliated
I know right? Way to go!!
-
Sent to me by a not terribly reliable source :lol:
http://sgtreport.com/2012/06/breaking-news-huge-worldwide-cyber-bank-raid-ongoing-estimated-e2-billion-stolen/
-
http://www.theblaze.com/stories/the-fbi-could-cut-your-internet-access-in-four-days-heres-how-to-prevent-it/
-
http://www.wired.com/threatlevel/2012/07/ff_anonymous/all/
-
SRC: http://online.wsj.com/article/SB10000872396390444330904577535492693044650.html?KEYWORDS=Obama+cybersecurity#printMode
Taking the Cyberattack Threat Seriously
In a future conflict, an adversary unable to match our military supremacy on the battlefield might seek to exploit our computer vulnerabilities here at home..
Last month I convened an emergency meeting of my cabinet and top homeland security, intelligence and defense officials. Across the country trains had derailed, including one carrying industrial chemicals that exploded into a toxic cloud. Water treatment plants in several states had shut down, contaminating drinking water and causing Americans to fall ill.
Our nation, it appeared, was under cyber attack. Unknown hackers, perhaps a world away, had inserted malicious software into the computer networks of private-sector companies that operate most of our transportation, water and other critical infrastructure systems.
Fortunately, last month's scenario was just a simulation—an exercise to test how well federal, state and local governments and the private sector can work together in a crisis. But it was a sobering reminder that the cyber threat to our nation is one of the most serious economic and national security challenges we face.
Enlarge Image
CloseAssociated Press
.So far, no one has managed to seriously damage or disrupt our critical infrastructure networks. But foreign governments, criminal syndicates and lone individuals are probing our financial, energy and public safety systems every day. Last year, a water plant in Texas disconnected its control system from the Internet after a hacker posted pictures of the facility's internal controls. More recently, hackers penetrated the networks of companies that operate our natural-gas pipelines. Computer systems in critical sectors of our economy—including the nuclear and chemical industries—are being increasingly targeted.
It doesn't take much to imagine the consequences of a successful cyber attack. In a future conflict, an adversary unable to match our military supremacy on the battlefield might seek to exploit our computer vulnerabilities here at home. Taking down vital banking systems could trigger a financial crisis. The lack of clean water or functioning hospitals could spark a public health emergency. And as we've seen in past blackouts, the loss of electricity can bring businesses, cities and entire regions to a standstill.
This is the future we have to avoid. That's why my administration has made cybersecurity a priority, including proposing legislation to strengthen our nation's digital defenses. It's why Congress must pass comprehensive cybersecurity legislation.
We all know what needs to happen. We need to make it easier for the government to share threat information so critical-infrastructure companies are better prepared. We need to make it easier for these companies—with reasonable liability protection—to share data and information with government when they're attacked. And we need to make it easier for government, if asked, to help these companies prevent and recover from attacks.
Yet simply sharing more information is not enough. Ultimately, this is about security gaps that have to be filled. To their credit, many of these companies have boosted their cyber defenses. But many others have not, with some lacking even the most basic protection: a good password. That puts public safety and our national security at risk.
The American people deserve to know that companies running our critical infrastructure meet basic, commonsense cybersecurity standards, just as they already meet other security requirements. Nuclear power plants must have fences and defenses to thwart a terrorist attack. Water treatment plants must test their water regularly for contaminants. Airplanes must have secure cockpit doors. We all understand the need for these kinds of physical security measures. It would be the height of irresponsibility to leave a digital backdoor wide open to our cyber adversaries.
This approach stays true to our values as a society that cherishes free enterprise and the rights of the individual. Cybersecurity standards would be developed in partnership between government and industry. For the majority of critical infrastructure companies already meeting these standards, nothing more would be expected. Companies needing to upgrade their security would have the flexibility to decide how best to do so using the wide range of innovative products and services available in the marketplace. Moreover, our approach protects the privacy and civil liberties of the American people. Indeed, I will veto any bill that lacks strong privacy and civil-liberties protections.
This is exactly the kind of responsible, collaborative approach to an urgent national-security challenge that Americans expect but that Washington too rarely provides. It reflects the insights and ideas of industry and civil libertarians. It is sponsored by a bipartisan group of senators. It is supported by current and former homeland security, intelligence and defense leaders from both Republican and Democratic administrations.
Today we can see the cyber threat to the networks upon which so much of our modern American lives depend. We have the opportunity—and the responsibility—to take action now and stay a step ahead of our adversaries. For the sake of our national and economic security, I urge the Senate to pass the Cybersecurity Act of 2012 and Congress to send me comprehensive legislation so I can sign it into law.
It's time to strengthen our defenses against this growing danger.
Mr. Obama is president of the United States.
A version of this article appeared July 20, 2012, on page A11 in the U.S. edition of The Wall Street Journal, with the headline: Taking the Cyberattack Threat Seriously.
-
SRC: http://www.computerworld.com/s/article/9229756/NSA_chief_asks_hackers_at_Defcon_for_help_securing_cyberspace?taxonomyId=17
NSA chief asks hackers at Defcon for help securing cyberspace
NSA Director General Keith B. Alexander called the Defcon attendees the world's best cybersecurity community
By Lucian Constantin
July 29, 2012 12:20 AM ET3 Comments. .IDG News Service - National Security Agency Director General Keith B. Alexander addressed the attendees of the Defcon hacker conference in Las Vegas on Friday and asked for their help to secure cyberspace.
"This is the world's best cybersecurity community," said Gen. Alexander, who also heads the U.S. Cyber Command. "In this room right here is the talent our nation needs to secure cyberspace."
Hackers can and must be part, together with the government and the private industry, of a collaborative approach to secure cyberspace, he said.
Hackers can help educate other people who don't understand cybersecurity as well as they do, the NSA chief said. "You know that we can protect networks and have civil liberties and privacy; and you can help us get there."
Gen. Alexander congratulated the organizers of Defcon Kids, an event dedicated to teaching kids how to be white-hat hackers, and described the initiative as superb. He called 11-year-old Defcon Kids co-founder CyFi to the stage and said that training young people like her in cybersecurity is what the U.S. needs.
The NSA director stressed the need for better information sharing between the private industry and the government and noted that the Congress is currently debating legislation to address this.
NSA's and U.S. Cyber Command's roles are to protect the nation from cyberattacks and foreign intelligence, Gen. Alexander said. The issue is that if you don't see a cyberattack you can't defend against it and at the moment, the NSA has no insight if Wall Street is going to be attacked, for example, he said.
Gen. Alexander pointed out that if the industry could share some limited pieces of information from their intrusion detection systems in real time, the NSA could take it from there.
The next step from information sharing is jointly developing standards that would help secure critical infrastructure and other sensitive networks, he said.
He encouraged hackers to get involved in the process. "We can sit on the sidelines and let others who don't understand this space tell us what they're going to do, or we can help by educating and informing them" of the best ways to go forward.
"That's the real reason why I came here. To solicit your support," he said. "You have the talent. You have the expertise."
At the Aspen Security Forum conference on Thursday, Gen. Alexander revealed that there's been a 17-fold increase in cyberattacks against U.S. infrastructure between 2009 and 2011, the New York Times reported.
The hacker community has built many of the tools that are needed to protect cyberspace and should continue to build even better ones, he said during his keynote at Defcon. He gave the example of Metasploit and other penetration testing tools.
"Sometimes you guys get a bad rap," he said. "From my perspective, what you're doing to figure out vulnerabilities in our systems is great. We have to discover and fix those. You guys hold the line," he said.
Gen. Alexander's presence at Defcon was a rare event. Before introducing him to the stage, Defcon founder Jeff Moss, who is the chief security officer of ICANN and a member of the U.S. Homeland Security Advisory Council, revealed that he has tried for the past 20 years to get a high-ranking NSA official to speak at the conference.
"Like magic, on our 20th anniversary and NSA's 60th anniversary it's all come together," Moss said. "For me it's really eye-opening to see the world from their [NSA's] view."
-
What does the nation's first cyber security coordinator do for an encore on leaving government service?
First, one would believe that Howard Schmidt (right), a 40-year veteran of the discipline, will be penning another book, this one detailing the three years he spent serving in the Obama administration as the United States' top computer security adviser. He stepped down at the end of May.
One knows for a fact, however, that he has joined the board of security and compliance firm Qualys, where his main role will be advising on governance, strategic direction for the company and providing guidance to Philippe Courtot, the chairman and CEO. “It's all about being part of a team as opposed to an individual effort,” Schmidt said.
And, it's more than simply contacts in the government that Courtot expects. “Howard is technical enough, he knows the problems very well,” he said. “It's more about, ‘How do you present and package, where should we focus our energy so we can essentially play a bigger role with the federal government.' So, having Howard, it's very welcome and timely.”
The two also plan to revive an initiative they co-founded in 2004, the CSO Interchange, which brings security chiefs together from all sectors to discuss problems they are facing. “It's really an environment to bring CSOs together to make things move forward, as opposed to a meeting where people just want to sell something,” Schmidt said.
When they first began the international series of roundtables and breakfasts, there was a lot of resistance from the government sector in applying cloud technologies, as they wanted to control the data, Courtot recalled. “But today, we're at the point where necessity and the growth of attacks have become more pervasive,” he said. “They are now looking for solutions that work and that are cost effective as well, because you can't throw millions of dollars at the problem.”
Speaking of his time at the White House, Schmidt said, “Like any security position, it takes a lot of work. There's a lot of stuff that needs to be discussed. What works for one company, may have less than a positive impact on another one.”
His role, he said, was to bring everybody together to look for solutions. He points to the National Strategy for Trusted Identities in Cyberspace, or NSTIC, a White House initiative to foster collaboration between the government and private sector to better the privacy, security and convenience of online transactions, as one of the administration's major successes. The point, he said, was to look at ways to move away from an environment of user IDs and passwords and get something the private sector can build – an ecosystem where users can migrate to systems that are less likely to be compromised.
He also oversaw advancements in international cyber strategy. “Working with a great team across the government and with international partners, the International Strategy for Cyberspace [a policy document that sets an agenda for partnering with other nations] was looking at several things – from prosperity to economics to military action to peaceful activity,” he said.
It's very difficult to stop the threats, Schmidt said. “What you can do is stop the threats from being successful. And that's making sure everything that you're doing – in the cloud, on the desktop, browser, server environment – you can reduce the vulnerabilities so that no matter what someone throws at you, it's less likely to be successful.”
-
SRC: http://www.scmagazine.com/danger-within-insider-threat/article/245432/
Danger within: Insider threat
David CotrissJuly 02 2012The theft or misuse of corporate assets by a trusted individual poses challenges, but there are strategies and tools to put in place, reports David Cotriss.
How big a problem is the threat from insiders?
“Bigger than most people realize because many times they can't tell if they have an issue,” says Craig Shumard, principal of Philadelphia-based Shumard and Associates, a strategic security consulting firm, and former vice president of security at Cigna Insurance. Insider threats are often under-reported, he says, because companies do not want it known that they've become victims of such attacks. At other times, an enterprise may be unaware it has been compromised.
There's a widely reported mythology that insider-spawned breaches occur far less frequently than external attacks, says James Quin, lead research analyst at Ontario, Canada-based Info-Tech Research Group. When his organization interviewed companies about the issue, the survey found that the accepted wisdom proved not to be true. Quin says that while the prevalence of malicious insider incidents is indeed quite low, erroneous or accidental breaches are “happening with alarming frequency.” That is, although insiders are to blame for some malicious activity, add to that the high rate of employees unintentionally causing a data leakage incident, and the tally for insider culpability mounts.
The problem is exacerbated by the fact that companies are not prepared or equipped to deal with such incidents. “We're finding that organizations don't have an insider threat program in place,” says Dawn Cappelli, technical manager at the Computer Emergency Response Team (CERT) Insider Threat Center, a research-and-development entity at Carnegie Mellon University's Software Engineering Institute in Pittsburgh. CERT is working with the federal government and private companies to design a prevention and mitigation program. Most corporations, she says, are focused on protecting their networks from outside threats, but they don't yet have anyone in charge for insider threat mitigation. This situation must change, with one person given authority and responsibility for dealing with insider threats. To succeed, that person must have the backing of general counsel because of privacy issues, and they must work well with IT and human resources.
Cappelli adds that in last year's “Cyber Security Watch” survey from Deloitte, 46 percent of respondents said insider attacks were more costly to their organization than external attacks. Yet most companies that have purchased software tools that are marketed as internal attack mitigation solutions are using them only to address external attacks.
“What you need to worry about is how to keep your employees happy.”
– Andy Ellis, CSO, Akamai Technologies
While the incidence of insider incidents has stabilized over the past few years, the opportunities have increased because of greater use of third-party contractors, the bring-your-own-device (BYOD) phenomenon, and the co-mingling of personal and business data spurred by the popularity of smartphones and tablets. Today, attacks can be launched at handheld devices, and this vector has become a major source of data leakage. Furthermore, despite all the new tools that have been developed over the past few years, “25 to 30 percent of threats cannot be controlled by technology,” says Shumard.
It is not feasible to completely stop malicious data leakage, agrees Quin. “Technology cannot address everything,” he says. “You can't stop people writing things down with a pencil and a piece of paper.”
As well, privileged users can insert malicious code almost anywhere without it being flagged as anomalous activity, he says. They have the ability to override system controls without detection.
“You can't stop insider threats,” says Andy Ellis, CSO at Cambridge, Mass.-based Akamai Technologies, which provides a platform for conducting business online. “What you need to worry about is how to keep your employees happy. What are you doing for employee retention? A lot of insider threats come from unhappy employees. How do you prevent the trusted insider from doing something that threatens the company?”
For Ellis, the threat fell close to home. Akamai was the victim of a foiled attempt by a former employee to spy on the company. Elliot Doxer pleaded guilty last year to a charge of foreign economic espionage for providing trade secrets to an FBI agent posing, over a two-year period, as an Israeli intelligence officer. When Doxer contacted the Israeli consulate and offered to give it confidential information in exchange for money, the consulate contacted the FBI.
To best thwart the malicious attacker, Shumard recommends looking at anomalous behavior. “Take people who hold the same position who have the same job rules and access,” he says. “Why does one employee log-on at 4 in the morning and log-off at 10 at night, while other employees log on at 8 in the morning and log off at 4 in the afternoon? Why would one person download 2,400 documents in a day while the others are downloading 20 or 30? There might be a valid reason for this, such as a special project, but these are indicators of possible malicious behavior.”
Meanwhile, many companies tend to ignore accidental data leaks, even though they can prove costly. Two-thirds of all insider threats are unintentional, says Quin. For example, sending an email to an entire list instead of one intended recipient, or hitting “reply all” instead of “reply,” could have severe consequences.
“Companies have to start contemplating solutions to correct this,” he says. “We haven't done a good job of educating employees about appropriate custodial care of data.”
Shumard agrees. “Sometimes it's just people not understanding proprietary information or a highly sensitive piece of information,” he says. He recommends that companies hold security awareness training for all employees. “Education is important because people have to understand the rules and abide by them.”
Be proactive, says Ellis. He follows Akamai employees on LinkedIn because if there is suddenly a flurry of new connections, it's likely that an individual is looking for a new job. Depending on the access that person has to sensitive information, he says the prudent approach is to take some preventative action.
However, Ellis also says organizations must weigh the cost of prevention tools versus the value of the potentially leaked information. And, he says sometimes a corporation is paying for technology that slows down the speed of innovation.
The sensible methodology, according to CERT, is to use a combination of technical and non-technical potential indicators of malicious activity to identify individuals who may be more likely to commit an unauthorized act. By monitoring and controlling outbound traffic, an organization can greatly increase its chances of mitigating malicious activity.
Data leakage: Prevention
To thwart the inevitability of attacks from within, CERT recommends that companies log all downloads and set alerts when critical information is copied to removable media. Other recommended actions are:
■Implement continuous logging
■Audit individual actions in logs for privileged accounts
■Audit logs for activity of resigning or terminated employees
■Log anytime a device or peripheral is attached; alert if an unidentified device is attached, i.e., a keystroke logger
■Alert of suspicious traffic
■Monitor for unauthorized accounts
■Review user accounts on a regular basis to ensure that active accounts are valid and configured properly
■Monitor privileged users
■Don't give users more privileges than they need
Photo: Inside the network operations command center at Akamai in Cambridge, Mass., Nicole Fusco, network operations engineer, looks for anomalous activity, perhaps indicating inappropriate employee practice.
.
-
By Amber Corrin
Sep 05, 2012
In their respective platforms, the Republicans and Democrats each briefly touch on what they both describe as a paramount threat facing the U.S.: cybersecurity. In keeping with the partisan divides that prevented lawmakers from passing cybersecurity legislation this year, each side offers a different – but decidedly familiar – take on the issue.
While neither party goes in-depth in its platform summary addressing cybersecurity, they both include plans that include basic tenets that were part of cybersecurity bills that failed in Congress. While there isn’t much in the way of cyber-policy revelations, there are hints of action that could come – including a possible executive order.
The platforms include a handful of similarities: Both sides recognize the significance of the issue, the importance of collaboration within government and with industry, and the need for investment in cyber research and development.
Like proposed legislation that came before, that’s about where the parallels end.
The Republicans call for a hands-off approach that echoes the SECURE IT Act championed by Sen. John McCain (R-Ariz.) earlier this year. The emphasis is on the public and private sectors working together, allowing for “the free flow of information” between network managers and the within industry. It also places the onus on the government to better protect their own systems.
The GOP platform also takes swipes at the current cybersecurity policies, saying that the Barack Obama administration is “overly reliant on the development of defensive capabilities and has been unsuccessful in dissuading cyber-related aggression.” The Republican plank criticizes Obama’s approach as “costly and heavy-handed” and says it will “increase the size and cost of the federal bureaucracy and harm innovation in cybersecurity.”
On the other hand, the Democrats’ platform notes some of the cybersecurity steps taken in Obama’s term, and includes vows to continue by investing in research and development, promoting awareness and strengthening public-private partnership.
“The President and the administration have taken unprecedented steps to defend America from cyber attacks, including creating the first military command dedicated to cybersecurity and conducting a full review of the federal government's efforts to protect our information and our infrastructure,” the Democrats’ platform states.
The platform also notes that “going forward, the president will continue to take executive action to strengthen and update our cyber defenses.”
FCW (http://s.tt/1mAm7)
Many, including cybersecurity expert Jim Lewis, say the statement is a strong suggestion of an executive order in the works.
Lewis, director and senior fellow at the Center for Strategic and International Studies, said a presidential directive from Obama likely would aim to compensate for the Congress’s failure to pass legislation protecting critical infrastructure.
But which party’s approach would be more effective? Lewis had criticism for both sides, noting that neither offers any novel ideas.
“The Democratic plank says the right things; it just doesn't say anything new other than the [executive order] hint. The Republican plank also doesn't say anything new, but we know what they propose won't work,” Lewis said, noting that the Republican references to deterrence and information-sharing, among others, are particularly troublesome.
“Cyber deterrence doesn’t work. This is a creaky retread from the Cold War,” he said. As for voluntary information-sharing, central to the Republican approach, “it’s legislation, not regulation, that blocks sharing, and Congress failed to fix it.”
But the Democratic approach could be costly – and not necessarily effective, given the government’s notorious bureaucracy and the rapidly evolving nature of cyber.
“The Democratic platform calls for greater government engagement and involvement, but the imposition of mandates would be less effective because the government is not nimble enough to regulate in this area,” said Paul Rosenzweig, visiting fellow at the Heritage Foundation. “How much would the Democratic platform cost? Nobody knows. The Democrats couldn’t tell you before when [the bipartisan Cybersecurity Act of 2012] was being considered, and the same questions are being asked now.”
FCW (http://s.tt/1mAo9)
-
http://arstechnica.com/security/2012/09/web-attacks-us-banks-originated-in-iran/?comments=1#comments-bar
Web attacks on big US banks originated in Iran, unconfirmed reports say
Two reports say a series of denial-of-service attacks were launched from Iran.
by Dan Goodin - Sept 21 2012, 1:30pm +1000
Black Hat33 Iranians have mounted a series of denial-of-service attacks over the past year that target major US banks and other companies, according to two published reports that cite unnamed US officials.
The reports, published on Friday by The Washington Post and Reuters, came a few days after websites for both Bank of America and JPMorgan Chase experienced unexplained service disruptions. US Senator Joseph Lieberman, chairman of the Senate Homeland Security Committee, said on Friday that he believes a unit of Iran's Revolutionary Guard Corps is behind the disruptions, but provided no evidence to support the claim. Neither bank has confirmed that the disruptions were the result of attacks, so it's possible equipment failure or other internal causes are responsible.
According to the Washington Post, US officials suspect that Iran was behind similar denial-of-service attacks, which bring websites to a crawl or make them completely unavailable by overwhelming them with garbage traffic. One such attack was carried out in August, and was aimed at disrupting the websites of oil companies in the Middle East "by routing their efforts through major US telecommunications companies, including AT&T and Level 3," the publication reported, citing US intelligence and industry officials. It was the largest attempted DoS attack against AT&T "by an order of magnitude," an industry official said. The sources spoke on condition of anonymity because they weren't authorized to speak to the press.
According to Reuters, Citigroup has also been targeted in the campaigns, which it said are likely in retaliation for their enforcement of Western economic sanctions against Iran. Reuters also said while the attacks originated in Iran "it is not clear if they were launched by the state, groups working on behalf of the government, or 'patriotic' citizens." The attacks may be intended to distract victims from other, more destructive breaches, the news organization added.
Security experts have long said that it's difficult or impossible to determine the origin or source of many DoS and other computer-based attacks. In the absence of technical evidence that supports claims attacks are coming from Iran, it's not possible to verify them.
.
-
http://www.technologyreview.com/news/429616/computer-viruses-are-rampant-on-medical-devices/
Computer Viruses Are "Rampant" on Medical Devices in Hospitals
A meeting of government officials reveals that medical equipment is becoming riddled with malware.
David Talbot
Wednesday, October 17, 2012
Health scare: Much hospital equipment uses software that can be vulnerable to viruses.
PR Newswire
Computerized hospital equipment is increasingly vulnerable to malware infections, according to participants in a recent government panel. These infections can clog patient-monitoring equipment and other software systems, at times rendering the devices temporarily inoperable.
While no injuries have been reported, the malware problem at hospitals is clearly rising nationwide, says Kevin Fu, a leading expert on medical-device security and a computer scientist at the University of Michigan and the University of Massachusetts, Amherst, who took part in the panel discussion.
Software-controlled medical equipment has become increasingly interconnected in recent years, and many systems run on variants of Windows, a common target for hackers elsewhere. The devices are usually connected to an internal network that is itself connected to the Internet, and they are also vulnerable to infections from laptops or other device brought into hospitals. The problem is exacerbated by the fact that manufacturers often will not allow their equipment to be modified, even to add security features.
In a typical example, at Beth Israel Deaconess Medical Center in Boston, 664 pieces of medical equipment are running on older Windows operating systems that manufactures will not modify or allow the hospital to change—even to add antivirus software—because of disagreements over whether modifications could run afoul of U.S. Food and Drug Administration regulatory reviews, Fu says.
As a result, these computers are frequently infected with malware, and one or two have to be taken offline each week for cleaning, says Mark Olson, chief information security officer at Beth Israel.
"I find this mind-boggling," Fu says. "Conventional malware is rampant in hospitals because of medical devices using unpatched operating systems. There's little recourse for hospitals when a manufacturer refuses to allow OS updates or security patches."
The worries over possible consequences for patients were described last Thursday at a meeting of a medical-device panel at the National Institute of Standards and Technology Information Security & Privacy Advisory Board, of which Fu is a member, in Washington, D.C. At the meeting, Olson described how malware at one point slowed down fetal monitors used on women with high-risk pregnancies being treated in intensive-care wards.
"It's not unusual for those devices, for reasons we don't fully understand, to become compromised to the point where they can't record and track the data," Olson said during the meeting, referring to high-risk pregnancy monitors. "Fortunately, we have a fallback model because they are high-risk [patients]. They are in an IC unit—there's someone physically there to watch. But if they are stepping away to another patient, there is a window of time for things to go in the wrong direction."
The computer systems at fault in the monitors were replaced several months ago by the manufacturer, Philips; the new systems, based on Windows XP, have better protections and the problem has been solved, Olson said in a subsequent interview.
At the meeting, Olson also said similar problems threatened a wide variety of devices, ranging from compounders, which prepare intravenous drugs and intravenous nutrition, to picture-archiving systems associated with diagnostic equipment, including massive $500,000 magnetic resonance imaging devices.
Olson told the panel that infections have stricken many kinds of equipment, raising fears that someday a patient could be harmed. "We also worry about situations where blood gas analyzers, compounders, radiology equipment, nuclear-medical delivery systems, could become compromised to where they can't be used, or they become compromised to the point where their values are adjusted without the software knowing," he said. He explained that when a machine becomes clogged with malware, it could in theory "miss a couple of readings off of a sensor [and] erroneously report a value, which now can cause harm."
Often the malware is associated with botnets, Olson said, and once it lodges inside a computer, it attempts to contact command-and-control servers for instructions. Botnets, or collections of compromised computers, commonly send spam but can also wage attacks on other computer systems or do other tasks assigned by the organizations that control them (see "Moore's Outlaws").
In September, the Government Accountability Office issued a report warning that computerized medical devices could be vulnerable to hacking, posing a safety threat, and asked the FDA to address the issue. The GAO report focused mostly on the threat to two kinds of wireless implanted devices: implanted defibrillators and insulin pumps. The vulnerability of these devices has received widespread press attention (see "Personal Security" and "Keeping Pacemakers Safe from Hackers"), but no actual attacks on them have been reported.
Fu, who is a leader in researching the risks described in the GAO report, said those two classes of device are "a drop in the bucket": thousands of other network-connected devices used for patient care are also vulnerable to infection. "These are life-saving devices. Patients are overwhelmingly safer with them than without them. But cracks are showing," he said. (Fu was Technology Review's Innovator of the Year in 2009.)
Malware problems on hospital devices are rarely reported to state or federal regulators, both Olson and Fu said. This is partly because hospitals believe they have little recourse. Despite FDA guidance issued in 2009 to hospitals and manufacturers—encouraging them to work together and stressing that eliminating security risks does not always require regulatory review—many manufacturers interpret the fine print in other ways and don't offer updates, Fu says. And such reporting is not required unless a patient is harmed. "Maybe that's a failing on our part, that we aren't trying to raise the visibility of the threat," Olson said. "But I think we all feel the threat gets higher and higher."
Speaking at the meeting, Brian Fitzgerald, an FDA deputy director, said that in visiting hospitals around the nation, he has found Beth Israel's problems to be widely shared. "This is a very common profile," he said. The FDA is now reviewing its regulatory stance on software, Fitzgerald told the panel. "This will have to be a gradual process, because it involves changing the culture, changing the technology, bringing in new staff, and making a systematic approach to this," he said.
In an interview Monday, Tam Woodrum, a software executive at the device maker GE Healthcare, said manufacturers are in a tough spot, and the problems are amplified as hospitals expect more and more interconnectedness. He added that despite the FDA's 2009 guidance, regulations make system changes difficult to accomplish: "In order to go back and update the OS, with updated software to run on the next version, it's an onerous regulatory process."
Olson said that in his experience, GE Healthcare does offer software patches and guidance on keeping devices secure, but that not all manufacturers have the same posture. He added that the least-protected devices have been placed behind firewalls. But to do that with all a hospital's software-controlled equipment would require more than 200 firewalls—an unworkable prospect, he said.
John Halamka, Beth Israel's CIO and a Harvard Medical School professor, said he began asking manufacturers for help in isolating their devices from the networks after trouble arose in 2009: the Conficker worm caused problems with a Philips obstetrical care workstation, a GE radiology workstation, and nuclear medical applications that "could not be patched due to [regulatory] restrictions." He said, "No one was harmed, but we had to shut down the systems, clean them, and then isolate them from the Internet/local network."
He added: "Many CTOs are not aware of how to protect their own products with restrictive firewalls. All said they are working to improve security but have not yet produced the necessary enhancements."
Fu says that medical devices need to stop using insecure, unsupported operating systems. "More hospitals and manufacturers need to speak up about the importance of medical-device security," he said after the meeting. "Executives at a few leading manufacturers are beginning to commit engineering resources to get security right, but there are thousands of software-based medical devices out there."
-
http://online.wsj.com/article/SB10000872396390444592704578063063201649282.html?mod=world_newsreel
-
second post
http://online.wsj.com/article/SB10000872396390444592704578062744030325244.html?mod=WSJ_World_LEFTSecondNews
-
From the SANS Newsletter
--Flame Relative is a "High-Precision, Surgical Attack Tool"
(October 15, 2012)
Researchers have detected another piece of malware that targets systems used in the Middle East. It is being called mini Flame because it appears to be built on the same platform as the Flame malware, which was detected earlier this year. While Flame focuses on stealing information, miniFlame acts as a backdoor on infected machines to allow attackers access. It also appears to be able to act as a modulefor both Flame and Gauss, lending more credence to the theory that the two pieces of malware are related. miniFlame can download files from
a command-and-control server. It is being called a "high-precision, surgical attack tool."
http://www.wired.com/threatlevel/2012/10/miniflame-espionage-tool/all/
http://www.computerworld.com/s/article/9232367/Kaspersky_discovers_miniFlame_cyberespionage_malware_directly_linked_to_Flame_and_Gauss?taxonomyId=82
http://www.v3.co.uk/v3-uk/news/2217221/miniflame-surgical-cyberstrike-malware-tool-discovered
http://www.securelist.com/en/analysis/204792247/miniFlame_aka_SPE_Elvis_and_his_friends
[Editor's Note (McBride): From an analytical perspective the fact that a sinkhole designed for Flame found miniFlame is a nice windfall (but not necessarily great opsec). Is the fact that Kaspersky continues to find state sponsored malware (allegedly belonging to the United States) surprising - or is the awe wearing off? Is it concerning that the U.S. appears to be a leader in offensive cyber operations? Is the real difference between APT and APF (advanced persistent friendliness) summed up in the amount of trust you have for the motives of the sponsoring nation-state?
-
Another one from the SANS newsletter.
--US Defense Secretary Says US is Prepared to Take Action
(October 11 & 14, 2012)
US Defense Secretary Leon Panetta last week said that a recent campaign of cyberattacks on Middle East oil and gas companies "was probably the most destructive attack that the private sector has seen to date." While Panetta did not say that Iran was involved in those attacks, he did note that Iran is trying to "gain an advantage in cyberspace" and warned those who would consider launching cyberattacks against the US that the US is prepared to take action.
http://www.eweek.com/security/iranian-cyber-attack-is-most-destructive-to-date-says-defense-secretary/
http://www.washingtonpost.com/world/national-security/cyberattack-on-mideast-energy-firms-was-biggest-yet-panetta-says/2012/10/11/fe41a114-13db-11e2-bf18-a8a596df4bee_story.html
[Editor's Note (Assante): One must not lose sight of the big picture when considering the consequences of all cyber attacks on our productivity, competitiveness, and national security. The challenge with the emerging attacks referred to by the Secretary of Defense is in the development of doctrines that are flexible enough to apply the right response to manage the death by a thousand cuts while deterring specific attacks that can directly impact economic and nation security. Cyber defense is a job too big for any one organization we all play an important part in safeguarding our information and critical systems.
(McBride): McBride: The tone of Panetta's comments appears to support a stance of deterrence. He well might have said "the U.S. is prepared to take offensive or retaliatory action if and when it can positively attribute highly-destructive attacks to another nation-state." On the other hand, the tone of the comments does not build confidence that the U.S. is prepared to defend and restore. That makes his plea to executives of firms that own and operate critical infrastructure all the more imperative.]
-
Article:
http://www.washingtonpost.com/investigations/in-cyberattacks-hacking-humans-is-highly-effective-way-to-access-systems/2012/09/26/2da66866-ddab-11e1-8e43-4a3c4375504a_story.html?hpid=z3
The following image goes with the article.
http://www.washingtonpost.com/investigations/social-engineering-using-social-media-to-launch-a-cyberattack/2012/09/26/a282c6be-0837-11e2-a10c-fa5a255a9258_graphic.html
-
http://www.washingtonpost.com/wp-srv/special/investigative/zeroday/cyber-history-timeline/index.html
1943-1944 History
The digital era jumped ahead with the creation of Colossus, the first programmable digital machine. Though limited compared to later computers, Colossus played a pivotal role in code breaking during World War II. In effect, the British developed the first digital machine to hack German codes.
The National Museum of Computer: Colossus
Colossus: The first large-scale electronic computer
1961-1962 History
Key steps in the history of global computer networks came when Leonard Kleinrock at MIT published the first paper on packet switching theory in July 1961, and the next year when J.C.R. Licklider, also at MIT, wrote a series of memos spelling out his ideas for a "Galactic Network" in which people could access data from anywhere.
Internet Society: Origins of the Internet
1967-1969 History
The Advanced Research Projects Agency, later known as DARPA, accelerated work on what was initially dubbed ARPANET and eventually came to be known as the Internet. The first ARPANET message was sent at 10:30 p.m. on Oct. 29, 1969.
Internet Society: Oirginal Internet concepts
Stanford Research Institute: Celebrating the first ARPANET transmission
1971 History
Intel released the first integrated microprocessor, a major leap forward in the history of the computer. It had 2,300 transistors and processed 60,000 instructions per second.
1982 Hack
National security officials in the United States launched one of the world's first cyberattacks on another country: the Soviet Union. U.S. officials heard, through a KGB source named Farewell, that the Soviets intended to buy computer equipment through a front company to operate a gas pipeline. U.S. agents altered the software, which later caused the pipeline to explode.
CIA: The Farewell Dossier
At the Abyss: An Insider's History of the Cold War (book)
1986-1987 Hack
In 1986 and 1987, a physics researcher at the University of California at Berkeley uncovered a global hack of academic, military and government computers in the United States. Chronicled later in the book “The Cuckoo's Egg,” it was the first investigation of its kind, and it revealed online hacker threats spread around the globe.
Wikipedia: The Cuckoo's Egg
1988 Hack
The first "worm" attack occurred on the Internet. A Cornell University student named Robert Tappan Morris released several dozen lines of code, which replicated wildly and hit thousands of computers hard. It stopped about 10 percent of the 88,000 computers linked to the Internet at the time.
The What, Why, and How of the 1988 Internet Worm
CERT: Security of the Internet
1990 History
ARPANET became an operation network known as the Internet. About 2.6 million people around the globe had access.
1994 Hack
Anonymous hackers repeatedly attacked the Air Force's Rome Laboratory in New York, underscoring the threat to military systems. Investigators discovered that a British teenager and an Israeli technician had used phone systems and networks in eight countries to cloak their attacks on numerous military and government computer systems.
GAO (PDF): Computer attacks at the Department of Defense pose increasing risks
1997 Hack
The Pentagon's first "information warfare" exercise, known as Eligible Receiver, found that industrial and information systems throughout the United States are vulnerable to cyberattacks from hackers using readily available technology and software. Specialists said it appeared as though simulated attacks on power and communications networks in Oahu, Hawaii; Los Angeles; Colorado Springs, Colo.; Washington, D.C.; and elsewhere succeeded with ease.
Congressional Research Service report (PDF): Cyberwarfare
2003 History
The amount of digital information created by computers, cameras and other data systems this year surpassed the amount of all information created in human history, according to studies by International Data Corp. and EMC.
November 2003 Hack
Hackers apparently supported by China attacked military and government systems in the United States with impunity, making off with terabytes of data. The attacks were dubbed Titan Rain by officials in the United States.
Washington Post: Hackers attack via Chinese Web sites
May 2007 Hack
During a dispute between Estonia and Russia, hackers launched massive attacks on Estonian government agencies, banks, newspapers and other organization, using networks of computers to shut down Estonian systems online. Some analysts, blaming Russia, asserted the attacks represent one of the first instances of cyberwar.
Wired: Kremlin Kids: We launched the Estonian cyber war
2008 History
Cyberspace accelerated its expansion, with the number of devices connected to the Internet exceeding the number of people on Earth for the first time. That number hit an estimated 12.5 billion in 2010, according to a researcher at Cisco who predicted it will rise to 50 billion in 2020. Hundreds of millions of new Internet users also sign on, many millions of them via mobile phones and other portable devices.
November 2008 Hack
The most significant breach of U.S. computer security occurred, apparently when someone working with the Pentagon's Central Command inserted an infected flash drive into a military laptop computer at a base in the Middle East. The case was code named Buckshot Yankee. "The flash drive’s malicious computer code, placed there by a foreign intelligence agency, uploaded itself onto a network run by the U.S. Central Command. That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control," a senior U.S. official later wrote in Foreign Affairs magazine.
Washington Post: Cyber-intruder sparks massive federal response
March 2009 Hack
Canadian researchers identified a Chinese espionage network operating on government computer systems in 103 countries, making it the largest operation of its kind ever publicly identified. The researchers dubbed the system GhostNet.
New York Times: Vast spy system loots computers in 103 countries
December 2009 Hack
Communications links with U.S. drones were hacked by Iraqi insurgents, who used laptop computers and inexpensive software. The hack apparently enabled the insurgents to see video images the drone was recording.
January 2010 Hack
Google announced that it and dozens of other companies were the focus of a "highly sophisticated and targeted attack" originating from China. The attack resulted in a huge amount of data being stolen. It was later dubbed Operation Aurora.
February 2010 History
The number of Internet users topped 2 billion. The Defense Department said that although "it is a man-made domain, cyberspace is now as relevant a domain for DoD activities as the naturally occurring domains of land, sea, air and space.”
July 2010 Hack
Researchers discovered the most sophisticated cyberweapon ever to be made public. A "worm" known as Stuxnet, it was designed to seek out certain industrial control systems made by Siemens. Stuxnet took advantage of four zero-day vulnerabilities and appeared to be targeted at a uranium enrichment program in Iran. Specialists said it appeared to have a devastating effect, destroying or damaging hundreds of centrifuges. The New York Times reported that President Obama approved the operation as part of a secret U.S.-Israeli cyberwar campaign against Iran begun under the Bush administration.
November 2010 History
A group of the nation's top scientists concluded in a report to the Pentagon that "the cyber-universe is complex well beyond anyone’s understanding and exhibits behavior that no one predicted, and sometimes can’t even be explained well." The scientists, part of a Pentagon advisory group called JASON, said, "Our current security approaches have had limited success and have become an arms race with our adversaries. In order to achieve security breakthroughs we need a more fundamental understanding of the science of cyber-security."
May 2011 Hack
Sony told Congress that hackers had penetrated the PlayStation network, stealing or misusing the personal information of at least 77 million users. Sony estimated that fallout from the hack cost at least $170 million. It appeared as though criminals masqueraded as members of the anarchist-activist group known as Anonymous.
March 2012 Hack
Gen. Keith Alexander, commander of U.S. Cyber Command, blamed China for taking "astounding" amounts of intellectual propery and for the hack last year of security giant RSA. In testimony before a congressional panel, Alexander hinted at military reprisals. "We reserve the right to use all necessary means — diplomatic, informational, military, and economic — as appropriate and consistent with applicable international law," Alexander testified.
-
There's a natural inclination for people at the end of each year to look back, take stock and try to draw some grand meaning or life lessons out of the events of the past 12 months. This is a particularly risky and difficult thing to do in the security industry, given its inherent unpredictability and chaotic nature. That doesn't stop people from doing it, mind you, it just makes the process more difficult and often more humorous. The weird thing about 2012, though, is that it turned out to be one of those years that may well end up marking a turning point for consumers, enterprises and governments around the world.
The biggest shift in 2012 was the emergence of state-sponsored malware and targeted attacks as major factors. The idea of governments developing and deploying highly sophisticated malware is far from new. Such attacks have been going on for years, but they've mainly stayed out of the limelight. Security researchers and intelligence analysts have seen many of these attacks, targeting both enterprises and government agencies, but they were almost never discussed openly and were not something that showed up on the front page of a national newspaper.
That all changed in 2010 with the discovery of the Stuxnet worm, which targeted the nuclear enrichment facility at Natanz in Iran. That attack made international news and started conversations in Washington, London and around the world about who deployed the worm and about the propriety of using such malware to go after the assets of foreign governments, regardless of their political alignment.
That conversation grew louder and more contentious in 2012 with the emergence of a number of new cyberweapons, including Flame, Gauss, Mini-Flame and Shamoon. Researchers believe that several of these tools are connected and may have been written by the same team and use some of the same code and modules. For the most part, these tools have been designed to steal sensitive data, conduct surveillance on victim networks and give the attackers a hidden presence on those systems. Shamoon was the exception to this rule, wiping data from target systems and rendering many of them useless.
Shamoon's destructive tendencies confused researchers for a while, as there doesn't seem to be much upside in destroying the data on machines that you're targeting. That is, of course, unless the attackers had no interest in stealing any of the data on the target network and simply wanted to make a statement by trashing the systems instead and causing major headaches for the security team on the other end. And that's what ended up happening, at least to the one major known target, oil giant Saudi Aramco. The attack on Aramco destroyed data on more than 30,000 machines and took the company weeks to recover from.
The kind of targeted attacks in which cyberweapons such as Flame and Shamoon are used are relatively rare and almost exclusively hit major corporate or government networks. But that doesn't mean that they don't have consequences for consumers, as well. Attackers routinely go after banks, ISPs and other companies and those attacks can have major repercussions for consumers. There has been a series of high-powered and highly disruptive DDoS attacks against several major banks over the last few months, some of which have taken banks' sites offline for hours at a time.
The attacks have reached the point where the Office of the Comptroller of the Currency is warning banks about the campaign and recommending that they look at their risk-management plans to ensure that they have quality mitigations in place. The major banks, of course, have layers of defenses in place, but that only goes so far against a determined attacker, as many other enterprises are finding out these days.
The question now is what 2013 has in store. It's no reach to say that there will be more Stuxnet or Flame-style attacks in the coming year. It's as sure a bet as there is, the kind of lock that Vegas bettors dream about. A five-star lock. The attacks are going on all the time, 24 hours a day, on sensitive networks around the world. Attackers are vacuuming up data by the terabyte and handing it over to their bosses or backers and then moving on to the next assignment.
What's far less certain is how many of these attacks will come to light. Researchers hit the jackpot in 2012 with several juicy new cyberweapons to sink their teeth into and they made a lot of headway in understanding the methods and techniques of these types of attackers. But that knowledge and intelligence has a limited shelf life. Attackers shift tactics often, responding to changes in defensive methods or advances in research. Attacks that are going on right now and may be discovered weeks or months down the road could include components that have never been seen before. The hash collision developed by the attackers behind Flame is a perfect example.
So 2013 likely will look a lot like 2012, only more so. More sophisticated attacks, more novel techniques and more targets. Whether those attacks bubble up to the surface remains to be seen, but if they do, expect to see the rhetoric and hand-wringing ratchet up a few notches. It's the natural progression. If we learned anything in 2012, it's that attacks only get better.
-
Robert:
Your ongoing contributions here are greatly appreciated.
Marc
-
http://pjmedia.com/blog/obama-readies-unilateral-move-on-cybersecurity/
Obama Readies Unilateral Move on Cybersecurity
Even with a new Congress in session, the president will argue that lawmakers aren't moving fast enough.
by Rodrigo Sermeño
January 29, 2013 - 12:34 am
MARC: Given the nature of the threat to national security, I am more tolerant of some unilateral action by the Prez.
WASHINGTON – A long-running effort to protect critical infrastructure in the U.S. from cyber attacks collapsed in Congress last year. Despite this setback, different groups have continued their calls for more action in the wake of continuous threats, paving the way for the Obama administration to take the lead on cybersecurity policy – perhaps in an executive order that could come early this year.
After Congress first rejected the Cybersecurity Act of 2012 in August, the Obama administration immediately began drafting an executive document, known as Presidential Policy Directive 20. The White House argued that the danger of a devastating cyber attack against the U.S. was just too great for the executive branch to ignore it. The executive order, unlike the bill, does not need congressional approval, which will undoubtedly open the debate about the directive’s constitutionality.
The executive order will offer voluntary guidelines and a strict set of standards that will help government “more effectively secure the nation’s critical infrastructure by working collaboratively with the private sector,” White House spokeswoman Caitlin Hayden told the Washington Times.
The cybersecurity bill, first introduced by Sens. Joe Lieberman (I-Conn.) and Susan Collins (R-Maine) in February, called for the creation of a council to develop standards for certain industries such as utilities, pipelines, and financial service companies labeled as “critical infrastructure.” It also aimed to encourage industry to share information with the government about cyber-threats spotted on their networks.
After months of negotiations with privacy and civil liberty groups and industry representatives, the Senate introduced a revised version of the bill last summer. In the hopes of winning over the opposition, the bill’s co-sponsors significantly watered it down, making the cybersecurity standards optional.
Despite disagreements over specific measures, the legislation attracted widespread bipartisan support in the Senate. Many senators agreed with the major provisions of the bill that sought to strengthen the nation’s barriers against cyber attacks. But a rift emerged between the legislators believing that a new regulatory program was necessary because of the private sector’s failure to adequately protect its networks, and those doubting the efficacy of more government regulation in achieving its intended objective.
Back in August, Republicans and business groups strongly opposed the bill that would have imposed minimum standards of security on companies in key industries, claiming it was unwarranted government regulation. After the bill fell short to pass in August, Senate Majority Leader Harry Reid voted against it in a procedural move so that he could bring the bill back to the floor in November.
During the lame-duck session, the Senate came close to passing cybersecurity legislation. But a motion to move forward on the bill failed to secure the 60 votes needed to bring the bill up for passage.
“The bill that was and is most important to the intelligence community was just killed, and that’s cybersecurity,” Reid told the Hill after the vote. “Whatever we do for this bill, it’s not enough for the U.S. Chamber of Commerce. So everyone should understand cybersecurity is dead for this Congress. What an unfortunate thing, but that’s the way it is.”
Opposition to the bill made some legislators break ranks with their party. Four Democrats – Sens. Max Baucus (Mont.), Mark Pryor (Ark.), Jon Tester (Mont.) and Ron Wyden (Ore.) – voted against the motion in November. Three Republicans – Sens. Collins, Olympia Snowe (Maine), and Scott Brown (Mass.) – joined their Democratic counterparts in favor of the bill.
A rival version, the SECURE IT Act, introduced by Sen. John McCain (R-Ariz.) and a group of Senate Republicans in March, focused on improving the sharing of information about cyber-threats, but it did not include any measures aimed at creating security standards for critical infrastructure. The bill failed to gain traction in Congress and among civil liberty groups, including the American Civil Liberties Union.
Many government officials lamented the Cybersecurity Act’s failure. Sen. Daniel K. Akaka (D-Hawaii), senior member of the Senate Committee on Homeland Security, expressed his disappointment that the Senate “once again failed to put partisan differences aside and pass the critical bill.” Defense Secretary Leon Panetta also expressed his disappointment with the Senate for failing to allow the country to enhance its ability to protect itself against threats.
=======================
Panetta warned last year of the possibility of a “cyber Pearl Harbor.” He told business leaders attending a meeting of the Business Executives for National Security that the country is increasingly vulnerable to foreign computer hackers who could attack the country’s transportation system, government, financial networks, and power grid.
In a recent report, the Department of Homeland Security (DHS) estimated that more than 40 percent of all reported cyber attacks on critical infrastructure in 2012 targeted the energy sector. Many of the incidents reported to the DHS targeted information that could facilitate remote access and unauthorized operation.
Sustained cyber attacks targeting the websites of a dozen U.S. banks, including Wells Fargo, JP Morgan Chase, and Bank of America, exemplify the growing threat to the financial sector. What makes these attacks suspicious is that they are not carried by opportunists trying to steal data or money, but instead by experts keen on creating significant disruptions. Computer-security specialists say that the attacks showed a level of sophistication that exceeded that of amateur hackers, making it more likely that they were orchestrated by a nation.
“There is no doubt within the U.S. government that Iran is behind these attacks,” former Commerce and State Department official James A. Lewis told the New York Times this month. According to Lewis, the attacks are probably in retaliation for previous cyber attacks on Iran as well as sanctions imposed on the country.
After the intensifying wave of attacks, major U.S. banks have turned to the National Security Agency for technical assistance in an effort to protect their computer systems, the Washington Post reported.
The banks’ request follows a similar push by a trade group for more collaboration between the private sector and government. The Business Roundtable, which represents the chief executive of top U.S. companies, has recently called on Congress to pass legislation aimed at improving the sharing of information between government and industry so companies can thwart cyber attacks quickly. The group, however, cautioned against a “static compliance based regime” that would undermine a more dynamic solution based on information sharing.
Before the Senate vote in November, Lieberman warned of the possibility of an executive order issued by the president if the Senate voted against moving the bill forward. Reid also noted that the order would fall short of what the bill could accomplish, including liability protection that would protect companies from legal action if they are hit by a cyber attack.
In a letter sent to the president in October, a group of Republican senators urged Obama to work with Congress on cybersecurity legislation instead of acting unilaterally in a way that “will solidify the present divide” among stakeholders. The White House is expected to roll out the executive order as early as the end of this month.
As new leaders assume command of the congressional committees in charge of cybersecurity legislation, the prospects of reviving the debate have begun to emerge. A coalition of Senate Democrats, led by longtime cybersecurity legislation supporter Sen. Jay Rockefeller (D-W.Va), introduced on Wednesday a new resolution tackling the issue. “The new Congress has a real opportunity to reach needed consensus on bipartisan legislation that will strengthen our nation’s cybersecurity,” the senators said in a joint statement announcing the bill, called the Cybersecurity and American Cyber Competitiveness Act of 2013.
The new bill outlines legislative intent but does not provide any specific solutions beyond some recommendations to improve collaboration between the private sector and the federal government.
-
Robert:
Your ongoing contributions here are greatly appreciated.
Marc
Thanks Guro! I've been slacking on posting due to some transitioning at work. Glad to be back on the .... CND side vs Policy.
-
http://threatpost.com/en_us/blogs/cybersecurity-executive-order-short-action-long-voluntary-initiatives-021313?utm_source=Newsletter_021313&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=
The executive order that President Barack Obama signed yesterday in advance of his State of the Union Address contains a lot of provisions for information sharing on attacks and threats on critical infrastructure, and also calls for the development of a framework to reduce cybersecurity risks in federal agencies and critical infrastructure. What the order does not include are any mandates, required changes or a plan for significant action.
The most-discussed section of the executive order on cybersecurity is the one that directs the attorney general, secretary of the Department of Homeland Security and the Director of national Intelligence to establish an information-sharing program that will produce unclassified reports on "cyber threats to the U.S. homeland that identify a specific targeted entity." However, this is not the broad, two-way sharing of attack and threat data between the government and the private sector that some in the security community had been pushing for. Rather, it's a program designed to let intelligence agencies and the DHS take some of the data they gather on current attacks and notify targeted agencies about the attacks.
The executive order focuses almost exclusively on the threats facing critical infrastructure providers, both inside and outside the government, and discusses the need for better data on those threats and coordination among the entities responsible for running them. To that end, the order requires that DHS and the intelligence community figure out a method for disseminating classified threat information to those critical infrastructure providers. However, it does not provide a mechanism for getting that information to other, private-sector companies that may be targeted by the same kind of attacks.
"The Secretary and the Attorney General, in coordination with the Director of National Intelligence, shall establish a process that rapidly disseminates the reports produced pursuant to section 4(a) of this order to the targeted entity. Such process shall also, consistent with the need to protect national security information, include the dissemination of classified reports to critical infrastructure entities authorized to receive them. The Secretary and the Attorney General, in coordination with the Director of National Intelligence, shall establish a system for tracking the production, dissemination, and disposition of these reports," the executive order says.
The other major section of the order lays out the need for a voluntary risk-management framework designed to reduce vulnerabilities in critical infrastructure organizations such as utilities, government agencies and others. The framework "shall include a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks," the order says, and there are no provisions in the document that require compliance with the framework's provisions. Instead, the government will establish a voluntary program to promote the adoption of the framework.
The issuance of the executive order comes nearly 10 years to the day after the publication of the National Strategy to Secure Cyberspace, a document developed in the aftermath of the Sept. 11 attacks that was meant to lay out a road map for how the government, businesses and users could help improve security. At the time of its release on Feb. 14, 2003, the document was criticized heavily by security experts who saw it as being too weak and lacking any direct action. Much of that initial strategy discussed the need for better information sharing, more data on attacks and threats and better security at critical infrastructure facilities, as well.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
I'm in class tomorrow for something Information Assurance related, maybe we will be able to discuss the Executive Order tomorrow.
-
Classified Report Says Chinese Cyberespionage is a Serious Economic Threat to the US (February 10, 2013)
According to a National Intelligence Estimate, China more than any other country in the world is targeting the US in a focused cyberespionage campaign that threatens the country's economy. The classified report lists organizations in the energy, finance, aerospace, information technology and other sectors that have been the targets of these attacks. Russia, Israel, and France have also been named as engaging in similar activity, but China's alleged activity outstrips theirs by far.
http://www.washingtonpost.com/world/national-security/us-said-to-be-target-of-massive-cyber-espionage-campaign/2013/02/10/7b4687d8-6fc1-11e2-aa58-243de81040ba_story.html
[Editor's Note (Henry): Not really sure what the news is; I re-read the article twice to see what I missed. The Chinese and other nations are engaged in cyber espionage against the US...really? While this has been happening for at least 15 years, corporate executives, government agencies, and administration officials have been talking about this openly for the past two or three years. I hope the open dialogue and public recognition of the true impact of this threat move us faster and closer to truly effective mitigation actions.
(Ranum): US agencies responsible for protecting the country against cyberespionage have been doing their constituents a disservice. Instead of trading on fears, they could release and document details of the kind of thing that is happening and couple that with specific actions that should be taken by corporations and organizations that might be targeted. Today's taxpayers interpret a full-on fear sell as a request for a blank check and are understandably reluctant to write one.
(Paller): A powerful defense, discovered by another country and validated by U.S. Intelligence agencies, has emerged. Look for an upcoming report from the Center for Strategic and International Studies with evidence of the effectiveness of this defense against the most common methods of attack used in the nation-state espionage attacks. It's time to stop admiring the problem, and start fixing it. ]
-
Robert:
Thanks for staying with this theme for us.
"Today's taxpayers interpret a full-on fear sell as a request for a blank check and are understandably reluctant to write one."
I would submit that this is less a matter of concern over taxes, and more a matter of concern over Orwellian power grabs.
-
| BREAKING NEWS ALERT
NYTimes.com | Video
SPECIAL REPORT Monday, February 18, 2013 10:02 PM EST
China’s Army Is Seen as Tied to Hacking Against U.S.
A growing body of digital forensic evidence — confirmed by American intelligence officials who say they have tapped into the activity of a unit of cyberwarriors in China’s army — leaves little doubt that an overwhelming percentage of the attacks on American corporations, organizations and government agencies originate in and around a 12-story building on the outskirts of Shanghai.
An unusually detailed 60-page study, to be released Tuesday by Mandiant, an American computer security firm, tracks for the first time individual members of the most sophisticated of the Chinese hacking groups — known to many of its victims in the United States as “Comment Crew” or “Shanghai Group” — to the doorstep of the headquarters of a People’s Liberation Army unit.
While Comment Crew has drained terabytes of data from companies like Coca-Cola, increasingly its focus is on companies involved in the critical infrastructure of the United States — its electrical power grid, gas lines and waterworks.
http://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html?emc=na
-
This just in, Keith Richards may have used illicit substances!
-
Interesting report, but this is also from a vendor of a product as well, Ill be searching other sites to see if anything else is being mentioned about this article.
https://www.mandiant.com/blog/mandiant-exposes-apt1-chinas-cyber-espionage-units-releases-3000-indicators/?utm_source=rss
Mandiant Exposes APT1 – One of China’s Cyber Espionage Units & Releases 3,000 Indicators
By Dan Mcwhorter on February 18, 2013
Today, The Mandiant® Intelligence Center™ released an unprecedented report exposing APT1′s multi-year, enterprise-scale computer espionage campaign. APT1 is one of dozens of threat groups Mandiant tracks around the world and we consider it to be one of the most prolific in terms of the sheer quantity of information it has stolen.
Highlights of the report include:
Evidence linking APT1 to China’s 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department (Military Cover Designator 61398).
A timeline of APT1 economic espionage conducted since 2006 against 141 victims across multiple industries.
APT1′s modus operandi (tools, tactics, procedures) including a compilation of videos showing actual APT1 activity.
The timeline and details of over 40 APT1 malware families.
The timeline and details of APT1′s extensive attack infrastructure.
Mandiant is also releasing a digital appendix with more than 3,000 indicators to bolster defenses against APT1 operations. This appendix includes:
Digital delivery of over 3,000 APT1 indicators, such as domain names, IP addresses, and MD5 hashes of malware.
Thirteen (13) X.509 encryption certificates used by APT1.
A set of APT1 Indicators of Compromise (IOCs) and detailed descriptions of over 40 malware families in APT1′s arsenal of digital weapons.
IOCs that can be used in conjunction with Redline™, Mandiant’s free host-based investigative tool, or with Mandiant Intelligent Response® (MIR), Mandiant’s commercial enterprise investigative tool.
The scale and impact of APT1′s operations compelled us to write this report. The decision to publish a significant part of our intelligence about Unit 61398 was a painstaking one. What started as a “what if” discussion about our traditional non-disclosure policy quickly turned into the realization that the positive impact resulting from our decision to expose APT1 outweighed the risk of losing much of our ability to collect intelligence on this particular APT group. It is time to acknowledge the threat is originating from China, and we wanted to do our part to arm and prepare security professionals to combat the threat effectively. The issue of attribution has always been a missing link in the public’s understanding of the landscape of APT cyber espionage. Without establishing a solid connection to China, there will always be room for observers to dismiss APT actions as uncoordinated, solely criminal in nature, or peripheral to larger national security and global economic concerns. We hope that this report will lead to increased understanding and coordinated action in countering APT network breaches.
We recognize that no one entity can understand the entire complex picture that many years of intense cyber espionage by a single group creates. We look forward to seeing the surge of data and conversations a report like this will likely generate.
You can download the report, the appendices and view the video showing APT1 attacker activity at http://www.mandiant.com/apt1.
Dan McWhorter
Managing Director, Threat Intelligence
-
"China’s Army Is Seen as Tied to Hacking Against U.S. "
Interesting that it was the need to create a virtual private network to get around the Chinese firewall and censorship policies that allowed the discovery and geographic pinpointing of the espionage to a 12 story Chinese military building.
Obama administration: "We have repeatedly raised our concerns at the highest levels..."
http://killerapps.foreignpolicy.com/posts/2013/02/19/white_house_we_are_talking_cyber_espionage_with_china
Phew!! That ought to do it.
On second thought, if they believed "raising concerns at the highest level" will stop it, why admit the need to do it "repeatedly"?
-
From Team America:
Kim Jong Il: Hans Brix? Oh no! Oh, herro. Great to see you again, Hans!
Hans Blix: Mr. Il, I was supposed to be allowed to inspect your palace today, but your guards won't let me enter certain areas.
Kim Jong Il: Hans, Hans, Hans! We've been frew this a dozen times. I don't have any weapons of mass destwuction, OK Hans?
Hans Blix: Then let me look around, so I can ease the UN's collective mind. I'm sorry, but the UN must be firm with you. Let me in, or else.
Kim Jong Il: Or else what?
Hans Blix: Or else we will be very angry with you... and we will write you a letter, telling you how angry we are.
Kim Jong Il: OK, Hans. I'll show you. Stand to your reft.
Hans Blix: [Moves to the left]
Kim Jong Il: A rittle more.
Hans Blix: [Moves to the left again]
Kim Jong Il: Good.
[Opens up trap, Hans falls in]
-
Well done, GM.
-
You write articles, I quote Team America. We all have our strengths. :-D
-
You write articles, I quote Team America. We all have our strengths. :-D
And a fine quote it was, sir!
-
http://spectrum.ieee.org/riskfactor/telecom/security/us-agency-issues-call-for-national-cybersecurity-standards/?utm_source=computerwise&utm_medium=email&utm_campaign=022013
"Oddly, though, the press release announcing the development of the Cybersecurity Framework makes no mention that the final public version of a report titled, "Security and Privacy Controls for Federal Information Systems and Organizations" was released on 5 February and that the public comment period continues through 1 March."
:-o :-o
-
http://foreignpolicyblogs.com/2013/02/26/cyber-espionage-reducing-tensions-between-china-and-the-united-states/
-
http://www.wired.com/threatlevel/2013/02/new-stuxnet-variant-found/all/
-
Regarding the first of BD's two entries this morning: "The real issue is how to avoid that these sort of attacks lead to escalating tensions between the two great powers on a strategic level":
NO, the real issue is whether we do something to defend ourselves-- to get them to knock it off. Not only is their the military espionage stuff, there is also the massive threat of intellectual property.
-
Regarding the first of BD's two entries this morning: "The real issue is how to avoid that these sort of attacks lead to escalating tensions between the two great powers on a strategic level":
NO, the real issue is whether we do something to defend ourselves-- to get them to knock it off. Not only is their the military espionage stuff, there is also the massive threat of intellectual property.
If you look/act like a victim, you'll be one soon enough.
-
http://www.afr.com/p/technology/cyber_war_crucial_to_edge_in_regional_9iXE9ux1Njz4mnmLBykREM
The paper nominates cyber warfare, electronic warfare and undersea warfare systems as areas where industry will need to stay “abreast of key enabling technologies’’ to stay ahead of the threat. Photo: Jessica Hromas
JOHN KERIN
Australia risks losing a regional arms race unless closer links can be forged between the government and the defence industry on countering cyber attacks, the Australian Industry Group Defence Council warns.
The council’s submission to the federal government’s 2013 defence white paper warns Australia will struggle to win a regional arms race unless the Gillard government pursues policies to align defence and industry.
“Given the more rapid acquisition of advanced military capabilities in our region of primary strategic concern, maintaining a capability edge is going to become much more demanding,’’ it says.
It calls for a closer relationship between the Defence Science and Technology Organisation and industry in promoting faster innovation. It nominates cyber warfare, electronic warfare and undersea warfare systems as areas where industry will need to stay “abreast of key enabling technologies”. “ADF capabilities must be capable of adaptation and evolution to meet changing threats,’’ the paper says.
CYBER ATTACKS
A defence white paper draft leaked to The Australian Financial Review warned in January that an adversary could try to use cyber attacks on defence networks to bring down systems crucial to deploying troops to war.
It also warned that Australia’s neighbours were increasingly buying sophisticated ships, aircraft and weapons systems that would make it harder to maintain the traditional capability edge.
The submission recommends an industry-wide survey be conducted to ensure industry and defence industry research and development more closely align to defence needs.
It says the government must bring forward projects to preserve the naval shipbuilding industry as the air warfare destroyer and troop transport ship projects wind down before an ambitious new submarine project worth up to $36 billion.
The submission also says the government should consider outsourcing some capabilities within the government weapons buyer, the Defence Materiel Organisation, to industry provided conflicts of interest can be avoided.
It says an Australian defence export push should become part of formal defence ties with south-east Asian nations to try to ensure the defence sector is not so vulnerable to traditional peaks and troughs of domestic defence buying.
FISCAL CONSTRAINT
The submission urges a wider review of the priority industry capabilities scheme. This scheme nominates areas vital to national security for special assistance in light of the government focusing on challenges closer to home in Asia-Pacific as the war in Afghanistan winds down.
The AiGroup warns that the white paper comes when “confidence has collapsed’’ in the defence industry after the government failed to deliver on its ambitious $275 billion weapons wish list.
The government has cut or deferred almost $25 billion in defence spending since the 2009 defence white paper and imposed cuts of $5.5 billion, or 10.5 per cent, this year. “By 2012 defence spending had reduced to its lowest level since 1938 (1.6 per cent of GDP) and the planned equipment acquisition program had been scuttled,’’ it says.
“A number of defence industry companies have closed and more than 5000 people have lost their jobs. Confidence has collapsed and uncertainty prevails throughout defence industry . . . this has a direct effect on national security.”
-
http://www.fbi.gov/news/stories/2013/february/the-cyber-threat-planning-for-the-way-ahead/the-cyber-threat-planning-for-the-way-ahead
Director Mueller speaks to cyber security professionals in San Francisco. Read text of his remarks.
The Cyber Threat
Planning for the Way Ahead
02/28/13
Denial of service attacks, network intrusions, state-sponsored hackers bent on compromising our national security: The cyber threat is growing, and in response, said FBI Director Robert S. Mueller, the Bureau must continue to strengthen its partnerships with other government agencies and private industry—and take the fight to the criminals.
“Network intrusions pose urgent threats to our national security and to our economy,” Mueller told a group of cyber security professionals in San Francisco today. “If we are to confront these threats successfully,” he explained, “we must adopt a unified approach” that promotes partnerships and intelligence sharing—in the same way we responded to terrorism after the 9/11 attacks.
Focus on Hackers and Intrusions
The FBI over the past year has put in place an initiative to uncover and investigate web-based intrusion attacks and develop a cadre of specially trained computer scientists able to extract hackers’ digital signatures from mountains of malicious code. Learn more
The FBI learned after 9/11 that “our mission was to use our skills and resources to identify terrorist threats and to find ways of disrupting those threats,” Mueller said. “This has been the mindset at the heart of every terrorism investigation since then, and it must be true of every case in the cyber arena as well.”
Partnerships that ensure the seamless flow of intelligence are critical in the fight against cyber crime, he explained. Within government, the National Cyber Investigative Joint Task Force, which comprises 19 separate agencies, serves as a focal point for cyber threat information. But private industry—a major victim of cyber intrusions—must also be “an essential partner,” Mueller said, pointing to several successful initiatives.
The National Cyber Forensics and Training Alliance, for example, is a model for collaboration between private industry and law enforcement. The Pittsburgh-based organization includes more than 80 industry partners—from financial services, telecommunications, retail, and manufacturing, among other fields—who work with federal and international partners to provide real-time threat intelligence.
Another example is the Enduring Security Framework, a group that includes leaders from the private sector and the federal government who analyze current—and potential—threats related to denial of service attacks, malware, and emerging software and hardware vulnerabilities.
Mueller also noted the Bureau’s cyber outreach efforts to private industry. The Domestic Security Alliance Council, for instance, includes chief security officers from more than 200 companies, representing every critical infrastructure and business sector. InfraGard, an alliance between the FBI and industry, has grown from a single chapter in 1996 to 88 chapters today with nearly 55,000 members nationwide. And just last week, the FBI held the first session of the National Cyber Executive Institute, a three-day seminar to train leading industry executives on cyber threat awareness and information sharing.
“As noteworthy as these outreach programs may be, we must do more,” Mueller said. “We must build on these initiatives to expand the channels of information sharing and collaboration.”
He added, “For two decades, corporate cyber security has focused principally on reducing vulnerabilities. These are worthwhile efforts, but they cannot fully eliminate our vulnerabilities. We must identify and deter the persons behind those computer keyboards. And once we identify them—be they state actors, organized criminal groups, or 18-year-old hackers—we must devise a response that is effective, not just against that specific attack, but for all similar illegal activity.”
“We need to abandon the belief that better defenses alone will be sufficient,” Mueller said. “Instead of just building better defenses, we must build better relationships. If we do these things, and if we bring to these tasks the sense of urgency that this threat demands,” he added, “I am confident that we can and will defeat cyber threats, now and in the years to come.”
Resources:
- Read Director Mueller’s remarks
http://www.fbi.gov/news/speeches/working-together-to-defeat-cyber-threats
- Cyber Crime page
http://www.fbi.gov/about-us/investigate/cyber
- National Cyber Investigative Joint Task Force
http://www.fbi.gov/about-us/investigate/cyber/ncijtf
- National Cyber Forensics and Training Alliance
http://www.fbi.gov/news/stories/2011/september/cyber_091611
- Infragard
http://www.fbi.gov/news/stories/2010/march/infragard_030810
-
Norwegian National Security Authority accuses China of computer espionage against Norwegian companies.
After TV2 revelaed last week that a Chinese military hacker group connected to Chinese government is behind cyber attacks against sensitive targets in Norway, National Security Authority deputy Eiliv Ofigsbø today said Norwegian companies have probably lost contracts because of computer espionage.
According to Ofigsbo, at least 20 of these serious cyber attacks can be traced back to China.
- The consequence of espionage cases may be losing data or losing the contract negotiations. We have seen concrete examples of Norwegian companies probably have lost as a result of these espionage activities. Our organization works with a number of Norwegian firms, and we know a number of those who have been subjected to such attacks, says Ofigsbø to TV2.
Ofisbo also noted that particularly high-tech firms, defense and oil and gas industries are the most severely affected ones by the attacks. Some in the energy sector have also been attacked. He says the U.S. report, designated "Unit 61398" also shows the Chinese military as responsible for an attack aimed at a larger company on Norwegian soil.
- Since 2008, the number of cases increased by 30 percent each year. The past year was particularly remarked with the increased serious cases, including espionage cases, says he.
-
Robert, as best as I can tell you are the most knowledgeable of us about the tech side this sort of thing.
What sort of solutions suggest themselves to you?
-
http://money.cnn.com/2013/03/05/technology/security/cybersecurity-privacy/index.html
From the article:
The debate on cybersecurity has produced a sideshow centered around the belief that added security means a reduction in privacy.
Such views are nonsense. Quite simply, digital privacy cannot exist without cybersecurity. Weak security equals weak privacy. Want better privacy? Raise your security game to prevent hackers from stealing private data. Let the experts from the private sector and government communicate with each other so when they see threats, they can alert others and work together to create a solution.
-
Robert, as best as I can tell you are the most knowledgeable of us about the tech side this sort of thing.
What sort of solutions suggest themselves to you?
Hey Guro, havent been ignoring the question been kind of busy this week, will give some thoughts as soon as I can.
Aloha.
-
Thanks Robert, we await with interest.
BD:
An interesting point, but what do you make of the "fox guarding the hen house" aspects of it?
-
I think it needs oversight. In some ways, at least, a single government is less of a threat than 1000s of independent hackers, etc.
-
Philosophical question: Which is a greater danger-- thousands of independent hackers or the government tracking everything you read, write, and say?
-
http://thehill.com/blogs/hillicon-valley/technology/286685-k-street-lobbyists-lining-up-for-cybersecurity-cash-grab-
From the article:
"Lobbyists note that cybersecurity is one of the few areas where budget-conscious lawmakers are looking to spend."
-
Philosophical question: Which is a greater danger-- thousands of independent hackers or the government tracking everything you read, write, and say?
Both.
-
http://csis.org/files/publication/130307_cyber_Lowy.pdf
Long, but excellent.
-
Albeit begrudglingly, as even POTH admits herein, it is good to see the first hints of spine on this!
================================================
U.S. Demands China Block Cyberattacks and Agree to Rules
By MARK LANDLER and DAVID E. SANGER
Published: March 11, 2013 267 Comments
WASHINGTON — The White House demanded Monday that the Chinese government stop the widespread theft of data from American computer networks and agree to “acceptable norms of behavior in cyberspace.”
The demand, made in a speech by President Obama’s national security adviser, Tom Donilon, was the first public confrontation with China over cyberespionage and came two days after its foreign minister, Yang Jiechi, rejected a growing body of evidence that his country’s military was involved in cyberattacks on American corporations and some government agencies.
The White House, Mr. Donilon said, is seeking three things from Beijing: public recognition of the urgency of the problem; a commitment to crack down on hackers in China; and an agreement to take part in a dialogue to establish global standards.
“Increasingly, U.S. businesses are speaking out about their serious concerns about sophisticated, targeted theft of confidential business information and proprietary technologies through cyberintrusions emanating from China on an unprecedented scale,” Mr. Donilon said in a wide-ranging address to the Asia Society in New York.
“The international community,” he added, “cannot tolerate such activity from any country.”
In Beijing, a spokeswoman for the Chinese Foreign Ministry, Hua Chunying, did not directly say whether the government is willing to negotiate over the proposals spelled out by Mr. Donilon. But at a daily news briefing Tuesday she repeated the government’s position that it opposes Internet attacks and wants “constructive dialogue” with the United States and other countries about cybersecurity issues.
Until now, the White House has steered clear of mentioning China by name when discussing cybercrime, though Mr. Obama and other officials have raised it privately with Chinese counterparts. In his State of the Union address, he said, “We know foreign countries and companies swipe our corporate secrets.”
But as evidence has emerged suggesting the People’s Liberation Army is linked to hacking, the China connection has become harder for the administration not to confront head-on. The New York Times three weeks ago published evidence tying one of the most active of the Chinese groups to a neighborhood in Shanghai that is headquarters to a major cyberunit of the People’s Liberation Army. That account, based in large part on unclassified work done by Mandiant, a security firm, echoed the findings of intelligence agencies that have been tracking the Chinese attackers.
American officials say raising the issue with the Chinese is a delicate balancing act at a time when the United States is seeking China’s cooperation in containing North Korea’s nuclear and missile programs, and joining in sanctions on Iran. Yet they have been expressing their concerns about cyberattacks with Chinese officials for years. Starting in 2010, they invited P.L.A. officials to discuss the issue — a process that has only just started — and last November, Mr. Obama broached the subject at a summit meeting with Prime Minister Wen Jiabao, a senior administration official said.
Since then, the official said, there has been a “perfect storm” of media coverage and protests from the corporate world. Still, he said, Mr. Donilon chose not to mention the P.L.A. in his speech because he did not want to engage in finger-pointing.
“What we are hoping to do,” another senior official said, “is force the Chinese civilian leadership to realize that the P.L.A. is interfering with their foreign policy.”
The Chinese have insisted that they are the victims of cyberattacks, not the perpetrators. On Saturday, the Chinese foreign minister, Yang Jiechi, issued his own call for “rules and cooperation” on cybersecurity and said reports of Chinese military involvement in cyberattacks were “built on shaky ground.”
“Anyone who tries to fabricate or piece together a sensational story to serve a political motive will not be able to blacken the name of others nor whitewash themselves,” Mr. Yang told reporters at the National People’s Congress, which was preparing to ratify the ascension ofXi Jinpingto the Chinese presidency.
Mr. Donilon said the threats to cybersecurity had moved to the forefront of American concerns with China, noting that he was not “talking about ordinary cybercrime or hacking.”
1
That distinction, a senior administration official said, was meant to separate the theft of intellectual property by Chinese state entities from small-scale hacking by individuals, or the use of cyberweapons by a state to protect its national security. But the distinction between cyberattacks aimed at intellectual property theft and those aimed at disabling a military threat is largely made by Western officials devising legal arguments, not one the Chinese have embraced.
Related
In Wake of Cyberattacks, China Seeks New Rules (March 11, 2013)
Connect With Us on Twitter
Follow @nytimesworld for international breaking news and headlines.
Twitter List: Reporters and Editors
.
Readers’ Comments
Share your thoughts.
Post a Comment »
Read All Comments (267) »
Even as he emphasized the need for international rules to guide cyberactivity, Mr. Donilon made no reference to the billions of dollars the American military and intelligence agencies are spending to develop an arsenal of offensive cyberweapons — to be used against military targets, officials insist, not economic ones. The most famous of these operations was the covert cyberattack mounted by the United States and Israel to disable the centrifuges that Iran uses to enrich uranium at its site in Natanz.
Mr. Donilon sketched out a vigorous agenda in Asia, insisting the United States would keep pursuing its “strategic pivot” toward the region, despite cuts in military spending. He announced that the Treasury Department would impose sanctions on a North Korean bank specializing in foreign-exchange transactions — ratcheting up the pressure on the North Korean government on the day that Pyongyang announced it would no longer abide by the 1953 armistice that halted the Korean War.
With fears about North Korea’s increased nuclear and missile capabilities causing considerable anxiety in Seoul and Tokyo, Mr. Donilon restated a “declaratory policy” that was first formulated by President George W. Bush after the North’s first nuclear test, in 2006. He warned that the United States would reserve the option to retaliate against the North, not just if it used nuclear weapons but if it allowed the “transfer of nuclear weapons or nuclear materials to other states or nonstate entities.”
That formulation did not appear to cover, however, the transfer of technology to build nuclear facilities, as North Korea did in Syria. That reactor was destroyed by Israel in 2007.
“It’s understandable that the people of South Korea would be concerned about the threat they face from the North,” Mr. Donilon said, apparently alluding to talk in the South of building the country’s own nuclear arsenal, a move the United States halted decades ago. Mr. Donilon added that the United States had assets in place “to insure that South Korea’s defense is provided for.”
« Previous Page 1
2
Chris Buckley contributed reporting from Hong Kong.
This article has been revised to reflect the following correction:
Correction: March 11, 2013
Because of an editing error, an earlier version of this article misidentified the Chinese official with whom President Obama, at a summit meeting last November, broached the subject of Chinese cyberattacks on American computer networks. It was Prime Minister Wen Jiabao, not the foreign minister, Yang Jiechi.
A version of this article appeared in print on March 12, 2013, on page A1 of the New York edition with the headline: U.S. Demands Chinese Block Cyberattacks.
-
:roll:
As China works to turn the Pacific into their lake, they'll seriously consider our protests.
:roll:
-
POTH:
WASHINGTON — The chief of the military’s newly created Cyber Command told Congress on Tuesday that he is establishing 13 teams of programmers and computer experts who could carry out offensive cyberattacks on foreign nations if the United States were hit with a major attack on its own networks, the first time the Obama administration has publicly admitted to developing such weapons for use in wartime.
“I would like to be clear that this team, this defend-the-nation team, is not a defensive team,” Gen. Keith Alexander, who runs both the National Security Agency and the new Cyber Command, told the House Armed Services Committee. “This is an offensive team that the Defense Department would use to defend the nation if it were attacked in cyberspace. Thirteen of the teams that we’re creating are for that mission alone.”
General Alexander’s testimony came on the same day the nation’s top intelligence official, James R. Clapper Jr., warned Congress that a major cyberattack on the United States could cripple the country’s infrastructure and economy, and suggested that such attacks now pose the most dangerous immediate threat to the United States, even more pressing than an attack by global terrorist networks.
On Monday, Thomas E. Donilon, the national security adviser, demanded that Chinese authorities investigate such attacks and enter talks about new rules governing behavior in cyberspace.
General Alexander has been a major architect of the American strategy on this issue, but until Tuesday he almost always talked about it in defensive terms. He has usually deflected questions about America’s offensive capability, and turned them into discussions of how to defend against mounting computer espionage from China and Russia, and the possibility of crippling attacks on utilities, cellphone networks and other infrastructure. He was also a crucial player in the one major computer attack the United States is known to have sponsored in recent years, aimed at Iran’s nuclear enrichment plants. He did not discuss that highly classified operation during his open testimony.
Mr. Clapper, the director of national intelligence, told the Senate Intelligence Committee that American spy agencies saw only a “remote chance” in the next two years of a major computer attack on the United States, which he defined as an operation that “would result in long-term, wide-scale disruption of services, such as a regional power outage.”
Mr. Clapper appeared with the heads of several other intelligence agencies, including Lt. Gen. Michael T. Flynn of the Defense Intelligence Agency, the F.B.I. director Robert S. Mueller III, and the C.I.A. director John O. Brennan, to present their annual assessment of the threats facing the nation. It was the first time that Mr. Clapper listed cyberattacks first in his presentation to Congress, and the rare occasion since the Sept. 11, 2001, attacks that intelligence officials did not list international terrorism first in the catalog of dangers facing the United States.
“In some cases,” Mr. Clapper said in his testimony, “the world is applying digital technologies faster than our ability to understand the security implications and mitigate potential risks.” He said it was unlikely that Russia and China would launch “devastating” cyberattacks against the United States in the near future, but he said foreign spy services had already hacked the computer networks of government agencies, businesses and private companies.
Two specific attacks Mr. Clapper listed, an August 2012 attack against the Saudi oil company Aramco and attacks on American banks and stock exchanges last year, are believed by American intelligence officials to have been the work of Iran.
General Alexander picked up on the same themes in his testimony, saying that he was adding 40 cyber teams, 13 focused on offense and 27 on training and surveillance. When pressed, he said that the best defense hinged on being able to monitor incoming traffic to the United States through private “Internet service providers,” which could alert the government, in the milliseconds that electronic messages move, about potentially dangerous attacks. Such surveillance is bound to raise more debate with privacy advocates, who fear government monitoring of the origin and the addressing data on most e-mail messages and other computer exchanges.
Traditional threats occupied much of Mr. Clapper’s testimony. American intelligence officials are giving new emphasis to the danger posed by North Korea’s nuclear weapons and missile programs, which are said for the first time to “pose a serious threat to the United States” as well as to its East Asian neighbors. North Korea, which recently made a series of belligerent statements after its third nuclear test, has displayed an intercontinental missile that can be moved by road and in December launched a satellite atop a Taepodong-2 launch vehicle, Mr. Clapper’s prepared statement noted.
“The rhetoric, while it is propaganda laced, is also an indicator of their attitude and perhaps their intent,” Mr. Clapper said during one exchange with a lawmaker, adding that he was concerned that North Korea “could initiate a provocative action against the South.”
In his discussion of terrorism, Mr. Clapper noted that while Al Qaeda’s core in Pakistan “is probably unable to carry out complex, large-scale attacks in the West,” spinoffs still posed a threat. Listed first is the affiliate in Yemen, Al Qaeda in the Arabian Peninsula, which Mr. Clapper said had retained its goal of attacks on United States soil, but he also noted militant groups in six other countries that still threaten local violence.
Mr. Clapper began his remarks by criticizing policy makers for the current budget impasse, saying that the budget cuts known as sequestration will force American spy agencies to make sharp reductions in classified programs and to furlough employees. The classified intelligence budget has ballooned over the past decade, and Mr. Clapper compared the current round of cuts to the period during the 1990s when the end of the cold war led to drastic reductions in the C.I.A.’s budget.
“Unlike more directly observable sequestration impacts, like shorter hours at public parks or longer security lines at airports, the degradation of intelligence will be insidious,” Mr. Clapper said. “It will be gradual and almost invisible unless and until, of course, we have an intelligence failure.”
The threat hearing is the only scheduled occasion each year when the spy chiefs present open testimony to Congress about the dangers facing the United States, and Mr. Clapper did not hide the fact that he is opposed to the annual ritual. President Obama devoted part of his State of the Union address to a pledge of greater transparency with the Congress and the American public, but Mr. Clapper, a 71-year-old retired Air Force general, made it clear that he saw few benefits of more public disclosure.
“An open hearing on intelligence matters is something of a contradiction in terms,” he said.
Scott Shane contributed reporting
-
http://nationalinterest.org/print/commentary/china-the-cyber-great-game-8241
From the article:
Although significant in its own right, the PLA’s apparent involvement in cyber espionage has broader implications. In particular, the allegations against Unit 61398 and other recent developments highlight the emerging great game in cyberspace across the Asia-Pacific—as well as the growing link between competition in cyberspace and traditional geopolitics.
The interconnected nature of the Internet has allowed cyber espionage to impose economic costs that are historically unique, creating enormous pressures for states and other organizations to respond. In the case of the United States, gauging the cost of cyber espionage to the economy is difficult. Although intelligence reviews point out that estimates range from $2 billion to $400 billion each year, NSA Director General Keith Alexander has said that cyber theft of economic information represents “the greatest transfer of wealth in human history.”
Moreover, these economic cybersecurity challenges originate disproportionately from the Asia-Pacific, the emerging global power center and increasing focal point of American security policy. A 2012 report by the Internet firm Akamai alleges that 51 percent of cybersecurity breaches worldwide originate in the Asia-Pacific, with one third of global totals originating from China.
-
http://thehill.com/blogs/hillicon-valley/technology/290103-draft-cybersecurity-bill-aims-to-stiffen-computer-hacking-law
A draft cybersecurity bill circulating among House Judiciary Committee members would stiffen a computer hacking law used to bring charges against Internet activist Aaron Swartz.
The bill draft would tighten penalties for cyber crimes and establish a standard for when companies would have to notify consumers that their personal data has been hacked, according to a copy obtained by The Hill.
It would also change existing law so that an attempt at a cyber crime can be punished as harshly as an actual offense.
Such measures could spark concern among advocates outraged over the death of Swartz, the 26-year-old Internet activist and computer programmer who killed himself earlier this year while facing a possible 35-year prison term for hacking. Advocates have called on Congress to make changes to what they say is a draconian law that led to too harsh a prosecution of Swartz
http://www.wilsoncenter.org/event/cyber-gridlock-why-the-public-should-care?utm_source=social&utm_medium=general&utm_campaign=social_media
"As Washington fiddles, the vulnerability of U.S. infrastructure, private and public devices and networks grows. The U.S. has no clear, coordinated and effective policy to mitigate the complex threat. The public has no idea how vulnerable they (sic) are (sic), and are (sic) left out of the debate." Time approx. 90minutes
-
I'm no fan of computer crime, but 35 years for what Aaron Swartz was supposed to have done was hardly justice in my mind.
http://thehill.com/blogs/hillicon-valley/technology/290103-draft-cybersecurity-bill-aims-to-stiffen-computer-hacking-law
A draft cybersecurity bill circulating among House Judiciary Committee members would stiffen a computer hacking law used to bring charges against Internet activist Aaron Swartz.
The bill draft would tighten penalties for cyber crimes and establish a standard for when companies would have to notify consumers that their personal data has been hacked, according to a copy obtained by The Hill.
It would also change existing law so that an attempt at a cyber crime can be punished as harshly as an actual offense.
Such measures could spark concern among advocates outraged over the death of Swartz, the 26-year-old Internet activist and computer programmer who killed himself earlier this year while facing a possible 35-year prison term for hacking. Advocates have called on Congress to make changes to what they say is a draconian law that led to too harsh a prosecution of Swartz
http://www.wilsoncenter.org/event/cyber-gridlock-why-the-public-should-care?utm_source=social&utm_medium=general&utm_campaign=social_media
"As Washington fiddles, the vulnerability of U.S. infrastructure, private and public devices and networks grows. The U.S. has no clear, coordinated and effective policy to mitigate the complex threat. The public has no idea how vulnerable they (sic) are (sic), and are (sic) left out of the debate." Time approx. 90minutes
-
A recent survey from Lieberman Software reveals that more than 80% of IT security professionals believe that corporate employees deliberately ignore security rules issued by the IT department.
The survey, which looked at the attitudes of nearly 250 IT security professionals, also discovered that more than half of those who think that workers deliberately ignore IT security directives do not believe end-users would listen more even if these mandates were issued by executive management.
These findings are despite the fact that more IT security professionals and vendors are insisting that in order to improve IT security within organizations, strategic guidance must be issued from the board level.
Commenting on the research, Philip Lieberman, CEO of Lieberman Software, said: “These figures highlight the fact that most end-users are still not taking IT security seriously and are unnecessarily putting corporate data – and potentially customer information – at risk. And these behaviors are continuing even after it has been proven that human error is the leading cause of data breaches. Organizations need to implement better cyber security training that properly instructs staff about the consequences of data breaches.
“IT groups must also look beyond conventional security products and invest in technology like privileged identity management (PIM),” continued Lieberman. “PIM products ensure that powerful privileged accounts found throughout the enterprise in large organizations are available only to authorized IT personnel with limited-time, audited access. This ensures that end-users are not able to accidentally or maliciously change configuration settings, access systems with sensitive data, or perform other actions that are not required of their jobs.”
http://www.net-security.org/secworld.php?id=14650
-
http://www.darkreading.com/blog/240151108/on-security-awareness-training.html
On Security Awareness Training
The focus on training obscures the failures of security design
Mar 19, 2013 | 07:39 AM |
By Bruce Schneier
Dark Reading
Should companies spend money on security awareness training for their employees? It's a contentious topic, with respected experts on both sides of the debate. I personally believe that training users in security is generally a waste of time and that the money can be spent better elsewhere. Moreover, I believe that our industry's focus on training serves to obscure greater failings in security design.
In order to understand my argument, it's useful to look at training's successes and failures. One area where it doesn't work very well is health. We are forever trying to train people to have healthier lifestyles: eat better, exercise more, whatever. And people are forever ignoring the lessons. One basic reason is psychological: We just aren't very good at trading off immediate gratification for long-term benefit. A healthier you is an abstract eventually; sitting in front of the television all afternoon with a McDonald's Super Monster Meal sounds really good right now.
Similarly, computer security is an abstract benefit that gets in the way of enjoying the Internet. Good practices might protect me from a theoretical attack at some time in the future, but they’re a bother right now, and I have more fun things to think about. This is the same trick Facebook uses to get people to give away their privacy. No one reads through new privacy policies; it's much easier to just click "OK" and start chatting with your friends. In short: Security is never salient.
Another reason health training works poorly is that it’s hard to link behaviors with benefits. We can train anyone -- even laboratory rats -- with a simple reward mechanism: Push the button, get a food pellet. But with health, the connection is more abstract. If you’re unhealthy, then what caused it? It might have been something you did or didn’t do years ago. It might have been one of the dozen things you have been doing and not doing for months. Or it might have been the genes you were born with. Computer security is a lot like this, too.
Training laypeople in pharmacology also isn't very effective. We expect people to make all sorts of medical decisions at the drugstore, and they're not very good at it. Turns out that it's hard to teach expertise. We can't expect every mother to have the knowledge of a doctor, pharmacist, or RN, and we certainly can't expect her to become an expert when most of the advice she's exposed to comes from manufacturers' advertising. In computer security, too, a lot of advice comes from companies with products and services to sell.
One area of health that is a training success is HIV prevention. HIV may be very complicated, but the rules for preventing it are pretty simple. And aside from certain sub-Saharan countries, we have taught people a new model of their health and have dramatically changed their behavior. This is important: Most lay medical expertise stems from folk models of health. Similarly, people have folk models of computer security (PDF). Maybe they're right, and maybe they're wrong, but they're how people organize their thinking. This points to a possible way that computer security training can succeed. We should stop trying to teach expertise, pick a few simple metaphors of security, and train people to make decisions using those metaphors.
On the other hand, we still have trouble teaching people to wash their hands -- even though it’s easy, fairly effective, and simple to explain. Notice the difference, though. The risks of catching HIV are huge, and the cause of the security failure is obvious. The risks of not washing your hands are low, and it’s not easy to tie the resultant disease to a particular not-washing decision. Computer security is more like hand washing than HIV.
Another area where training works is driving. We trained, either through formal courses or one-on-one tutoring, and passed a government test to be allowed to drive a car. One reason that works is because driving is a near-term, really cool, obtainable goal. Another reason is even though the technology of driving has changed dramatically over the past century, that complexity has been largely hidden behind a fairly static interface. You might have learned to drive 30 years ago, but that knowledge is still relevant today.
On the other hand, password advice from 10 years ago isn't relevant today (PDF). Can I bank from my browser? Are PDFs safe? Are untrusted networks OK? Is JavaScript good or bad? Are my photos more secure in the cloud or on my own hard drive? The “interface” we use to interact with computers and the Internet changes all the time, along with best practices for computer security. This makes training a lot harder.
Food safety is my final example. We have a bunch of simple rules -- cooking temperatures for meat, expiration dates on refrigerated goods, the three-second rule for food being dropped on the floor -- that are mostly right, but often ignored. If we can’t get people to follow these rules, then what hope do we have for computer security training?
To those who think that training users in security is a good idea, I want to ask: "Have you ever met an actual user?" They're not experts, and we can’t expect them to become experts. The threats change constantly, the likelihood of failure is low, and there is enough complexity that it’s hard for people to understand how to connect their behaviors to eventual outcomes. So they turn to folk remedies that, while simple, don't really address the threats.
Even if we could invent an effective computer security training program, there's one last problem. HIV prevention training works because affecting what the average person does is valuable. Even if only half of the population practices safe sex, those actions dramatically reduce the spread of HIV. But computer security is often only as strong as the weakest link. If four-fifths of company employees learn to choose better passwords, or not to click on dodgy links, one-fifth still get it wrong and the bad guys still get in. As long as we build systems that are vulnerable to the worst case, raising the average case won't make them more secure.
The whole concept of security awareness training demonstrates how the computer industry has failed. We should be designing systems that won't let users choose lousy passwords and don't care what links a user clicks on. We should be designing systems that conform to their folk beliefs of security, rather than forcing them to learn new ones. Microsoft has a great rule about system messages that require the user to make a decision. They should be NEAT: necessary, explained, actionable, and tested. That's how we should be designing security interfaces. And we should be spending money on security training for developers. These are people who can be taught expertise in a fast-changing environment, and this is a situation where raising the average behavior increases the security of the overall system.
If we security engineers do our job right, then users will get their awareness training informally and organically from their colleagues and friends. People will learn the correct folk models of security and be able to make decisions using them. Then maybe an organization can spend an hour a year reminding their employees what good security means at that organization, both on the computer and off. That makes a whole lot more sense.
Bruce Schneier is chief security technology officer at BT, and the author of several security books as well as the Schneier On Security blog. Special to Dark Reading
-
IBM executives head to Washington to press lawmakers on cybersecurity bill
By Jennifer Martinez
04/15/13
http://thehill.com/blogs/hillicon-valley/technology/293715-ibm-launching-cispa-advocacy-tour
Nearly 200 senior IBM executives are flying into Washington to press for the passage of a controversial cybersecurity bill that will come up for a vote in the House this week.
The IBM executives will pound the pavement on Capitol Hill Monday and Tuesday, holding nearly 300 meetings with lawmakers and staff. Over the course of those two days, their mission is to convince lawmakers to back a bill that’s intended to make it easier for industry and government to share information about cyber threats with each other in real time.
“We’re going to put our shoe leather where our mouth is,” Chris Padilla, vice president of governmental affairs at IBM, told The Hill.
“The message we're going to give [lawmakers] is going to be a very simple, clear message: support the passage of CISPA,” he later added.
The Cyber Intelligence Sharing and Protection Act, or CISPA, by House Intelligence Committee Chairman Mike Rogers (R-Mich.) and ranking member Dutch Ruppersberger (D-Md.), passed out of committee on an 18-2 vote last Wednesday and is expected to come to the floor for a vote as soon as mid-week.
While the bill enjoys strong backing from industry, privacy advocates warn the bill lacks sufficient protections for people’s information online. The White House issued a veto threat against the first iteration of CISPA last year, due in part to privacy concerns.
Despite the opposition, CISPA safely passed the House last year on a bipartisan vote—and IBM intends to make sure it does again this week.
The technology services company runs the information technology networks of major hospitals, banks and electric companies—key infrastructure that lawmakers and security officials warn are top targets for hostile actors to launch a cyberattack.
Big Blue is also the top recipient of U.S. patents and owns a trove of valuable intellectual property that would be enticing to probing hackers looking to siphon valuable proprietary information. A report published by computer security firm Mandiant this year concluded that an elite military unit of Chinese hackers has allegedly cracked into the computer systems of more than 100 U.S. companies and stolen intellectual property.
The company believes the best way to thwart a cyberattack is to encourage companies to share more data about malicious source code and other online threats with the government and their private-sector peers so they can take steps to address it, according to Padilla.
“It’s our experience that the most effective thing you can do when a cyberattack occurs is to share information quickly between government and industry and between industry actors in real time in order to find where the attack is coming from and to shut it down,” he said.
"The key really is when an attack happens—and they will happen—is detecting it, and shutting it down and preventing the loss of data as quickly as possible. That's a question of information and it's a question of speed," Padilla said. "And often, the government will have very timely and critical information that banks or telecommunications companies need to know that there is an attack. Other times, we detect it first and sharing [information] with the government could serve to warn others that there may be an attack."
But companies are currently hesitant to share information about cyber threats they spot on computer networks with the government because they fear it may put them at risk for being sued. CISPA would address that concern, Padilla said, by granting companies liability protection from lawsuits if they share threat information with the government, allowing firms to get the assistance and data they need faster.
If a cyberattack is launched against a key piece of infrastructure, “you don't want a bunch of lawyers sitting in a room arguing whether to tell the government,” he said. “You want there to be clear and established procedures. CISPA will help facilitate that.”
But the cyber information-sharing bill has rankled privacy advocates from Washington to Silicon Valley. One of their chief concerns with the bill is that it would allow companies to share threat information directly with the military, including the National Security Agency, without being required to take steps to remove personally identifiable information from that data. Privacy advocates warn that could lead to people's email and IP addresses, names, and other personal information being inadvertently passed on to the NSA without their knowledge.
The American Civil Liberties Union, Center for Democracy and Technology and Electronic Frontier Foundation argue that a civilian agency, namely the Homeland Security Department (DHS), should be the first recipient of cyber threat data from companies. DHS would then pass on that data with other government agencies and departments.
Privacy advocates argue that a civilian agency is subject to more oversight relative to the secretive spy agency.
Reps. Jan Schakowsky (D-Ill.) and Adam Schiff (D-Calif.) proposed a set of privacy-focused amendments during the markup of CISPA last week, which did not receive enough votes to be adopted into the bill. One of the amendments by Schakowsky would have ensured that DHS is the first recipient of threat data from companies and would relay that information to other agencies.
"I think if you're looking just to maximize efficiency and you don't care about anything else, then we should give the job to NSA. But we have a separation of civilian and military in this country when you're talking about domestic cyber information," Schiff said at a press conference after the House Intelligence panel's markup of CISPA. "If we wanted efficiency only, then we wouldn't have a Fourth Amendment."
CISPA would “shift the control of the cyber program from civilian hands to a secretive military agency," said Greg Nojeim, senior counsel for the Center for Democracy and Technology, last week. "It'll be very difficult for there to be any transparency or any accountability if that shift happens."
Padilla, however, says companies need to be able to share threat data directly with the NSA “because that’s where the expertise is.”
“It really is a simple matter. The expertise in the U.S. government on cybersecurity largely rests in one place, and that's the National Security Agency,” he said. “They tend to know the most, the soonest about cyber threats and I think, frankly, there is a certain amount of feeling in the business community that you should be able to work directly and share information directly with the agency that has the most expertise.”
He said that IBM is open to working with DHS and other civilian agencies on the company’s cybersecurity efforts, but it believes the NSA has the most expertise at this point.
“We don't have a bias. We just want to work with who's got the expertise,” Padilla said.
During their fly-in trip, the executives also plan to press lawmakers to pass comprehensive immigration reform, which would include measures aimed at raising the cap for H-1B visas for skilled workers and freeing up more green cards.
-
US Creating Cybersecurity Working Groups With Japan and China
(April 14 & 15, 2013)
US Secretary of State John Kerry says that the US is creating working groups with Japan and China to address cybersecurity related issues. Because "some of the most serious cyber threats to businesses emanate from" the Asia Pacific Region, it is important to have countries there be part of the solution to the problem.
http://www.computerworld.com/s/article/9238385/John_Kerry_Cyberdefense_a_major_part_of_Asian_security?taxonomyId=17
http://www.zdnet.com/cn/us-china-to-form-cybersecurity-working-group-7000013976/
[Editor's Note (Pescatore): There are strong parallels between the US/USSR in the Cold War and "Mutually Assured Destruction" nuclear restraint strategies, and today's international cybersecurity issues. Having *both* diplomatic and military initiatives in the cyber area is important.
(Murray): China wants to control the content. (If one is running a single-party state, Facebook is more than a mere inconvenience.) The US wants to defend its fragile infrastructure. That said, both have an interest in an orderly Internet. Before we turn the Internet into a battlefield, we should at least try diplomacy to find mutually agreed state behavior, short of "war," that serves both interests.]
-
--EPIC Urges NIST to Draw Distinction between Cybercrime and Cyberterrorism
(April 15, 2013)
The Electronic Privacy and Information Center (EPIC) wants the US National Institute of Standards and Technology (NIST) to make clear distinctions between cyber crime and cyber terrorism. NIST is developing a cybersecurity platform as part of the president's executive order on cybersecurity, and asked for public comments on the development of that platform. In its comments, EPIC notes that "the overwhelming majority of cybersecurity incidents do not fall within the 'national security' designation."
http://www.gsnmagazine.com/node/28918?c=cyber_security
[Editor's Note (Pescatore): First: the horrible attacks at the Boston Marathon once again point out the schlockiness of the term "cyberterrorism." After each bombs and blood actual terrorist attack, from Oklahoma City in 1995 through the terrorist attacks against the US in September 2011, someone says "The next terror attack will be cyber" - - no, it will not. With that out the way, EPIC is dead on here. The cyber attack public relations focus shifted from cybercrime to China because that is a great way to go after funding and government budgets. The actual volume of attacks and likelihood of damage most companies face did *not* shift. (Murray): Well, EPIC is right to take the opportunity of the NIST RFC to raise the issue. However, the problem is not limited to NIST. Most of the attacks in the Internet are motivated by things other than terror (e.g., economics). Those that are intended to terrorize represent a "national security" threat only to the extent that we react to them as the terrorists hope. Government policy that treats them all as "war" is not efficient and, at least arguably, is not effective. It is essential that we distinguish between existential threat and the human condition.
(McBride): This is a pivotal distinction that needs to be addressed. Having a set of predetermined criteria to judge between national security issues and non-national security issues would help the federal government provide appropriate support while maintaining civil liberties and conserving taxpayer resources. It would also encourage rather than discourage participation and innovation that comes from private sector cyber security firms. ]
-
http://www.nytimes.com/2013/04/23/world/asia/united-states-and-china-hold-military-talks-with-cybersecurity-a-focus.html?nl=todaysheadlines&emc=edit_th_20130423
-
--Chinese General Says Cyber Attacks Are Like Nuclear Bombs
(April 22, 2013)
While rejecting claims that the Chinese military is behind cyberspying aimed at Western companies, the chief of staff of the People's Liberation Army, likened cyber attacks to nuclear bombs, saying "If the security of the Internet cannot be guaranteed, then ... results may be as serious as a nuclear bomb."
http://online.wsj.com/article/SB10001424127887323551004578438842382520654.html
http://www.informationweek.com/security/attacks/cyber-strikes-like-nuclear-bombs-says-ch/240153442
[Editor's Note (Paller): Not so far fetched. When Gary Roughead was U.S. Chief of Naval Operations he told Tony Sager and Jim Lewis and me, "for the Navy, Cyber is more important now than nuclear." Sadly, the Navy's new leadership hasn't followed through on making the Navy a leader in cyberspace.)
-
U.S. Directly Blames China’s Military for Cyberattacks
By DAVID E. SANGER
Published: May 6, 2013 30 Comments
WASHINGTON — The Obama administration on Monday explicitly accused China’s military of mounting attacks on American government computer systems and defense contractors, saying one motive could be to map “military capabilities that could be exploited during a crisis.”
While some recent estimates have more than 90 percent of cyberespionage in the United States originating in China, the accusations relayed in the Pentagon’s annual report to Congress on Chinese military capabilities were remarkable in their directness. Until now the administration avoided directly accusing both the Chinese government and the People’s Liberation Army of using cyberweapons against the United States in a deliberate, government-developed strategy to steal intellectual property and gain strategic advantage.
“In 2012, numerous computer systems around the world, including those owned by the U.S. government, continued to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military,” the nearly 100-page report said.
The report, released Monday, described China’s primary goal as stealing industrial technology, but said many intrusions also seemed aimed at obtaining insights into American policy makers’ thinking. It warned that the same information-gathering could easily be used for “building a picture of U.S. network defense networks, logistics, and related military capabilities that could be exploited during a crisis.”
It was unclear why the administration chose the Pentagon report to make assertions that it has long declined to make at the White House. A White House official declined to say at what level the report was cleared. A senior defense official said “this was a thoroughly coordinated report,” but did not elaborate.
On Tuesday, a spokeswoman for the Chinese Ministry of Foreign Affairs, Hua Chunying, criticized the report.
‘‘China has repeatedly said that we resolutely oppose all forms of hacker attacks,’’ she said. ‘‘We’re willing to carry out an even-tempered and constructive dialogue with the U.S. on the issue of Internet security. But we are firmly opposed to any groundless accusations and speculations, since they will only damage the cooperation efforts and atmosphere between the two sides to strengthen dialogue and cooperation.’’
Missing from the Pentagon report was any acknowledgment of the similar abilities being developed in the United States, where billions of dollars are spent each year on cyberdefense and constructing increasingly sophisticated cyberweapons. Recently the director of the National Security Agency, Gen. Keith Alexander, who is also commander of the military’s fast-growing Cyber Command, told Congress that he was creating more than a dozen offensive cyberunits, designed to mount attacks, when necessary, at foreign computer networks.
When the United States mounted its cyberattacks on Iran’s nuclear facilities early in President Obama’s first term, Mr. Obama expressed concern to aides that China and other states might use the American operations to justify their own intrusions.
But the Pentagon report describes something far more sophisticated: A China that has now leapt into the first ranks of offensive cybertechnologies. It is investing in electronic warfare capabilities in an effort to blind American satellites and other space assets, and hopes to use electronic and traditional weapons systems to gradually push the United States military presence into the mid-Pacific nearly 2,000 miles from China’s coast.
The report argues that China’s first aircraft carrier, the Liaoning, commissioned last September, is the first of several carriers the country plans to deploy over the next 15 years. It said the carrier would not reach “operational effectiveness” for three or four years, but is already set to operate in the East and South China Seas, the site of China’s territorial disputes with several neighbors, including Japan, Indonesia, the Philippines and Vietnam. The report notes a new carrier base under construction in Yuchi.
The report also detailed China’s progress in developing its stealth aircraft, first tested in January 2011.
===============
age 2 of 2)
Three months ago the Obama administration would not officially confirm reports in The New York Times, based in large part on a detailed study by the computer security firm Mandiant, that identified P.L.A. Unit 61398 near Shanghai as the likely source of many of the biggest thefts of data from American companies and some government institutions.
Until Monday, the strongest critique of China came from Thomas E. Donilon, the president’s national security adviser, who said in a speech at the Asia Society in March that American companies were increasingly concerned about “cyberintrusions emanating from China on an unprecedented scale,” and that “the international community cannot tolerate such activity from any country.” He stopped short of blaming the Chinese government for the espionage.
But government officials said the overall issue of cyberintrusions would move to the center of the United States-China relationship, and it was raised on recent trips to Beijing by Treasury Secretary Jacob J. Lew and the chairman of the Joint Chiefs of Staff, Gen. Martin E. Dempsey.
To bolster its case, the report argues that cyberweapons have become integral to Chinese military strategy. It cites two major public works of military doctrine, “Science of Strategy” and “Science of Campaigns,” saying they identify “information warfare (I.W.) as integral to achieving information superiority and an effective means for countering a stronger foe.” But it notes that neither document “identifies the specific criteria for employing a computer network attack against an adversary,” though they “advocate developing capabilities to compete in this medium.”
It is a critique the Chinese could easily level at the United States, where the Pentagon has declined to describe the conditions under which it would use offensive cyberweapons. The Iran operation was considered a covert action, run by intelligence agencies, though many techniques used to manipulate Iran’s computer controllers would be common to a military program.
The Pentagon report also explicitly states that China’s investments in the United States aim to bolster its own military technology. “China continues to leverage foreign investments, commercial joint ventures, academic exchanges, the experience of repatriated Chinese students and researchers, and state-sponsored industrial and technical espionage to increase the level of technologies and expertise available to support military research, development and acquisition.”
But the report does not address how the Obama administration should deal with that problem in an economically interconnected world where the United States encourages those investments, and its own in China, to create jobs and deepen the relationship between the world’s No. 1 and No. 2 economies. Some experts have argued that the threat from China has been exaggerated. They point out that the Chinese government — unlike, say, Iran or North Korea — has such deep investments in the United States that it cannot afford to mount a crippling cyberstrike on the country.
The report estimates that China’s defense budget is $135 billion to $215 billion, a large range attributable in part to the opaqueness of Chinese budgeting. While the figure is huge in Asia, the top estimate would still be less than a third of what the United States spends every year.
Some of the report’s most interesting elements examine the debate inside China over whether this is a moment for the country to bide its time, focusing on internal challenges, or to directly challenge the United States and other powers in the Pacific.
But it said that “proponents of a more active and assertive Chinese role on the world stage” — a group whose members it did not name — “have suggested that China would be better served by a firm stance in the face of U.S. or other regional pressure.”
-
http://www.lawfareblog.com/2013/05/cispa-an-assessment/
-
(May 10 & 13, 2013)
According to a report from Reuters, the US government is the single largest buyer in the "gray market" of offensive hacking tools. While tools that exploit unknown vulnerabilities provide a tactical advantage, not disclosing the flaws leaves other organizations, including those in the US, vulnerable to attacks. Former high level cybersecurity officials have expressed concern about the situation. Former White House cybersecurity advisor Richard Clarke said, "If the US government knows of a vulnerability that can be exploited, under normal circumstances, its first obligation is to tell US users." Howard Schmidt, also a former White House cybersecurity advisor, said, "It's pretty naive to believe that with a newly-discovered zero-day, you are the only one in the world that's discovered it." And former NSA director Michael Hayden said that although "there has been a traditional calculus between protecting your offensive capability and strengthening your defense, it might be time now to readdress that at an important policy level."
Paying the vulnerability purveyors for the malware also removes the incentive for talented hackers to inform software makers about the flaws.
http://www.reuters.com/article/2013/05/10/us-usa-cyberweapons-specialreport-idUSBRE9490EL20130510
http://www.zdnet.com/u-s-government-becomes-biggest-buyer-of-malware-7000015242/
[Editor's Note (Pescatore): Governments are the largest buyers of all offensive weapons and the US government (DoD/Intelligence plus national law enforcement) is usually the largest of the government buyers, so this is sort of a "drug companies are the biggest buyers of opiates" story.
(Assante): The main ramification of a thriving tools market is greater investment in vulnerability discovery and the development of more powerful tools to assemble and test exploits. 2006 is considered a turning point as the emerging underground tool market breed specialization and provided paths for money to cycle through the system. Monetization of hacking gains began to feed upstream tool developers and people willing to commit attacks became more reliant on tools that were purchased. Super buyers will certainly influence this market place, but they are only one category of participant - these markets are here to stay.]
-
This is so true. Business spying is rampant. There is some outrage when there is government spying. There is some outrage over international sovereign spying. But not enough about business/criminal spying. It has to be rampant on Wall street. It has to rampant in Wash DC. I can tell you it is rampant in the entertainment industry. I am not sure what can be done about. Most people don't see it, are not big victims of it yet, or don't know. So they don't care or don't believe it. That is part of the problem. Than what to do with the progressively advancing technology all the while more and more of everything is connected. Thirdly one would have to assume people who are enforcing it are honest and not corruptible. Good luck.
http://www.nbcnews.com/id/15519811/ns/business-cnbc_tv/t/cnbc-special-report-big-brother-big-business/
-
http://www.nytimes.com/2013/05/20/world/asia/chinese-hackers-resume-attacks-on-us-targets.html?nl=todaysheadlines&emc=edit_th_20130520&_r=0
-
http://www.nytimes.com/2013/05/20/world/asia/chinese-hackers-resume-attacks-on-us-targets.html?nl=todaysheadlines&emc=edit_th_20130520&_r=0
The most telling paragraph from the article:
The Obama administration had bet that “naming and shaming” the groups, first in industry reports and then in the Pentagon’s own detailed survey of Chinese military capabilities, might prompt China’s new leadership to crack down on the military’s highly organized team of hackers — or at least urge them to become more subtle.
From BD: It is unclear to me why a more subtle cyberattack from China is better.
-
Because then BO could pretend that nothing was happening and continue to do nothing.
-
Perhaps I should have said "more effective." At any rate, the strategy doesn't make sense to me.
-
Perhaps I should have said "more effective." At any rate, the strategy doesn't make sense to me.
What if we had a president who was raised on anti-Americanism and as a result didn't like this country at all...
-
It amazes me that the world's largest economy doesn't have leverage to influence hardly anyone on anything. Assuming the European Union has the same interest in this that we do, one might think that the EU and US combined would have economic leverage with China. http://en.wikipedia.org/wiki/List_of_the_largest_trading_partners_of_China
So we shame them. Scary!
Since we are talking about warfare, blowing up the building might make an impact - just thinking aloud - or more realistically, shut down their internet until they understand our concern. We avoid bad choices by making the good ones work. Unless there is something effective happening behind the scenes, this is another case of our Commander in Chief not even voting present in his responsibilities.
If he went after enemies, terrorists and geopolitical rivals with the zest that the uses to attack the tea party, Rush Limbaugh and Fox News, they might think twice before messing with us.
-
BD:
Remember how Eisenhower backed up Britain, France, and Israel in 1956 from retaking the Suez Canal?
He threatened to sell the bonds of theirs which we held from WW2.
BO, committed to deficit spending, needs the Chinese to buy our debt. Currently, at negative real interest rates, we pay about $250-300B a year on interest on the national debt. If the Chinese dump our bonds and interest rates go up, our numbers get real dicey in a big hurry.
So he barks occasionally and does nothing.
In the meantime in a few years our interest payments to China will be paying for 100% of their military.
What could go wrong? :roll: :roll: :roll:
-
Not picking fights or starting new arguments but portion of a comment intrigued me.
BTW - I'm still reading the articles listed below.
"...shut down their internet until they understand our concern."
How easy is it to shut off a country’s Internet?
http://www.washingtonpost.com/blogs/wonkblog/wp/2012/12/01/how-easy-is-it-to-shut-off-a-countrys-internet/
Could It Happen In Your Country?
http://www.renesys.com/blog/2012/11/could-it-happen-in-your-countr.shtml
How did Syria cut off the entire country from the Internet?
http://www.washingtonpost.com/blogs/worldviews/wp/2013/05/08/how-did-syria-cut-off-the-entire-country-from-the-internet/
-
Your contributions here are appreciated Dog Robert.
-
http://www.washingtonpost.com/world/national-security/confidential-report-lists-us-weapons-system-designs-compromised-by-chinese-cyberspies/2013/05/27/a42c3e1c-c2dd-11e2-8c3b-0b5e9247e8ca_story.html
From the article:
Experts warn that the electronic intrusions gave China access to advanced technology that could accelerate the development of its weapons systems and weaken the U.S. military advantage in a future conflict.
-
Unfortunately it appears to be more important to Team Obama that we continue borrowing from the Chinese.
-
http://www.wired.com/dangerroom/2013/05/pentagon-cyberwar-angry-birds/all/
-
--NSA/CyberCom To Get Green Light Response to Cyber Attack
(May 27, 2013)
DoD is on the verge of approving new standing rules of engagement, rules that will for the first time authorize a U.S. response to cyber attacks. It's part of a general push to move more cyber warfare into the traditional military strategy and away from the often contentious realm of National Security Council debate. The new rules will empower commanders to counter direct cyberattacks with offensive efforts of their own - without White House approval.
http://www.defensenews.com/article/20130527/DEFREG02/305270014/Slowed-by-Debate-Uncertainty-New-Rules-Green-Light-Response-Cyber-Attacks
--Iranian Hackers Are Targeting US Energy Companies' Industrial Control
Systems
(May 27, 2013)
US officials say that hackers operating on behalf of the Iranian government are targeting industrial control systems at US energy companies in an attempt to damage the country's critical infrastructure. Thus far, the attacks have focused on gathering intelligence about how the systems operate. Some US officials have posited that Stuxnet, the sophisticated malware attack that targeted centrifuges at an Iranian nuclear facility in 2010 pushed Iran to develop stronger cyberattack capabilities and to retaliate.
http://www.theregister.co.uk/2013/05/27/iran_payback_stuxnet_ics_attacks/
http://www.eweek.com/security/iranian-hackers-launching-cyber-attacks-on-us-energy-firms-report/
-
Too bad the people of our president (or was it him personally?) saw fit to take credit for Stuxnet :x Well at least DOJ went after FOX and AP , , , :x
-
http://www.lawfareblog.com/2013/05/the-most-important-cybersecurity-case-youve-never-heard-of/
-
Chiiiiiicoms in (Cyber) Spaaaaaaaaaaaace!
A new report says that the Chinese are hacking American computer networks at an
alarming rate. This is hardly news. I've been including the phrase
"早安,我抱歉有沒有在這封電子郵件中的商業秘密或加拿大色情。請停止殺害酷動物啄木鳥醫學。剛剛買了一些偉哥了"
at the bottom of every e-mail for months (I put it just above where it says
"Hello Mr. Holder!"). It means, according to Google translate: "Good Morning, I'm
sorry there's no trade secrets or Canadian porn in this e-mail. Please stop killing
cool animals for pecker medicine. Just buy some Viagra already."
What is new is the scope of the problem the report lays out. This is a thorny issue
and I think the U.S. needs to be much, much more aggressive in combating it. Why
it's not a bigger issue for the WTO, for instance, is baffling to me. They are
stealing our stuff, which strikes me as a bigger deal than taxing it at the border.
Explaining to the Chinese leadership that they shouldn't be doing this because it's
wrong is like explaining to a dog licking its nethers that what he's doing is bad
manners: To the extent they understand at all, they couldn't care less. They respect
power. They understand when you put a price on bad behavior. So we need to put a
price on Chinese hacking. It's really that simple. The hard thing to figure out is
how.
As I mentioned the other night on Special Report, the coolest idea on this score
comes from Jeremy Rabkin. He wants the U.S. government to issues Letters of Marque
to freelance squadrons of hackers and other cyber renegades.
Before the mid-nineteenth century, "privateers" were often commissioned to attack
enemy ships. They were offered a percentage of what they could seize from enemy
commerce. They were distinguished from mere pirates -- with whom they had obvious
similarities -- by formal authorizations, so-called "letters of marque," issued by
the sponsoring state.
Privateering was once a common feature of naval warfare, partly for reasons of
economy: it allowed governments to extend their force at sea without the expense of
maintaining large fleets. There were also diplomatic or strategic advantages.
Commissioning privateer attacks was a means of imposing harm on another state
without committing to war. Thus the framers of the U.S. Constitution took care to
specify that Congress had the power to "declare war" but also the power to "issue
letters of marque," implying that the latter could proceed without the former. In
interpreting this clause in an early case, the U.S. Supreme Court cited the treatise
of the Swiss jurist Jean-Jacques Burlamaqui, who associated the
practice with "imperfect war," in which some hostilities are permitted but the
conflict remains more constrained than all-out war. In practice, letters of marque
often were issued to those who had learned the craft of capturing prize at sea
without any government authorization. Governments issuing authorization brought
these raiders under more state control in return for offering them more state
protection.
Comparisons between cyber warriors and pirates of old are not fanciful. Cyber crime
is a pervasive aspect of today's Internet. Much like international drug dealers,
cyber criminals have sought protective relations with sympathetic or accommodating
governments. The so-called "Russian Business Network," active in a range of cyber
crime activities, seems to have received protection and support from the Russian
government. The Chinese government has openly encouraged
private hackers and may well have enlisted organized groups to probe Western
business and government networks -- and then take or sell what they can.
Without getting into the fine print, let me just say that is the most badass
public-policy proposal I've heard in years. I want this to happen so badly! It's
like a William Gibson novel meets Revenge of the Nerds. Gothy kids with inhalers,
cubicle dwellers in chinos, the whole grand coalition of computer geeks can become .
. . pirates! Oh, make this happen!
-
"Explaining to the Chinese leadership that they shouldn't be doing this because it's
wrong is like explaining to a dog licking its nethers that what he's doing is bad
manners: To the extent they understand at all, they couldn't care less. They respect
power"
Exactly! The problem being that they know what Buraq is and hold him in utter, unmasked contempt.
-
This belongs better in Media Matters.
-
What a perfect excuse to spy on Americans - it is all to keep us safe. :wink: The progressive machine took this ball and ran with it. Don't let any opportunity go to waste. For years I suspect the PC makers and the software people have embedded ways of hacking into one's machine. The excuse is they are cooperating with law enforcement to be able to track data. I don't trust these companies to not use it for their purposes any more than I trust Obama's organized crew is not using it for the political agenda. OK Obama let's have a mature conversation about this. First you and your crew need to go and we need all information on the table for people to see.
How can we have any legitimate conversation or public discussion of this with dishonest persons at the top not being transparent? Like Levin says this guy can look you right in the eye keep a straight sincere face and without flinching or remorse or guilt tell you lies all day long. So now Americans are supposed to discuss this in public?
And the media still covers as much as possible for him....
****NSA phone spying program FOILED plan to blow up New York City subway, claim under fire security officials
NSA domestic spying program foiled 2009 NYC subway bombing plot
•Government program credited by Rep. Mike Rogers, R-Mich., House Intelligence Committee head, with thwarting planned attack
•Alleged terrorist found out after emailing known Al-Qaeda leader in Pakistan for help making a bomb
•Attack stopped as a result of collaboration between US and British intelligence agencies
By Associated Press Reporter
PUBLISHED: 07:40 EST, 8 June 2013 | UPDATED: 21:54 EST, 8 June 2013
The government's broad programs to collect U.S. phone records and Internet traffic helped disrupt a 2009 plot to bomb the New York City subways, a senior U.S. intelligence official said.
But the assertion raises as many questions as it answers because court testimony indicated the subway plot investigation began with an email.
Over the past days, The Guardian newspaper and The Washington Post have revealed classified documents showing how the National Security Agency sweeps up phone records and Internet data in its hunt for terrorists. Those programs have come under criticism from civil libertarians and some in Congress who say they were too broad and collected too much about innocent Americans.
In one of those programs, the NSA's collected daily records of millions of phone calls made and received by U.S. citizens not suspected of any wrongdoing.
On Thursday, Rep. Mike Rogers, R-Mich., who leads the House Intelligence Committee, credited that effort with thwarting a terrorism plot. But he did not elaborate.
The senior U.S. intelligence official who asserted Friday that the phone records program together with other technical intercepts thwarted the subway plot would not provide other details. The official was not authorized to discuss the plot publicly and requested anonymity.
Afghan-American Najibullah Zazi pleaded guilty in the 2009 plot, saying he had been recruited by al-Qaida in Pakistan.
The break in that case came, according to court documents and testimony, when Zazi emailed a Yahoo address seeking help with his bomb recipe.
At that time, British intelligence officials knew the Yahoo address was associated with an al-Qaida leader in Pakistan. That's because, according to British government documents released in 2010, officials had discovered it on the computer of a terror suspect there months earlier.
Because the NSA and British intelligence work so closely together and so little is known about how the NSA monitors email traffic, it's possible that both agencies were monitoring the Yahoo address at the time Zazi sent the critical email in 2009.
What's unclear, though, is how the phone program aided the investigation, which utilized court-authorized wiretaps of Zazi and his friends.
Based on what's known about the phone-records program, the NSA might have had an archive of all the phone calls Zazi had made, which might have helped authorities look for possible co-conspirators.
Because the phone program remains classified, however, it's impossible to say with certainty how the program benefited the investigation.
.
Read more: http://www.dailymail.co.uk/news/article-2337865/NSA-phone-spying-program-foiled-2009-NYC-subway-bombing-plot.html#ixzz2VjQciU9g
Follow us: @MailOnline on Twitter | DailyMail on Facebook****
-
Former NSA Whistleblower Sheds Light on the Science of Surveillance [Q&A]
Scientific AmericanBy Dina Fine Maron | Scientific American – Mon, Jun 10, 2013..
A National Security Agency whistleblower named Thomas Drake was indicted several years ago for providing information to the press on waste, fraud and bureaucratic dysfunction in the agency’s counterterrorism programs. The U.S. Department of Justice indicted Drake, an NSA senior executive, under the Espionage Act of 1917 for retaining allegedly classified information. Eventually, the felony charges against Drake were dropped, and he pled guilty to a misdemeanor, exceeding authorized use of a computer. Still, the DOJ’s strategy in that case may provide some clues as to what’s in store for Edward Snowden, a government contractor who exposed himself last weekend as the source for a widespread domestic communications story first reported by The Guardian. Drake spoke with Scientific American to shed some light on whistleblower prosecutions and the science behind surveillance. An edited transcript of the conversation follows:
Director of National Intelligence James Clapper has said it's not realistic nor would he want to listen to everyone's communications, so what can be done with all these phone records that the NSA is collecting?
The distinction here is metadata versus content. It’s like when you get physical snail mail, it has a certain shape, weight and type of envelope, and an address and a return address and a stamp and usually a date and routing numbers. And it’s going to a particular mailbox at a particular address—that’s all metadata. The content is what it’s inside the envelope. In a digital space the metadata is always associated with content. The content would be the actual phone call—the conversation. The fact is the metadata is far more valuable to them because it gives them an index of everything. If they want to, the data is available and the capability exists to store it, then later they can access the content as well with a warrant. You can learn a tremendous amount about people by looking at the metadata…phone records include location information. At that level you can track them as well and know who they speak with, the time of day and all of that. By definition a phone number is always associated with somebody or some business—believe me, subscribers all have names. Think of the White Pages; the White Pages equal metadata. If I store that, that gives the government a phenomenal power in secret to track all kinds of information about a person without going to content.
With all that data, it would take tremendous resources to scour that information even before we get to content. So how do you know what to look for?
Patterns. Signatures. Profiling. That’s where it gets pernicious in secret; that’s when they may decide to look at content as well. But metadata even without content already tells you a lot of information. Metadata gives meaning to content. What does NSA need with a 100 million phone records? We are losing the foundation of innocence until proven guilt. The assumption of innocence no longer exists in a surveillance state…we are all foreigners now. To me that’s crossing over into a form of governance that is a clear violation of the Fourth Amendment. We are eroding a foundational part of this country. The important distinction is the law that exists right now allows the government with some [limitations—] at least on paper—to collect all meta-data without any particularized suspicion on someone without getting a warrant for someone. To get content you would need a warrant. The technology is such that the distinction between metadata and content is largely losing its distinction simply because all digital content by definition has metadata associated with it. You can strip off the metadata to do the analysis...but then when you want to, because you already have the data, even if you didn’t have probable cause to do it,you can get into the content.
Based on your experience, talk to me about Snowden’s decision to turn himself in. Would it have been possible for Snowden to hide out?
He exposed himself, which is one of the unique things here. Once you are flagged though, even if he hadn’t turned himself in…the system is so vast in terms of your digital footprint it wouldn’t have taken long to find him…Could he totally go off the grid and disappear? The system itself would have been alerted. He would have had less time to hide out if he had not gone overseas even if he had not exposed himself. He clearly made a preemptive decision…if he went overseas as a U.S. citizen they can’t grab you off the street the next day though he has indicated in interviews he is concerned about rendition. Leaving creating another barrier. It buys him time to make other arrangements in terms of seeking asylum.
Could cyber hackers have obtained the information that these programs existed through data-mining efforts?
Probably not. Those systems are extraordinarily well-protected. It’s very difficult to hack in, especially to the top secret ones. That’s why you have never seen a Foreign Intelligence Surveillance Act court order in public. This is the first one to my knowledge. The classification system is so high it has special protections. It takes someone with access and knowledge to make that fateful decision that it’s in the best interests of the public to have access to that type of information and free it.
From your experience, how do you think the NSA will come after Snowden?
With everything they’ve got.
So do you think they will use the same playbook they used with you—charging Snowden under the Espionage Act?
Yes. It will probably be very similar, there’s no question. I was never actually charged with leaking or disclosing. I was actually charged for retention of unauthorized documents.
What could someone like Snowden do—for a career—after this kind of security breach?
He will have to have an attorney shield him and protect him as best as he can. The government always has a choice in the matter; they can open a case and never prosecute. I suspect they will throw everything they had after him. He will have a heck of a time as I did…I found part-time work but I made far less than before; you are blacklisted. Your clearance is no longer valid so you can’t work in government and people think you can’t be trusted. It will probably be a whole different line of work for him at least in the near or mid-term as it certainly was for me. For a long time I had no income. He knew that there would serious consequences when he made the fateful decision to turn this information over to the press.
If I may ask, what do you do now?
I work full-time at an Apple retail store.
In an environment where Wikileaks is currently in the headlines, and now this, do you think this will change the way Americans approach security questions?
Just since my criminal case ended with one year of probation and community service, this is the most media attention I’ve had by far. I can’t even get to all my emails right now; it’s extraordinarily overwhelming. That tells me that for now this story has legs and people are discussing what are civil liberties versus surveillance and questioning how far they can erode our liberties for the sake of surveillance. The question is do Americans care enough and it looks like we’re having that debate now and I hope that it sustains itself, that’s certainly my wish.
Follow Scientific American on Twitter @SciAm and @SciamBlogs.
Visit ScientificAmerican.com for the latest in science, health and technology news.
© 2013 ScientificAmerican.com. All rights reserved.
-
While on the road I hqve not had good internet access, but my impression from the little I have seen is that this matter is quite important. I hope we will bring our collective efforts to bear here.
1) http://blog.sfgate.com/techchron/2013/06/10/on-first-glance-nsa-leaker-appears-a-patriot-not-a-traitor/
2) http://www.tpnn.com/new-survey-nsa-whistleblower-edward-snowden-hero-or-traitor/
3) http://www.nytimes.com/2013/06/11/opinion/brooks-the-solitary-leaker.html?smid=fb-share&_r=0
The Solitary Leaker
From what we know so far, Edward Snowden appears to be the ultimate unmediated man.
Though obviously terrifically bright, he could not successfully work his way through
the institution of high school. Then he failed to navigate his way through community
college.
According to The Washington Post, he has not been a regular presence around his
mother’s house for years. When a neighbor in Hawaii tried to introduce himself,
Snowden cut him off and made it clear he wanted no neighborly relationships. He went
to work for Booz Allen Hamilton and the C.I.A., but he has separated himself from
them, too.
Though thoughtful, morally engaged and deeply committed to his beliefs, he appears
to be a product of one of the more unfortunate trends of the age: the atomization of
society, the loosening of social bonds, the apparently growing share of young men in
their 20s who are living technological existences in the fuzzy land between their
childhood institutions and adult family commitments.
If you live a life unshaped by the mediating institutions of civil society, perhaps
it makes sense to see the world a certain way: Life is not embedded in a series of
gently gradated authoritative structures: family, neighborhood, religious group,
state, nation and world. Instead, it’s just the solitary naked individual and the
gigantic and menacing state.
This lens makes you more likely to share the distinct strands of libertarianism that
are blossoming in this fragmenting age: the deep suspicion of authority, the strong
belief that hierarchies and organizations are suspect, the fervent devotion to
transparency, the assumption that individual preference should be supreme. You’re
more likely to donate to the Ron Paul for president campaign, as Snowden did.
It’s logical, given this background and mind-set, that Snowden would sacrifice his
career to expose data mining procedures of the National Security Agency. Even if he
has not been able to point to any specific abuses, he was bound to be horrified by
the confidentiality endemic to military and intelligence activities. And, of course,
he’s right that the procedures he’s unveiled could lend themselves to abuse in the
future.
But Big Brother is not the only danger facing the country. Another is the rising
tide of distrust, the corrosive spread of cynicism, the fraying of the social fabric
and the rise of people who are so individualistic in their outlook that they have no
real understanding of how to knit others together and look after the common good.
This is not a danger Snowden is addressing. In fact, he is making everything worse.
For society to function well, there have to be basic levels of trust and
cooperation, a respect for institutions and deference to common procedures. By
deciding to unilaterally leak secret N.S.A. documents, Snowden has betrayed all of
these things.
He betrayed honesty and integrity, the foundation of all cooperative activity. He
made explicit and implicit oaths to respect the secrecy of the information with
which he was entrusted. He betrayed his oaths.
He betrayed his friends. Anybody who worked with him will be suspect. Young people
in positions like that will no longer be trusted with responsibility for fear that
they will turn into another Snowden.
He betrayed his employers. Booz Allen and the C.I.A. took a high-school dropout and
offered him positions with lavish salaries. He is violating the honor codes of all
those who enabled him to rise.
He betrayed the cause of open government. Every time there is a leak like this, the
powers that be close the circle of trust a little tighter. They limit debate a
little more.
He betrayed the privacy of us all. If federal security agencies can’t do vast data
sweeps, they will inevitably revert to the older, more intrusive eavesdropping
methods.
He betrayed the Constitution. The founders did not create the United States so that
some solitary 29-year-old could make unilateral decisions about what should be
exposed. Snowden self-indulgently short-circuited the democratic structures of
accountability, putting his own preferences above everything else.
Snowden faced a moral dilemma. On the one hand, he had information about a program
he thought was truly menacing. On the other hand, he had made certain commitments as
a public servant, as a member of an organization, and a nation. Sometimes leakers
have to leak. The information they possess is so grave that it demands they violate
their oaths.
But before they do, you hope they will interrogate themselves closely and force
themselves to confront various barriers of resistance. Is the information so grave
that it’s worth betraying an oath, circumventing the established decision-making
procedures, unilaterally exposing secrets that can never be reclassified?
Judging by his comments reported in the news media so far, Snowden was obsessed with
the danger of data mining but completely oblivious to his betrayals and toward the
damage he has done to social arrangements and the invisible bonds that hold them
together.
-
This moron makes Bradley Manning look like John Wayne. He'll soon figure out how badly he's fcuk'ed himself.
There are right ways to go about whistleblowing. What he's done is the utterly wrong way.
-
"There are right ways to go about whistleblowing."
GM,
What is a right way in this case?
Who else but the media would he go to in order to avoid a cover-up?
-
In Rare Interview, Dick Cheney Champions NSA Surveillance
National JournalBy Matt Berman | National Journal – 4 hrs ago...
Sunday show obsessives got a bit of a Father's Day treat on Sunday: Dick Cheney on Fox News Sunday with Chris Wallace to talk about, among other things, the NSA data collection program. In something of a Greatest Hits interview, the former vice president threw everything he has behind government surveillance. And, despite looking a bit rusty when his cell phone went off on air, he's still got it.
The interview kicked off with Cheney, who was introduced by Wallace as "the driving force behind increased government surveillance" in the Bush administration, calling leaker Edward Snowden a "traitor," and insinuating that he may have had help from within the NSA. Asked if Snowden was spying on behalf of China, the former vice president said he was "deeply suspicious," and that the U.S. will "need to be really aggressive" with China to extradite Snowden.
Cheney also pushed aside Sen. Rand Paul's reservations about the NSA program that he made on Fox News Sunday last week. When asked why the NSA has to "vacuum up" information on ordinary citizens, Cheney laughed off the suggestion, saying that "it's just a big bag of numbers that has been collected." And, getting right into the swing of being back defending government surveillance, Cheney slipped into the first-person plural: "The allegation is not that we get all this personal information on Aunt Fanny or Chris Wallace, that's not the way it works." Cheney also took some ownership—or at least authorship—of the data-collection, saying that he "worked with [former Director of National Intelligence] Mike Hayden when we set this program up."
And while the former vice-president had many nice things to say about the "fine" men leading the NSA, he had no kind words for the president. "I don't pay attention, frankly, to a lot of what Barack Obama says...I'm obviously not a fan." He also said that President Obama is "dead wrong" in suggesting that the War on Terror is winding down, and that "in terms of credibility, I don't think he has credibility."
And, just for good measure, Cheney threw in his two cents on the IRS scandal: "One of the worst abuses of power imaginable."
If Cheney wasn't enough for your Father's Day morning, you were in luck. As the former vice-president exited, Karl Rove entered the show's panel to talk Syria. Because what better way is there to spend Father's Day than to pretend it's still 2005. *****
-
"There are right ways to go about whistleblowing."
GM,
What is a right way in this case?
Who else but the media would he go to in order to avoid a cover-up?
http://www.osc.gov/Intro.htm
Introduction to OSC
Who We AreThe U.S. Office of Special Counsel (OSC) is an independent federal investigative and prosecutorial agency. Our basic authorities come from four federal statutes: the Civil Service Reform Act, the Whistleblower Protection Act, the Hatch Act, and the Uniformed Services Employment & Reemployment Rights Act (USERRA).
Our Mission OSC’s primary mission is to safeguard the merit system by protecting federal employees and applicants from prohibited personnel practices, especially reprisal for whistleblowing. For a description of prohibited personnel practices (PPPs), click here.
What We Do PPPs & Whistleblower Protection
OSC receives, investigates, and prosecutes allegations of PPPs, with an emphasis on protecting federal government whistleblowers. OSC seeks corrective action remedies (such as back pay and reinstatement), by negotiation or from the Merit Systems Protection Board (MSPB), for injuries suffered by whistleblowers and other complainants. OSC is also authorized to file complaints at the MSPB to seek disciplinary action against individuals who commit PPPs. For more information on how we process PPP complaints, click here.
Disclosure Unit
OSC provides a secure channel through its Disclosure Unit for federal workers to disclose information about various workplace improprieties, including a violation of law, rule or regulation, gross mismanagement and waste of funds, abuse of authority, or a substantial danger to public health or safety. For more information on our Disclosure Unit, click here.
Hatch Act Unit (Political Activity)
OSC promotes compliance by government employees with legal restrictions on political activity by providing advisory opinions on, and enforcing, the Hatch Act. Every year, OSC’s Hatch Act Unit provides over a thousand advisory opinions, enabling individuals to determine whether their contemplated political activities are permitted under the Act.
Hatch Act Unit also enforces compliance with the Act. Depending on the severity of the violation, OSC will either issue a warning letter to the employee, or prosecute a violation before MSPB. For more information on our Hatch Act Unit, click here.
Uniformed Services Employment and Reemployment Rights Act (Veterans’ Rights)
OSC protects the civilian employment and reemployment rights of military veterans and members of the Guard and Reserve by enforcing the Uniformed Services Employment and Reemployment Rights Act (USERRA). For more information about our USERRA program, click here.
Employee Information ProgramsSection 2302(c) of title 5 of the U.S. Code makes agency heads and officials with personnel authority responsible (in consultation with OSC) for informing federal employees of their rights and remedies under chapters 12 and 23 of title 5. These chapters deal with prohibited personnel practices, whistleblower disclosures, political activity, and access to OSC and MSPB.
OSC endeavors to assist agencies in carrying out their employee information responsibilities, including by the development of a general guide to federal employee rights and remedies under title 5. Click here for web and PDF versions of this resource.
-
Let me ask a serious question. We all know the type of person David Axelrod is. We know that he was responsible for the release of information on a candidate the ONE ran against . I think Doug posted about that an opponent's private divorce information was "leaked".
Does anyone here think Alexrod and the rest of his crew would not seek, and collect, and, sort, and use any data against any adversary they could from information collected either by government agencies, or the private corporations themselves who collect such information? Does anyone think just for the sake of an example, a person who has great power with a multibillion dollar corporation who plays the fascist game as well as anyone, with the initials JI associated with a company with the initials GE would not be willing to share say something of use politically to Axelrod in exchange for some government policy or agency preferential treatment, or other payoff? Anyone who would say that Alexrod as well as any countless politicians could be trusted is, how can I say this as nicely as possible, mistaken:
*****'NSA should come clean about domestic spying': Ray Kelly
By JENNIFER BAIN
Last Updated: 6:18 PM, June 17, 2013
Posted: 4:09 PM, June 17, 2013
Police Commissioner Ray Kelly launched a stinging rebuke to the federal government’s secret phone and Internet monitoring campaign — and suggested leaker Edward Snowden was right about privacy “abuse.”
“I don’t think it ever should have been made secret,” Kelly said today, breaking ranks with US law-enforcement officials.
His blast came days after the Obama administration and Attorney General Eric Holder outraged New York officials by endorsing a federal monitor for the NYPD.
Kelly appeared to firmly reject Holder’s claim that disclosure of the monitoring campaign seriously damaged efforts to fight terrorism.
Ray Kelly
“I think the American public can accept the fact if you tell them that every time you pick up the phone it’s going to be recorded and it goes to the government,” Kelly said. “I think the public can understand that. I see no reason why that program was placed in the secret category.”
“Secondly, I think if you listen to Snowden, he indicates that there’s some sort of malfeasance, people . . . sitting around and watching the data. So I think the question is: What sort of oversight is there inside the [National Security Agency] NSA to prevent that abuse, if it’s taking place?”
Kelly has been on the receiving side of this kind of criticism.
The NYPD secretly spied on Muslim organizations, infiltrated Muslim student group and videotaped mosque-goers in New Jersey for years, it was revealed in 2012. The NYPD said its actions were lawful and necessary to keep the city safe.
After the vast federal phone-Internet monitoring program was revealed, President Obama said he had struck the right balance between ensuring security and protecting privacy.
But yesterday, Kelly indicated Obama was wrong.
“I think we can raise people’s comfort level if in fact information comes out as to that we have these controls and these protections inside the NSA,” he said.
Allies of Kelly viewed his criticism as payback for Holder’s decision to recommend — at the 11th hour of a controversial court case — that a federal monitor oversee the NYPD’s stop-and-frisk program.
“Everything that Ray Kelly does has a purpose,” said City Council Public Safety Chairman Peter Vallone Jr. (D-Queens). “If Eric Holder wants to lecture Police Commissioner Kelly on how to fight crime in New York, then one of the world’s foremost experts on public safety [Kelly] can lecture Holder on how to fight terrorism.”
Holder and other law-enforcement officials have trashed Snowden and his claim about out-of-control government snooping.
Kelly said of the leaker:
“He tried to give the impression, it seems to me, that these system administrators had carte blanche to do what they wanted to do,” he said. “I think it’s a problem if that’s in fact what’s happening.”
New York Post
NEW YORK POST is a registered trademark of NYP Holdings, Inc.
nypost.com, nypostonline.com, and newyorkpost.com are trademarks of NYP Holdings, Inc.
© Copyright 2013 NYP Holdings, Inc. All rights reserved. Privacy | Terms of Use | Ad Choices****
Yet people will come onto the camera in street surveys and look straight into the interviewers face and proclaim, "I trust the government absolutely to do the right thing."
You can fool some of people [fools] all of the time.
I agree with Mark Levin on this about Dick Cheney. He was a great Vice President who helped keep up safe. But his defense of this NRS data gathering is "dead" wrong.
-
I am just beginning to get up to speed on this. I find my thinking rather muddled at present and what follows should be taken as merely some initial random impressions:
On the Chris Wallace show this week after the Cheney interview it seemed generally accepted (by Brit Hume, Jane Harman-- former congresswomen on the intel committee--, Karl Rove, Juan Williams) that this program was in the public record in 2006. It was asserted that to go past the metadata that FISA court search warrants were necessary and that there have been about 300 warrants granted (this year? total?)
I cannot find an acceptable reason for Snowden to be divulging our/British spying on foreign leaders at a G8 conference to the Chinese. Apparently he is giving more to the Chinese as well. This sure seems like treason to me.
-
Well Levin asks why do we need government to compile there own metadata when the privates are already snooping on us and they can get warrants to get data from them?
I don't buy we are safer. I don't buy government or some of its people will not use data for its own purposes and that this is not just a slippery slope but history tells us lack of transparency with the excuse of national security will by default of human nature to abuse.
I am shocked at the reaction at many on the right. Levin (I don't always agree with) asks how can freedom lovers defend this.
To me Snowden is a hero. There is absolutely no other avenue for him to express his concerns.
Just for kicks this doesn't just apply to computers. Copy machines can turn on mysteriously in the middle of the night. Indeed I think they can be used as back doors into computers:
****
Sharyl Attkisson Shares Update On Computer Hacking Investigation
June 17, 2013 2:22 PM
HACKED: Twitter Accounts Gone Wrong
Reporting Dom Giordano
PHILADELPHIA (CBS) — Just days after CBS News confirmed that reporter Sharyl Attkisson’s computer had indeed been hacked, Attkisson spoke to Dom Giordano about the investigation.
“This suspicious activity has been going on for quite some time – both on my CBS computer and my personal computer,” Attkisson said. “CBS then hired its own independent cyber security firm, which has been conducting a thorough forensic exam … they were able to rule out malware, phishing programs, that sort of thing.”
Attkisson described some of the bizarre things that were happening with her computer.
“There were just signs of unusual happenings for many months, odd behavior like the computers just turning themselves on at night and then turning themselves back off again. I was basically able to verify and obtain information from my sources on the suspicious activity and I reported it to CBS News in January because of course it included CBS equipment and systems.”
Attkisson could not speak about whether the hacking was related to her questions about Benghazi because of “legal counsel,” but she did say her work at that time was primarily on the occurrence.
“Whoever was in my work computer, the only thing I was working on were work-related things with CBS were big stories I guess during the time period in questions were I guess Benghazi and ‘Fast and Furious.’ The intruders did have access to personal information including passwords to my financial accounts and so on, but didn’t tamper with those, so they weren’t interested in stealing my identity or doing things to my finances. So people can decide on their own what they might have been trying to do in there.”
When asked how she felt about being hacked, Attkisson had this to say:
“Even apart from this specific incident with my computers … I operate as though someone is looking at what I do, just because that’s the safest thing,” Attkisson said. “While it’s upsetting to have that sort of intrusion done, it’s also not that unexpected.”
Attkisson also confirmed that the investigation is still ongoing, and that she still has questions about the way the Benghazi incident was handled.
“We’re continuing to move forward aggressively, CBS News takes this very seriously, as do I. I think whenever an unauthorized party comes into the home of an American, whether it’s any private citizen or journalist and gets in their house, searches their computers — these are computers my family uses — and they’re inserting or removing material for whatever their reasons are, I think that’s a really serious and disturbing matter and we’re gonna follow it up and keep pursuing it.”
-
a) "Well Levin asks why do we need government to compile there own metadata when the privates are already snooping on us and they can get warrants to get data from them?"
"I don't buy we are safer. I don't buy government or some of its people will not use data for its own purposes and that this is not just a slippery slope but history tells us lack of transparency with the excuse of national security will by default of human nature to abuse."
These seem like good points.
b) Still, why is Snowden giving stuff to the Chinese? Why divulge that the Brits were listening in to foreign leaders at a conference?
c) Not metada, but your actual email
http://www.nationalreview.com/article/350920/americas-vast-margin-error-victor-davis-hanson
d) The Problem is bigger than you think:
http://reason.com/archives/2013/06/17/citizens-and-the-state-the-problem-is-bi
e) Jonah Goldberg: Do You Want To Play a Game?
Despite last week's somewhat tinfoil-hatted G-File, I've actually been pretty careful about not locking into a position on the substance of the NSA story because I've had the sense from the beginning that there's just too much we don't know yet. That said, here are some partial conclusions I've come to over the last week.
First, James Clapper simply lied to Congress. I understand why he did. But from what I can tell, most of the people who lie to Congress do so for what they think are good reasons (Lois Lerner is an exception to that rule). That Clapper was unprepared to answer that question in a way that wasn't objectively deceitful amounts to gross malpractice.
Edward Snowden is fishier than the Frying Dutchman's All-You-Can-Eat Seafood Buffet. I'm not saying he's a Chinese agent or anything. Or, better said, I'm not saying he revealed all of this stuff as an agent of the Chinese. He might be auditioning for the position now. After all, you kind of lose some street cred when you bitch about the evil of the surveillance state and a lack of transparency and then set up shop in China. It's sort of like quitting your job as a lighting technician at the Mickey Mouse Club because you don't approve of the lax moral standards and then applying for a job at the Spearmint Rhino. Regardless, I think he's pretty clearly lying about what he was able to do as a cog in the NSA machine. He says he had the "authorities" to read anyone's e-mail, including the president's. I call shenanigans on this -- or at least the experts I've talked to do. It's unclear he even had the capability, which is a very different thing than the authority. I have the capability to drive my car through the window of a crowded Chipotle Mexican Grill and proclaim, "I came here to do two things: Chew gum and eat burritos, and I'm all out of gum!" That doesn't mean I have the authority to do such a thing.
This brings us to a really important distinction in all this: Existence vs. Abuse. I am coming around to the view that the program as it exists isn't necessarily outrageous on the merits. As far as we know so far, Snowden hasn't revealed any actual abuses of the program. And his hints about abuses are like bad pretzels: impossible to swallow without a lot of grains of salt. Now, you can argue that the existence of the program itself is, uh, itself an outrage. I have many friends who think this. I am truly torn on this question.
But you know what else is outrageous? The nuclear bomb. It's a barbaric weapon that can do a lot more damage than scanning your metadata. But like it or not, in a world where nuclear weapons exist, it's necessary for us to have nuclear weapons. The fact that they are horrible things doesn't mean we should get rid of them, it means that we should A) try really hard to keep our enemies from getting them and, more relevant, B) implement protocols that reassure people they won't be misused. Americans don't worry -- that much, at least -- about some bad actor in the White House or military launching a nuke on Trenton, N. J., and not just because the result would arguably be an improvement. We all understand that there are a whole bunch of hoops you have to jump through just to launch one of those suckers. First, there's the paperwork. Then, tour boss needs to get the order and his boss needs the order and all the way up and down the chain there are codes and redundancies until those two dudes have to turn the keys at the same time.
We know this mostly from Hollywood, of course. Which brings me to the last point. It would be in America's interest for the government to reassure people in the exact same way. No, I don't mean the government should make some bad movies about incredibly conscientious NSA spooks, but the government needs to get the reassurances sufficiently out there that they become fodder for the popular culture. To the extent there have been any movies and TV shows about NSA-CIA domestic snooping and evil-doing, they all make it seem like it's really easy for Alec Baldwin to get all up in your business like Frank Oz's hand inside Yoda. In the Bourne movies, all you've got to do is say the wrong word into your cell phone and the next thing you know some Monty Python dudes are knocking on your door asking for your liver, or something like that.
The problem with the nuclear-bomb analogy is that super-secret spying by keystroke is by its nature invisible. If someone drops a nuke by accident, odds are even the Today Show would lead with that over, say, Kim Kardashian's latest Facebook update about her irritable-bowel-syndrome diet. That's why the government needs to be a lot more transparent about this stuff. Now, my friends say that more transparency will make it harder to fight terrorists. To which I say, "Well, okay." Lots of things make it more difficult to fight terrorism. A few that come to mind: The First Amendment, the Fourth Amendment, posse comitatus rules, the moral, legal, and cultural strictures against indiscriminately flinging nuclear weapons at the Middle East, etc. Rand Paul makes a sound point when he says things would be easier for the watchmen if we simply installed microchips in everyone. That alone is not a boffo argument for doing so. I'm open to compromise here, but when a majority of the American people think the government will use these tools to harass political opponents, the government has an obligation to clear the air and reassure their bosses (and, in case you didn't read the American User Agreement called "the Constitution," that's us). If that makes things more difficult, well, that's too bad.
f) The new war, the secret war-- cyberwar: http://www.wired.com/threatlevel/2013/06/general-keith-alexander-cyberwar/all/
-
"I cannot find an acceptable reason for Snowden to be divulging our/British spying on foreign leaders at a G8 conference to the Chinese. Apparently he is giving more to the Chinese as well. This sure seems like treason to me."
Exactly!
-
"I cannot find an acceptable reason for Snowden to be divulging our/British spying on foreign leaders at a G8 conference to the Chinese. Apparently he is giving more to the Chinese as well. This sure seems like treason to me."
Exactly!
It's treason, and it ought to be against the law.
But first, let's poll the 16-35 demographic.
-
i continue my explorations on this subject , , ,
To My Congressional Colleagues: Stop the NSA Grandstanding
Members have had ample opportunity to learn about these valuable programs.
By DAN COATS
Last week, Edward Snowden, a National Security Agency contractor, attempted to make a political point by leaking several documents that have seriously harmed America's ability to identify and respond to terrorist threats. As damaging as Mr. Snowden's disclosures are to public safety, I am also troubled by the decision of several members of Congress to mischaracterize this leak to advance their personal and political agendas.
I don't blame citizens for their concern about these secretive NSA programs. Personal privacy and civil liberties are important to all Americans and are protected by the Constitution. Unfortunately, the Obama administration—especially of late—has fueled people's distrust of government, which has made the reaction to Mr. Snowden's leak far worse.
The recent IRS scandal, U.S. Attorney General Eric Holder's contradictory statements regarding his role in the Justice Department's investigations into journalists, and the administration's inadequate and inconsistent responses to the attacks on our diplomatic facilities in Benghazi, Libya, are just a few examples of how the Obama administration has widened the trust deficit plaguing the country.
Though it is more difficult to quantify than the fiscal deficit, the trust deficit is just as profound, providing plenty of reason for many Americans to believe reports about the NSA's intrusiveness in their private lives. Fortunately, the reports are almost uniformly distorted or false.
Following the attacks of Sept. 11, 2001, the American people demanded that the intelligence community be able to "connect the dots" to prevent terrorist attacks. Had the recently revealed programs been available to the NSA before 9/11, we likely could have identified some or all of the hijackers before they murdered thousands.
Enlarge Image
image
image
Getty Images
Edward Snowden
Twelve years later, the intelligence community is doing exactly what the American people asked for. The counterterrorism programs revealed last week have helped to thwart dozens of terrorist attacks. In one case, these programs identified a connection between al Qaeda terrorists in Pakistan and Najibullah Zazi, an al Qaeda operative in Colorado. This enabled the FBI to stop Zazi and his associates from detonating explosives in the New York City subway system.
These programs represent some of the most effective means available to protect the country from terrorist organizations like al Qaeda. Leaking this information only degrades our ability to prevent attacks. It compromises our sources and gives terrorists critical information on how we monitor their activities.
When I asked NSA Director Gen. Keith B. Alexander about the consequences of Mr. Snowden's leaks during a recent Senate hearing, he replied: "If we tell terrorists every way we track them, they will get through, and people will die." Mr. Snowden apparently did not share that concern or did not care.
Mr. Snowden was wrong about key details of these programs, and the press, blogs and members of Congress from both parties have echoed his distortions. For the record: The government is not and cannot indiscriminately listen in on Americans' phone calls or target their emails. It is not collecting the content of conversations or even their location under these programs. For instance, the only telephone data collected is the time of the call, the phone numbers involved and the length of the call. That is how we connect the dots and identify links between international terrorists and their collaborators within the United States. All of this is done under the supervision of the nation's top federal judges, senior officials across several different federal agencies and Congress.
These programs are legal, constitutional and used only under the strict oversight of all three branches of the government, including a highly scrutinized judicial process. Furthermore, members of both political parties review, audit and authorize all activities under the Foreign Intelligence Surveillance Act. As a member of the Senate Intelligence Committee, I can attest that few issues garner more of our attention than the oversight of these programs.
Elected officials have a duty to the American people to engage in an informed and honest debate. So it troubles me that some of my colleagues in Congress are engaging in disingenuous outrage when they were given ample opportunity to learn more, ask questions and even vote against these programs. Mischaracterizing national-security programs for political gain is irresponsible and has the potential to weaken the country's defenses. Members of Congress must remain vigilant in the face of misleading information about the substance and utility of our counterterrorism activities.
As a result of these leaks and subsequent spread of misinformation, the federal government faces a Catch-22. The administration must disclose more information about the use of these programs to regain the people's trust and ensure the protection of civil liberties, but doing so also compromises the programs. As the NSA chief said in his recent testimony, "Everything depends on trust. . . . We do not see a trade-off between security and liberty. It is not a choice, and we can and must do both simultaneously."
The government's interest in carrying out these programs is the most compelling imaginable: an enduring defense against terrorist attacks that could take thousands of innocent lives. I have no doubt that returning to a pre-9/11 security posture will make this country less safe. A majority of Americans agree, and their support is likely to grow as sensationalism and fear are replaced with facts.
Sen. Coats is a Republican from Indiana and a member of the Senate Intelligence Committee.
-
The Russians handed us the Boston bombers and yet we now have a new group of amputees in Boston. A US Army major was chatting about jihad with an al qaeda cleric in Yemen and it took the DoD cops to stop his "workplace violence" episode.
We were tipped off about the underwear bomber, yet it was only ineptitude that saved that flight.
-
Good thing the FBI is no longer keeping an eye on mosques (I do have this right, yes?) and is now relying upon CAIR , , ,
There is also the matter of Baraq and his minions perpetually portraying the Tea Party as the moral equivalent to AQ , , , one might even get the idea that they want to use these capabilities against us , , , but that would be against the law , , , wouldn't it? , , ,
-
http://www.examiner.com/article/fbi-director-robert-mueller-faces-tough-questions-on-boston-bombings
FBI Director Robert Mueller faces tough questions on Boston bombings
Government Topics
June 14, 2013
By: Renee Nal
FBI Director Robert Mueller defends FBI handling of Boston bombing
On Thursday, Rep. Louie Gohmert (R-TX) and FBI Director Robert Mueller had a tense exchange regarding the FBI investigation of the Boston marathon bombings.
Gohmert brought up the 'purge' of FBI training materials that may have contributed to FBI investigators overlooking dangers involving radical Islam, as well as the lack of investigation into the Massachusetts mosque where the Tsarnaev brothers attended, which was 'co-founded by a man who is behind bars [Abdurahman Alamoudi] for supporting terrorism.'
Rep. Louie Gohmert (R-TX) spoke about the heated discussion On America's Newsroom with Fox News anchor Martha MacCallum on Friday.
Director Mueller claimed that the FBI was at the Boston mosque months prior to the Boston bombing as a part of their 'outreach efforts,' but that the FBI was unaware that the mosque was co-founded by Abdulrahman Alamoudi, who was convicted for his part in '...an assassination plot against a Saudi prince.' The same mosque has been associated with other terrorists, as reported in April by USA Today.
How is it possible that the FBI had no idea that the mosque attended by the Tsarnaev brothers is associated with terrorists?
Speaking with MacCallum, Gohmert said regarding the 'purge' of FBI training materials,
“
'You cannot do an adequate investigation of radical Islam if you cannot talk about what radical Islam is...what it believes.'
'I get tired of the FBI and this administration saying [that] the Russians should have given us more information,' Gohmert said. 'They didn't even know the mosque these brothers were attending was started by a terrorist supporter who is in prison for it. It's shocking.'
There are some very serious unanswered questions in relation to the Boston bombing.
•The New York Times reported that Tamerlan was 'entered into two different United States government watch lists in late 2011 that were designed to alert the authorities if he traveled overseas.' If they already had Tamerlan Tsarnaev on their radar from previous communications with him, why did the FBI have to appeal to the American people to identify the brothers on national television?
•Despite repeated assurances that there was no intelligence leading up to the Boston bombing, there actually was an 18-page, taxpayer-funded report that 'identified the finish line of the race as an area of increased vulnerability and warned Boston police that extremists may use small scale bombings to attack spectators and runners at the event,' as reported by the LA Times.
•Considering that martial law was imposed on the entire city of Boston (which continues to be a troubling fact), how is it that 19-year-old Dzhokhar Tsarnaev managed to escape during the initial battle that killed his brother, Tamerlan?
•There have been conflicting reports of whether Dzhokhar Tsarnaev fled the gun battle scene by car or on foot. Col. Timothy Alben of the Massachusetts state police, for example, specifically stated that Dzhokhar “fled on foot...” The New York Times, however, reported that Dzhokhar '...climbed back into the car and drove off, apparently hitting his older brother.' After Tamerlan Tsarnaev was pronounced dead, Dr. Richard Wolfe, head of emergency medicine at Beth Israel Deaconess Medical Center said 'I certainly did not see any tire marks or the usual things we see with someone run over by a car,' as reported by the Boston Herald.
Other troubling questions related to the Boston bombing remain.
•The original person of interest in the Boston marathon bombing, Abdulrahman al-Harbi, was widely reported to have been 'tackled' after a citizen noticed suspicious behavior. It turns out that the Saudi National was never tackled. So why did he come to the attention of the FBI in the first place?
•Ibragim Todashev was reportedly a friend of Tamerlan Tsarnaev. He was killed by the FBI during an interview where he was reportedly about to sign a written confession to a 2011 murder. Initially, it was reported that he had a knife and lunged at agents. But, that story was changed later. Todashev had no knife. What happened? Was the interview recorded?
If nobody asks the questions, the Boston marathon bombing will fade into the background. Despite the fact that Gohmert is vilified in the mainstream media, his questions to Mueller were valid.
-
(http://img2.timeinc.net/people/i/2013/news/130617/boston-300.jpg)
-
http://www.slate.com/articles/technology/future_tense/2013/02/silent_circle_s_latest_app_democratizes_encryption_governments_won_t_be.single.html
The Threat of Silence
Meet the groundbreaking new encryption app set to revolutionize privacy and freak out the feds.
By Ryan Gallagher|Posted Monday, Feb. 4, 2013, at 12:21 PM
Mike Janke.
Silent Circle CEO Mike Janke
Courtesy of Silent Circle
For the past few months, some of the world’s leading cryptographers have been keeping a closely guarded secret about a pioneering new invention. Today, they’ve decided it’s time to tell all.
Back in October, the startup tech firm Silent Circle ruffled governments’ feathers with a “surveillance-proof” smartphone app to allow people to make secure phone calls and send texts easily. Now, the company is pushing things even further—with a groundbreaking encrypted data transfer app that will enable people to send files securely from a smartphone or tablet at the touch of a button. (For now, it’s just being released for iPhones and iPads, though Android versions should come soon.) That means photographs, videos, spreadsheets, you name it—sent scrambled from one person to another in a matter of seconds.
“This has never been done before,” boasts Mike Janke, Silent Circle’s CEO. “It’s going to revolutionize the ease of privacy and security.”
Advertisement
True, he’s a businessman with a product to sell—but I think he is right.
The technology uses a sophisticated peer-to-peer encryption technique that allows users to send encrypted files of up to 60 megabytes through a “Silent Text” app. The sender of the file can set it on a timer so that it will automatically “burn”—deleting it from both devices after a set period of, say, seven minutes. Until now, sending encrypted documents has been frustratingly difficult for anyone who isn’t a sophisticated technology user, requiring knowledge of how to use and install various kinds of specialist software. What Silent Circle has done is to remove these hurdles, essentially democratizing encryption. It’s a game-changer that will almost certainly make life easier and safer for journalists, dissidents, diplomats, and companies trying to evade state surveillance or corporate espionage. Governments pushing for more snooping powers, however, will not be pleased.
By design, Silent Circle’s server infrastructure stores minimal information about its users. The company, which is headquartered in Washington, D.C., doesn’t retain metadata (such as times and dates calls are made using Silent Circle), and IP server logs showing who is visiting the Silent Circle website are currently held for only seven days. The same privacy-by-design approach will be adopted to protect the security of users’ encrypted files. When a user sends a picture or document, it will be encrypted, digitally “shredded” into thousands of pieces, and temporarily stored in a “Secure Cloud Broker” until it is transmitted to the recipient. Silent Circle, which charges $20 a month for its service, has no way of accessing the encrypted files because the “key” to open them is held on the users’ devices and then deleted after it has been used to open the files. Janke has also committed to making the source code of the new technology available publicly “as fast as we can,” which means its security can be independently audited by researchers.
The cryptographers behind this innovation may be the only ones who could have pulled it off. The team includes Phil Zimmermann, the creator of PGP encryption, which is still considered the standard for email security; Jon Callas, the man behind Apple’s whole-disk encryption, which is used to secure hard drives in Macs across the world; and Vincent Moscaritolo, a top cryptographic engineer who previously worked on PGP and for Apple. Together, their combined skills and expertise are setting new standards—with the results already being put to good use.
According to Janke, a handful of human rights reporters in Afghanistan, Jordan, and South Sudan have tried Silent Text’s data transfer capability out, using it to send photos, voice recordings, videos, and PDFs securely. It’s come in handy, he claims: A few weeks ago, it was used in South Sudan to transmit a video of brutality that took place at a vehicle checkpoint. Once the recording was made, it was sent encrypted to Europe using Silent Text, and within a few minutes, it was burned off of the sender’s device. Even if authorities had arrested and searched the person who transmitted it, they would never have found the footage on the phone. Meanwhile, the film, which included location data showing exactly where it was taken, was already in safe hands thousands of miles away—without having been intercepted along the way—where it can eventually be used to build a case documenting human rights abuses.
One of the few people to have tested the new Silent Circle invention is Adrian Hong, the managing director of Pegasus Strategies, a New York-based consulting firm that advises governments, corporations, and NGOs. Hong was himself ensnared by state surveillance in 2006 and thrown into a Chinese jail after getting caught helping North Korean refugees escape from the regime of the late Kim Jong Il. He believes that Silent Circle’s new product is “a huge technical advance.” In fact, he says he might not have been arrested back in 2006 “if the parties I was speaking with then had this [Silent Circle] platform when we were communicating.”
But while Silent Circle’s revolutionary technology will assist many people in difficult environments, maybe even saving lives, there’s also a dark side. Law enforcement agencies will almost certainly be seriously concerned about how it could be used to aid criminals. The FBI, for instance, wants all communications providers to build in backdoors so it can secretly spy on suspects. Silent Circle is pushing hard in the exact opposite direction—it has an explicit policy that it cannot and will not comply with law enforcement eavesdropping requests. Now, having come up with a way not only to easily communicate encrypted but to send files encrypted and without a trace, the company might be setting itself up for a serious confrontation with the feds. Some governments could even try to ban the technology.
Janke is bracing himself for some “heat” from the authorities, but he’s hopeful that they’ll eventually come round. The 45-year-old former Navy SEAL commando tells me he believes governments will eventually realize that “the advantages are far outweighing the small ‘one percent’ bad-intent user cases.” One of those advantages, he says, is that “when you try to introduce a backdoor into technology, you create a major weakness that can be exploited by foreign governments, hackers, and criminal elements.”
If governments don’t come round, though, Silent Circle’s solution is simple: The team will close up shop and move to a jurisdiction that won’t try to force them to comply with surveillance.
“We feel that every citizen has a right to communicate,” Janke says, “the right to send data without the fear of it being grabbed out of the air and used by criminals, stored by governments, and aggregated by companies that sell it.”
The new Silent Circle encrypted data transfer capability is due to launch later this week, hitting Apple’s App Store by Feb. 8. Expect controversy to follow.
This article arises from Future Tense, a collaboration among Arizona State University, the New America Foundation, and Slate. Future Tense explores the ways emerging technologies affect society, policy, and culture. To read more, visit the Future Tense blog and the Future Tense home page. You can also follow us on Twitter.
-
Though I have substantial disagreement with some of the points in this piece I found this to be both thoughtful and fair to and respectful of other points of view.
http://www.nationalreview.com/article/351128/national-security-right-goes-silent-andrew-c-mccarthy
-
second post:
I hope I'm not posting too many pieces on this, but I am working on sorting out my thoughts and feelings on this:
http://www.theatlanticwire.com/politics/2013/06/other-nsa-whistleblowers-hope-time-different/66166/
http://www.wired.com/threatlevel/2013/06/general-keith-alexander-cyberwar/ (I'm thinking that if there is to be cyberwar then we should win, but there is much here of great concern)
-
Interesting Ill have to keep an eye out on the blogs about this subject.
-
Given your technical expertise, I'd be particularly interested in your take on all this.
-
http://www.deseretnews.com/article/765632912/Al-Qaida-said-to-be-changing-its-ways-after-leaks.html
WASHINGTON — U.S. intelligence agencies are scrambling to salvage their surveillance of al-Qaida and other terrorists who are working frantically to change how they communicate after a National Security Agency contractor leaked details of two NSA spying programs. It's an electronic game of cat-and-mouse that could have deadly consequences if a plot is missed or a terrorist operative manages to drop out of sight.
Terrorist groups had always taken care to avoid detection — from using anonymous email accounts, to multiple cellphones, to avoiding electronic communications at all, in the case of Osama bin Laden. But there were some methods of communication, like the Skype video teleconferencing software that some militants still used, thinking they were safe, according to U.S. counterterrorism officials who follow the groups. They spoke anonymously as a condition of describing their surveillance of the groups. Those militants now know to take care with Skype — one of the 9 U.S.-based Internet servers identified by former NSA contractor Edward Snowden's leaks to The Guardian and The Washington Post.
Two U.S. intelligence officials say members of virtually every terrorist group, including core al-Qaida members, are attempting to change how they communicate, based on what they are reading in the media, to hide from U.S. surveillance. It is the first time intelligence officials have described which groups are reacting to the leaks. The officials spoke anonymously because they were not authorized to speak about the intelligence matters publicly.
The officials wouldn't go into details on how they know this, whether it's terrorists switching email accounts or cellphone providers or adopting new encryption techniques, but a lawmaker briefed on the matter said al-Qaida's Yemeni offshoot, al-Qaida in the Arabian Peninsula, has been among the first to alter how it reaches out to its operatives.
The lawmaker spoke anonymously because he would not, by name, discuss the confidential briefing.
Shortly after Edward Snowden leaked documents about the secret NSA surveillance programs, chat rooms and websites used by like-minded extremists and would-be recruits advised users how to avoid NSA detection, from telling them not to use their real phone numbers to recommending specific online software programs to keep spies from tracking their computers' physical locations.
House Intelligence Committee Chairman Mike Rogers, R-Mich., said there are "changes we can already see being made by the folks who wish to do us harm, and our allies harm."
Sen. Angus King, I-Maine, said Tuesday that Snowden "has basically alerted people who are enemies of this country ... (like) al-Qaida, about what techniques we have been using to monitor their activities and foil plots, and compromised those efforts, and it's very conceivable that people will die as a result."
Privacy activists are more skeptical of the claims. "I assume my communication is being monitored," said Andrew Prasow, senior counterterrorism counsel for Human Rights Watch. She said that's why her group joined a lawsuit against the Director of National Intelligence to find out if its communications were being monitored. The case was dismissed by the U.S. Supreme Court last fall. "I would be shocked if terrorists didn't also assume that and take steps to protect against it," she said.
"The government is telling us, 'This has caused tremendous harm.' But also saying, 'Trust us we have all the information. The US government has to do a lot more than just say it," Prasow said.
At the same time, NSA and other counterterrorist analysts have been focusing their attention on the terrorists, watching their electronic communications and logging all changes, including following which Internet sites the terrorist suspects visit, trying to determine what system they might choose to avoid future detection, according to a former senior intelligence official speaking anonymously as a condition of discussing the intelligence operations.
"It's frustrating. You have to start all over again to track the target," said M.E. "Spike" Bowman, a former intelligence officer and deputy general counsel of the FBI, now a fellow at the University of Virginia's Center for National Security Law. But the NSA will catch up eventually, he predicted, because there are only so many ways a terrorist can communicate. "I have every confidence in their ability to regain access."
Terror groups switching to encrypted communication may slow the NSA, but encryption also flags the communication as something the U.S. agency considers worth listening to, according to a new batch of secret and top-secret NSA documents published last week by The Guardian, a British newspaper. They show that the NSA considers any encrypted communication between a foreigner they are watching and a U.S.-based person as fair game to gather and keep, for as long as it takes to break the code and examine it.
Documents released last week also show measures the NSA takes to gather foreign intelligence overseas, highlighting the possible fallout of the disclosures on more traditional spying. Many foreign diplomats use email systems like Hotmail for their personal correspondence. Two foreign diplomats reached this week who use U.S. email systems that the NSA monitors overseas say they plan no changes, because both diplomats said they already assumed the U.S. was able to read that type of correspondence. They spoke on condition of anonymity because they were not authorized to discuss their methods of communication publicly.
The changing terrorist behavior is part of the fallout of the release of dozens of top-secret documents to the news media by Snowden, 30, a former systems analyst on contract to the NSA.
The Office of the Director for National Intelligence and the NSA declined to comment on the fallout, but the NSA's director, Gen. Keith Alexander, told lawmakers that the leaks have caused "irreversible and significant damage to this nation."
"I believe it will hurt us and our allies," Alexander said.
"After the leak, jihadists posted Arabic news articles about it ... and recommended fellow jihadists to be very cautious, not to give their real phone number and other such information when registering for a website," said Adam Raisman of the SITE Intelligence Group, a private analysis firm. They also gave out specific advice, recommending jihadists use privacy-protecting email systems to hide their computer's IP address, and to use encrypted links to access jihadi forums, Raisman said.
Other analysts predicted a two-track evolution away from the now-exposed methods of communication: A terrorist who was using Skype to plan an attack might stop using that immediately so as not to expose the imminent operation, said Ben Venzke of the private analysis firm IntelCenter.
But if the jihadi group uses a now-exposed system like YouTube to disseminate information and recruit more followers, they'll make a gradual switch to something else that wasn't revealed by Snowden's leaks — moving slowly in part because they'll be trying to determine whether new systems they are considering aren't also compromised, and they'll have to reach their followers and signal the change. That will take time.
"Overall, for terrorist organizations and other hostile actors, leaks of this nature serve as a wake-up call to look more closely at how they're operating and improve their security," Venzke said. "If the CIA or the FBI was to learn tomorrow that its communications are being monitored, do you think it would be business as usual or do you think they would implement a series of changes over time?"
Terrorist groups have already adapted after learning from books and media coverage of "how U.S. intelligence mines information from their cellphones found at sites that get raided in war zones," said Scott Swanson, a forensics intelligence expert with Osprey Global Solutions. "Many are increasingly switching the temporary phones or SIM cards they use and throw them away more often, making it harder to track their network."
The disclosure that intelligence agencies were listening to Osama bin Laden drove him to drop the use of all electronic communications.
"When it leaked that bin Laden was using a Thuraya cellphone, he switched to couriers," said Jane Harman, former member of the House Intelligence Committee and now director of the Woodrow Wilson International Center. "The more they know, the clearer the road map is for them."
It took more than a decade to track bin Laden down to his hiding place in Abbottabad, Pakistan, by following one of those couriers.
Follow Kimberly Dozier on Twitter at http://twitter.com/kimberlydozier
-
http://www.cnn.com/2013/06/30/world/europe/eu-nsa/index.html
As disconcerting as the NSA Prism program is, worth noting is that other powers do this too.
The question must be asked:
Are we to be the only who does not?
-
second post
This is the most important email we’re going to send you this month. As you know, recent leaks have revealed that the U.S. Government has turned the Internet into the most massive modern surveillance tool in history, one that can constantly monitor and invade the privacy of people all over the world. Including you.
Click here if that pisses you off and you’re ready to do something about it.
UPDATE: just as we were sending this email, we saw the latest leaked documents that show that PRISM allowed the NSA to use FBI-operated equipment located at tech companies headquarters to eavesdrop on our conversations in real-time. See them for yourself, but read on.
Millions have already taken action, but it’s going to take more than just petition signatures to put a stop to unconstitutional NSA surveillance. The U.S. government wants to forget it’s own Constitution. We’re going to make that completely impossible.
There are national protests happening on July 4th -- online and off. Grassroots Internet users have organized Restore the Fourth protests on the ground all over the U.S. on the 4th of July. Building off the energy of the StopWatching.us coalition (which now has over 550,000 signers), and aiming to amplify the protests on the ground, we’re raising the Internet Defense League’s “Cat Signal” on July 4th, asking websites and organizations to show call out the NSA by displaying the text of the 4th Amendment. We just started outreach and we’ve already got EFF, Wordpress, 4chan, Reddit, Namecheap, Imgur, Mozilla, DuckDuckGo, Fark, and Cheezburger signed up to participate. We need you too!
If you already have the IDL’s “all campaigns” code installed, you’re all set. The Cat Signal will be raised at midnight on July 4th and will turn off at midnight on July 5th. We’ll send out campaign specific code on Tuesday, for those who just want to participate in this action, but what we need you to do right now is help spread the word. We need to ramp this up and get everyone on board. If you have Twitter or Facebook, click the link below, if not, please blog, share, call your friends and tell them. This is going to be epic, so get everyone.
We need you on this one. Click here to join our Thunderclap and help make this protest HUGE.
This is a watershed moment for our basic rights to free speech, freedom of association, and privacy. What the NSA is doing is illegal. We are at the moment where we decide if the government should have the power to track, target, profile, and deem suspicious any one of us based on our small everyday movements. The first in line are probably the journalists we depend on, any of our friends or family who are even slightly political. This is why privacy matters -- it does not allow the government to unreasonably persecute anyone.
Click here to join our Thunderclap to spread the word about the protests!
It’s time to leave behind the politics that have failed us. These government dragnet programs started under Bush, but Obama made them even worse, and his administration has mounted an unprecedented attack on journalists and whistleblowers, using the Espionage Act to stifle free speech more times than all other presidents combined. Republicans and Democrats have both failed to uphold the Constitution -- they’re defending the NSA’s programs, or outright lying about it -- and as a result, the foundation of our democracy is in question.
There’s many ways to fight the NSA. Click here to see all the ways that you can participate on July 4th, online and in the streets.
Can you forward this to 10 people right now and ask them to do the same?
We’re counting on you. Everyone is. Last chance: click here to join the movement.
Sincerely,
Tiffiniy, Holmes, Evan, and the whole FFTF team
You can also:
*Donate to make all this happen.
*Like us on Facebook
*Follow us on Twitter
SOURCES:
1) The Guardian, “NSA collected U.S. email records in bulk for more than 2 years under Obama”
2) Washington Post, “Here’s everything we know about how the NSA’s secret programs work”
3) Slate, “Obama Has Charged More Under Espionage Act Than All Other Presidents Combined”
4) Watch Glen Greenwald on Democracy Now as he proves that Dianne Feinstein lied to the camera
5) The Atlantic, “2 Senators Say the NSA is Still Feeding us False Information”
-
third post
http://www.newsmax.com/newswidget/Germany-spying-Snowden-Cold-War/2013/07/01/id/512725?promo_code=12390-1&utm_source=12390PJ_Media&utm_medium=nmwidget&utm_campaign=widgetphase1
What she has in mind:
http://news.yahoo.com/u-bugged-eu-offices-computer-networks-german-magazine-162017024.html
The Green chime in:
http://www.nytimes.com/2013/06/30/opinion/sunday/germans-loved-obama-now-we-dont-trust-him.html?pagewanted=1&_r=1&hp&
-
Who Helped Snowden Steal State Secrets?
The preparations began before he took the job that landed him at the NSA.
http://online.wsj.com/article/SB10001424127887323873904578573382649536100.html?mod=WSJ_Opinion_LEFTTopOpinion
Before taking the job in Hawaii, Mr. Snowden was in contact with people who would later help arrange the publication of the material he purloined. Two of these individuals, filmmaker Laura Poitras and Guardian blogger Glenn Greenwald, were on the Board of the Freedom of the Press Foundation that, among other things, funds WikiLeaks.
In January 2013, according to the Washington Post, Mr. Snowden requested that Ms. Poitras get an encryption key for Skype so that they could have a secure channel over which to communicate.
In February, he made a similar request to Mr. Greenwald, providing him with a step-by-step video on how to set up encrypted communications.
-
Please post that on the Intel thread as well. TIA.
-
http://www.zdnet.com/eu-votes-to-support-suspending-u-s-data-sharing-agreements-including-passenger-flight-data-7000017677/
-
5 page article.
http://www.vanityfair.com/culture/2013/07/new-cyberwar-victims-american-business
-
Well its kind of hard to feel sorry for the likes of MSFT and Google and the like who hire teams of hackers and investigators to snoop all over the place when it is in their interests.
It is surely the case of the pot calling the kettle black. I am not for any of it; corporate or governmental. That said, I lament, there is no stopping it.
-
http://www.cnn.com/2013/06/30/world/europe/eu-nsa/index.html
As disconcerting as the NSA Prism program is, worth noting is that other powers do this too.
The question must be asked:
Are we to be the only who does not?
http://www.nytimes.com/2013/07/05/world/europe/france-too-is-collecting-data-newspaper-reveals.html?_r=0&pagewanted=print
By STEVEN ERLANGER
PARIS — Days after President François Hollande sternly told the United States to stop spying on its allies, the newspaper Le Monde disclosed on Thursday that France has its own large program of data collection, which sweeps up nearly all the data transmissions, including telephone calls, e-mails and social media activity, that come in and out of France.
Le Monde reported that the General Directorate for External Security does the same kind of data collection as the American National Security Agency and the British GCHQ, but does so without clear legal authority.
The system is run with “complete discretion, at the margins of legality and outside all serious control,” the newspaper said, describing it as “a-legal.”
Nonetheless, the French data is available to the various police and security agencies of France, the newspaper reported, and the data is stored for an indeterminate period. The main interest of the agency, the paper said, is to trace who is talking to whom, when and from where and for how long, rather than in listening in to random conversations. But the French also record data from large American networks like Google and Facebook, the newspaper said.
Le Monde’s report, which French officials would not comment on publicly, appeared to make some of the French outrage about the revelations of Edward J. Snowden, a former N.S.A. contractor, about the American data-collection program appear somewhat hollow.
But French officials did say privately on Thursday that there was a difference between data collection in the name of security and spying on allied nations and the European Union. While French officials have said that they do not spy on the American Embassy in France, American officials are skeptical of those reassurances, and have pointed out that France has an aggressive and amply financed espionage system of its own.
The French interior minister, Manuel Valls, said Thursday at the July 4 reception at the American ambassador’s residence in Paris that Mr. Hollande’s demands for clear explanations about the reports of American spying were justified because “such practices, if proven, do not have their place between allies and partners.” He said that “in the name of our friendship, we owe each other honesty.”
Separately, in a statement, Mr. Valls said that France had received an asylum request from Mr. Snowden, but that it would be rejected.
The European Parliament, meeting in Strasbourg, France, to debate the Snowden disclosures, overwhelmingly passed a resolution that “strongly condemns the spying on E.U. representations,” warned of its “potential impact on trans-Atlantic relations” and demanded “immediate clarification from the U.S. authorities on the matter.”
The legislators rejected an amendment calling for the postponement of talks scheduled for Monday on a potential European-American free-trade agreement. France and Mr. Hollande had called for the talks to be delayed, but the European Commission said that they would go ahead in parallel with talks on the American spying programs.
Many Europeans have been shocked and outraged less by the idea of American espionage than the sheer scale of the data-collection abroad. According to Mr. Snowden’s revelations, between 15 million and 60 million transmissions are collected by the Americans every day from Germany alone.
American officials had privately warned French officials to be careful about speaking with too much outrage about American espionage given that major European countries like France spy, too, and not just on their enemies.
-
http://www.theblaze.com/stories/2013/07/14/snowden-docs-contain-nsa-blueprint-an-instruction-manual-for-agencys-inner-workings-guardian-journalist-reveals/
-
http://www.theblaze.com/stories/2013/07/14/snowden-docs-contain-nsa-blueprint-an-instruction-manual-for-agencys-inner-workings-guardian-journalist-reveals/
Just taking a wild guess but I would assume Tactics, Techniques & Procedures (TTP), Standard Operating Procedures (SOP) and many other internal documents about how things or done \ carried out.
Probably Network Diagrams and more too.
Not going to look at anything Snowden related while at work, I think some of its blocked anyway.
-
http://www.google.com/search?hl=en&source=hp&q=Technical+Tactical+Procedures+&gbv=2&oq=Technical+Tactical+Procedures+&gs_l=heirloom-hp.13..0i22i30.641.641.0.2953.1.1.0.0.0.0.281.281.2-1.1.0...0.0...1ac.1.15.heirloom-hp.KIZwIFt223U
Michael Mimoso July 12, 2013 , 2:25 pm
For over two decades DEF CON has been an open nexus of hacker culture, a place where seasoned pros, hackers, academics, and feds can meet, share ideas and party on neutral territory. Our community operates in the spirit of openness, verified trust, and mutual respect.
When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship. Therefore, I think it would be best for everyone involved if the feds call a “time-out” and not attend DEF CON this year.
This will give everybody time to think about how we got here, and what comes next.
—Jeff Moss
Those are the 105 words that have polarized the hacker community.
DEF CON founder Jeff Moss turned the annual hacker conference on its ear Wednesday night when he asked federal government employees to stay away from this year’s show, which starts Aug.1 in Las Vegas. Strained by the revelations of surveillance by the National Security Agency and accusations of unwarranted access to Americans’ online activities, Moss decided to ask for a timeout.
The reaction since has been mixed, if not predictable. Some think events such as DEF CON should be open and collaborative, and that includes with the feds, while others find it counterintuitive to include the feds at an event that fosters technology and thinking that leads to secure and private communication and enterprise.
Moss, who is currently ICANN’s chief security officer, told Reuters that it was a tough call for him to make.
“The community is digesting things that the Feds have had a decade to understand and come to terms with,” Moss told the news agency. “A little bit of time and distance can be a healthy thing, especially when emotions are running high.”
Moss told Threatpost that he is in Durban, South Africa for the ICANN 45 meetings and was not available for comment at the time of publication.
The fallout has begun already, however, with two researchers pulling out of DEF CON after Moss’ decision. Kevin Johnson and James Jardine of Secure Ideas were scheduled to deliver a talk on SharePoint security, but instead decided against giving the talk at the show. Johnson saw the post on Wednesday night from Moss and slept on it a night before meeting with Jardine and other colleagues and making their final decision.
“It sat wrong with me,” Johnson said. “My immediate reaction was that I don’t want to be part of this.”
“I had the same reaction,” Jardine said. “I said I don’t want to be part of something disallowing or not bringing certain groups invited in.”
Jardine and Johnson explained their position in a blogpost, stating that DEF CON is a neutral ground that encourage open communication regardless of industry.
“We believe the exclusion of the “feds” this year does the exact opposite at a critical time. James and I do not feel that this should be about anti/pro government, but rather a continuation of openness that this event has always encouraged,” Johnson wrote. “We both have much respect for DEF CON and the entire organization and security community. It is with this respect that we are pulling our talk from the DEF CON 21 lineup. We understand that this may cause unfortunate change of plans for some, but feel we have to support our beliefs of cooperative collaboration to improve the state of information security technology.”
Robert Graham, CEO of Errata Security, steered the discussion away from politics and said Moss and DEF CON are simply heading off conflict.
“A highly visible fed presence is likely to trigger conflict with people upset over Snowden-gate. From shouting matches, to physical violence, to ‘hack the fed’, something bad might occur. Or, simply attendees will choose to stay away. Any reasonable conference organizer, be they pro-fed or anti-fed, would want to reduce the likelihood of this conflict,” Graham, a past DEF CON presenter, wrote on his company’s blog. “The easiest way to do this is by reducing the number of feds at DEF CON, by asking them not to come. This is horribly unfair to them, of course, since they aren’t the ones who would be starting these fights. But here’s the thing: it’s not a fed convention but a hacker party. The feds don’t have a right to be there — the hackers do. If bad behaving hackers are going to stir up trouble with innocent feds, it’s still the feds who have to go.”
Nick Selby, another security professional and frequent speaker at industry events, said Moss’ decision is self-defeating. He points out that most hackers understand full well the depths of surveillance by the signals intelligence community.
“The relationship between hackers and feds is symbiotic,” Selby wrote. “To deny this is shortsighted, wrong and panders to a constituency that is irrelevant to our shared goals. It also defies the concept that, ‘Our community operates in the spirit of openness, verified trust, and mutual respect.’”
Black Hat, which precedes DEF CON, features NSA director Gen. Keith B. Alexander as its keynote speaker and several sessions given by employees of government agencies. Black Hat general manager Trey Ford said he would not consider a similar decision to the one made by Moss.
“Black Hat strives to cultivate interaction, innovation, and partnership within the security ecosystem—offense and defense, public and private,” Ford said via email, adding that he hopes Black Hat will move the conversation forward regarding the revelations of NSA surveillance of Americans.
“I think the Prism announcement got more attention than prior leaks to the general population, but we in InfoSec have no excuse for acting like we didn’t know this was possible or happening. (it is done inside companies every day),” Ford said. “Privacy is a very real concern for both the security and intelligence communities and we look forward to encouraging conversations about this very topic onsite. Everyone that comes to Black Hat is serious about security, has a professional level of interest, and is here to engage and improve that conversation.”
Alexander, meanwhile, is still scheduled to deliver his keynote and Ford would not comment on a contingency plan should he pull out, nor did he have specifics on what the general will be speaking about.
“General Alexander faces hard decisions about where privacy and security cross, a way of thinking that the security community is also very familiar with,” Ford said. “I am hoping we get a glimpse into his world and thinking.”
Meanwhile, Johnson said he and Jardine did not make their decision to pull out of DEF CON lightly and their intention is not to have others follow suit.
“[Moss’] decision seems really opposite of what DEF CON stands for. From the reaction of some people, I find it hypocritical where some are saying that [the hacker community’s] idea of openness doesn’t involve the feds. I think that’s naïve,” Johnson said. “Openness has to involve everybody. People have been overwhelmed by political issues and the outing of spying and surveillance. They’re letting their feelings toward that overshadow what the DEF CON message has always been which is to get together, break stuff and learn together.”
Johnson and Jardine said they will still release a paper on their talk which covers an overarching plan for assessing SharePoint installations, including a tool they will release as open source, and guidelines for SharePoint assessments for pen-testers and internal teams to help them understand risks associated with the Microsoft collaboration platform.
*DEF CON image via leduardo‘s Flickr photostream, Creative Commons
-
I thought it might be of use for people who are curious of how some attacks work. I always like to look at \ read new stuff.
USEFUL EXPLANATIONS OF HOW NEW ATTACKS WORK
Dubious HTTP II - Unusual HTTP Content-Encodings:
http://noxxi.de/research/unusual-http-content-encoding.html
Another year, another rogue. Not what the doctor ordered:
http://blogs.technet.com/b/mmpc/archive/2013/06/27/another-year-another-rogue-not-what-the-doctor-ordered.aspx
Skype for Android lockscreen bypass:
http://seclists.org/fulldisclosure/2013/Jul/6
Cybercriminals experiment with Tor-based C&C, ring-3 rootkit empowered, SPDY form-grabbing bot:
http://blog.webroot.com/2013/07/02/cybercriminals-experiment-with-tor-based-cc-ring-3-rootkit-empowered-spdy-form-grabbing-malware-bot/
Securing Microsoft Windows 8: AppContainers:
http://news.saferbytes.it/analisi/2013/07/securing-microsoft-windows-8-appcontainers/
A penetration tester's guide to IPMI and BMCs:
https://community.rapid7.com/community/metasploit/blog/2013/07/02/a-penetration-testers-guide-to-ipmi
Analysis of CVE-2013-0809:
http://axtaxt.wordpress.com/2013/07/06/analysis-of-cve-2013-0809/
Postpwnium writeup:
http://rpw.io/blog/2013/06/11/postpwnium_writeup/
-
Keeping the NSA in Perspective
Geopolitical Weekly
Tuesday, July 16, 2013 - 04:01 Print Text Size
Stratfor
By George Friedman
In June 1942, the bulk of the Japanese fleet sailed to seize the Island of Midway. Had Midway fallen, Pearl Harbor would have been at risk and U.S. submarines, unable to refuel at Midway, would have been much less effective. Most of all, the Japanese wanted to surprise the Americans and draw them into a naval battle they couldn't win.
The Japanese fleet was vast. The Americans had two carriers intact in addition to one that was badly damaged. The United States had only one advantage: It had broken Japan's naval code and thus knew a great deal of the country's battle plan. In large part because of this cryptologic advantage, a handful of American ships devastated the Japanese fleet and changed the balance of power in the Pacific permanently.
This -- and the advantage given to the allies by penetrating German codes -- taught the Americans about the centrality of communications code breaking. It is reasonable to argue that World War II would have ended much less satisfactorily for the United States had its military not broken German and Japanese codes. Where the Americans had previously been guided to a great extent by Henry Stimson's famous principle that "gentlemen do not read each other's mail," by the end of World War II they were obsessed with stealing and reading all relevant communications.
The National Security Agency evolved out of various post-war organizations charged with this task. In 1951, all of these disparate efforts were organized under the NSA to capture and decrypt communications of other governments around the world -- particularly those of the Soviet Union, which was ruled by Josef Stalin, and of China, which the United States was fighting in 1951. How far the NSA could go in pursuing this was governed only by the extent to which such communications were electronic and the extent to which the NSA could intercept and decrypt them.
The amount of communications other countries sent electronically surged after World War II yet represented only a fraction of their communications. Resources were limited, and given that the primary threat to the United States was posed by nation-states, the NSA focused on state communications. But the principle on which the NSA was founded has remained, and as the world has come to rely more heavily on electronic and digital communication, the scope of the NSA's commission has expanded.
What drove all of this was Pearl Harbor. The United States knew that the Japanese were going to attack. They did not know where or when. The result was disaster. All American strategic thinking during the Cold War was built around Pearl Harbor -- the deep fear that the Soviets would launch a first strike that the United States did not know about. The fear of an unforeseen nuclear attack gave the NSA leave to be as aggressive as possible in penetrating not only Soviet codes but also the codes of other nations. You don't know what you don't know, and given the stakes, the United States became obsessed with knowing everything it possibly could.
In order to collect data about nuclear attacks, you must also collect vast amounts of data that have nothing to do with nuclear attacks. The Cold War with the Soviet Union had to do with more than just nuclear exchanges, and the information on what the Soviets were doing -- what governments they had penetrated, who was working for them -- was a global issue. But you couldn't judge what was important and what was unimportant until after you read it. Thus the mechanics of assuaging fears about a "nuclear Pearl Harbor" rapidly devolved into a global collection system, whereby vast amounts of information were collected regardless of their pertinence to the Cold War.
There was nothing that was not potentially important, and a highly focused collection strategy could miss vital things. So the focus grew, the technology advanced and the penetration of private communications logically followed. This was not confined to the United States. The Soviet Union, China, the United Kingdom, France, Israel, India and any country with foreign policy interests spent a great deal on collecting electronic information. Much of what was collected on all sides was not read because far more was collected than could possibly be absorbed by the staff. Still, it was collected. It became a vast intrusion mitigated only by inherent inefficiency or the strength of the target's encryption.
Justified Fear
The Pearl Harbor dread declined with the end of the Cold War -- until Sept. 11, 2001. In order to understand 9/11's impact, a clear memory of our own fears must be recalled. As individuals, Americans were stunned by 9/11 not only because of its size and daring but also because it was unexpected. Terrorist attacks were not uncommon, but this one raised another question: What comes next? Unlike Timothy McVeigh, it appeared that al Qaeda was capable of other, perhaps greater acts of terrorism. Fear gripped the land. It was a justified fear, and while it resonated across the world, it struck the United States particularly hard.
Part of the fear was that U.S. intelligence had failed again to predict the attack. The public did not know what would come next, nor did it believe that U.S. intelligence had any idea. A federal commission on 9/11 was created to study the defense failure. It charged that the president had ignored warnings. The focus in those days was on intelligence failure. The CIA admitted it lacked the human sources inside al Qaeda. By default the only way to track al Qaeda was via their communications. It was to be the NSA's job.
As we have written, al Qaeda was a global, sparse and dispersed network. It appeared to be tied together by burying itself in a vast new communications network: the Internet. At one point, al Qaeda had communicated by embedding messages in pictures transmitted via the Internet. They appeared to be using free and anonymous Hotmail accounts. To find Japanese communications, you looked in the electronic ether. To find al Qaeda's message, you looked on the Internet.
But with a global, sparse and dispersed network you are looking for at most a few hundred men in the midst of billions of people, and a few dozen messages among hundreds of billions. And given the architecture of the Internet, the messages did not have to originate where the sender was located or be read where the reader was located. It was like looking for a needle in a haystack. The needle can be found only if you are willing to sift the entire haystack. That led to PRISM and other NSA programs.
The mission was to stop any further al Qaeda attacks. The means was to break into their communications and read their plans and orders. To find their plans and orders, it was necessary to examine all communications. The anonymity of the Internet and the uncertainties built into its system meant that any message could be one of a tiny handful of messages. Nothing could be ruled out. Everything was suspect. This was reality, not paranoia.
It also meant that the NSA could not exclude the communications of American citizens because some al Qaeda members were citizens. This was an attack on the civil rights of Americans, but it was not an unprecedented attack. During World War II, the United States imposed postal censorship on military personnel, and the FBI intercepted selected letters sent in the United States and from overseas. The government created a system of voluntary media censorship that was less than voluntary in many ways. Most famously, the United States abrogated the civil rights of citizens of Japanese origin by seizing property and transporting them to other locations. Members of pro-German organizations were harassed and arrested even prior to Pearl Harbor. Decades earlier, Abraham Lincoln suspended the writ of habeas corpus during the Civil War, effectively allowing the arrest and isolation of citizens without due process.
There are two major differences between the war on terror and the aforementioned wars. First, there was a declaration of war in World War II. Second, there is a provision in the Constitution that allows the president to suspend habeas corpus in the event of a rebellion. The declaration of war imbues the president with certain powers as commander in chief -- as does rebellion. Neither of these conditions was put in place to justify NSA programs such as PRISM.
Moreover, partly because of the constitutional basis of the actions and partly because of the nature of the conflicts, World War II and the Civil War had a clear end, a point at which civil rights had to be restored or a process had to be created for their restoration. No such terminal point exists for the war on terror. As was witnessed at the Boston Marathon -- and in many instances over the past several centuries -- the ease with which improvised explosive devices can be assembled makes it possible for simple terrorist acts to be carried out cheaply and effectively. Some plots might be detectable by intercepting all communications, but obviously the Boston Marathon attack could not be predicted.
The problem with the war on terror is that it has no criteria of success that is potentially obtainable. It defines no level of terrorism that is tolerable but has as its goal the elimination of all terrorism, not just from Islamic sources but from all sources. That is simply never going to happen and therefore, PRISM and its attendant programs will never end. These intrusions, unlike all prior ones, have set a condition for success that is unattainable, and therefore the suspension of civil rights is permanent. Without a constitutional amendment, formal declaration of war or declaration of a state of emergency, the executive branch has overridden fundamental limits on its powers and protections for citizens.
Since World War II, the constitutional requirements for waging war have fallen by the wayside. President Harry S. Truman used a U.N resolution to justify the Korean War. President Lyndon Johnson justified an extended large-scale war with the Gulf of Tonkin Resolution, equating it to a declaration of war. The conceptual chaos of the war on terror left out any declaration, and it also included North Korea in the axis of evil the United States was fighting against. Former NSA contractor Edward Snowden is charged with aiding an enemy that has never been legally designated. Anyone who might contemplate terrorism is therefore an enemy. The enemy in this case was clear. It was the organization of al Qaeda but since that was not a rigid nation but an evolving group, the definition spread well beyond them to include any person contemplating an infinite number of actions. After all, how do you define terrorism, and how do you distinguish it from crime?
Three thousand people died in the 9/11 attacks, and we know that al Qaeda wished to kill more because it has said that it intended to do so. Al Qaeda and other jihadist movements -- and indeed those unaffiliated with Islamic movements -- pose threats. Some of their members are American citizens, others are citizens of foreign nations. Preventing these attacks, rather than prosecuting in the aftermath, is important. I do not know enough about PRISM to even try to guess how useful it is.
At the same time, the threat that PRISM is fighting must be kept in perspective. Some terrorist threats are dangerous, but you simply cannot stop every nut who wants to pop off a pipe bomb for a political cause. So the critical question is whether the danger posed by terrorism is sufficient to justify indifference to the spirit of the Constitution, despite the current state of the law. If it is, then formally declare war or declare a state of emergency. The danger of PRISM and other programs is that the decision to build it was not made after the Congress and the president were required to make a clear finding on war and peace. That was the point where they undermined the Constitution, and the American public is responsible for allowing them to do so.
Defensible Origins, Dangerous Futures
The emergence of programs such as PRISM was not the result of despots seeking to control the world. It had a much more clear, logical and defensible origin in our experiences of war and in legitimate fears of real dangers. The NSA was charged with stopping terrorism, and it devised a plan that was not nearly as secret as some claim. Obviously it was not as effective as hoped, or the Boston Marathon attack wouldn't have happened. If the program was meant to suppress dissent it has certainly failed, as the polls and the media of the past weeks show.
The revelations about PRISM are far from new or interesting in themselves. The NSA was created with a charter to do these things, and given the state of technology it was inevitable that the NSA would be capturing communications around the world. Many leaks prior to Snowden's showed that the NSA was doing this. It would have been more newsworthy if the leak revealed the NSA had not been capturing all communications. But this does give us an opportunity to consider what has happened and to consider whether it is tolerable.
The threat posed by PRISM and other programs is not what has been done with them but rather what could happen if they are permitted to survive. But this is not simply about the United States ending this program. The United States certainly is not the only country with such a program. But a reasonable start is for the country that claims to be most dedicated to its Constitution to adhere to it meticulously above and beyond the narrowest interpretation. This is not a path without danger. As Benjamin Franklin said, "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
Read more: Keeping the NSA in Perspective | Stratfor
Follow us: @stratfor on Twitter | Stratfor on Facebook
-
http://www.infoworld.com/print/222266
By Roger A. Grimes
Created 2013-07-09 03:00AM
Much of the world is just learning that every major industrialized nation has a state-sponsored cyber army [1] -- though many of the groups, including team USA, have been around for decades.
I've met a few cyber warriors. As you might imagine, they can't talk much about their duties. But if you work shoulder to shoulder with them long enough, certain patterns emerge. For starters, there are a lot of them. They are well armed with cyber weaponry, and they're allowed to experiment and hack in ways that, as we all now know, might be considered illegal in some circles.
[ It's over: All private data is public [2] | Learn how to secure your systems with the Web Browser Deep Dive PDF special report [3] and Security Central newsletter [4], both from InfoWorld. ]
I've been a longtime friend to one cyber warrior. On condition of anonymity, he agreed to be interviewed about what he does for a living and allowed me to record our conversation on a device he controlled, from which I transcribed our conversation. I was able to ask clarifying questions the next day.
We met in person in my boat off the coast of Florida, which might sound very clandestine, except that our primary goal was to catch some fish. It's interesting to note that he did not want me to contact him by email or phone during the months leading up to this interview or for a few months after, even though what he revealed does not disclose any national security secrets. The following is an edited version of our conversation. Certain inconsequential details have been altered to protect his identity.
Grimes: Describe yourself and your occupation.
Cyber warrior: Middle-aged, white male, not married. Somewhat smart. Music lover. Lifetime hacker of all things. Currently working on behalf of armed services to break into other countries' computer systems.
Grimes: What is your background? How did you learn to hack?
Cyber warrior: I got into computers fairly early in my life, though I grew up in a foreign country. My dad split when I was young, and my mom worked a lot. I got into computers by visiting one of the few Radio Shacks near my neighborhood. The sales guy hated me at first because I was always on their computers, but after I taught him a few things, we became good friends for years. I realized I had an aptitude for computers ... that most of the adults around me did not have. By the time I was 15, I had dropped out of school (it wasn't as big of a deal in the country I was in, as it is in most developed countries), and I was working a full-time job as the head IT guy at a federal hospital.
I was hacking everything. I hacked their systems, which wasn't too much of a problem because I was already the head IT guy. They had lost some of the admin passwords to the network and other computer systems, so I had to use my hacking skills to reclaim those systems. I hacked everything: door locks, Master locks, burglar alarms -- anything. For a while, I thought I was a master spy and thief, even though I never stole anything. I would spend all my earnings on buying security systems, install them in my house, then spend all my time trying to bypass them without getting caught. I got pretty good, and soon I was breaking into any building I liked at night. I never got caught, although I did have to run from security guards a few times.
Grimes: What did you like hacking the most: security systems or computer systems?
Cyber warrior: Actually, I loved hacking airwaves the most.
Grimes: You mean 802.x stuff?
Cyber warrior: How cute. How quaint. No, I liked hacking everything that lives in the sky. Computer wireless networks are such a small part of the spectrum. I bought literally dozens of antennas, of all sizes, from small handheld stuff to multi-meter-long, steel antennas. I put them all in a storage shed I rented. I put the antennas up on the roof. I don't know how I didn't get in trouble or why the storage shed people didn't tell me to remove the antennas. I had to learn about electricity, soldering, and power generation. I had dozens of stacked computers. It was my own little cloud, way back when. I would listen for all the frequencies I could. I was next to an airbase and I captured everything I could.
Back then a lot more was open on the airwaves than today. But even the encrypted stuff wasn't that hard to figure out. I would order the same manuals as the equipment they were using and learn about backdoors in their equipment. I could readily break into most of their equipment, including their high-security telephone system. It was fun and heady stuff. I was maybe 16 or 17 then. I was living and sleeping in the shed more than at my home.
One day I started to see strange cars show up: black cars and trucks, with government markings, like out of movie. They cut the lock off my shed and came in the door. My loft was up near the rafters, so I scooted over into the next storage area, climbed down, and went out the side door at the far end of the shed area. I walked off into desert and never went back. I must have left $100,000 worth of computers, radio equipment, and oscilloscopes. To this day, I don't know what happened or would have happened had I stayed -- probably not as much as I was worried about.
Grimes: Then what did you do?
Cyber warrior: My mom got married to my stepdad, and we moved back to the States. I was able to get a computer network admin job pretty quickly. Instead of hacking everything, I started to build operating systems. I'm a big fan of open source, and I joined one of the distros. I wrote laptop drivers for a long time and started writing defensive tools. That evolved into hacking tools, including early fuzzers.
Eventually I got hired by a few of the big penetration-testing companies [5]. I found out that I was one of the elite, even in a group of elites. Most of those I met were using tools they found on the Internet or by the companies that hired us, but all that code was so [messed up]. I started writing all my own tools. I didn't trust any of the hacking tools that most penetration testers rely on. I loved to hack and break into to things, but to be honest, it was pretty boring. Everyone can break into everywhere -- so I made it a game. I would only break in using tools that I built, and I would only consider it a success if none of my probes or attacks ended up in a firewall or other log. That at least made it more challenging.
Grimes: How did you get into cyber warfare?
Cyber warrior: They called me up out of the blue one day -- well, an employment agency on behalf of the other team. They were offering a lot more money, which surprised me, because I had heard that the guys working on behalf of the feds made a lot less than we did. Not true -- it's certainly not true anymore, if you're any good.
I had to take a few tests. I had a few problems getting hired at first because I literally didn't have a background: no credit, no high school or college transcripts. Even the work I had done was not something you could easily verify. But I scored really well on the tests and I was honest on what I had done in the past. They didn't seem to care that I had hacked our own government years ago or that I smoked pot. I wasn't sure I was going to take the job, but then they showed me the work environment and introduced me to a few future coworkers. I was impressed.
Grimes: Explain.
Cyber warrior: They had thousands of people just like me. They had the best computers. They had multiple supercomputers. They had water-cooled computers running around on handtrucks like you would rent library books. The guys that interviewed me were definitely smarter than I was. I went from always being the smartest guy wherever I worked to being just one of the regular coworkers. It didn't hurt my ego. It excited me. I always want to learn more.
Grimes: What happened after you got hired?
Cyber warrior: I immediately went to work. Basically they sent me a list of software they needed me to hack. I would hack the software and create buffer overflow exploits. I was pretty good at this. There wasn't a piece of software I couldn't break. It's not hard. Most of the software written in the world has a bug every three to five lines of code. It isn't like you have to be a supergenius to find bugs.
But I quickly went from writing individual buffer overflows to being assigned to make better fuzzers. You and I have talked about this before. The fuzzers were far faster at finding bugs than I was. What they didn't do well is recognize the difference between a bug and an exploitable bug or recognize an exploitable bug from one that could be weaponized or widely used. My first few years all I did was write better fuzzing modules.
Grimes: How many exploits does your unit have access to?
Cyber warrior: Literally tens of thousands -- it's more than that. We have tens of thousands of ready-to-use bugs in single applications, single operating systems.
Grimes: Is most of it zero-days?
Cyber warrior: It's all zero-days. Literally, if you can name the software or the controller, we have ways to exploit it. There is no software that isn't easily crackable. In the last few years, every publicly known and patched bug makes almost no impact on us. They aren't scratching the surface.
Grimes: What do you like hacking now?
Cyber warrior: Funny enough, it's a lot of wireless stuff again: public equipment that everyone uses, plus a lot of military stuff that the general public knows nothing about. It's mostly hardware and controller hacking. But even that equipment is easy to exploit.
Grimes: Does your team sometimes do illegal things?
Cyber warrior: Not that I know of. We get trained in what we can and can't do. If we do something illegal, it's not on purpose. Well, I can't speak for everyone or every team, but I can tell you the thousands of people I work with will not do anything intentionally illegal. I'm sure it happens, but if it happens, it's by mistake. For instance, I know we accidentally intercepted some government official's conversations one day, someone high-level. We had to report it to our supervisors and erase the digital recordings, plus put that track on our red filter list.
Grimes: You say you don't do anything illegal, but our federal laws distinctly say what we cannot offensively hack other nations. And we are hacking other nations [6].
Cyber warrior: They say we can't hack other nations without oversight. John Q. Public and John Q. Corporation can't hack other nations, but our units operate under laws that make what we are doing not illegal.
Grimes: I know you from many years ago, and I think the young you would revile hacking any government by any government. I think I heard you say this many times, and you were passionate about it.
Cyber warrior: I'm still passionate about it, but the older self realizes that the young self didn't have all the facts. We have to do what we do because [other nation states and other armies] are doing it. If we didn't, we would literally be dead. It's already something that I don't know if we are winning. I know we have the best tools, the best people, but our laws actually stop us from being as good as we could be.
Grimes: What about your job would surprise the average American?
Cyber warrior: Nothing.
Grimes: I really think the average American would be surprised you do what you do.
Cyber warrior: I don't agree. I think everyone knows what we have to do to keep up.
Grimes: What does your work location look like?
Cyber warrior: I work in obscure office park in Northern Virginia. It's close to DC. There's no lettering or identifiers on the building. We park our cars in an underground garage. There are about 5,000 people on my team. I still work for the same staffing company I was hired by. My badge does not say "U.S. government" on it. We are not allowed to bring any computers, electronics, or storage USB drives into the building. They aren't even allowed in our cars, so I'm the guy at lunch without a cellphone. If people were to look around, they could spot us. Look for the group of people being loud that don't have a single cellphone out -- no one texting. Heck, they should let us carry cellphones just so we don't look so obvious.
Grimes: What do you do for a hobby?
Cyber warrior: I play in a hardcore rap/EDM band, if you can imagine that. I play lots of instruments, make beats and percussion stuff. I wish I could make more money doing music than hacking. I'm even considering now leaving my job and doing music. I don't need much money. I have enough for retirement and enough to support my lifestyle.
Grimes: What do you wish we, as in America, could do better hacking-wise?
Cyber warrior: I wish we spent as much time defensively as we do offensively. We have these thousands and thousands of people in coordinate teams trying to exploit stuff. But we don't have any large teams that I know of for defending ourselves. In the real world, armies spend as much time defending as they do preparing for attacks. We are pretty one-sided in the battle right now.
Grimes: What do you think of Snowden [7]?
Cyber warrior: I don't know him.
Grimes: Let me clarify, what do you think of Snowden for revealing secrets [8]?
Cyber warrior: It doesn't bother me one way or the other.
Grimes: What if it could lead to your program shutting down? You'd be without a job.
Cyber warrior: There's no way what we do will be shut down. First, I don't intentionally do anything that involves spying on domestic communications. I don't think anyone in my company does that, although I don't know for sure. Second, it would be very dangerous to stop what we do. We are the new army. You may not like what the army does, but you still want an army.
If I was out of job I'd just get better at playing my instruments. I like to hack them, too.
This story, "In his own words: Confessions of a cyber warrior [9]," was originally published at InfoWorld.com [10]. Keep up on the latest developments in network security [11] and read more of Roger Grimes' Security Adviser blog [12] at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter [13].
Security Hacking Government Security
--------------------------------------------------------------------------------
Source URL (retrieved on 2013-07-17 03:40PM): http://www.infoworld.com/d/security/in-his-own-words-confessions-of-cyber-warrior-222266
Links:
[1] http://www.infoworld.com/t/data-security/us-china-please-stop-hacking-our-companies-if-you-dont-mind-214322
[2] http://www.infoworld.com/d/security/its-over-all-private-data-public-220901?source=fssr
[3] http://www.infoworld.com/browser-security-deep-dive?idglg=?ifwelg_fssr
[4] http://www.infoworld.com/newsletters/subscribe?showlist=infoworld_sec_rpt&source=ifwelg_fssr
[5] http://www.infoworld.com/d/security/penetration-testing-the-cheap-and-not-so-cheap-050
[6] http://www.infoworld.com/d/security-central/stuxnet-marks-the-start-the-next-security-arms-race-282
[7] http://www.infoworld.com/t/cringely/snowden-has-answers-nsa-still-holds-the-questions-220881
[8] http://www.infoworld.com/t/government/nsa-leaker-snowden-leaves-hong-kong-reportedly-russia-221306
[9] http://www.infoworld.com/d/security/in-his-own-words-confessions-of-cyber-warrior-222266?source=footer
[10] http://www.infoworld.com/?source=footer
[11] http://www.infoworld.com/d/security?source=footer
[12] http://www.infoworld.com/blogs/roger-a.-grimes?source=footer
[13] http://twitter.com/infoworld
-
http://www.washingtontimes.com/news/2013/jul/17/nsa-phone-program-will-expire-next-year-patriot-ac/
-
http://www.whiteoliphaunt.com/duckofminerva/2013/08/what-should-you-read-on-cyber-security.html
-
LAS VEGAS National Security Agency director Gen. Keith Alexander was met with cheers and heckling Wednesday at the Black Hat conference in Las Vegas, an annual meeting of hackers and cybersecurity professionals.
Alexander was asked to give the keynote address at the conference before former NSA contractor Edward Snowden leaked documents to the media about PRISM -- a government surveillance program that collected metadata over telecommunication lines. Black Hat organizers say that he could have easily backed out, but chose to attend open a dialog with the hacking community.
The mood was one of respectful skepticism among a majority of audience members. But halfway through the address, which promised to answer tough questions in the wake of the PRISM leak, some in the audience decided they had heard enough.
Alexander was speaking about ways the controversial initiative FAA 702 has thwarted terrorism plots, when he said of the NSA: "We stand for freedom."
"Bulls***," a heckler in an audience of hundreds yelled out. After a handful of claps, he continued, "You lied to Congress. Why should we believe you're not lying to us?"
Unfazed by the comment, Alexander calmly replied, "I did not lie to Congress."
Play VIDEO
Rogers: NSA program stops real terrorist attacks
Alexander spent the majority of his speech explaining how the U.S. government arrived at its current cybersecurity posture and where to go next. The director pointed at some of the major terrorist attacks in the last 20 years, like the first World Trade Center bombing in 1993, the U.S.S. Cole bombing in 2000, and the September 11th attacks as examples of why the intelligence community had to step up its data gathering.
"The intelligence community failed to connect the dots," Alexander said.
Addressing the concerns that NSA analysts can access the personal data of Americans at will, Alexander said there is a misconception about how much information is being accessed, adding that the program can be completely audited.
Leaked documents give new insight into NSA searches
Administration declassifies more NSA surveillance documents
Alexander said there are only 22 people at the NSA who can approve the surveillance of a phone number, and 35 analysts who are authorized to review the queries. Of 300 phone numbers that were approved for query, 12 were reported to the Federal Bureau of Investigation.
The director said that if a query appeared unrelated to national security, its auditing tools would detect it and the analyst would have to explain their intent. He added that an audit conducted by Congress found no incidences of abuse of the program.
Alexander shared a slide that revealed a sample of what a document with metadata looks like. A snippet of a spreadsheet reveals columns including date, time, from address, to address, length, site and source -- not the content of the communication itself. The director added that the NSA does not "collect everything."
"It's focused," Alexander said. "We don't want to collect everything."
Alexander ended his speech with a plea to the audience, saying, "help us defend the country and find a greater solution.The whole reason I came here is to ask you to make it better."
"Read the constitution," a heckler in the audience yelled out.
"I have. You should too," Alexander calmly responded. His comment was followed by cheering from the audience.
-
This site's reliability is unknown.
http://gizmodo.com/chinese-hackers-just-got-caught-hijacking-a-decoy-water-1012520726?utm_campaign=socialflow_gizmodo_facebook&utm_source=gizmodo_facebook&utm_medium=socialflow
-
http://www.foreignaffairs.com/print/136836
From the article:
These days, most of Washington seems to believe that a major cyberattack on U.S. critical infrastructure is inevitable. In March, James Clapper, U.S. director of national intelligence, ranked cyberattacks as the greatest short-term threat to U.S. national security. General Keith Alexander, the head of the U.S. Cyber Command, recently characterized “cyber exploitation” of U.S. corporate computer systems as the “greatest transfer of wealth in world history.” And in January, a report by the Pentagon’s Defense Science Board argued that cyber risks should be managed with improved defenses and deterrence, including “a nuclear response in the most extreme case.”
Although the risk of a debilitating cyberattack is real, the perception of that risk is far greater than it actually is. No person has ever died from a cyberattack, and only one alleged cyberattack has ever crippled a piece of critical infrastructure, causing a series of local power outages in Brazil. In fact, a major cyberattack of the kind intelligence officials fear has not taken place in the 21 years since the Internet became accessible to the public.
-
Hmmm , , , so we don't need to worry about all the "stuxnets" the Chinese have inserted into our infrastructure awaiting further command? I'm so relieved , , ,
-
http://finance.yahoo.com/news/terrifying-search-engine-finds-internet-143500735.html
-
http://www.wired.com/threatlevel/2013/09/freedom-hosting-fbi/
-
More on the NSA Commandeering the Internet
If there's any confirmation that the US government has commandeered the
Internet for worldwide surveillance, it is what happened with Lavabit
earlier this month.
Lavabit is -- well, was -- an e-mail service that offered more privacy
than the typical large-Internet-corporation services that most of us
use. It was a small company, owned and operated by Ladar Levison, and
it was popular among the tech-savvy. NSA whistleblower Edward Snowden
among its half-million users.
Last month, Levison reportedly received an order -- probably a National
Security Letter -- to allow the NSA to eavesdrop on everyone's e-mail
accounts on Lavabit. Rather than "become complicit in crimes against
the American people," he turned the service off. Note that we don't
know for sure that he received a NSL -- that's the order authorized by
the Patriot Act that doesn't require a judge's signature and prohibits
the recipient from talking about it -- or what it covered, but Levison
has said that he had complied with requests for individual e-mail access
in the past, but this was very different.
So far, we just have an extreme moral act in the face of government
pressure. It's what happened next that is the most chilling. The
government threatened him with arrest, arguing that shutting down this
e-mail service was a violation of the order.
There it is. If you run a business, and the FBI or NSA want to turn it
into a mass surveillance tool, they believe they can do so, solely on
their own initiative. They can force you to modify your system. They
can do it all in secret and then force your business to keep that
secret. Once they do that, you no longer control that part of your
business. You can't shut it down. You can't terminate part of your
service. In a very real sense, it is not your business anymore. It is
an arm of the vast US surveillance apparatus, and if your interest
conflicts with theirs then they win. Your business has been commandeered.
For most Internet companies, this isn't a problem. They are already
engaging in massive surveillance of their customers and users --
collecting and using this data is the primary business model of the
Internet -- so it's easy to comply with government demands and give the
NSA complete access to everything. This is what we learned from Edward
Snowden. Through programs like PRISM, BLARNEY and OAKSTAR, the NSA
obtained bulk access to services like Gmail and Facebook, and to
Internet backbone connections throughout the US and the rest of the
world. But if it were a problem for those companies, presumably the
government would not allow them to shut down.
To be fair, we don't know if the government can actually convict someone
of closing a business. It might just be part of their coercion tactics.
Intimidation, and retaliation, is part of how the NSA does business.
Former Qwest CEO Joseph Nacchio has a story of what happens to a large
company that refuses to cooperate. In February 2001 -- before the 9/11
terrorist attacks -- the NSA approached the four major US telecoms and
asked for their cooperation in a secret data collection program, the one
we now know to be the bulk metadata collection program exposed by Edward
Snowden. Qwest was the only telecom to refuse, leaving the NSA with a
hole in its spying efforts. The NSA retaliated by canceling a series of
big government contracts with Qwest. The company has since been
purchased by CenturyLink, which we presume is more cooperative with NSA
demands.
That was before the Patriot Act and National Security Letters. Now,
presumably, Nacchio would just comply. Protection rackets are easier
when you have the law backing you up.
As the Snowden whistleblowing documents continue to be made public,
we're getting further glimpses into the surveillance state that has been
secretly growing around us. The collusion of corporate and government
surveillance interests is a big part of this, but so is the government's
resorting to intimidation. Every Lavabit-like service that shuts down
-- and there have been several -- gives us consumers less choice, and
pushes us into the large services that cooperate with the NSA. It's
past time we demanded that Congress repeal National Security Letters,
give us privacy rights in this new information age, and force meaningful
oversight on this rogue agency.
This essay previously appeared in "USA Today."
http://www.usatoday.com/story/opinion/2013/08/27/nsa-snowden-russia-obama-column/2702461/
-
Second post
Take Back the Internet
Government and industry have betrayed the Internet, and us.
By subverting the Internet at every level to make it a vast,
multi-layered and robust surveillance platform, the NSA has undermined a
fundamental social contract. The companies that build and manage our
Internet infrastructure, the companies that create and sell us our
hardware and software, or the companies that host our data: we can no
longer trust them to be ethical Internet stewards.
This is not the Internet the world needs, or the Internet its creators
envisioned. We need to take it back.
And by we, I mean the engineering community.
Yes, this is primarily a political problem, a policy matter that
requires political intervention.
But this is also an engineering problem, and there are several things
engineers can -- and should -- do.
One, we should expose. If you do not have a security clearance, and if
you have not received a National Security Letter, you are not bound by a
federal confidentially requirements or a gag order. If you have been
contacted by the NSA to subvert a product or protocol, you need to come
forward with your story. Your employer obligations don't cover illegal
or unethical activity. If you work with classified data and are truly
brave, expose what you know. We need whistleblowers.
We need to know how exactly how the NSA and other agencies are
subverting routers, switches, the Internet backbone, encryption
technologies and cloud systems. I already have five stories from people
like you, and I've just started collecting. I want 50. There's safety in
numbers, and this form of civil disobedience is the moral thing to do.
Two, we can design. We need to figure out how to re-engineer the
Internet to prevent this kind of wholesale spying. We need new
techniques to prevent communications intermediaries from leaking private
information.
We can make surveillance expensive again. In particular, we need open
protocols, open implementations, open systems -- these will be harder
for the NSA to subvert.
The Internet Engineering Task Force, the group that defines the
standards that make the Internet run, has a meeting planned for early
November in Vancouver. This group needs to dedicate its next meeting to
this task. This is an emergency, and demands an emergency response.
Three, we can influence governance. I have resisted saying this up to
now, and I am saddened to say it, but the US has proved to be an
unethical steward of the Internet. The UK is no better. The NSA's
actions are legitimizing the Internet abuses by China, Russia, Iran and
others. We need to figure out new means of Internet governance, ones
that makes it harder for powerful tech countries to monitor everything.
For example, we need to demand transparency, oversight, and
accountability from our governments and corporations.
Unfortunately, this is going play directly into the hands of
totalitarian governments that want to control their country's Internet
for even more extreme forms of surveillance. We need to figure out how
to prevent that, too. We need to avoid the mistakes of the International
Telecommunications Union, which has become a forum to legitimize bad
government behavior, and create truly international governance that
can't be dominated or abused by any one country.
Generations from now, when people look back on these early decades of
the Internet, I hope they will not be disappointed in us. We can ensure
that they don't only if each of us makes this a priority, and engages in
the debate. We have a moral duty to do this, and we have no time to lose.
Dismantling the surveillance state won't be easy. Has any country that
engaged in mass surveillance of its own citizens voluntarily given up
that capability? Has any mass surveillance country avoided becoming
totalitarian? Whatever happens, we're going to be breaking new ground.
Again, the politics of this is a bigger task than the engineering, but
the engineering is critical. We need to demand that real technologists
be involved in any key government decision making on these issues. We've
had enough of lawyers and politicians not fully understanding
technology; we need technologists at the table when we build tech policy.
To the engineers, I say this: we built the Internet, and some of us have
helped to subvert it. Now, those of us who love liberty have to fix it.
This essay originally appeared in the "Guardian."
http://www.theguardian.com/commentisfree/2013/sep/05/government-betrayed-internet-nsa-spying
-
Third post
Conspiracy Theories and the NSA
I've recently seen two articles speculating on the NSA's capability, and
practice, of spying on members of Congress and other elected officials.
The evidence is all circumstantial and smacks of conspiracy thinking --
and I have no idea whether any of it is true or not -- but it's a good
illustration of what happens when trust in a public institution fails.
The NSA has repeatedly lied about the extent of its spying program.
James R. Clapper, the director of national intelligence, has lied about
it to Congress. Top-secret documents provided by Edward Snowden, and
reported on by the "Guardian" and other newspapers, repeatedly show that
the NSA's surveillance systems are monitoring the communications of
American citizens. The DEA has used this information to apprehend drug
smugglers, then lied about it in court. The IRS has used this
information to find tax cheats, then lied about it. It's even been used
to arrest a copyright violator. It seems that every time there is an
allegation against the NSA, no matter how outlandish, it turns out to be
true.
"Guardian" reporter Glenn Greenwald has been playing this well,
dribbling the information out one scandal at a time. It's looking more
and more as if the NSA doesn't know what Snowden took. It's hard for
someone to lie convincingly if he doesn't know what the opposition
actually knows.
All of this denying and lying results in us not trusting anything the
NSA says, anything the president says about the NSA, or anything
companies say about their involvement with the NSA. We know secrecy
corrupts, and we see that corruption. There's simply no credibility, and
-- the real problem -- no way for us to verify anything these people
might say.
It's a perfect environment for conspiracy theories to take root: no
trust, assuming the worst, no way to verify the facts. Think JFK
assassination theories. Think 9/11 conspiracies. Think UFOs. For all we
know, the NSA *might* be spying on elected officials. Edward Snowden
said that he had the ability to spy on anyone in the US, in real time,
from his desk. His remarks were belittled, but it turns out he was right.
This is not going to improve anytime soon. Greenwald and other reporters
are still poring over Snowden's documents, and will continue to report
stories about NSA overreach, lawbreaking, abuses, and privacy violations
well into next year. The "independent" review that Obama promised of
these surveillance programs will not help, because it will lack both the
power to discover everything the NSA is doing and the ability to relay
that information to the public.
It's time to start cleaning up this mess. We need a special prosecutor,
one not tied to the military, the corporations complicit in these
programs, or the current political leadership, whether Democrat or
Republican. This prosecutor needs free rein to go through the NSA's
files and discover the full extent of what the agency is doing, as well
as enough technical staff who have the capability to understand it. He
needs the power to subpoena government officials and take their sworn
testimony. He needs the ability to bring criminal indictments where
appropriate. And, of course, he needs the requisite security clearance
to see it all.
We also need something like South Africa's Truth and Reconciliation
Commission, where both government and corporate employees can come
forward and tell their stories about NSA eavesdropping without fear of
reprisal.
Yes, this will overturn the paradigm of keeping everything the NSA does
secret, but Snowden and the reporters he's shared documents with have
already done that. The secrets are going to come out, and the
journalists doing the outing are not going to be sympathetic to the NSA.
If the agency were smart, it'd realize that the best thing it could do
would be to get ahead of the leaks.
The result needs to be a public report about the NSA's abuses, detailed
enough that public watchdog groups can be convinced that everything is
known. Only then can our country go about cleaning up the mess: shutting
down programs, reforming the Foreign Intelligence Surveillance Act
system, and reforming surveillance law to make it absolutely clear that
even the NSA cannot eavesdrop on Americans without a warrant.
Comparisons are springing up between today's NSA and the FBI of the
1950s and 1960s, and between NSA Director Keith Alexander and J. Edgar
Hoover. We never managed to rein in Hoover's FBI -- it took his death
for change to occur. I don't think we'll get so lucky with the NSA.
While Alexander has enormous personal power, much of his power comes
from the institution he leads. When he is replaced, that institution
will remain.
Trust is essential for society to function. Without it, conspiracy
theories naturally take hold. Even worse, without it we fail as a
country and as a culture. It's time to reinstitute the ideals of
democracy: The government works for the people, open government is the
best way to protect against government abuse, and a government keeping
secrets from its people is a rare exception, not the norm.
This essay originally appeared on TheAtlantic.com.
http://www.theatlantic.com/politics/archive/2013/09/the-only-way-to-restore-trust-in-the-nsa/279314/
or http://tinyurl.com/luuvnd4
-
fourth post
How to Remain Secure Against the NSA
Now that we have enough details about how the NSA eavesdrops on the
Internet, including recent disclosures of the NSA's deliberate weakening
of cryptographic systems, we can finally start to figure out how to
protect ourselves.
For the past two weeks, I have been working with the Guardian on NSA
stories, and have read hundreds of top-secret NSA documents provided by
whistleblower Edward Snowden. I wasn't part of today's story -- it was
in process well before I showed up -- but everything I read confirms
what the Guardian is reporting.
At this point, I feel I can provide some advice for keeping secure
against such an adversary.
The primary way the NSA eavesdrops on Internet communications is in the
network. That's where their capabilities best scale. They have invested
in enormous programs to automatically collect and analyze network
traffic. Anything that requires them to attack individual endpoint
computers is significantly more costly and risky for them, and they will
do those things carefully and sparingly.
Leveraging its secret agreements with telecommunications companies --
all the US and UK ones, and many other "partners" around the world --
the NSA gets access to the communications trunks that move Internet
traffic. In cases where it doesn't have that sort of friendly access, it
does its best to surreptitiously monitor communications channels:
tapping undersea cables, intercepting satellite communications, and so on.
That's an enormous amount of data, and the NSA has equivalently enormous
capabilities to quickly sift through it all, looking for interesting
traffic. "Interesting" can be defined in many ways: by the source, the
destination, the content, the individuals involved, and so on. This data
is funneled into the vast NSA system for future analysis.
The NSA collects much more metadata about Internet traffic: who is
talking to whom, when, how much, and by what mode of communication.
Metadata is a lot easier to store and analyze than content. It can be
extremely personal to the individual, and is enormously valuable
intelligence.
The Systems Intelligence Directorate is in charge of data collection,
and the resources it devotes to this is staggering. I read status report
after status report about these programs, discussing capabilities,
operational details, planned upgrades, and so on. Each individual
problem -- recovering electronic signals from fiber, keeping up with the
terabyte streams as they go by, filtering out the interesting stuff --
has its own group dedicated to solving it. Its reach is global.
The NSA also attacks network devices directly: routers, switches,
firewalls, etc. Most of these devices have surveillance capabilities
already built in; the trick is to surreptitiously turn them on. This is
an especially fruitful avenue of attack; routers are updated less
frequently, tend not to have security software installed on them, and
are generally ignored as a vulnerability.
The NSA also devotes considerable resources to attacking endpoint
computers. This kind of thing is done by its TAO -- Tailored Access
Operations -- group. TAO has a menu of exploits it can serve up against
your computer -- whether you're running Windows, Mac OS, Linux, iOS, or
something else -- and a variety of tricks to get them onto your
computer. Your anti-virus software won't detect them, and you'd have
trouble finding them even if you knew where to look. These are hacker
tools designed by hackers with an essentially unlimited budget. What I
took away from reading the Snowden documents was that if the NSA wants
in to your computer, it's in. Period.
The NSA deals with any encrypted data it encounters more by subverting
the underlying cryptography than by leveraging any secret mathematical
breakthroughs. First, there's a lot of bad cryptography out there. If it
finds an Internet connection protected by MS-CHAP, for example, that's
easy to break and recover the key. It exploits poorly chosen user
passwords, using the same dictionary attacks hackers use in the
unclassified world.
As was revealed today, the NSA also works with security product vendors
to ensure that commercial encryption products are broken in secret ways
that only it knows about. We know this has happened historically:
CryptoAG and Lotus Notes are the most public examples, and there is
evidence of a back door in Windows. A few people have told me some
recent stories about their experiences, and I plan to write about them
soon. Basically, the NSA asks companies to subtly change their products
in undetectable ways: making the random number generator less random,
leaking the key somehow, adding a common exponent to a public-key
exchange protocol, and so on. If the back door is discovered, it's
explained away as a mistake. And as we now know, the NSA has enjoyed
enormous success from this program.
TAO also hacks into computers to recover long-term keys. So if you're
running a VPN that uses a complex shared secret to protect your data and
the NSA decides it cares, it might try to steal that secret. This kind
of thing is only done against high-value targets.
How do you communicate securely against such an adversary? Snowden said
it in an online Q&A soon after he made his first document public:
"Encryption works. Properly implemented strong crypto systems are one of
the few things that you can rely on."
I believe this is true, despite today's revelations and tantalizing
hints of "groundbreaking cryptanalytic capabilities" made by James
Clapper, the director of national intelligence in another top-secret
document. Those capabilities involve deliberately weakening the
cryptography.
Snowden's follow-on sentence is equally important: "Unfortunately,
endpoint security is so terrifically weak that NSA can frequently find
ways around it."
Endpoint means the software you're using, the computer you're using it
on, and the local network you're using it in. If the NSA can modify the
encryption algorithm or drop a Trojan on your computer, all the
cryptography in the world doesn't matter at all. If you want to remain
secure against the NSA, you need to do your best to ensure that the
encryption can operate unimpeded.
With all this in mind, I have five pieces of advice:
1) Hide in the network. Implement hidden services. Use Tor to anonymize
yourself. Yes, the NSA targets Tor users, but it's work for them. The
less obvious you are, the safer you are.
2) Encrypt your communications. Use TLS. Use IPsec. Again, while it's
true that the NSA targets encrypted connections -- and it may have
explicit exploits against these protocols -- you're much better
protected than if you communicate in the clear.
3) Assume that while your computer can be compromised, it would take
work and risk on the part of the NSA -- so it probably isn't. If you
have something really important, use an air gap. Since I started working
with the Snowden documents, I bought a new computer that has never been
connected to the Internet. If I want to transfer a file, I encrypt the
file on the secure computer and walk it over to my Internet computer,
using a USB stick. To decrypt something, I reverse the process. This
might not be bulletproof, but it's pretty good.
4) Be suspicious of commercial encryption software, especially from
large vendors. My guess is that most encryption products from large US
companies have NSA-friendly back doors, and many foreign ones probably
do as well. It's prudent to assume that foreign products also have
foreign-installed backdoors. Closed-source software is easier for the
NSA to backdoor than open-source software. Systems relying on master
secrets are vulnerable to the NSA, through either legal or more
clandestine means.
5) Try to use public-domain encryption that has to be compatible with
other implementations. For example, it's harder for the NSA to backdoor
TLS than BitLocker, because any vendor's TLS has to be compatible with
every other vendor's TLS, while BitLocker only has to be compatible with
itself, giving the NSA a lot more freedom to make changes. And because
BitLocker is proprietary, it's far less likely those changes will be
discovered. Prefer symmetric cryptography over public-key cryptography.
Prefer conventional discrete-log-based systems over elliptic-curve
systems; the latter have constants that the NSA influences when they can.
Since I started working with Snowden's documents, I have been using GPG,
Silent Circle, Tails, OTR, TrueCrypt, BleachBit, and a few other things
I'm not going to write about. There's an undocumented encryption feature
in my Password Safe program from the command line; I've been using that
as well.
I understand that most of this is impossible for the typical Internet
user. Even I don't use all these tools for most everything I am working
on. And I'm still primarily on Windows, unfortunately. Linux would be safer.
The NSA has turned the fabric of the Internet into a vast surveillance
platform, but they are not magical. They're limited by the same economic
realities as the rest of us, and our best defense is to make
surveillance of us as expensive as possible.
Trust the math. Encryption is your friend. Use it well, and do your best
to ensure that nothing can compromise it. That's how you can remain
secure even in the face of the NSA.
This essay originally appeared in the "Guardian."
http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance
NSA links:
http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security
http://online.wsj.com/article/SB10001424127887324108204579022874091732470.html
http://www.theguardian.com/business/2013/aug/02/telecoms-bt-vodafone-cables-gchq
http://www.washingtonpost.com/business/technology/agreements-with-private-companies-protect-us-access-to-cables-data-for-surveillance/2013/07/06/aa5d017a-df77-11e2-b2d4-ea6d8f477a01_story.html
http://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data
http://www.theguardian.com/world/2013/jun/27/nsa-data-mining-authorised-obama
http://www.wired.com/threatlevel/2013/09/nsa-router-hacking/
http://www.foreignpolicy.com/articles/2013/06/10/inside_the_nsa_s_ultra_secret_china_hacking_group
http://www.informationweek.com/security/government/want-nsa-attention-use-encrypted-communi/240157089
or http://tinyurl.com/kdxaytf
Other NSA backdoors:
http://www.schneier.com/blog/archives/2008/01/nsa_backdoors_i.html
http://www.heise.de/tp/artikel/2/2898/1.html
http://www.heise.de/tp/artikel/5/5263/1.html
Snowden's interview:
http://www.theguardian.com/world/2013/jun/17/edward-snowden-nsa-files-whistleblower
Clapper's comments:
http://www.wired.com/threatlevel/2013/08/black-budget/
Surveillance built in to the routers:
https://www.rfc-editor.org/rfc/rfc3924.txt
My tools:
http://www.gnupg.org/
https://silentcircle.com/
https://tails.boum.org/
http://www.cypherpunks.ca/otr/
http://www.truecrypt.org/
http://bleachbit.sourceforge.net/
https://www.schneier.com/passsafe.html
-
http://fortunascorner.wordpress.com/2013/10/05/snowdenu-s-intelligence-communitys-cyber-911/
-
http://www.lawfareblog.com/wp-content/uploads/2013/10/preliminary-cybersecurity-framework.pdf
-
http://www.familysecuritymatters.org/publications/detail/american-blackout-a-real-life-nightmare-nearer-than-you-think?f=must_reads
Note that one of the authors here used to head the CIA , , ,
-
http://www.washingtonpost.com/blogs/monkey-cage/wp/2013/11/11/cyber-pearl-harbor-is-a-myth/?wpisrc=nl_cage
From the article:
Of course, cyberattacks can still be used for specific and limited goals. For example, the so-called Stuxnet/Olympic Games attack on the Iranian nuclear program was apparently mounted jointly by the United States and Israel. However, here too, military force is important. Gartzke argues that one of the reasons that the U.S. and Israel could carry out this attack is because they are militarily powerful in conventional terms, making it unattractive for Iran (or other adversaries) to attack them back directly.
More generally, Gartkze’s arguments imply that cyberwar isn’t a weapon of the weak. Instead, it’s a weapon of the strong — it will be most attractive to those who already have powerful conventional militaries
-
http://www.lawfareblog.com/2013/12/foreign-policy-essay-erik-gartzke-on-fear-and-war-in-cyberspace/
From the article:
Should we fear cyberspace? The internet is said to be a revolutionary leveler, reducing the hard won military advantages of western powers, even as the dependence of developed nations on computer networks leaves them vulnerable to attack. Incidents like the Stuxnet worm and cyber attacks against U.S. government computers, apparently launched from servers in China, seem to testify to the need for concern. Yet, even if these details are correct—and some are not—there is no reason to believe that the internet constitutes an Achilles heel for the existing world order. To the contrary, cyberwar promises major advantages for status quo powers like the United States.
-
http://www.washingtonpost.com/blogs/monkey-cage/wp/2014/01/14/cybersecurity-and-cyberwar-a-qa-with-peter-singer/
From the article:
In “Cybersecurity and Cyberwar: What Everyone Needs to Know,” we try to provide the kind of easy-to-read yet deeply informative resource book that has been missing on this crucial issue. The book is structured around the key questions of cybersecurity: how it all works, why it all matters, and what we can do? Along the way, we take readers on a tour of the important (and entertaining) issues and characters of cybersecurity, from the “Anonymous” hacker group and the Stuxnet computer virus to the new cyberunits of the Chinese and US militaries.
-
Ah, the reading I could and would do if I were a wealthy man , , ,
-
http://www.nytimes.com/2014/01/15/us/nsa-effort-pries-open-computers-not-connected-to-internet.html?nl=todaysheadlines&emc=edit_th_20140115&_r=0
-
http://www.nytimes.com/2014/02/25/world/middleeast/obama-worried-about-effects-of-waging-cyberwar-in-syria.html?nl=todaysheadlines&emc=edit_th_20140225&_r=0
-
http://www.nytimes.com/2014/03/12/opinion/the-future-of-internet-freedom.html?emc=edit_th_20140312&nl=todaysheadlines&nlid=49641193
-
LEGALITY IN CYBERSPACE: AN ADVERSARY VIEW
Keir Giles with Andrew Monaghan
Executive Summary
The United States and its allies are in general agreement on the legal status of conflict in cyberspace. Although key principles remain unresolved, such as what precisely constitutes an armed attack or use of force in cyberspace, overall there is a broad legal consensus among Euro-Atlantic nations, that existing international law and international commitments are sufficient to regulate cyber conflict.
This principle is described in a range of authoritative legal commentaries. But these can imply misleadingly that this consensus is global and unchallenged. In fact, China, Russia, and a number of like-minded nations have an entirely different concept of the applicability of international law to cyberspace as a whole, including to the nature of conflict within it. These nations could therefore potentially operate in cyberspace according to entirely different understandings of what is permissible under international humanitarian law, the law of armed conflict, and other legal baskets governing conduct during hostilities.
U.S. policymakers cannot afford to underestimate the extent to which Russian concepts and approaches differ from what they may take for granted. This includes the specific question of when, or whether, hostile action in cyberspace constitutes an act or state of war. Recent Russian academic and military commentary stresses the blurring of the distinction between war and peace, and asks to what extent this distinction still exists. This suggestion of a shifting boundary between war and peace is directly relevant to consideration of at what point Russia considers itself to be at war and therefore subject to specific legal constraints on actions in cyberspace.
Conversely, a range of actions that are considered innocent and friendly by the United States and European nations are parsed as hostile actions by Russia, leading to Russian attempts to outlaw “interference in another state’s information space.” The Russian notion of what constitutes a cyber weapon—or in Russian terminology, an information weapon—is radically different from our assumptions.
Initiatives put forward by Russia for international cooperation on legal initiatives governing cyber activity have received a mixed response from other states. But they need to be taken into account because of the alternative consensus on cyber security opposing the views of the United States and its close allies, which is growing as a result of an effective Russian program of ticking up support for Moscow’s proposals from third countries around the world.
This monograph explores the Russian approach to legal constraints governing actions in cyberspace within the broader framework of the Russian understanding of the nature of international law and commitments, with the aim of informing U.S. military and civilian policymakers of views held by a potential adversary in cyberspace. Using a Russian perspective to examine the legal status of a range of activities in cyberspace, including what constitutes hostile activity, demonstrates that assumptions commonly held in the United States may need to be adjusted to counter effectively—or engage with—Russian cyber initiatives.
cont. at
Strategic Studies Institute and U.S. Army War College Press, U.S. Army War College
http://strategicstudiesinstitute.arm...cfm?pubID=1193
-
http://www.foreignpolicy.com/articles/2014/04/24/the_blue_screen_of_death_at_30000_feet
-
Hat tip to BigDog
http://www.washingtonpost.com/world/national-security/us-to-announce-first-criminal-charges-against-foreign-country-for-cyberspying/2014/05/19/586c9992-df45-11e3-810f-764fe508b82d_story.html?wpisrc=al_national
From the article:
The Justice Department is charging members of the Chinese military with conducting economic cyber-espionage against American companies, U.S. officials familiar with the case said Monday, marking the first time that the United States is leveling such criminal charges against a foreign country.
-
I agree with Rogers and Ruppersberger (China thread), a good first step, and applaud the administration for everything it gets right including this.
Noted that they hurt their credibility with previous mis-steps, but their history of acting unpredictably and arguably psychotically in other pursuits could leave the adversary with the uncertainty of whether they will be appeased like a Syrian tyrant or pursued relentlessly like a filmmaker or neighborhood tea party leader.
-
http://www.capoliticalreview.com/capoliticalnewsandviews/cisco-to-obama-nsa-policies-killing-american-technology-companies-selling-to-other-nations/
-
Summary
Washington's decision to indict officers of China's People's Liberation Army over alleged state-sponsored industrial espionage marks an important change in Washington's relations with Beijing. The move highlights growing concerns over intellectual property rights and industrial spying, but it also shows the intensified attention being paid to the challenges that state-to-state competition in the cyber domain creates.
Indictments have real consequences. Washington did not place largely unenforceable sanctions on individuals or bring a lawsuit to an international body that would take years to resolve, and those indicted risk extradition if they travel to a country with extradition treaties with the United States. A step such as this is not frequently taken in minor diplomatic spats, particularly between such important countries.
Analysis
Washington has specifically accused the indicted officers of industrial espionage. The move follows warnings made by U.S. President Barack Obama during his State of the Union address regarding state-backed cyber-espionage and intellectual property theft. However, it speaks to a much deeper issue: the management of international relations in cyberspace, from espionage to sabotage to warfare. The discussion inside China already equates actions in cyberspace as potential weapons of mass destruction, on par with nuclear, biological and chemical weapons. There are concerns that hostile actors could use cyberspace to sabotage power grids; trigger industrial equipment to operate outside of its parameters and break down, perhaps catastrophically; or even trigger explosions or a meltdown at conventional and nuclear power plants.
In standard military action and in more traditional forms of espionage, there are commonly shared rules -- but no such standards govern cyber-espionage. Furthermore, it is difficult to distinguish between lone actors carrying out some form of protest or defacement, those engaged in commercial industrial espionage or state-led espionage and cyber activities that are directed toward a more concrete and sinister end, such as sabotage or the destruction of critical infrastructure. Cyberspace is not just a domain where information can be stolen -- it is a place where sabotage and disruption could be geared toward a strategic end.
This is a concern in the United States and in other countries, including China. Determining the perpetrator's identity and intent is next to impossible, and the initial actions of thrill-seeking hackers and strategic saboteurs are similar or even identical. This leaves little time to determine the most effective counter and how far to take it. In some ways, this is not entirely unique to the cyber domain -- debate persists over whether cyberspace really is its own domain as air, sea, land and space are. States often act through proxies to instigate or facilitate spying, infiltration, disruption and destruction. But the cyber domain has several unique characteristics, including the ability to work from a distance, to deploy large numbers of individuals on discreet missions, and the ability (at least in theory) to spy, destabilize and disable without physical risk to the operatives.
By offering the ability to operate from a distance, the cyber domain allows for a much greater use of human resources against a target that would not be vulnerable to traditional espionage techniques. Regimes and individuals have also always sought plausible deniability -- the ability to dissociate oneself from a hostile action -- and the cyber domain allows a deeper level of anonymity. This has altered the balance between risk and reward. In traditional espionage, the risk is always high, so the reward needs to be high as well. Cyber-espionage is low risk, so operatives can seek lower-level rewards, increasing the frequency of action and making the target set too broad to effectively defend. If states can increase the potential cost of action, the target set should shrink, thus enabling states to concentrate their resources to defend their most critical assets.
An Attempt to Set the Rules
By prosecuting a case that targets specific Chinese officials, the United States is trying to break the element of plausible deniability and increase the amount of risk involved in cyber-espionage. Washington is also removing the veil that covers government involvement in cyber-espionage, disruptions and sabotage. The Chinese have reacted sharply, declaring a cessation of talks with the United States on the management of cyberspace issues. And the United States clearly knew such a reaction was not just possible but likely. Yet Washington not only made the indictment but also warned that numerous others would follow.
In part this is about U.S. competitiveness, as statements attached to the indictments assert. But it may also be a way to force China into a more serious discussion of the rules of the cyber domain, or at least to lay out the rules the United States wants to impose. Until now, China has deflected criticism by claiming that since the United States has a Cyber Command and the Chinese do not, Washington is alone in owning state-sponsored cyberwarfare capabilities. Now that accusations and leaks from investigations are being backed up with prosecutorial evidence, that defense, from Washington's point of view, is tossed aside.
Beijing will probably issue a strong response. The Chinese government is likely to arrest or deport individuals it has identified as involved in espionage in China, or even those in the business sphere that fall within China's ambiguous regulations on corporate espionage. Beijing will probably also appeal to global public opinion by repeating information revealed in the Snowden leaks, distracting from the issue by shifting attention to U.S. cyber activities. But for the United States, this is more than just an attempt to briefly influence Chinese behavior. It is part of a broader reassessment of the strategic issues surrounding the question of cyber activities and of the general rules of conduct in the offense-defense balance, and it is an effort to find ways to avoid significant strategic miscalculations.
Read more: Washington Shows It Is Serious About Cyber-Espionage | Stratfor
Follow us: @stratfor on Twitter | Stratfor on Facebook
-
I must say I am intrigued , , ,
==============================
The U.S. plans to "keep up the pressure" on China as it gauges that nation's response to this week's indictment of five Chinese military officials for allegedly hacking into American corporate computers, a senior administration official said Friday. If China doesn't begin to acknowledge and curb its corporate cyberespionage, the U.S. plans to start selecting from a range of retaliatory options, other officials said. They include releasing additional evidence about how the hackers allegedly conducted their operations, and imposing visa, business and financial restrictions on those indicted or people or organizations associated with them. Beyond that, some officials are advocating more stealthy moves. These could include the government working with a U.S. company that has been breached to feed hackers bad data, said one person familiar with the discussions.
U.S. Attorney General Eric Holder announced the charges Monday, alleging the five men hacked into five U.S. companies, including Alcoa Inc. AA +2.19% and U.S. Steel Corp. X +0.96% , as well as the United Steelworkers union, to take sensitive information. U.S. officials said they expected the Chinese would strike back.
But so far, China's response has been fairly restrained: denying the accusations, canceling the nation's participation in cybersecurity talks and signaling that U.S. technology companies may face greater scrutiny in trying to do business in China. A senior administration official said the Chinese response is as expected, and the U.S. will tie any retaliation to Beijing's longer-term reaction.
"It has to be calibrated some to what the Chinese government chooses to do," the senior administration official said. "This is a long-term process."
U.S. officials expect it will take a few more weeks to discern the true Chinese response.
"If the Chinese don't re-engage, they [U.S. officials] have more things in their bag of tricks," said James Lewis, a cybersecurity specialist at the Center for Strategic and International Studies who frequently consults with the Obama administration.
Chinese officials in Washington didn't immediately respond to a request for comment.
The indictment in federal court in Pittsburgh is part of a much broader strategy to counter a growing cyber assault against the U.S. government and companies, which intelligence officials have said tops their list of national security threats. The indictment seems to be in direct response to a challenge Chinese officials issued more than a year ago, when U.S. officials launched a public shaming campaign to try to press China to stop hacking U.S. companies. Chinese officials called on the Americans to put forward the kind of evidence that would hold up in court.
Monday's indictment, in effect, is aimed at providing a foundation on which the U.S. government could build an array of punishments. It sets out evidence in detail—naming alleged actors and affected U.S. companies and organizations—that could be used to support additional penalties.
"Criminal charges can justify economic sanctions from our colleagues in the Treasury Department, sanctions that prevent criminals from engaging in financial transactions with U.S. entities and deny access to the U.S. financial system,'' said John Carlin, the head of the Justice Department's national security division, in a speech Wednesday at the Brookings Institution think tank. "They can facilitate diplomacy by the State Department."
On the prosecutorial side, follow-on steps may include releasing more evidence about the hacking cases, or filing new charges in other hacking cases in which investigators have collected a critical mass of evidence, officials say. Officials were mum on the nature of the additional evidence. But a person familiar with U.S. probes into Chinese hacking said investigators often collect video evidence of hackers.
"Some of these actors are not real good about turning off the Skype camera on their machines while they are working," this person said.
A more controversial response advocated by some Federal Bureau of Investigation officials is to work with companies under cyber siege to feed bad information to hackers, said a person familiar with the discussions. The goal would be to cast doubt on the quality of the data being stolen, and in addition raise questions about information taken from other companies.
If executed as a counter-spying campaign, advocates of the approach say it would force Chinese officials to spend much time trying to separate bad information from good and lead them to centralize their diffuse operations, which could slow the pace of their cyberspying.
The idea is "getting a lot of traction, both on the commercial and government sides," said the person familiar with the discussions. "The dilemma has always been finding companies willing to cooperate."
Another option government officials are considering is putting individuals or organizations linked to hacking, such as Chinese universities or government contractors, on Department of Commerce lists of "parties of concern." People or entities on the lists are essentially red-flagged by the U.S. government and can't trade with Americans or conduct financial transactions in the U.S. The move also could bar faculty or graduate students at listed universities from fellowships or conferences in the U.S.
In the past, it has been difficult to use the lists in hacking cases, because evidence pointing to specific responsible entities was limited. Monday's cases now provide that kind of evidence. Government officials are also weighing actions at the Treasury Department, such freezing assets or imposing individual sanctions, according to two people familiar with the discussions. Those penalties could take a form similar to those levied against Russian business people in the wake of Russia's annexation of Crimea.
Officials in addition are assessing whether and how they might impose visa restrictions to prevent Chinese hackers from attending popular hacker conferences in the U.S., such as the annual Defcon conference in Las Vegas. Another option under consideration is whether to take action at the World Trade Organization. Monday's indictment focuses on trade-secret theft, and some U.S. officials believe they can make the case that Chinese hacking represents intellectual-property theft in violation of the WTO's trade-related aspects of intellectual-property rights.
U.S. officials also are looking to allies to both endorse the U.S. cases outlined Monday and take action of their own. Investigations "can lead other governments to take action, even when the United States doesn't end up doing so," Mr. Carlin noted.
-
http://betabeat.com/2014/05/next-gen-warfare-hackers-not-the-government-will-fight-our-next-big-war/
-
http://www.dailymail.co.uk/sciencetech/article-2675798/Hundreds-European-US-energy-firms-hit-Russian-Energetic-Bear-virus-let-hackers-control-power-plants.html
-
http://www.khou.com/news/national/266552361.html
-
Open Question: How would you repurpose a Spam Bot for info warfare?
Posted: 11 Aug 2014 11:06 AM PDT
My last post on spam bots openned up an interesting question: how would you repurpose them for info warfare?
Spam bots can interact with us via:
e-mail,
phonecalls, and
text messages.
Add your ideas to the discussion below.
The IRS Bot Scam from Pakistan
Posted: 11 Aug 2014 07:32 AM PDT
I just got a call from the IRS bot today. It threatened me in a computerized voice with an audit and prompted me to call it back to take with an agent.
Of course, the call I got wasn't the IRS. The IRS doesn't initiate an audit that way (it mails you).
It was from scam bot from Pakistan.
In this case, the bot used an Internet connection to the US to dial my number. That provided it with the number of 1-202-241-0331 which resolved to an official looking caller ID for the "District of Columbia".
If you haven't noticed already, most of the calls we get on our phones now are spam. Why?
Mismanaged phone companies. The idiots running the phone companies look the other way when it comes to phone scams because of the $ they pump into the system. Apparently, being a regulated monopoly wasn't enough.
Backward technology. The phone companies don't use Baysean spam filters and customer ratings/feedback to weed out phone scammers like g-mail etc. do. This specific scam has been using this number for weeks without any action being taken to block it.
A broken law enforcement/national security system. Our security system now treats us as the criminals which is why IRS scams are a multi-billion dollar business every year. Worse, it completely ignores a constant onslaught of frauds and scams that damage us, from Wall Street's multi-trillion dollar "too big to prosecute" frauds to daily telephone/e-mail bot hacks like this one.
Why is this important?
What's interesting to me is how easily this type of bot attack can be adopted by global guerrillas for large scale and very effective attacks on the US.
I'll have more detail on this in my upcoming e-booklet: iWar.
Hopefully, I'll get it up on Amazon/etc. this week.
-
http://spectrum.ieee.org/aerospace/military/electromagnetic-warfare-is-here
-
:-o :-o :-o :-o :-o :-o :-o :-o :-o
-
http://www.popsci.com/article/technology/mysterious-phony-cell-towers-could-be-intercepting-your-calls
-
:-o :-o :-o What is our take on the implications there?
-
A New Threat Grows Amid Shades of 9/11
The nation remains largely unaware of the potential for disaster from cyberattacks.
By Tom Kean and Lee Hamilton
Sept. 10, 2014 7:03 p.m. ET
Ten years ago, the 9/11 Commission Report triggered the most significant reorganization of the U.S. intelligence community since 1947. Two months ago, the former members of the commission—we are among them—issued a new report assessing where national security stands, 13 years after the most devastating attacks on America's homeland.
Most of the new report's observations focused on counterterrorism, the central focus of the 9/11 Commission. But in speaking with many of the nation's most senior national-security leaders, we were struck that every one of these experts expressed concern about another issue: daily cyberattacks against the country's most sensitive public and private computer networks.
A growing chorus of national-security experts describes the cyber realm as the battlefield of the future. American life is becoming evermore dependent on the Internet. At the same time, government and private computer networks in the U.S. are under relentless cyberattack. This is more than an academic concern—attacks in the digital world can inflict serious damage in the physical world. Hackers can threaten the control systems of critical facilities like dams, water-treatment plants and the power grid. A hacker able to remotely control a dam, pumping station or oil pipeline could unleash large-scale devastation. As terrorist organizations such as the Islamic State grow and become more sophisticated, the threat of cyberattack increases as well.
Enlarge Image
Getty Images
On a smaller scale, but equally unsettling, ordinary building systems like electronic door locks, elevators and video-surveillance cameras (today, present in many homes) are also vulnerable to penetration by hackers. Even life-sustaining medical devices, many of which contain embedded computer systems connected to the Internet, could be disabled by cyberattacks.
Others steal Americans' sensitive personal information and sell it to organized crime rings. The theft of credit- and debit-card numbers from tens of millions of Target customers last year is the most prominent example, but this happens every day. Home Depot HD -0.25% confirmed on Monday that it had been hit by a massive data breach.
Meanwhile, state-sponsored cyber intruders have stolen the plans to top-secret U.S. weapons systems, reducing America's technological advantage and putting military personnel and the homeland at risk. For example, Chinese hackers have used cyber infiltration to gain access to plans for the F-35 Joint Strike Fighter, the Global Hawk surveillance drone and other advanced systems. State-sponsored hackers have also made off with reams of American companies' intellectual property—business secrets worth hundreds of billions of dollars. Keith Alexander, the former National Security Agency director and retired Air Forcegeneral, has described the continued ransacking of American companies as "the greatest transfer of wealth in history."
We are at war in the digital world. And yet, because this war lacks attention-grabbing explosions and body bags, the American people remain largely unaware of the danger. That needs to change. Only public attention can create the political momentum for needed reform.
There are a number of cyber-related legislative initiatives pending in Congress. One of the most promising is legislation in the House and Senate that would encourage companies to share information about cyberattacks with the government, so that national-security agencies can analyze the attacks and respond to them. The former 9/11 commissioners' recent report endorsed such legislation, and it is an important first step. Given the dimension of the problem, however, a larger-scale effort is needed to elevate public awareness and get out in front of this rapidly changing threat. Simply put, the country needs a national cyber strategy, covering all aspects of the problem. This could be accomplished by taking two essential steps.
First, Congress should pass legislation creating a National Cyber Commission. The commission should be empowered to evaluate the cyber threat to the U.S., both to the government and private entities. It should also assess the capabilities that national-security agencies and the private sector possess today, and measure those capabilities against what will be needed as the threat grows. The commission should conduct its work as transparently as possible and should deliver unclassified findings and recommendations to Congress and the American people. The commission should be nonpartisan and should include experts in technology, law and national security.
Second, Congress should create a National Cyber Center, which would bring together government and private experts to ensure unity of effort on this crosscutting problem. The National Counterterrorism Center, created 10 years ago in response to a 9/11 Commission recommendation, is working well. At the NCTC, counterterrorism experts from federal, state and local law-enforcement agencies sit side-by-side, share terrorism-threat information and coordinate responses. There is no counterpart to this proven model for information-sharing in the cyber realm—a major gap in America's cyber defenses.
In recent months, we have heard time and again from leading experts that the cyber threat is serious—and that the government is not doing enough. One lesson of the 9/11 story is that, as a nation, we didn't awaken to the gravity of the terrorist threat until it was too late. We must not repeat that mistake in the cyber realm.
Messrs. Kean and Hamilton served as chairman and vice chairman of the 9/11 Commission, respectively. They are co-chairmen of the Bipartisan Policy Center's Homeland Security Project.
-
Yahoo Faced Big U.S. Fines Over User Data
Government Wanted to Charge Internet Firm $250,000 a Day Fine If It Didn't Comply With NSA Request
By Danny Yadron
WSJ
Updated Sept. 11, 2014 8:52 p.m. ET
The government wanted to charge Yahoo $250,000 a day if it didn't comply. Getty Images
A secret legal battle between the U.S. government and Yahoo Inc. YHOO +0.29% over requests for customer data became so acrimonious in 2008 that the government wanted to charge the Internet company $250,000 a day if it didn't comply.
Yahoo made the threat public Thursday after a special federal court unsealed 1,500 pages of legal documents from a once-classified court battle over the scope of National Security Agency surveillance programs. The documents shed new light on tensions between American technology companies and the intelligence community long before former NSA contractor Edward Snowden began leaking in 2013.
The requests, and the long battles that can follow at the Foreign Intelligence Surveillance Court, traditionally are secret. Until last summer, Yahoo wasn't allowed to say that it had challenged government surveillance efforts—even without adding any other details. Google Inc. GOOGL -0.39% and Microsoft Corp. MSFT +0.34% have also challenged government records requests in court.
"The issues at stake in this litigation are the most serious issues that this nation faces today—to what extent must the privacy rights guaranteed by the United States Constitution yield to protect our national security," Marc Zwillinger, an outside counsel for Yahoo wrote in a legal brief in May 2008.
Court documents don't reveal exactly what the government wanted from Yahoo. In one brief, Yahoo states the main issue of the case is whether the Constitution protects the communications of U.S. citizens or legal residents believed to be outside the U.S.
Even after the documents were unsealed, portions were redacted, including the number of requests the government made of Yahoo.
The bulk collection of Internet records from U.S. companies can lead to the collection of data on people in the U.S.
In its legal response, the Justice Department said the government "employs extensive procedures to ensure that the surveillance is appropriately targeted."
Beginning in November 2007, the government began requesting "warrantless surveillance" of certain Yahoo customers, according to court records. Yahoo objected and asked the surveillance court to block the government request. A judge refused, and threatened Yahoo with a fine. The Justice Department had asked for at least $250,000 a day, though the judge was less specific. Yahoo complied with the order in May 2008.
"We refused to comply with what we viewed as unconstitutional and overbroad surveillance and challenged the U.S. Government's authority," Ron Bell, Yahoo's general counsel, said in a written statement. "Our challenge, and a later appeal in the case, did not succeed."
The dispute revolved around the Protect America Act, a 2007 law that allowed the government to eavesdrop, without a warrant, on people believed to be connected to terrorist groups. The law expired in 2008, but was replaced by other laws that grant the government essentially the same powers.
In a joint blog post, the Justice Department and the Office of the Director of National intelligence said the court found that the government "has sufficient procedures in place to ensure that the Fourth Amendment rights of targeted U.S. persons are adequately protected" and that the requests were "reasonable."
The disclosure comes as some intelligence officials are pushing to declassify more of the legal reasoning for controversial surveillance programs. That doesn't mean the government has backed down in the use of such programs.
From January to June 2013, the most recent period for which Yahoo has released the data, the company previously said it fielded between zero and 999 foreign intelligence requests for user content covering between 30,000 and 30,999 accounts. It is unclear how many of those requests Yahoo fulfilled.
Yahoo and other tech firms have pushed to make public more information about government requests for user data.
Privacy advocates have long engaged in similar legal debates with the government. Until Mr. Snowden's leaks revealed details of government surveillance efforts, those debates were largely theoretical.
As Reggie Walton, an FISC judge, noted after his threat of a fine to Yahoo in 2008, "This order is sealed and shall not be disclosed by either party."
—Douglas MacMillan contributed to this article.
-
http://www.popsci.com/article/gadgets/who-running-phony-cell-phone-towers-around-country?dom=PSC&loc=slider&lnk=1&con=who-is-running-phony-cell-phone-towers-around-the-country
-
:-o :-o :-o :x :x :x
May I ask you to post this on the Privacy thread as well? TIA.
-
http://www.dailymail.co.uk/news/article-2763664/How-home-hackers-spy-children-YOUR-webcam-The-shocking-evidence-shows-private-lives-snooped-streamed-live-web.html
-
http://dealbook.nytimes.com/2014/10/08/cyberattack-on-jpmorgan-raises-alarms-at-white-house-and-on-wall-street/?emc=edit_na_20141008&nlid=49641193
A lot of military capabilities become Maginot Lines in such a world , , ,
-
U.S. Asks China to Help Rein In Hackers From North Korea
The Obama administration has sought China’s help in recent days in blocking North Korea’s ability to launch cyberattacks, the first steps toward the “proportional response” President Obama vowed to make the North pay for the assault on Sony Pictures — and as part of a campaign to issue a broader warning against future hacking, according to senior administration officials.
“What we are looking for is a blocking action, something that would cripple their efforts to carry out attacks,” one official said.
So far, the Chinese have not responded. Their cooperation would be critical, since virtually all of North Korea’s telecommunications run through Chinese-operated networks.
It is unclear that China would choose to help, given tensions over computer security between Washington and Beijing since the Justice Department in May indicted five hackers working for the Chinese military on charges of stealing sensitive information from American companies.
READ MORE »
http://www.nytimes.com/2014/12/21/world/asia/us-asks-china-to-help-rein-in-korean-hackers.html?emc=edit_na_20141220
-
Pathetic.
U.S. Asks China to Help Rein In Hackers From North Korea
The Obama administration has sought China’s help in recent days in blocking North Korea’s ability to launch cyberattacks, the first steps toward the “proportional response” President Obama vowed to make the North pay for the assault on Sony Pictures — and as part of a campaign to issue a broader warning against future hacking, according to senior administration officials.
“What we are looking for is a blocking action, something that would cripple their efforts to carry out attacks,” one official said.
So far, the Chinese have not responded. Their cooperation would be critical, since virtually all of North Korea’s telecommunications run through Chinese-operated networks.
It is unclear that China would choose to help, given tensions over computer security between Washington and Beijing since the Justice Department in May indicted five hackers working for the Chinese military on charges of stealing sensitive information from American companies.
READ MORE »
http://www.nytimes.com/2014/12/21/world/asia/us-asks-china-to-help-rein-in-korean-hackers.html?emc=edit_na_20141220
-
The Chinese fly the stealth plane with the tech they stole from us while either Obama or Hegel was in town-- bitch slap! And now we ask them for help with the norks?
Look out! They've crossed the red line and now temblingly await our proportional response , , ,
:cry: :cry: :cry:
-
When the Chinese are openly mocking your impotence, you know you are fcuked.
-
Cyberdefense Is a Government Responsibility
The Navy fought Barbary pirates to protect U.S. commerce. Digital pirates have much less to fear.
By
Alan Charles Raul
Jan. 5, 2015 7:09 p.m. ET
In 1794 when the commerce of the United States was threatened by “the depradations” of the Barbary pirates, Congress created a Navy. And it sent the Marines to fight our country’s battles on “the Shores of Tripoli.” Today U.S. commerce is threatened by digital Barbary pirates.
The most sophisticated companies with every incentive to protect their crown jewels—intellectual property, confidential business information or customer records—are being ransacked and held hostage by cyberterrorists, state-sponsored hackers and highly effective organized cybercriminals. No corporation today is immune or can realistically believe itself adequately protected.
The government’s response, hobbled by a misguided view as to who is responsible for protecting U.S. commercial interests and how, is not up to 1794 standards. Regulatory agencies including the Federal Trade Commission, the Securities and Exchange Commission and state attorneys general think that investigating the corporate victims of cyberattacks for putative violations of consumer and investor protection laws is the best way to shore up the economy’s cyberdefenses. There is little evidence this approach is effective.
While every enterprise can do better, the big banks, big retailers and big media companies whose hacks make the front pages are not being penetrated because they’ve skimped on security out of sloth, stupidity or greed. There is very little these companies could reasonably have done to detect or prevent some of these attacks, as the FBI and the Secret Service have acknowledged. Any more so, in fact, than the White House, Air Force, Postal Service, Commerce and State Departments, FTC, or countless other federal hacking victims, could guarantee their own cybersecurity.
The current blame-the-corporate-victim mentality relieves the government of any responsibility. Instead, Congress and the executive branch must recognize that the battle for cyberspace must be waged by latter day cyber Marines, and cyberdiplomats who can more effectively defend U.S. commerce.
Currently the federal government has a network-inspection tool, called EINSTEIN, to protect certain federal communications. If EINSTEIN is in fact working, the government should make it available more broadly. New technologies also need to be developed and deployed, and the government should make the investments in the necessary research as well as in so-called “active” defense and intelligence measures designed to protect private networks before they are successfully compromised. This means aggressively tracking, tracing, deceiving, disrupting and punishing the cyber bad guys and their state-sponsors or protectors.
Any such aggressive program will provoke legitimate privacy concerns about government surveillance, just as airport screening, NSA programs and other antiterrorism measures have done. To address this, Congress should expand the mandate of the Privacy and Civil Liberties Oversight Board, a federal agency, to cover cybermeasures in addition to the board’s current focus on government activities to combat terrorism.
The president should also designate a senior policy official to manage the relevant privacy concerns and ensure that the government’s new cyberdefense force focuses strictly on the technical side of the computer networks, and not on the private contents of any communications. This will entail difficult judgment calls and intense oversight. But ferreting out and destroying malicious computer code is not inherently privacy invasive, whereas malware that exfiltrates our personal-account information and private emails certainly is.
To take on this responsibility, Congress and the president need to do more than merely offer “real time” “information sharing” that fosters “public-private partnerships.” These half measures have been the focus of recent cybersecurity legislation and administration policy, but they are not nearly sufficient. “Tougher” regulatory standards for the private sector are also not the answer.
President Obama has said that cyberattacks are “one of the most serious challenges we face as a nation,” and “America’s economic prosperity in the 21st century will depend on cybersecurity.” Thus Congress and the president must immediately order the Department of Homeland Security, FBI and Secret Service—and the State Department—to protect American commerce from attacks, as the Navy and Marines protected U.S. maritime trade off the coast of Tripoli 200 years ago. And the public needs to hold our national leaders accountable to fight and win this battle.
Mr. Raul is a partner in the law firm Sidley Austin LLP. He previously served as vice chairman of the Privacy and Civil Liberties Oversight Board, a federal agency established by Congress after 9/11.
-
http://www.washingtontimes.com/news/2015/jan/12/us-central-command-twitter-account-hacked/
-
https://www.youtube.com/watch?v=7_OcyWcNi_Y
-
http://freebeacon.com/national-security/nsa-details-chinese-cyber-theft-of-f-35-military-secrets/
-
JOURNAL: Attack leaves 140 million people w/o power in Pakistan.
Posted: 25 Jan 2015 01:32 PM PST
Militants toppled two transmission pylons causes a cascade of failure that plunged most of Pakistan (140 out 190 m people) into a blackout. Here's some insight into this:
Apparently, the attackers found a systempunkt. A systempunkt is the node in any network (physical or social) where it is the most vulnerable. An attack on a systempunkt can generate cascades of failure that take down the entire network. Its possible, although unlikely, the attackers knew this was the network's systempunkt when they destroyed it.
The success of this attack was largely due to the strain on Pakistan's grid. Pakistan's demand for electricity stands an estimate 14,000 MW, but it only produces 7,000 MW due to gross mismanagement, high debt, theft, fuel shortages, regulatory failure, etc. You name it. This shortfall has led to load shedding of up to ~15 hours a day already. As we know, when a complex network is operating at or near its capacity, it is many times more vulnerable to collapse and thereby much easier to attack.
This attack will prompt more attacks on the grid as other groups attempt to replicate the success it had. The reason is that militant groups in Pakistan (and across the world) use open source development to improve themselves. When an attack this simple and inexpensive yields outsized results, other groups will copy it in an attempt to do the same.
Attacks like these can be very damaging. How so? People don't blame the attackers for blackouts. They blame the government. In fact, the inability of a government to deliver the basics of energy and fuel is more damaging to its legitimacy than problems with security (it routinely led the list of reasons Iraqis were angry at the government).
JR
PS: It's easy to find systempunkts like this in the KSA as well as the USA.
-
A US Phone Systempunkt
Posted: 01 Feb 2015 12:28 PM PST
Here's an interesting US systempunkt -- a systempunkt is the point in a big network where even a small attack would cause the entire network to fail. This systempunkt would enable a prepared individual the unique ability to shut down a large part of the US without shedding a drop of blood. For example, this attack has the ability to:
Put any company into a complete panic in less than an hour.
Generates hundreds of false arrests and armed police searches -- all done with a high risk of fatal injury.
It even has the ability (with some careful planning) to shut down all US schools (k-12 and colleges), hundreds of airline flights, and many government offices for a couple of days.
Auto-dialing Panic
How is an attack like this possible? It's possible due to a flaw in the US communications system (due to corporate corruption), new tech (not really new, but cheaper and more ubiquitous), and an overly sensitized population. These combine to make it possible for anyone to send threats and other misleading messages to thousands of specific people and organizations in a very short period of time, and in a way that minimizes capture. Here's more detail:
1. Robocalls with voice threats/misinformation. The attacker uses phone based marketing software to auto-dial hundreds of target numbers to deliver threatening and misleading audio messages (bomb threat, impending attack, shots fired, armed intruder seen). NOTE: This software is highly configurable so specific voice messages (human voice) can be delivered to specific numbers. Also, since it costs almost nothing to make these calls (rates and software cost) and this software can deliver messages (hundreds per phone per hour), it's possible to tackle targets of nearly any scale.
2. Economic Corruption (amoral companies). Fortunately for the attacker, there's no system in place to stop this from happening. The phone system is completely open to short term manipulation. NOTE: We see this every day. Most US households (particularly elderly households) get slammed with a half dozen robocalls (many of them are dangerous scams from abroad that attempt to defraud them of every penny they have) every single day. Despite the damage this does, the US phone monopolies won't do anything about it. Worse, the system is so badly managed, it's even possible for robocalling software to manipulate the "caller ID." This makes it possible for attackers to spoof targets with fake "Police Department" to "local" caller IDs.
3. Extreme reactions. Based on a phone threat alone, nearly all US schools and all government offices will evacuate and send home their personnel. Further, the ability to configure threats to specific locations and attach fake caller IDs provides the ability amplify and extend the duration of these evacuations and armed responses.
What does this mean?
Warfare is in transition. New tech and new threats are emerging every day. In many cases, simply doing the right thing (in this case, protecting US households from phone scams/spam), can blunt the effectiveness of the attack. In others, it takes an understanding of where modern warfare is going (not where it has been) in order to anticipate these threats and tweak the system in ways that blunts their potential for damage.
Unfortunately, I don't see this happening. The governmental and economic system we have isn't that good at doing the right thing. Worse, the security system we pay so much for, is only good at stopping the repetition of the types of attack that have already happened, not the attack that will happen. Why? Our national security system is simply unwilling to study warfare seriously.
PS: Robocalling software is very easy to acquire and run now. There are even smartphone apps that can do this on stolen phones.
-
I'm not seeing this as a serious threat. A minor disruption at most.
-
http://www.bloomberg.com/news/articles/2015-02-05/signs-of-china-sponsored-hackers-seen-in-anthem-attack
-
http://www.cbsnews.com/news/darpa-dan-kaufman-internet-security-60-minutes/
-
https://m.whitehouse.gov/blog/2015/04/01/our-latest-tool-combat-cyber-attacks-what-you-need-know
-
Investor’s Business Daily published a long article on Tuesday night, collecting the opinions of current and former intelligence officials about the national security threat posed by Hillary Clinton’s private email server.
It feels like a floodgate bursting open. These experts are absolutely beside themselves over Clinton’s irresponsible conduct as Secretary of State. Former NSA officer John Schindler called it “a counterintelligence disaster of truly epic proportions.”
“She may have deleted 30,000 emails before turning her files over to the State Department,” observed former U.S. National Counterintelligence Executive Michelle Van Cleave, “but that doesn’t mean that the Russians and the Chinese don’t have them.”
Ever since Clinton began destroying subpoenaed evidence and refusing to hand her server over for analysis, it’s been a running joke among Internet wags that if Congress wants to see her email, they should ask the Russians and Chinese for copies.
But that’s not really a joke. The intelligence community has to assume, based on the weak security of Clinton’s secret server — slipshod even by private corporate standards — that every piece of sensitive information she ever handled has been compromised. Her server was called “clintonemail.com” — it was easy to find. Her email was completely unencrypted for three months after she became Secretary of State.
“It’s a disaster for U.S. policy. It’s a huge boon for the former KGB and the Iranians,” said a veteran intelligence officer who spoke to IBD anonymously. The officer found Clinton’s claims that she never handled classified information through her private server laughable — “how the hell could she do her job without it?”
Also, as Schindler pointed out to IBD, we have to assume there was “bleed-over” into her private email as well, since we’ve discovered instances of Clinton mistakenly replying to official messages as if they were personal correspondence.
The IBD piece was most likely put together before news broke about Russian hackers penetrating White House systems; one suspects these intelligence experts are even more apprehensive about the risks Clinton took in light of those developments. There is some discussion in the Investors’ Business Daily piece about how foreign spies might have used Clinton’s vulnerable server as a launching pad for attacks on other government systems. The sort of “spear phishing” attack used to get into the White House system would be especially potent if malware-laced emails were ostensibly coming from the Secretary of State.
“It would be possible for a hostile service to use the server as a platform to deliver other malware to other targets of their choosing, based on their knowledge of whom the former secretary and president were communicating with,” said Paul Joyal, the former director of security for the Senate Select Committee on Intelligence.
A senior former Defense Department official seconded that notion: “If they’re getting into her server, they’re not just extracting stuff. They’re going to do things that could be planted from other sources.”
Most of these experts called for the sort of extensive independent analysis of her server that Clinton has adamantly refused to allow — in fact, she’s still tampering with the machine, as it became known last week that she deleted everything she didn’t decide to turn over to the State Department. Given her manipulation of the data, it might already be impossible to learn everything counterintelligence experts need to assess the possible penetration of the system. (You can bet she did a lot more to destroy the emails she doesn’t want security experts, Congress, or the American people to see than merely click the “Delete” buttons in her email program.)
“Why Clinton hasn’t offered to turn over the server to the FBI, or why the FBI has not seized it to assess the damage to national security, is unclear,” IBD writes.
Is it? There are a lot of questions swirling around this debacle, including the extent to which Hillary Clinton jeopardized national security, but her motivation really isn’t one of them. There’s nothing mysterious or unprecedented about the Obama Administration’s belief that Democrat royalty is above the law, either. Did anyone seriously expect agents of this politicized Justice Department to raid Hillary’s mansion in Chappaqua and seize that computer?
-
A more complete version
http://news.investors.com/politics/040715-746883-hillary-clinton-email-server-vulnerable-to-china-russia-iran.htm?p=full
Hillary Clinton's private email server was a spy magnet for the Russian, Chinese, Iranian and other intelligence services, say current and former intelligence officials.
As secretary of state, Clinton routed all her government-related email through the server, based in her house in Chappaqua, New York. She reportedly hired a Cablevision (NYSE:CVC) subsidiary to run the server, with antivirus protection from Intel's (NASDAQ:INTC) McAfee. And she registered her domain name, clintonmail.com, through Network Solutions.
Intelligence professionals fear that the use of the privately installed server, free of certified government defenses against foreign interception, has been a boon to foreign cyberspies.
"By using her own private server with email — which we now know was wholly unencrypted for the first three months of Hillary Clinton's tenure as secretary of state — she left this easily interceptable by any decent 21st century SIGINT service," said John Schindler, a former National Security Agency counterintelligence officer. SIGINT is shorthand for signals intelligence, or electronic spying.
"The name Clinton right on the email handle meant this was not a difficult find," Schindler said. "We should assume Russians, Chinese and others were seeing this."
'Epic' Counterintelligence Disaster
"In all, this is a counterintelligence disaster of truly epic proportions, not to mention that, since Clinton admitted she did not use higher-classification email systems at all" — systems like SIPR and JWICS, Schindler said — "we have to assume some bleed-over into her unsecured private email too, which makes this even worse."
SIPR is the Secret Internet Protocol Router network that the Department of Defense runs to ensure secret communications for the U.S. military, other agencies and certain allies. JWICS is the Joint Worldwide Intelligence Communications System for top-secret government communication. Both provide secure communications for the State Department and secretary of state. Clinton's private server was not protected by the Department of Homeland Security's Einstein intrusion detection system, which relies on NSA systems, for official State Department emails.
"She may have deleted 30,000 e-mails before turning her files over to the State Department, but that doesn't mean that the Russians and the Chinese don't have them," said Michelle Van Cleave, former U.S. National Counterintelligence Executive.
Others say that the potential damage to U.S. national security is so grave that the FBI should seize the server and conduct a forensic analysis to determine the extent of foreign penetration. That analysis would be part of what is called a damage assessment, which is routine after any suspected security breach.
FBI Forensic Analysis
However, the FBI might not find anything now, according to Rep. Trey Gowdy, R-S.C., chairman of a House investigative panel, who says that Clinton had the server wiped clean. Still, the forensic analysis by trained personnel could yield valuable clues about foreign spies gaining access to America's most fiercely guarded secrets. Gowdy has called on Clinton to appear before his committee for what he called a "transcribed interview regarding her use of private email and a personal server for official State Department business."
Rep. Ken Buck, R-Colo., a former prosecutor, said that the FBI should conduct a forensic analysis of any attempted foreign penetrations, to determine which foreign intelligence services might have hacked into Clinton's email server.
"Denying a legitimate request by the Bureau to examine her computer would certainly suggest that America's security is not Clinton's highest priority," Buck said.
"The FBI investigated a sitting CIA director for intentionally disclosing classified information. The Bureau can certainly investigate whether a former secretary of state unintentionally disclosed classified information," Buck said. "The motive may be different, but the potential damage to national security is similar."
Why Clinton hasn't offered to turn over the server to the FBI, or why the FBI has not seized it to assess the damage to national security, is unclear. A Clinton spokesperson declined to comment.
In a question-and-answer sheet provided to reporters, Clinton did not address the issue. The FBI won't say whether or not it made a request or took possession of the server. The Bureau does not have the device, according to a highly placed FBI source. That source is not cleared to speak to the press and could not speak on the record.
The lure of reading a secretary of state's emails would exert a pull on any foreign spy, intelligence officials say.
Where, on a scale of one to 10, would any sitting secretary of state rank as a target of foreign spies? "10, of course," said Van Cleave. "That being the case, all of her e-mails would have been potentially of interest to any number of foreign parties."
"A target like this would be at least a 10, maybe 10-plus if the enemy knew the email address and server," said Robert W. Stephan, a former counterintelligence analyst at the Defense Intelligence Agency who also served 19 years in the CIA. "If a foreign intelligence service determines that it is indeed the secretary of state's private communications/e-mail/server and even given the security measures that were set up, it would still be a top target for some sophisticated services," Stephan said. "Obviously Chinese, Russian, and Cuban, and possibly Iranians and North Koreans."
That statement presumes that the server was strongly protected against outside penetration, which does not seem to be the case. News reports indicate that the server's security configurations were done improperly, protecting Clinton's personal privacy and not national security, and that, even if everything was done by the book, that type of server and software package remains vulnerable to a good hacker.
"A 16-year-old can break into a server, and certainly a government sophisticated enough to break into the Sony (NYSE:SNE) system can break into Hillary Clinton's system," said Rep. Buck. "That's a no-brainer."
How would adversary spy services exploit this intelligence? "The positions, the interests, the communications between the secretary of state and her staff are of great interest to any foreign intelligence service, whether hostile or friendly," said Paul Joyal, former director of security of the Senate Select Committee on Intelligence.
"The American secretary of state using an open, unprotected server? That's an invitation to a party," said a veteran intelligence officer who asked for anonymity because he still holds active clearances. "All of her private musings. There's no secretary of state who doesn't communicate with classified information. How the hell could she do her job without it?"
Gateway To Government Systems?
"From a counterintelligence perspective, (for) anyone with any responsibility for intelligence, counterintelligence and security, this thing is a monumental disaster," the longtime senior intelligence officer said. "It's a disaster for U.S. policy. It's a huge boon for the former KGB and the Iranians."
Some experts are concerned that foreign spies could have penetrated the server as a gateway to breaking into other government systems, including classified communications.
"The real question is, what if any intelligence collection was being done on a private server somewhere?" Joyal said. "The only way to know is for the proper federal authorities to impound the server and do a forensic analysis."
"It would be possible for a hostile service to use the server as a platform to deliver other malware to other targets of their choosing, based on their knowledge of whom the former secretary and president were communicating with," Joyal said.
'Vast Deception Potential'
Foreign spies could use their access to Clinton's server to warp or distort information that government officials rely on. "If they're getting into her server, they're not just extracting stuff," said a senior former Defense Department official who spoke on condition of anonymity. "They're going to do things that could be planted from other sources."
"The denial and deception potential here is vast," said John Schindler, referring to intelligence tradecraft in which a spy service denies or conceals information, and seeks to deceive other countries. "Not to mention that any shady games played" by the Obama Administration "would be known to Moscow and Beijing — but not to the American public."
"It could affect a number of people within the U.S. government and, for that matter, people around the world," Joyal said. "It would behoove the federal government to conduct a forensic analysis of the server itself."
Until such a forensic analysis is done, he said, authorities simply will not know the answer.
"This should not be politicized," said Joyal. "It should be done with hard-nosed national security interests driving the forensic analysis."
• Waller is a senior reporter at the American Media Institute, a nonprofit news service.
Read More At Investor's Business Daily: http://news.investors.com/politics/040715-746883-hillary-clinton-email-server-vulnerable-to-china-russia-iran.htm#ixzz3Wjj4n2YJ
Follow us: @IBDinvestors on Twitter | InvestorsBusinessDaily on Facebook
-
http://www.zdnet.com/article/anonymous-targets-isis-social-media-recruitment-drives-in-opisis-campaign/#ftag=RSSbaffb68
-
Analysis
Forecast
Though the U.S. Department of Defense leads in understanding and exploiting cyberspace vulnerabilities abroad, it will struggle to defend the same vulnerabilities domestically without assistance from other agencies and the private sector.
The Pentagon will continue to lack the visibility and organizational structure to defend the range of networks upon which it relies.
Any efforts to expand U.S. law enforcement or military jurisdiction or authority over the Internet's infrastructure likely would face significant domestic opposition.
The Defense Department has accepted that it must share the domain of cyber defense and thus will continue to work as a partner in defending U.S. economic interests that reside in cyberspace.
The U.S. Department of Defense Cyber Strategy, a report released April 23, highlights the government's efforts thus far in realizing its role in cyberspace since the publication of its first formal strategy in 2011. The United States already has clearly demonstrated its technological edge in conducting espionage and sabotage online, as with the Stuxnet attack against Iranian centrifuges in 2008. However, the U.S. military's capabilities in the potential war-fighting domain of cyberspace do not equal its land, sea and air dominance. The Pentagon's cyber strategy focuses on this reality as much as it does on further incorporating cyberspace capabilities into its military structure. While the Department of Defense recognizes cyberspace as an operational domain, it also recognizes that it must share this domain to safeguard U.S. interests.
U.S. Cyber Capabilities
The U.S. government, with the Department of Defense leading the way principally through the National Security Agency, began developing and employing offensive cyber capabilities — acts of espionage and industrial sabotage — years before formally defining cyberspace as an operational domain. The scope of past U.S. intelligence operations in cyberspace was revealed by Edward Snowden's leaks and the demonstrable efforts to sabotage Iran's nuclear program. However, the Pentagon's capabilities do not safeguard its own information technology infrastructure and have generally been ineffective in defending U.S. interests in cyberspace.
To discourage cyber attacks, the U.S. government has used the threat of economic sanctions, criminal prosecution of foreign state officials, and the prospect of physical military action stemming from its 2011 declaration that cyber attacks constitute an act of war. Yet, aside from the prospect of physical military action or economic sanctions, the U.S. government still lacks any effective deterrence to cyber attacks. These breaches continually cause financial losses for the U.S. private sector, and state and non-state actors continue targeting government institutions. To defend in cyberspace (rather than engaging strictly in espionage), the military must play an auxiliary role in a domain it must share with other government organizations and the private sector.
The private sector owns and operates roughly 90 percent of the physical infrastructure that constitutes the abstract world of cyberspace. Though the Pentagon has proven resourceful in researching and exploiting new vulnerabilities in cyberspace, it lacks the authority to ensure that U.S. interests are protected against such exploits. In other words, the United States' ability to conduct espionage and sabotage in cyberspace depends on the same types of vulnerabilities that threaten its own economic interests. To rectify this, the Pentagon's top priorities in developing its cyberspace strategy focus on defense — namely partnering with domestic government agencies and the private sector to ensure that U.S. interests are safeguarded from cyber attacks by foreign state and non-state actors.
Not all countries that employ offensive capabilities and espionage in cyber space — such as China, Russia, Iran or North Korea — face the same dynamics in defending their own information technology infrastructure. The Chinese government, for instance, maintains strict control over the network infrastructure and the information passing through it within its borders. This allows for much greater control over its security of the network technology, though it stems from China's particular concern for social control.
The Pentagon's Limitations
Protecting U.S. economic interests abroad has been one of the U.S. military's tasks since its inception. However, defending commercial activity that takes place on the Internet involves a different skill set and political constraints than, say, safeguarding international sea lanes. Both the U.S. military and law enforcement face a complex landscape in cyberspace, where their jurisdictions are complicated by the global nature of the Internet's infrastructure and the U.S. distinction between private and public ownership. This situation is not likely to change much, because any efforts to expand law enforcement or military jurisdiction or authority likely would face significant opposition in the United States.
This lack of authority over infrastructure is just one barrier for the military in dominating cyberspace. Though the Internet's inception was rooted in defense research and development, the increasing importance of the Internet to global commerce and the abstract landscape of cyberspace are shaped by both the private sector and popular use. In 2000, 400 million people were using the Internet; that number will grow to some 3.2 billion by the end of 2015. The very nature of the Internet — once a collection of a few networked computer terminals — has rapidly evolved to encompass nearly every facet of life through an increasing number of different devices that communicate over the global network as part of the Internet of Things. New technologies, and thus new vulnerabilities, are constantly emerging in cyberspace — innovations around which the Department of Defense must continually adapt.
By partnering with the private sector, the Department of Defense can help maintain stronger situational awareness of the ever-changing landscape. The Pentagon may lack the authority to enforce security compliance in the private sector, but it is in an advantageous position, particularly given the power of the intelligence community, to advise the private sector about the current technical vulnerabilities that permit cyber attacks. This kind of cooperation requires the will of individual actors in the private sector and large corporations that also often rely on overseas infrastructure, which can complicate partnerships. However, the Pentagon's own communications rely on numerous networks, many of which can fall victim to malware propagated on the Internet. In its latest cyber strategy report, the Department of Defense admits it lacks the "visibility and organizational structure" to defend such networks, furthering the need for partnerships in defending its cyberspace interests. The dynamics behind this need are not likely to change in the foreseeable future.
The Challenging Nature of Cyber Attacks
In cyberspace, attacks and espionage are conducted independent of geographic range, and expenses are often negligent compared to physical spying or acts of aggression. For example, a distributed denial of service attack against a U.S. company relying on its Internet presence for business can be organized by a small group of individuals at little expense, particularly compared to the resources necessary to even investigate the authorship of such an attack. The impact of cyber attacks is far greater on developed countries with greater reliance on the Internet — a fact that gives state actors in the developing world and non-state actors a significant advantage. On Dec. 22, 2014, for example, an unidentified actor isolated North Korea from the global network via the country's weak link in China, possibly in retaliation for the 2014 cyber attack on Sony Pictures Entertainment, which the U.S. government publicly attributed to North Korea. Whether or not the incident was tied to the Sony attack, the effect of isolating North Korea — which only retains around 1,000 unique Internet Protocol addresses — was minimal.
The asymmetric nature of threats in cyberspace, including potential attacks by non-state actors, makes employing an effective deterrence more challenging for the Department of Defense. Economic sanctions and military responses are less useful against common threats from lone hackers, organized crime and activists. Even distinguishing attribution of a specific attack between state and non-state actors can be a daunting task. For example, though the U.S. government appears confident in blaming North Korea for the Sony hack, many cyber security analysts still question the validity of the accusations.
There is no doubt that the Pentagon has been aggressively seeking ways to improve its capabilities in cyberspace. Its latest cyber strategy report highlights how the Department of Defense wants to further integrate its growing capabilities within its traditional combatant command structure. As the U.S. military continues to embrace cyberspace as a domain, it will find that its traditional role in other operational areas does not necessarily translate to this new and increasingly critical territory. Thus, the military will share cyberspace defense duties with other government agencies and the private sector in an effort to protect U.S. economic interests and the military's own networks.
-
second post
N.S.A. Secretly Widens Cross-Border Internet Spying to Find Hackers
Without public notice or debate, the Obama administration has expanded the National Security Agency’s warrantless surveillance of Americans’ international Internet traffic to search for evidence of malicious computer hacking, according to classified N.S.A. documents.
In mid-2012, Justice Department lawyers wrote two secret memos permitting the spy agency to begin hunting on Internet cables, without a warrant and on American soil, for data linked to computer intrusions originating abroad — including traffic that flows to suspicious Internet addresses or contains malware, the documents show.
READ MORE »
http://www.nytimes.com/2015/06/05/us/hunting-for-hackers-nsa-secretly-expands-internet-spying-at-us-border.html?emc=edit_na_20150604
-
Spy Virus Linked to Israel Targeted Hotels Used for Iran Nuclear Talks
Cybersecurity firm Kaspersky Lab finds three hotels that hosted Iran talks were targeted by a virus believed used by Israeli spies
Members of the media await the arrival of Iranian and other nations’ delegates at the Beau-Rivage Palace Hotel in Lausanne, Switzerland in March 2014. The hotel is one of several that served as a site for nuclear talks. A Beau-Rivage spokeswoman said the hotel was unaware of being hacked. Photo: BRENDAN SMIALOWSKI/PRESS POOL
By
Adam Entous And
Danny Yadron
June 10, 2015 8:00 a.m. ET
When a leading cybersecurity firm discovered it had been hacked last year by a virus widely believed to be used by Israeli spies, it wanted to know who else was on the hit list. It checked millions of computers world-wide and three luxury European hotels popped up. The other hotels the firm tested—thousands in all—were clean.
Researchers at the firm, Kaspersky Lab ZAO, weren’t sure what to make of the results. Then they realized what the three hotels had in common. Each was targeted before hosting high-stakes negotiations between Iran and world powers over curtailing Tehran’s nuclear program.
The spyware, the firm has now concluded, was an improved version of Duqu, a virus first identified by cybersecurity experts in 2011, according to a Kaspersky report reviewed by The Wall Street Journal and outside security experts. Current and former U.S. officials and many cybersecurity experts believe Duqu was designed to carry out Israel’s most sensitive intelligence-collection operations.
Senior U.S. officials learned Israel was spying on the nuclear talks in 2014, a finding first reported by The Wall Street Journal in March. Officials at the time offered few details about Israel’s tactics.
Kaspersky’s findings, which the Moscow-based company is expected to disclose publicly Wednesday, shed new light on the use of a stealthy virus in the spying efforts. The revelations also could provide what may be the first concrete evidence that the nuclear negotiations were targeted and by whom.
No intelligence-collection effort is a higher priority for Israel’s spy agencies than Iran, including the closed-door talks which have entered a final stage. Israeli leaders say the emerging deal could allow Iran to continue working toward building nuclear weapons, a goal Iran has denied having.
Kaspersky, in keeping with its policy, doesn’t identify Israel by name as the country responsible for the hacks. But researchers at the company indicate that they suspect an Israeli connection in subtle ways. For example, the company’s report is titled “The Duqu Bet.” Bet is the second letter of the Hebrew alphabet.
Researchers at the company acknowledge that many questions remain unanswered about how the virus was used and what information may have been stolen. Among the possibilities, the researchers say, the intruders might have been able to eavesdrop on conversations and steal electronic files by commandeering the hotel systems that connect to computers, phones, elevators and alarms, allowing them to turn them on and off at will to collect information.
Israeli officials have denied spying on the U.S. or Israel’s other allies, although they acknowledge conducting close surveillance on Iranians generally. Israeli officials declined to comment specifically on the allegations relating to the Duqu virus and the hotel intrusions.
The Federal Bureau of Investigation is reviewing the Kaspersky analysis and hasn’t independently confirmed the firm’s conclusions, according to people familiar with the discussions. U.S. officials, though, said they weren’t surprised to learn about the reported intrusions at the hotels used for the nuclear talks.
A senior congressional aide briefed on the matter said Kaspersky’s findings were credible. “We take this seriously,” the aide said.
Kaspersky, which protects hundreds of millions of computers from intruders, didn’t realize its own computers were compromised for more than six months after the 2014 breach. Hackers and intelligence agencies have long targeted security companies, given the valuable information they can learn about the Internet’s defenses. Costin Raiu, director of the global research and analysis team at Kaspersky, said the attackers first targeted a Kaspersky employee in a satellite office in the Asia Pacific region, likely through email that contained an attachment in which the virus was hidden.
By opening the attachment, the employee inadvertently would have allowed the virus to infect his computer through what Kaspersky believes was a hacking tool called a “zero day exploit.” Such tools take advantage of previously unknown security holes—giving software companies no opportunity to prevent hackers from sneaking in through them. Kaspersky says the hackers used up to two more “zero day exploits” to work further into Kaspersky’s system.
That alone, Kaspersky and outside experts say, offers evidence of the hackers’ sophistication. These kinds of tools are expensive to create and are guaranteed to work only the first time they are used. After that, companies can build up digital antibodies through software patches.
Security researchers such as Kaspersky’s Mr. Raiu often strive not just to find hackers, but also to find links between breaches through digital detective work. It is a mix of computer science, instinct and luck. In this case, Mr. Raiu saw links between this new virus and Duqu.
U.S. intelligence agencies view Duqu infections as Israeli spy operations, former U.S. officials said. While the new virus bore no overt links to Israel, it was so complex and borrowed so heavily from Duqu that it “could not have been created by anyone without access to the original Duqu source code,” Kaspersky writes in its report.
To check his conclusions, Mr. Raiu a few weeks ago emailed his findings to a friend, Boldizsár Bencsáth, a researcher at Budapest University of Technology and Economics’ Laboratory of Cryptography and System Security. Mr. Bencsáth in 2011 helped discover the original Duqu virus.
“They look extremely similar,” Mr. Bencsáth said in an interview Tuesday. He estimated a team of 10 people would take more than two years to build such a clean copycat, unless they were the original author.
In the early spring, Kaspersky found itself on the other side of the countless digital intrusions it investigates.
A Kaspersky employee in Moscow discovered the virus while testing a new security program on a company computer he assumed was bug-free. Rather than try to kick the hackers out, the company set up a special team to monitor the virus in action to figure out how it worked and what it was designed to do.
The way the virus operated took the team by surprise. It jumped from one system to another, slowly attacking an increasing number of computers. The virus sought to cover its tracks, abandoning machines the attackers deemed of no additional interest, while leaving a small file that would allow them to return later.
Mr. Raiu said the company had been bracing for cyberintrusions but didn’t expect anything this sophisticated. The attackers moved slowly through Kaspersky’s systems to avoid attracting attention. Mr. Raiu concluded that they probably valued stealth more than anything else. The company dubbed the new-and-improved virus Duqu 2.0.
In a written statement with the report that was reviewed by the Journal, Kaspersky said it didn’t expect the incident to make customers more vulnerable to hackers. “Kaspersky Lab is confident that its clients and partners are safe and that there is no impact on the company’s products, technologies and services,” it said.
The company ran tests to determine if any of its 270,000 corporate clients world-wide had been infected. Kaspersky’s list of corporate clients includes big energy companies, European banks and thousands of hotels.
It found infections on a limited number of clients in Western Europe, Asia and the Middle East. None of Kaspersky’s clients in the U.S. were targeted. A targeted cyberattack against a hotel struck researchers as unusual but not unprecedented.
The first hotel with Duqu 2.0 on its computers piqued Mr. Raiu’s interest right away, in light of the revelations he read in the Journal about Israeli spying efforts, he said. The hotel, he said, was a well-known venue for the nuclear negotiations. But he wasn’t sure if it was an isolated case.
Soon thereafter, Kaspersky found the same virus at a second luxury hotel. Initially, Mr. Raiu didn’t see a connection between the hotel and the nuclear talks. Then, a couple of weeks after the discovery of the second hotel, he learned that the nuclear negotiations would take place there. His team was “shocked,” Mr. Raiu recalled. In both cases, the hotels were infected about two to three weeks before the negotiators convened.
Kaspersky provided information about Duqu 2.0 to one of its partners, which did its own round of tests. That search turned up a third infected hotel which hosted the nuclear talks. Mr. Raiu said the third hotel was discovered last but appeared to have been infected first, sometime in 2014.
Kaspersky declined to identify the three hotels.
Hotels that served as venues for the talks include: the Beau-Rivage Palace in Lausanne, Switzerland, the Intercontinental in Geneva, the Palais Coburg in Vienna, the Hotel President Wilson in Geneva, the Hotel Bayerischer Hof in Munich and Royal Plaza Montreux in Montreux, Switzerland.
A Beau-Rivage spokeswoman said the hotel was unaware of being hacked. A manager on duty at the Intercontinental said he also was unaware of such an incident. The management team at the Royal Plaza said, “Our internal policy doesn’t allow us to deliver any information.”
The others didn’t respond to requests for comment.
In addition to the three hotels reported to have been hacked, the virus was found in computers at a site used to commemorate the 70th anniversary of the liberation of the Nazi death camp at Auschwitz. Some world leaders had attended events there.
A former U.S. intelligence official said it was common for Israel and other countries to target such international gatherings. “The only thing that’s unusual now is you hear about it,” the official said.
Mr. Raiu said Kaspersky doesn’t know what was stolen from the three hotels or from the other venues. He said the virus was packed with more than 100 discrete “modules” that would have enabled the attackers to commandeer infected computers.
One module was designed to compress video feeds, possibly from hotel surveillance cameras. Other modules targeted communications, from phones to Wi-Fi networks. The attackers would know who was connected to the infected systems, allowing them to eavesdrop on conversations and steal electronic files. The virus could also enable them to operate two-way microphones in hotel elevators, computers and alarm systems.
In addition, the hackers appeared to penetrate front-desk computers. That could have allowed them to figure out the room numbers of specific delegation members.
The virus also automatically deposited smaller reconnaissance files on the computers it passed through, ensuring the attackers can monitor them and exploit the contents of those computers at a later date.
Write to Adam Entous at adam.entous@wsj.com and Danny Yadron at danny.yadron@wsj.com
-
http://hotair.com/archives/2015/06/19/reuters-opm-hack-tied-to-chinas-intelligence-operations-and-other-hacks/
Remember when we were told how smart and competent Obama was?
-
Whose Fault is the OPM Hack Really?
Everyone's mad at the Office of Personnel Management, and I totally get why. The hack is awful, the magnitude staggering. The consequences will be big, both for the country and for lots of individuals. It's a very ugly situation, and OPM has certainly not handled it competently, let alone well. And the more we learn, the worse it gets.
But here's my question: Is this really OPM's fault?
OPM, after all, is not an intelligence agency or a counterintelligence agency. Even had it behaved competently, it had no chance of protecting data that a professional adversary intelligence service wanted to go after. It also does not have the expertise to identify which data it is holding that are—individually or collectively—likely of interest to foreign intelligence powers. To put the matter simply, protecting sensitive data from foreign spies is not within the wheelhouse of an agency whose job is "to recruit, retain, and honor a world-class workforce for the American people."
It is very much within the wheelhouse of some other federal agencies, however.
Let's start with the FBI, whose mission includes "Protect[ing] the United States against foreign intelligence operations and espionage" and "Protect[ing] the United States against cyber-based attacks and high-technology crimes." I don't know whose job, if anyone's, it is to identify large aggregations of data outside the security sector that would be of foreign intelligence interest and to protect them from espionage, but it seems to me that the agency tasked with foreign counterintelligence would be the place to start. So here's a question: Did anyone at the bureau ever flag for OPM that this material might have a giant bullseye painted on it?
Then there's NSA, which has the government's Information Assurance portfolio, and also has a huge cybersecurity capacity. NSA describes its information assurance mission as follows: "NSA's Information Assurance Directorate (IAD) protects and defends National Security Information and Information Systems, in accordance with National Security Directive 42. National Security Systems are defined as systems that handle classified information or information otherwise critical to military or intelligence activities." The OPM systems were not classified, but any database that potentially exposes millions of federal workers—including defense and intelligence workers—to potential recruitment, blackmail, or other bad conduct at the hands of a foreign intelligence service could certainly be regarded as "critical to military or intelligence activities." So here's another question: Did anyone at NSA ever flag for OPM that this material might have a giant bullseye painted on it or offer to help secure it?
Or maybe the problem lies with DHS. DHS, after all, proudly boasts that it "has the lead for the federal government for securing civilian government computer systems"—something that clearly did not happen here. So here's a third question: Did anyone at DHS ever work with this civilian agency to security its government computer systems?
If this all sounds like an interagency mess of authorities, well, there are also agencies whose job is to work through those. What, one might ask, about what role the DNI has played in this area? His mission statement starts with the broad aim: to "lead Intelligence Integration." In other words, if it was someone's job to imagine that there are a lot of non-classified systems around the government that have extraordinarily sensitive data an intelligence service would want to steal, and that this data is being housed at agencies that probably don't understand that fact and don't have the capacity to defend that data, perhaps having that imagination was the DNI's job. And if it was some office's job to reach out across the government and assess what datasets would be catastrophic to lose and to set up programs to protect that material, perhaps that was the DNI's job too.
Taping Rational Security this morning, I mentioned all this to the Hoover Institution's Kori Schake—a defense analysts and former NSC staffer—who joked with gentle bitterness that it's a good thing this country does not have a National Security Council, whose job is to coordinate the activities of the various agencies engaged in national security activity to make sure questions like this get addressed. The NSC describes its mission as including "serv[ing] as the President's principal arm for coordinating these policies among various government agencies." So here's a fourth question: Was anyone at the DNI's office or the NSC serving as the President's principal arm for securing data of intelligence value at OPM?
I'm sure it will make a lot of people feel good to beat up on OPM, and I'm sure some folks there probably deserve it. But after we've gone through the political ritual of extracting our pound of Washington flesh, let's ask the serious question: Whose job is this really? And whose do we want it to be?
http://www.lawfareblog.com/whose-fault-opm-hack-really
-
U.S. Decides to Retaliate Against China’s Hacking
By DAVID E. SANGERJULY 31, 2015
Advertisement
Continue reading the main story
Continue reading the main story Share This Page
Email
Share
Tweet
Save
more
Continue reading the main story
The Obama administration has determined that it must retaliate against China for the theft of the personal information of more than 20 million Americans from the databases of the Office of Personnel Management, but it is still struggling to decide what it can do without prompting an escalating cyberconflict.
The decision came after the administration concluded that the hacking attack was so vast in scope and ambition that the usual practices for dealing with traditional espionage cases did not apply.
But in a series of classified meetings, officials have struggled to choose among options that range from largely symbolic responses — for example, diplomatic protests or the ouster of known Chinese agents in the United States — to more significant actions that some officials fear could lead to an escalation of the hacking conflict between the two countries.
Continue reading the main story
Related Coverage
Network specialists at the Department of Homeland Security’s National Cybersecurity and Communications Integration Center in Arlington, Va., during an unclassified tour for members of the news media last week. Classified information was excluded from screen displays.
U.S. vs. Hackers: Still Lopsided Despite Years of Warnings and a Recent PushJULY 18, 2015
That does not mean a response will happen anytime soon — or be obvious when it does. The White House could determine that the downsides of any meaningful, yet proportionate, retaliation outweigh the benefits, or will lead to retaliation on American firms or individuals doing work in China. President Obama, clearly seeking leverage, has asked his staff to come up with a more creative set of responses.
Photo
The home of the Office of Personnel Management headquarters in Washington. The Obama administration has decided that it must retaliate against China for the theft of personal information from the office. Credit Mark Wilson/Getty Images
“One of the conclusions we’ve reached is that we need to be a bit more public about our responses, and one reason is deterrence,” said one senior administration official involved in the debate, who spoke on the condition of anonymity to discuss internal White House plans. “We need to disrupt and deter what our adversaries are doing in cyberspace, and that means you need a full range of tools to tailor a response.”
In public, Mr. Obama has said almost nothing, and officials are under strict instructions to avoid naming China as the source of the attack. While James R. Clapper Jr., the director of national intelligence, said last month that “you have to kind of salute the Chinese for what they did,” he avoided repeating that accusation when pressed again in public last week.
But over recent days, both Mr. Clapper and Adm. Michael S. Rogers, director of the National Security Agency and commander of the military’s Cyber Command, have hinted at the internal debate by noting that unless the United States finds a way to respond to the attacks, they are bound to escalate.
Mr. Clapper predicted that the number and sophistication of hacking aimed at the United States would worsen “until such time as we create both the substance and psychology of deterrence.”
Admiral Rogers made clear in a public presentation to the meeting of the Aspen Security Forum last week that he had advised President Obama to strike back against North Korea for the earlier attack on Sony Pictures Entertainment. Since then, evidence that hackers associated with the Chinese government were responsible for the Office of Personnel Management theft has been gathered by personnel under Admiral Rogers’s command, officials said.
Advertisement
Continue reading the main story
Admiral Rogers stressed the need for “creating costs” for attackers responsible for the intrusion, although he acknowledged that it differed in important ways from the Sony case. In the Sony attack, the theft of emails was secondary to the destruction of much of the company’s computer systems, part of an effort to intimidate the studio to keep it from releasing a comedy that portrayed the assassination of Kim Jong-un, the North Korean leader.
According to officials involved in the internal debates over responses to the personnel office attack, Mr. Obama’s aides explored applying economic sanctions against China, based on the precedent of sanctions the president approved against North Korea in January.
“The analogy simply didn’t work,” said one senior economic official, who spoke on the condition of anonymity to discuss internal White House deliberations. North Korea is so isolated that there was no risk it could retaliate in kind. But in considering sanctions against China, officials from the Commerce Department and the Treasury offered a long list of countersanctions the Chinese could impose against American firms that are already struggling to deal with China.
The Justice Department is exploring legal action against Chinese individuals and organizations believed responsible for the personnel office theft, much as it did last summer when five officers of the People’s Liberation Army, part of the Chinese military, were indicted on a charge of the theft of intellectual property from American companies. While Justice officials say that earlier action was a breakthrough, others characterize the punishment as only symbolic: Unless they visit the United States or a friendly nation, none of them are likely to ever see the inside of an American courtroom.
“Criminal charges appear to be unlikely in the case of the O.P.M. breach,” a study of the Office of Personnel Management breach published by the Congressional Research Service two weeks ago concluded. “As a matter of policy, the United States has sought to distinguish between cyber intrusions to collect data for national security purposes — to which the United States deems counterintelligence to be an appropriate response — and cyber intrusions to steal data for commercial purposes, to which the United States deems a criminal justice response to be appropriate.”
There is another risk in criminal prosecution: Intelligence officials say that any legal case could result in exposing American intelligence operations inside China — including the placement of thousands of implants in Chinese computer networks to warn of impending attacks.
Other options discussed inside the administration include retaliatory operations, perhaps designed to steal or reveal to the public information as valuable to the Chinese government as the security-clearance files on government employees were to Washington.
One of the most innovative actions discussed inside the intelligence agencies, according to two officials familiar with the debate, involves finding a way to breach the so-called great firewall, the complex network of censorship and control that the Chinese government keeps in place to suppress dissent inside the country. The idea would be to demonstrate to the Chinese leadership that the one thing they value most — keeping absolute control over the country’s political dialogue — could be at risk if they do not moderate attacks on the United States.
Advertisement
Continue reading the main story
Advertisement
Continue reading the main story
Advertisement
Continue reading the main story
But any counterattack could lead to a cycle of escalation just as the United States hopes to discuss with Chinese leaders new rules of the road limiting cyberoperations. A similar initiative to get the Chinese leadership to discuss those rules, proposed by Mr. Obama when he met the Chinese leader at Sunnylands in California in 2013, has made little progress.
The United States has been cautious about using cyberweapons or even discussing it. A new Pentagon strategy, introduced by the secretary of Defense, Ashton B. Carter, in the spring, explicitly discussed retaliation but left vague what kind of cases the United States viewed as so critical that they would prompt that type of retaliation.
In response to the Office of Personnel Management attack, White House officials on Friday announced the results of a 30-day “cybersecurity sprint” that began in early June after the federal personnel office disclosed the gigantic theft of data.
Tony Scott, the government’s chief information officer, who ordered the review, said in a blog post that agencies had significantly ramped up their use of strong authentication procedures, especially for users who required access to sensitive parts of networks.
By the end of the 30th day, officials said that more than half of the nation’s largest agencies, including the Departments of Transportation, Veterans Affairs and the Interior, now required strong authentication for almost 95 percent of their privileged users.
For Mr. Obama, responding to the theft at the Office of Personnel Management is complicated because it was not destructive, nor did it involve stealing intellectual property. Instead, the goal was espionage, on a scale that no one imagined before.
“This is one of those cases where you have to ask, ‘Does the size of the operation change the nature of it?’ ” one senior intelligence official said. “Clearly, it does.”
-
By
Margaret Coker in London,
Danny Yadron in San Francisco and
Damian Paletta in Washington
Aug. 27, 2015 7:36 p.m. ET
79 COMMENTS
U.S. and British officials decided earlier this year that a hacker needed to die.
Junaid Hussain, a British citizen in his early 20s, had risen fast to become a chief in Islamic State’s electronic army. One person familiar with the matter said he hacked dozens of U.S. military personnel and published personal and financial details online, including those of a general, for others to exploit.
He helped sharpen the terror group’s defense against Western surveillance and built hacking tools to penetrate computer systems, said people familiar with the matter.
Mr. Hussain was killed by a U.S. drone strike on Tuesday while he was in a car in Raqqa, Syria, U.S. officials said. That he was targeted directly shows the extent to which digital warfare has upset the balance of power on the modern battlefield.
Islamic State didn’t build a large cyber force like the U.S.’s National Security Agency or China’s People’s Liberation Army. Instead, it had people like Mr. Hussain, a convicted hacker whose suite of inexpensive digital tools threatened to wreak havoc on even the world’s most-powerful country. Islamic State communications described him as one of the group’s secret weapons, said one person who has seen them.
U.S. officials said they believe Mr. Hussain played an important role in recruiting two American Muslims to open fire in Garland, Texas, this spring on a contest for cartoon depictions of the Prophet Muhammad. He also frequently hacked into U.S. service members’ Facebook accounts to determine personal details and future targets, one of the people familiar with the probe said.
“If you don’t have anybody who is kind of fluent in computer operations, you’ve got a problem,” said Michael Sulmeyer, a former cyberpolicy expert for the Pentagon now at the Belfer Center for Science and International Affairs at Harvard University’s John F. Kennedy School of Government. “The ballgame is pretty much the coder or the individual.”
Mr. Hussain drew attention from U.S. and British intelligence and military agencies in part because of his efforts to recruit and incite violence, said one U.S. official. His importance to Islamic State made him a legitimate target, the official said. “Leadership: That is what gets our attention.”
Islamic State hasn’t confirmed Mr. Hussain’s death, as it sometimes does after operatives are killed in drone strikes. Eulogies from Islamic State supporters, including one man who like Mr. Hussain grew up in the West Midlands city of Birmingham, England, began trickling through Twitter on Thursday.
In the 14 months since Islamic State announced it had formed a caliphate, the group has carved out a state of sorts in Iraq and Syria. Since last fall, when U.S. officials began tracking Mr. Hussain, the terror network also started to strengthen its cyberwarfare capabilities, adopting cutting-edge encryption technology and boosting its attempts to recruit hackers to even the odds against major Western powers.
Mr. Hussain grew up a book-smart teenager, according to court records and several people familiar with his case. He was planning to study computer science.
Before graduating from high school, however, he joined a group of British teens in a hacking collective called Team Poison. Using the handle “Tr1ck,” Mr. Hussain claimed responsibility for hacking into the email account of an assistant to former Prime Minister Tony Blair. Mr. Blair’s personal details, including his National ID number, the equivalent of a Social Security number, were published online.
A British court found Mr. Hussain guilty and he served a prison sentence.
Birmingham police in July 2013 arrested him for involvement in a street fight. While awaiting trial, he fled to Syria, U.K. officials said. By January 2014, he was communicating online with other British Muslims about how to join Islamic State, according to court documents.
Once living in Islamic State territory, Mr. Hussain re-emerged with a new online persona: Abu Hussain al-Britaini.
U.S. officials began to view Mr. Hussain as a top threat because he was on the leading edge of Islamic State efforts to recruit in the U.S. He would post names, addresses and photos of U.S. troops on his Twitter feed and suggest followers find and kill the person. In several instances, the Federal Bureau of Investigation and Defense Department set up 24-hour watches around targeted service members, a person familiar with the situation said.
Mr. Hussain developed a hacking tool, or malware, that could be used to spy on other machines, called a remote access Trojan, or RAT. He was training other Islamic State members in how to use hacker techniques, people familiar with the case said.
In at least one interaction, according to a Wall Street Journal review of online communications, he discussed the possibility of obtaining a zero-day exploit—hacker jargon for software that takes advantage of flaws in commercial software, such as Microsoft Word, unknown to that developer. Because they are unknown, they are almost impossible to stop.
Islamic State leaders have long communicated on a variety of platforms such as Facebook Inc. that U.S. officials can easily tap through court orders. Computer-security types such as Mr. Hussain, however, are notorious for being cautious with digital communications. After Mr. Hussain moved into a leadership role in the group’s so-called hacking division, Islamic State began ordering and teaching its commanders and followers to tighten its security awareness.
In December, Islamic State issued an order banning fighters from using devices equipped with location-tracking software, particularly Apple Inc. devices. By May, members were tweeting to throw out Samsung Galaxy smartphones as well.
This year, Islamic State officials started warning against using WhatsApp, the popular messaging app owned by Facebook, for fears it was being monitored. Officials said operatives should use one of several Western encrypted or hard-to-track messaging apps, such as Surespot, Telegram or Kik, according to security memos reviewed by The Wall Street Journal.
In August, Islamic State supporters lighted up social media over an apparent cyber bombshell. IS Hacking Division claimed responsibility for hacking into the social-media accounts of hundreds of U.S. military members. The group published lists of 1,481 names, departments, email addresses, passwords and phone numbers, warning, “we are in your emails and computer systems, watching and recording your every move, we have your names and addresses, we are in your emails and social media accounts, we are extracting confidential data.”
The hacked list of U.S. military names was retweeted on Aug. 11 by @AbuHu55ain_911, the last known social-media profile on Twitter for Mr. Hussain.
That feed has since been deleted, as has the Twitter feed of his wife, a 45-year-old British onetime punk rocker named Sally Jones who converted to Islam and traveled to Syria to marry Mr. Hussain.
Mr. Hussain appears to have institutionalized Islamic State’s interest in fostering an electronic army. Supporters send daily entreaties to Muslims around the world to move to the caliphate. They also regularly make specialized recruitment drives. A list of needed professional skills published on Islamic State media outlets on Jan. 3 included hackers, “penetrators” and computer programmers.
—Julian E. Barnes in Brussels and Alexis Flynn in London contributed to this article.
Write to Margaret Coker at margaret.coker@wsj.com, Danny Yadron at danny.yadron@wsj.com and Damian Paletta at damian.paletta@wsj.com
Set your profile to public to comment
There are 80 comments.
All comments will display your real name. Read our commenting rules.
NewestOldestReader Recommended
Justin Murray
Justin Murray 1 minute ago
We're losing the cyber war because government has the tendency to think "expensive and complicated" beats "accessible". Much like how the electronic music industry split between the expensive and difficult to use university synthesizers provided by government grants and the cheap one invented by Robert Moog that ended up winning, organizations like the NSA with billions for a budget don't understand that the cheap to free tools found on the Internet are far superior tools in cyber warfare than the expensive bureaucracies and tools they've purchased more for prestige purposes than functional.
Governments consistently lose asynchronous warfare with shoestring fighters because shoestring fighters have the incentive to find the best weapon. Governments only look for the most expensive.
The failings of America and why we will continue to lose this fight is because we spend too much on our security apparatus.
Flag ButtonShare
Fred Smith
Fred Smith 6 minutes ago
New technology, meet old technology. BOOM.
Flag ButtonShare
Bradley S Armstrong
Bradley S Armstrong 13 minutes ago
He got the red white and blue screen of death.
Flag ButtonShare
2
Keith Brainard
Keith Brainard 16 minutes ago
Kill him all you want, just don't waterboard him.
Flag ButtonShare
6
-
http://www.thedailybeast.com/articles/2015/10/14/cybersecurity-expert-be-afraid-america-be-very-afraid.html
-
http://www.dailymail.co.uk/news/article-3169416/How-ISIS-relies-Edward-Snowden-s-leaks-outsmart-Western-intelligence-Militants-use-encrypted-channels-couriers-avoid-detection.html
-
http://news.softpedia.com/news/one-day-later-anonymous-already-takes-down-3-824-pro-isis-twitter-accounts-496258.shtml?utm_content=buffer9f41a&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer
-
Forecast
The Islamic State will continue efforts to improve its capabilities in communication and offensive attacks in cyberspace.
The availability of cybercrime tools and services on underground criminal markets will allow the Islamic State to further bolster its existing abilities.
The geographic spread of the Islamic State's online presence and its ability to tap into underground markets mean that efforts to counter the group's online activities will occur in countries other than Iraq and Syria.
Regardless of offensive capabilities in cyberspace, the Islamic State's online activities will continue to focus on disseminating propaganda in efforts to draw recruits and funding.
Analysis
On Nov. 13, armed militants killed 130 people in Paris. On Nov. 14, unarmed militants from the public relations branch of the Islamic State sat down at their computers, signed in to their social media accounts — accounts from which they could reach virtually anyone in the world — and claimed responsibility for the attacks.
Propaganda is immensely important to the Islamic State. Part of its mission is to convince the world it is as dangerous as it claims to be, so it is little surprise that the group's behavior on the Internet is every bit as theatrical as its behavior on the battlefield. Even some of the venues of the Paris attacks — a soccer stadium, a concert hall — are structures of performance meant to host large crowds. In that sense, the Islamic State achieved precisely what it intended to on Nov. 13: It commanded the attention of a global audience, which it can use to spread its message and recruit new members.
Harnessing Technology
Islamic State's first claim of responsibility for the Paris attacks was disseminated through a popular instant messaging service, Telegram, which allows end-to-end encrypted communication. A month earlier, the Islamic State's media wing began encouraging its supporters to use the service. After the initial release of the message, the rest of the Islamic State's social media network operators and supporters amplified it further. The initial call to use Telegram drew focus to the Islamic State's technical capabilities in cyberspace, particularly when coupled with the group's repeated claims that it has offensive online capabilities.
Since the Islamic State's online presence began to grow rapidly in 2014, culprits claiming affiliation with the group have carried out numerous unsophisticated online attacks, such as hijacking social media accounts and defacing poorly secured websites. Online harassment of individuals, organizations and whole populations is a tactic frequently used to foster fear without any actual threat of violence. The Islamic State's online media machine has also made claims of hacking U.S. government networks, on some occasions by posting names and personal details claimed to belong to government and military personnel. In addition to carrying out cyberattacks, whether real or fabricated, the Islamic State has more recently attempted to educate its supporters in rudimentary operational security measures when communicating over the Internet.
The Islamic State has indeed given some attention to building up its technical online capabilities and will likely continue to do so. But these capabilities have largely focused on theatrics in online media in an attempt to maintain the group's image as an expanding threat despite losing the momentum it had in 2014, rather than presenting any significant threat to public safety. These capabilities carry even less significance on the battlefields in Iraq or Syria. Nevertheless, the Islamic State likely will continue to incorporate the use of information technology and attempt to expand its technical capabilities in cyberspace.
Social Media
For more than a decade, transnational jihadists have turned to the Internet to spread claims of terrorist attacks. However, the Islamic State has built up a particularly robust and effective online media machine that has placed its propaganda, and a glimpse into its recruitment efforts, on some of the most popular public mediums in the West, including Twitter and Facebook.
No technical sophistication is required in broadcasting social media messages, and the Islamic State's social media presence in terms of users is tiny. In March, the Brookings Institution released a paper estimating that there were only 46,000-90,000 Islamic State Twitter accounts between October and November 2014. This is a small number compared to the number of total Twitter users: 307 million. However, this number of accounts is evidently enough to routinely elevate the Islamic State's propaganda efforts to the level of the international media. The Islamic State's ability to sustain an effective social media presence shows a notable degree of organizational sophistication. Maintaining this kind of presence becomes even more challenging when the group's activities are under relentless scrutiny by international law enforcement and intelligence efforts, social media service providers and anti-Islamic State activists.
The Islamic State has leveraged this social media presence to portray itself as possessing exaggerated offensive capabilities in cyberspace. In March, the "Islamic State Hacking Division" posted a list of 100 names and personal information that the hackers claimed belonged to U.S. military personnel. The hackers said they obtained the information by compromising government databases, but the list was more likely compiled through open source research. In January, someone claiming affiliation with the Islamic State hijacked the U.S. Central Command's Twitter account. However, social media users — particularly those sharing accounts — often take poor security measures in selecting account credentials; thus, hijacking or "hacking" accounts can often be accomplished with cheap tricks.
Communication
The Islamic State intentionally misrepresents its online capabilities in its online propaganda efforts. This feeds into the principal reason for the group's organizational focus on online activities: drawing recruits and funding. However, because the bulk of the Islamic State's social media presence is highly decentralized, with a significant portion spread outside of Iraq and Syria, extensive online communication is required in order to organize its propaganda efforts. The Islamic State's means of communication are diverse — a guard against the effects of any crackdown on social media accounts. As a result, the group has recently begun efforts to at least bolster the security awareness of its broader online audience, such as recommending tools like anonymous communication service "Tor" in hopes of concealing messages.
The Islamic State has made additional efforts to educate its supporters on proper operational security, even circulating a manual on securing communications around more obscure online forums. The manual contains numerous best practices and suggestions, many of which were plagiarized from another manual. Although unlikely to ultimately thwart Western intelligence agencies' targeted surveillance efforts, these practices could pose significant obstacles to law enforcement organizations. However, given the decentralized and dispersed nature of the Islamic State's online presence, it is unlikely that most online supporters will heed all the advice listed in the manual.
Islamic State Hacking
Despite names associated with the Islamic State that imply offensive online capabilities, such as the "Islamic State Hacking Division" or the "Cyber Caliphate," there is no indication that the Islamic State has any organized branch capable of carrying out cyberattacks that could inflict physical harm on individuals or cause significant financial or physical damage.
Thus far, possible Islamic State members and supporters have demonstrated little sophistication in their online offensive abilities. Website defacements are common; the wide array of websites that have been targeted over the past year, along with the use of well-known security exploits, suggests that these efforts have been simply seized opportunities rather than targeted attacks. In other words, these attacks could be carried out by a low-skilled hacker working with simple software that automatically scans a selection of targets for known vulnerabilities and relies on documented exploits to compromise vulnerable targets.
In some cases, online attacks carried out in the Islamic State's name were not in fact carried out by the group's supporters. In April, the French television network TV5Monde suffered several cyberattacks targeting its social media accounts, website and station. The culprits claimed to be associated with the Islamic State, but by June, French authorities believed the attackers were in fact Russian hackers posing as Islamic State militants. In a domain where attributing activity to particular actors can challenge even the most resourceful intelligence agencies, names are trivial.
The Islamic State probably is not capable of carrying out spectacular acts of cyberterrorism, such as targeting critical infrastructure. The group would welcome such capabilities, but so far its use of cyberspace principally has been psychological operations and communications. The low sophistication of its offensive online capabilities has been effective in this regard.
However, the group has clearly put emphasis on publicizing its activities in cyberspace and on recruiting somewhat skilled individuals. In October, Malaysian authorities arrested Ardit Ferizi, a hacker from Kosovo, who U.S. authorities accused of stealing personal information after compromising the network of a U.S. company. Ferizi then allegedly handed the information over to an Islamic State member, Junaid Hussain, who reportedly was killed in a U.S. drone strike on Aug. 25 in Raqqa, Syria. Ferizi had been a known hacker operating under the pseudonym of a group of Kosovar hacktivists. Hussain, likewise, was a known hacker and British national previously associated with a different hacktivist group.
There is nothing to suggest the prevalence of Islamic State supporters with backgrounds similar to Hussain's or Ferizi's, nor are there any indicators that Ferizi and Hussain had highly technical abilities. But their association with the Islamic State shows the group at least has the intent to recruit individuals capable of carrying out cyberattacks, and the group is likely to be able to do so again eventually.
The Islamic State's Next Steps
As it has been for other jihadist groups, the Internet has been a powerful tool for the Islamic State. Given the Islamic State's efforts to recruit hackers to carry out low-level cyberattacks, it seems likely the group will continue to pursue greater capabilities that will help it organize its online communications and its attempts to portray itself as a technically capable threat, though not to the point of committing catastrophic cyberattacks.
Capabilities to carry out cyberterrorism do not necessarily have to come from within the Islamic State. A thriving underground market exists where tools designed to commit cybercrimes for financial gain, such as stealing banking credentials or installing malware that holds critical information on a victim's device hostage for ransom, can be purchased or even rented. Offensive skills for hire and exploits in popular software not publically known (referred to as "zero day" exploits) are also available, and often the buyers and sellers do not have to know each other's identities.
Cybercrime can be a considerably profitable endeavor, potentially earning millions of dollars for the culprits. The existence of such markets means that jihadist groups like the Islamic State could gain offensive capabilities without actually recruiting a person with the necessary skills into the organization. By intersecting with existing global cybercrime networks, the Islamic State could bolster the potential funds earned through its efforts online while potentially increasing the effect of its online attacks and thus boosting its overall propaganda efforts.
Regardless of how far the Islamic State can continue to develop its online capabilities, no improvements in this area will shape its fighting abilities in and around its core territories in Iraq and Syria. Its efforts as an insurgent force largely are independent of its cyberspace activities, and this will likely be reflected in the geography of counter-Islamic State efforts. The large, decentralized pool of supporters being organized over online media and the ability to contract additional capabilities from cybercriminals means that efforts to counter the Islamic State's online activities likely will occur in areas outside of Iraq and Syria, as was the case with Ferizi.
-
http://www.breitbart.com/national-security/2015/12/21/california-man-discovers-iranian-hackers-power-grid/?utm_source=facebook&utm_medium=social
-
http://www.breitbart.com/national-security/2015/12/21/california-man-discovers-iranian-hackers-power-grid/?utm_source=facebook&utm_medium=social
No worries, Iran is our friend
-
Similar issues to those presented with Meta Data are presented here, but only more so. Several of us here focus on quasi-ticking bomb scenarios where meta data is alleged to likely make a difference. While this may well be (and I am not 100% persuaded) IMHO we also need to keep in mind that we are dealing with an increasingly lawless government a goodly portion of which is prone to regarding us as "extremists", , , IMHO this is worth careful consideration.
WSJ
The Debate Over Encryption: Stopping Terrorists From ‘Going Dark’
Encrypted devices block law enforcement from collecting evidence. Period.
By Richard Burr
Dec. 23, 2015 6:46 p.m. ET
While the terrorist attacks in Paris, San Bernardino, Calif., and Garland, Texas, have brought discussions about encryption to the front pages, criminals in the U.S. have been using this technology for years to cover their tracks. The time has come for Congress and technology companies to discuss how encryption—encoding messages to protect their content—is enabling murderers, pedophiles, drug dealers and, increasingly, terrorists.
Consumer information should be protected, and the development of stronger and more robust levels of encryption is necessary. Unfortunately, the protection that encryption provides law-abiding citizens is also available to criminals and terrorists. Today’s messaging systems are often designed so that companies’ own developers cannot gain access to encrypted content—and, alarmingly, not even when compelled by a court order. This allows criminals and terrorists, as the law enforcement community says, to “go dark” and plot with abandon.
Leaving aside the terrorism challenges, encryption is affecting the investigations of kidnapping, child pornography, gang activity and other crimes. Federal, state, local and tribal law-enforcement officers can obtain legal authority to conduct electronic communications surveillance on terrorists and criminals. But encrypted devices and applications sometimes block access to the data. This means that even when the government has shown probable cause under the Fourth Amendment, it cannot acquire the evidence it seeks.
Technology has outpaced the law. The core statute, the Communications Assistance for Law Enforcement Act, was enacted in 1994, more than a decade before the iPhone existed. The law requires telecommunications carriers—for instance, phone companies—to build into their equipment the capability for law enforcement to intercept communications in real time. The problem is that it doesn’t apply to other providers of electronic communications, including those supporting encrypted applications.
Federal Bureau of Investigation Director James Comey has said that one of the two Garland, Texas, shooters who died carrying out an attack on a Muhammad art exhibit in May exchanged 109 messages with an operative overseas. “We have no idea what he said,” Mr. Comey told the Senate this month, “because those messages were encrypted.” He described this as a “big problem”—and I couldn’t agree more.
Last month Manhattan District Attorney Cyrus R. Vance Jr. released an in-depth report specifically on “smartphone encryption and public safety.” Many cellphones, including those designed by Apple and Google, now encrypt by default all the data they store, which is accessible only with a passcode.
No one, not even the manufacturer, can access a passcode-locked phone. Apple has even touted this as a feature, telling customers that “it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices.” The report states that “passcode-protected devices render lawful court orders meaningless and encourage criminals to act with impunity. The ultimate losers in this equation are crime victims.”
The authors conclude: “Congress should enact a statute that requires any designer of an operating system for a smartphone or tablet manufactured, leased, or sold in the U.S. to ensure that data on its devices is accessible pursuant to a search warrant. Such a law would be well within Congress’s Commerce Clause powers, and does not require costly or difficult technological innovations.”
The challenges presented by encryption extend to financial transactions. In August Sen. Elizabeth Warren wrote letters to six federal agencies voicing concerns that banks were using Symphony, an encrypted messaging system that could prevent regulators from detecting illegal activities. The letter came shortly after New York’s top banking regulator, the New York State Department of Financial Services, raised the same concern with several major banks and Symphony’s developer.
In response, the banks agreed to store decryption keys with independent custodians, and Symphony agreed to retain electronic communications for seven years. All parties also agreed to a periodic review process to make sure that oversight keeps in sync with new technologies.
It would seem to me that daily financial flows shouldn’t command more attention than terrorist or criminal communications, yet here we are. Although the agreement described above may not be the solution for all encrypted communications, it does show that cooperative solutions are possible.
I and other lawmakers in Washington would like to work with America’s leading tech companies to solve this problem, but we fear they may balk. When Apple objected to a recent court order in a New York criminal case requiring it to unlock an iPhone running iOS 7—an operating system that Apple can unlock—the company refused, arguing: “This is a matter for Congress to decide.” On that point, Apple and I agree. It’s time to update the law.
Mr. Burr, a Republican senator from North Carolina, is the chairman of the Senate Select Committee on Intelligence.
-
The Data Breach You Haven’t Heard About
Foreign hackers may be reading encrypted U.S. government communications, yet basic information about what happened still isn’t available.
ENLARGE
Photo: Getty Images/Ikon Images
By Will Hurd
Jan. 26, 2016 7:15 p.m. ET
66 COMMENTS
A security breach recently discovered at software developer Juniper Networks has U.S. officials worried that foreign hackers have been reading the encrypted communications of U.S. government agencies for the past three years. Yet compared with the uproar over the Office of Personnel Management breach, first disclosed last June, this recent breach has gone largely unnoticed.
On Dec. 17 the California-based Juniper Networks announced that an unauthorized backdoor had been placed in its ScreenOS software, and a breach was possible since 2013. This allowed an outside actor to monitor network traffic, potentially decrypt information, and even take control of firewalls. Days later the company provided its clients—which include various U.S. intelligence entities—with an “emergency security patch” to close the backdoor.
The federal government has yet to determine which agencies are using the affected software or if any agencies have used the patch to close the backdoor. Without a complete inventory of compromised systems, lawmakers are unable to determine what adversaries stole or could have stolen.
If government systems have yet to be fixed then adversaries could still be stealing sensitive information crucial to national security. The Department of Homeland Security is furiously working to determine the extent to which the federal government used ScreenOS. But Congress still doesn’t know the basic details of the breach.
Yet this vital information should not be difficult to obtain. After all, U.S. banks that use this software for encryption were forced to share the extent of their use to the Securities and Exchange Commission only hours after the compromise was disclosed. It is government agencies that are dragging their feet.
This is why I and my colleagues on the House Committee on Oversight and Government Reform recently wrote a letter to the heads of 24 federal agencies demanding an inventory of their systems running the affected software, and whether or not they have installed the patch. If they fail to respond they will be called before Congress to explain why they couldn’t produce this basic information—even though the 2002 Federal Information Security Management Act requires government bodies to monitor and protect the data they possess.
Once we learn which agencies were using the faulty software, finish patching all the systems and conduct a damage assessment, we need to examine why this older version of ScreenOS, last updated in 2011, was being used in the first place. This product is considered a legacy system that many users have replaced with better technology, yet the U.S. government hadn’t bothered to update to a newer, more-secure system.
Sadly, this isn’t surprising. Last year, according to the U.S. Government Accountability Office, the federal government spent over $80 billion on IT procurement and 80% of those funds were for legacy systems—outdated technology or software similar to ScreenOS. This practice of not keeping up with the times renders our nation’s IT infrastructure less efficient and exponentially more vulnerable.
Finally, this incident shows that backdoors to bypass encryption—even those requested by law enforcement or mandated by lawmakers—are extremely dangerous. There is no way to create a backdoor that is not vulnerable to this kind of breach. Encryption is essential to our national security and economy; we should be focused on strengthening it not weakening it.
Rep. Hurd, a Republican from Texas, sits on the House Homeland Security Committee and is chairman of the IT Subcommittee on Oversight and Government Reform.
-
We are so scroomed.
-
"On Dec. 17 the California-based Juniper Networks announced that an unauthorized backdoor had been placed in its ScreenOS software, and a breach was possible since 2013."
We do the majority of R & D and bear the burden of cost and simply give it all away through sharing, and theft.
What do they mean "unauthorized backdoor"? Screw up? Espionage? Traitor? What?
I remember sitting at the same lunch table with the CEO of Juniper networks back in the Gilder days at his tech conference in Memphis 1999? maybe. Wonder if he still CEO.
Those were the glory days of Gilder tech. :-)
-
Years ago a computer geek friend of mine spoke of installing unauthorized back doors when he installed software so that if necessary he would have means of enforcing payment.
-
All of the software companies do that I believe. One way or the other Juniper needs to be held accountable.
-
Obama had a piece Monday on the editorial page of the WSJ about Cyber Security. Could someone please find it and post it here?
-
Utilities Cautioned About Potential for a Cyberattack After Ukraine’s
By DAVID E. SANGERFEB. 29, 2016
WASHINGTON — The Obama administration has warned the nation’s power companies, water suppliers and transportation networks that sophisticated cyberattack techniques used to bring down part of Ukraine’s power grid two months ago could easily be turned on them.
From Our Advertisers
After an extensive inquiry, American investigators concluded that the attack in Ukraine on Dec. 23 may well have been the first power blackout triggered by a cyberattack — a circumstance many have long predicted. Working remotely, the attackers conducted “extensive reconnaissance” of the power system’s networks, stole the credentials of system operators and learned how to switch off the breakers, plunging more than 225,000 Ukrainians into darkness.
In interviews, American officials said they have not completed their inquiry into who was responsible for the attack. But Ukrainian officials have blamed the Russians, saying it was part of the effort to intimidate the country’s political leaders by showing they could switch off the lights at any time.
“They could be right,” said one senior administration official. “But so far we don’t have the complete evidence, and the attackers went to some lengths to hide their tracks.”
Even after it has reached a conclusion, the White House might decide not to name the attackers, just as it decided not to publicly blame China for the theft of 22 million security files from the Office of Personnel Management.
But American intelligence officials have been intensely focused on the likelihood that the attack was engineered by the Russian military, or “patriotic hackers” operating on their behalf, since the first reports of the December blackout. The officials have found it intriguing that the attack did not appear designed to shut down the entire country. “This appears to be message-sending,” said one senior administration official with access to the intelligence, who requested anonymity to discuss the ongoing inquiry.
Equally interesting to investigators was the technique used: The malware designed for the Ukrainian power grid was directed at “industrial control systems,” systems that act as the intermediary between computers and the switches that distribute electricity and guide trains as they speed down the track, the valves that control water supplies, and the machinery that mixes chemicals at factories.
The most famous such attack was the Stuxnet worm, which destroyed the centrifuges that enriched uranium at the Natanz nuclear site in Iran. But that is not an example often cited by American officials — largely because the attack was conducted by the United States and Israel, a fact American officials have never publicly acknowledged.
Experts in cybersecurity regard the Ukraine attack as a teaching moment, a chance to drive home to American firms the vulnerability of their own systems. “There’s never been an intentional cyberattack that has taken the electric grid down before,” said Robert M. Lee of the SANS Institute. Mr. Lee said that while it was still not possible to determine who conducted the attack — what is called “attribution” in the cyber industry — he noted that it was clearly designed to send a political message.
“It was large enough to get everyone’s attention,” he said, “and small enough not to prompt a major response.”
The warning issued last Thursday by the Department of Homeland Security provided the first detailed account of the Ukrainian attack, based on the findings of a series of government experts who traveled to Ukraine to gather evidence.
The attack described by the Homeland Security document was highly sophisticated. The attackers gained entry, it appears, by sending a series of “spearphishing” messages that led someone in Ukraine to unintentionally give them access. Once they had that, the attackers mapped the system, much as the North Koreans mapped Sony Entertainment’s computers before attacking them in the fall of 2014.
Then a series of cyberattacks were carefully coordinated to occur within 30 minutes of one another on Dec. 23. The “breakers” that disconnected power were operated “by multiple external humans” through secure communication channels. The hackers then wiped many of the systems clean using a form of malware aptly named “KillDisk” which erased files on the systems and disabled them. They wiped out the “human-machine interface” that enables operators of the electric system to run those systems — or get them back in service — from their computers.
For extra measure, the hackers even managed to disconnect backup power supplies, so that once the power failed, the computers could not turn them back on.
Investigators say that in the end, the Ukrainians may have been saved by the fact that their country relies on old technology and is still not as fully wired as many Western nations — meaning they were able to restore power by manually flipping old-style circuit breakers.
“The bad news for the United States is that we can’t do the same thing,” said Ted Koppel, the former ABC News anchor who published a best seller last year, entitled “Lights Out,” about the vulnerability of the American electric grid.
“We have 3,200 power companies, and we need a precise balance between the amount of electricity that is generated and the amount that is used,” he said. “And that can only be done over a system run on the Internet. The Ukrainians were lucky to have antiquated systems.”
The report from Homeland Security recommended a series of common-sense steps: Make sure that outsiders accessing power systems or other networks that operate vital infrastructure can monitor the system, but not change it; close “back doors” — system flaws that can give an intruder unauthorized access; have a contingency plan to shut down systems that have been infected, or invaded, by outsiders.
But all those systems make it harder for legitimate operators to use the Internet to keep vast systems operating, from a smartphone or laptop if necessary.
-
Better plan on it happening here.
-
What can we do to save our data, our websites, the contents of our computers?
-
What can we do to save our data, our websites, the contents of our computers?
I'd worry more about saving your family because a prolonged grid down scenario has an estimated 90% fatality rate.
-
http://motherboard.vice.com/en_ca/read/fbi-flash-alert-hacking-group-has-had-access-to-us-govt-files-for-years
-
"80%" of law firms have been hacked according to this. As a doctor who has had to comply with HIPPA laws or risk jail , and forced by lawyers and politicians to have to shell out thousands for electronic records and their security, how would anyone think I might feel when reading this:
http://www.breitbart.com/video/2016/04/06/watch-matthews-presses-sanders-supporter-on-paying-for-free-college-supporter-says-i-dont-need-to-know-at-this-moment/?utm_source=facebook&utm_medium=social
I doubt we will see the public outrage against lawyers from the politicians most of whom are the same.
-
http://www.nytimes.com/2016/08/17/us/shadow-brokers-leak-raises-alarming-question-was-the-nsa-hacked.html?emc=edit_th_20160817&nl=todaysheadlines&nlid=49641193&_r=1
rters of the National Security Agency in Fort Meade, Md. Credit Jim Lo Scalzo/European Pressphoto Agency
The release on websites this week of what appears to be top-secret computer code that the National Security Agency has used to break into the networks of foreign governments and other espionage targets has caused deep concern inside American intelligence agencies, raising the question of whether America’s own elite operatives have been hacked and their methods revealed.
Most outside experts who examined the posts, by a group calling itself the Shadow Brokers, said they contained what appeared to be genuine samples of the code — though somewhat outdated — used in the production of the N.S.A.’s custom-built malware.
Most of the code was designed to break through network firewalls and get inside the computer systems of competitors like Russia, China and Iran. That, in turn, allows the N.S.A. to place “implants” in the system, which can lurk unseen for years and be used to monitor network traffic or enable a debilitating computer attack.
According to these experts, the coding resembled a series of “products” developed inside the N.S.A.’s highly classified Tailored Access Operations unit, some of which were described in general terms in documents stolen three years ago by Edward J. Snowden, the former N.S.A. contractor now living in Russia.
But the code does not appear to have come from Mr. Snowden’s archive, which was mostly composed of PowerPoint files and other documents that described N.S.A. programs. The documents released by Mr. Snowden and his associates contained no actual source code used to break into the networks of foreign powers.
Whoever obtained the source code apparently broke into either the top-secret, highly compartmentalized computer servers of the N.S.A. or other servers around the world that the agency would have used to store the files. The code that was published on Monday dates to mid-2013, when, after Mr. Snowden’s disclosures, the agency shuttered many of its existing servers and moved code to new ones as a security measure.
By midday Tuesday Mr. Snowden himself, in a Twitter message from his exile in Moscow, declared that “circumstantial evidence and conventional wisdom indicates Russian responsibility” for publication, which he interpreted as a warning shot to the American government in case it was thinking of imposing sanctions against Russia in the cybertheft of documents from the Democratic National Committee.
“Why did they do it?” Mr. Snowden asked. “No one knows, but I suspect this is more diplomacy than intelligence, related to the escalation around the DNC hack.”
Around the same time, WikiLeaks declared that it had a full set of the files — it did not say how it had obtained them — and would release them all in the future. The “Shadow Brokers” had said they would auction them off to the highest bidder.
“I think it’s Snowden-era stuff, repackaged for resale now,” said James A. Lewis, a computer expert at the Center for Strategic and International Studies, a Washington think tank. “This is probably some Russian mind game, down to the bogus accent” of some of the messages sent to media organizations by the Shadow Brokers group, delivered in broken English that seemed right out of a bad spy movie.
The N.S.A. would say nothing on Tuesday about whether the coding released was real or where it came from. Its public affairs office did not respond to inquiries.
“It certainly feels all real,” said Bruce Schneier, a leading authority on state-sponsored breaches. “The question is why would someone steal it in 2013 and release it this week? That’s what is making people think this is likely the work of Russian intelligence.”
There are other theories, including one that some unknown group was trying to impersonate hackers working for Russian or other intelligence agencies. Impersonation is relatively easy on the internet, and it could take considerable time to determine who is behind the release of the code.
The Shadow Brokers first emerged online on Saturday, creating accounts on sites like Twitter and Tumblr and announcing plans for an auction. The group said that “we give you some Equation Group files free” and that it would auction the best ones. The Equation Group is a code name that Kaspersky Labs, a Russian cybersecurity firm, has given to the N.S.A.
While still widely considered the most talented group of state-sponsored hackers in the world, the N.S.A. is still recovering from Mr. Snowden’s disclosures; it has spent hundreds of millions of dollars reconfiguring and locking down its systems.
Mr. Snowden revealed plans, code names and some operations, including against targets like China. The Shadow Brokers disclosures are much more detailed, the actual code and instructions for breaking into foreign systems as of three summers ago.
“From an operational standpoint, this is not a catastrophic leak,” Nicholas Weaver, a researcher at the International Computer Science Institute in Berkeley, Calif., wrote on the Lawfare blog on Tuesday.
But he added that “the big picture is a far scarier one.” In the weeks after Mr. Snowden fled Hawaii, landing in Hong Kong before ultimately going to Russia, it appears that someone obtained that source code. That, he suggested, would be an even bigger security breach for the N.S.A. than Mr. Snowden’s departure with his trove of files.
However, the fact that the code is dated from 2013 suggests that the hackers’ access was cut off around then, perhaps because the agency imposed new security measures.
The attack on the Democratic National Committee has raised questions about whether the Russian government is trying to influence the American election. If so, it is unclear how — or whether — President Obama will respond. A response could be public or private, and it could involve sanctions, diplomatic warnings or even a counterattack.
“The real problem for us is that the Russians seem to have taken the gloves off in the cyberdomain,” said Mr. Lewis, of the Center for Strategic and International Studies, “and we don’t know how to respond.”
-
From ABC news curtesy of Drudge:
http://abcnews.go.com/Politics/hack-election/story?id=41489017
"Those experiences confirm my belief that if sophisticated hackers want to get into any computer or electronic device, even one that is not connected to the internet, they can do so"
I could have told him this many years ago. We are endlessly hacked and our devices are no where the internet. I wondered years ago if the excuse was device makers where making this possible for law enforcement in the age of terrorism . I also wondered if they just did it to control us for business reasons, such as to make sure people were not using subscriptions illegally for free or to see what our preferences are for their data and statistical analyses or just for snooping for any other reasons one can dream up.
All I can ask is if law enforcement is NOT up to the task of even protecting the big shots then the rest of us average folks have NO chance. I have been saying this for years. Sadly for me I have seen it personally over and over again and had to sit here watching it first hand while others have gotten very rich and we suffer.
The extent of the crime that is committed this way is STILL surprisingly apparently not even realized by many. I think I read Bill Gates himself once said the biggest challenge is security in the IT age. Yet another time he told a reporter the security he uses for his computers is the standard retail stuff we all use. THAT is hard to believe.
-
It ain't always the "Russians" or the "Chinese". But if you as victim are not the CIA this kind of crime is rampant and unpunished:
https://www.yahoo.com/news/2-men-arrested-charged-hacking-senior-us-officials-154755704.html
-
And you're correct. It is not without significant risk.
I personally would avoid the dark web altogether. Big boy rules apply.
https://pjmedia.com/trending/2016/09/16/sources-tens-of-thousands-of-files-from-clinton-blumenthal-computers-available-on-deep-web/?singlepage=true
In deep.
People are afraid of the deepweb or don't know how to access it. They shouldn't be afraid and it isn't difficult to access.
Just download the TOR browser (from TOR), have a deicated computer for specifically that with no personal info on it or use a thumb drive to boot your system, a VPN, and you're good to go. Don't download anything from there, and obviously avoid the smut pages and whatnot, but it's surprising what is on there that Google and company don't register in their search engines. You can basically find whatever you want.
Edit: Make sure you cover up your camera physically as well and don't speak while surfing, or any background noise for that matter.
What are those risks?
Drawing the attention of lots of entities that you don't want attention from.
Just as GM stated, plus they could potentially hack into your computer, steal your files, id your location, control your computer remotely, you could potentially access websites that have criminal activities - thus drawing the attention of alphabet soup type organizations (NSA, CIA, FBI, USSS, ATF, DEA, NCIS and INS), or even if none of that happened, the fact that you have to use a TOR browser (which can also access "http:www" sites), your local internet service provider (even using a VPN with TOR), they'll know you're accessing onion sites BECAUSE of where their exit traffic is going - Note the following: "A user is talking to a clear net website instead of the onion so in theory the proxy can read all the information you're sending and getting from the onion. Also, you are far from anonymous because the Tor2Web-gateway sees your IP." https://chloe.re/2016/05/20/killing-tor2web-once-and-for-all/
And (note the web address in the photo here). You WILL get attention from someone. There's no avoiding that. There are also a couple of things I didn't provide above to disguise where you are or who you are, but the bottom line, is if someone wants to find you, they will. A quick query of TOR security precautions will make it so that most people won't find you, but the government and good hackers will if they want to.
I've used the deep web on and off for about two years. Then again, I work where I work and do what I do, so I'm not overly concerned about having uninvited guests. For the most part, I've seen a lot of bit coin operated sites that offer whatever service you can think of, blueprints, how to's, and seedier things. The bit coin sites all work off of an escrow service that can be used to locate someone as well.
GM is correct in saying that it has its risks. I'll add, for what I've seen on it, it isn't worth the hassle, other than just to go cruising downtown Tijuana to go see things that no one else sees for the "been there, done that trip."
Edit: I forgot to add, that if you do decide to access it, disable java. If anyone reading his doesn't know how to disable java, they shouldn't go. Period.
Edit II: Do not use TOR with windows to access the web. As I stated above, the best way is a dedicated machine, using Linux and TOR on a thumb drive into that.
It really isn't worth the hassle. Those curious, can go youtube query "deeb web sites" and get an idea that way without risking themselves.
(http://1.bp.blogspot.com/-l5wiLJBiePI/VoNMACHgtzI/AAAAAAAACvA/3w5f7s8fiAY/s1600/dw%2Bprint%2B20.jpg)
-
http://www.dailymail.co.uk/news/article-3821959/Yahoo-secretly-scanned-customer-emails-US-intelligence-sources.html
-
http://www.dailymail.co.uk/news/article-3821959/Yahoo-secretly-scanned-customer-emails-US-intelligence-sources.html
Well, Bush isn't president, so this isn't something anyone will be concerned about.
-
http://www.dailymail.co.uk/news/article-3821959/Yahoo-secretly-scanned-customer-emails-US-intelligence-sources.html
Well, Bush isn't president, so this isn't something anyone will be concerned about.
If I had a nickel for everytime the Left has brought up Bush and emails this election season, as a defense to Clinton and Obama.
-
http://www.nbcnews.com/news/us-news/cia-prepping-possible-cyber-strike-against-russia-n666636
If true and not a pretense or a bluff, and if we don't want them realizing it or seeing it coming, then why are we telling them?
-
http://www.nbcnews.com/news/us-news/cia-prepping-possible-cyber-strike-against-russia-n666636
If true and not a pretense or a bluff, and if we don't want them realizing it or seeing it coming, then why are we telling them?
Because it's "Operation Obama isn't a pussy". For domestic consumption only.
-
"Because it's "Operation Obama isn't a pussy". For domestic consumption only."
Drudge today now has headline : Obama is considering military options in Syria.
Yeah right . Just before an election. Is this sickening how the Dems will do anything.
Notice Obama is now acting as Clinton's surrogate. She is in hiding afraid to open up her mouth and he is out doing all her campaigning.
-
Because it is about the wrong political party.
Gee, Obama?, HRC?, Brussels?, CNN?
http://www.bbc.com/news/technology-37680411
-
Techie question: Does our recent diminishment of control of the internet to some international body lessen our ability to defend ourselves in the event of cyberattacks such as these/cyberwar?
===========================================
Hackers Used New Weapons to Disrupt Major Websites Across U.S.
By NICOLE PERLROTHOCT. 21, 2016
photo
A map of the areas experiencing problems, as of Friday afternoon, according to downdetector.com.
SAN FRANCISCO — Major websites were inaccessible to people across wide swaths of the United States on Friday after a company that manages crucial parts of the internet’s infrastructure said it was under attack.
Users reported sporadic problems reaching several websites, including Twitter, Netflix, Spotify, Airbnb, Reddit, Etsy, SoundCloud and The New York Times.
The company, Dyn, whose servers monitor and reroute internet traffic, said it began experiencing what security experts called a distributed denial-of-service attack just after 7 a.m. Reports that many sites were inaccessible started on the East Coast, but spread westward in three waves as the day wore on and into the evening.
And in a troubling development, the attack appears to have relied on hundreds of thousands of internet-connected devices like cameras, baby monitors and home routers that have been infected — without their owners’ knowledge — with software that allows hackers to command them to flood a target with overwhelming traffic.
A spokeswoman said the Federal Bureau of Investigation and the Department of Homeland Security were looking into the incident and all potential causes, including criminal activity and a nation-state attack.
Kyle York, Dyn’s chief strategist, said his company and others that host the core parts of the internet’s infrastructure were targets for a growing number of more powerful attacks.
“The number and types of attacks, the duration of attacks and the complexity of these attacks are all on the rise,” Mr. York said.
Security researchers have long warned that the increasing number of devices being hooked up to the internet, the so-called Internet of Things, would present an enormous security issue. And the assault on Friday, security researchers say, is only a glimpse of how those devices can be used for online attacks.
Dyn, based in Manchester, N.H., said it had fended off the assault by 9:30 a.m. But by 11:52 a.m., Dyn said it was again under attack. After fending off the second wave of attacks, Dyn said at 5 p.m. that it was again facing a flood of traffic.
A distributed denial-of-service attack, or DDoS, occurs when hackers flood the servers that run a target’s site with internet traffic until it stumbles or collapses under the load. Such attacks are common, but there is evidence that they are becoming more powerful, more sophisticated and increasingly aimed at core internet infrastructure providers.
Going after companies like Dyn can cause far more damage than aiming at a single website.
Dyn is one of many outfits that host the Domain Name System, or DNS, which functions as a switchboard for the internet. The DNS translates user-friendly web addresses like fbi.gov into numerical addresses that allow computers to speak to one another. Without the DNS servers operated by internet service providers, the internet could not operate.
In this case, the attack was aimed at the Dyn infrastructure that supports internet connections. While the attack did not affect the websites themselves, it blocked or slowed users trying to gain access to those sites.
Mr. York, the Dyn strategist, said in an interview during a lull in the attacks that the assaults on its servers were complex.
“This was not your everyday DDoS attack,” Mr. York said. “The nature and source of the attack is still under investigation.”
Photo
A notice from Dyn on its website about the outage.
Later in the day, Dave Allen, the general counsel at Dyn, said tens of millions of internet addresses, or so-called I.P. addresses, were being used to send a fire hose of internet traffic at the company’s servers. He confirmed that a large portion of that traffic was coming from internet-connected devices that had been co-opted by type of malware, called Mirai.
Dale Drew, chief security officer at Level 3, an internet service provider, found evidence that roughly 10 percent of all devices co-opted by Mirai were being used to attack Dyn’s servers. Just one week ago, Level 3 found that 493,000 devices had been infected with Mirai malware, nearly double the number infected last month.
Mr. Allen added that Dyn was collaborating with law enforcement and other internet service providers to deal with the attacks.
In a recent report, Verisign, a registrar for many internet sites that has a unique perspective into this type of attack activity, reported a 75 percent increase in such attacks from April through June of this year, compared with the same period last year.
The attacks were not only more frequent, they were bigger and more sophisticated. The typical attack more than doubled in size. What is more, the attackers were simultaneously using different methods to attack the company’s servers, making them harder to stop.
The most frequent targets were businesses that provide internet infrastructure services like Dyn.
“DNS has often been neglected in terms of its security and availability,” Richard Meeus, vice president for technology at Nsfocus, a network security firm, wrote in an email. “It is treated as if it will always be there in the same way that water comes out of the tap.”
Last month, Bruce Schneier, a security expert and blogger, wrote on the Lawfare blog that someone had been probing the defenses of companies that run crucial pieces of the internet.
“These probes take the form of precisely calibrated attacks designed to determine exactly how well the companies can defend themselves, and what would be required to take them down,” Mr. Schneier wrote. “We don’t know who is doing this, but it feels like a large nation-state. China and Russia would be my first guesses.”
It is too early to determine who was behind Friday’s attacks, but it is this type of attack that has election officials concerned. They are worried that an attack could keep citizens from submitting votes.
Thirty-one states and the District of Columbia allow internet voting for overseas military and civilians. Alaska allows any Alaskan citizen to do so. Barbara Simons, the co-author of the book “Broken Ballots: Will Your Vote Count?” and a member of the board of advisers to the Election Assistance Commission, the federal body that oversees voting technology standards, said she had been losing sleep over just this prospect.
“A DDoS attack could certainly impact these votes and make a big difference in swing states,” Dr. Simons said on Friday. “This is a strong argument for why we should not allow voters to send their voted ballots over the internet.”
This month the director of national intelligence, James Clapper, and the Department of Homeland Security accused Russia of hacking the Democratic National Committee, apparently in an effort to affect the presidential election. There has been speculation about whether President Obama has ordered the National Security Agency to conduct a retaliatory attack and the potential backlash this might cause from Russia.
Gillian M. Christensen, deputy press secretary for the Department of Homeland Security, said the agency was investigating “all potential causes” of the attack.
Vice President Joseph R. Biden Jr. said on the NBC News program “Meet the Press” this month that the United States was prepared to respond to Russia’s election attacks in kind. “We’re sending a message,” Mr. Biden said. “We have the capacity to do it.”
But technology providers in the United States could suffer blowback. As Dyn fell under recurring attacks on Friday, Mr. York, the chief strategist, said such assaults were the reason so many companies are pushing at least parts of their infrastructure to cloud computing networks, to decentralize their systems and make them harder to attack.
“It’s a total wild, wild west out there,” Mr. York said.
-
second post
http://www.politico.com/story/2016/10/media-vulnerable-to-election-night-cyber-attack-229956
-
http://www.csoonline.com/article/3133735/data-breach/john-mcafee-iran-hacked-the-dnc-and-north-korea-hacked-dyn.html
-
From above article from McAfee:
"What about Russia?"
"If all evidence points to the Russians, then, with 100% certainty, it is not the Russians," said McAfee. "Anyone who is capable of carrying out a hack of such sophistication is also capable, with far less effort than that involved in the hack, of hiding their tracks or making it appear that the hack came from some other quarter. The forensic tools used to assign culpability in a hack are well known, in the cybersecurity world, to be largely ineffective. They may, sometimes, correctly identify an unsophisticated 15 year old as the source of a hack, such as the teenager who hacked the FBI less than a year ago. But they are completely ineffective against large, sophisticated groups of hackers such as those run by the Russian State."
I have ZERO confidence in this administration to be truthful or honest of forthcoming. That is the biggest problem we have about government. They lie to us all the time so now they want us to believe it is Russia I don't.
The attack on Mosul while a good idea is very odd to occur right before an election. The tough talk with Russia right before an election is also suspect. Blaming Russia and tying this to Trump somehow is also suspect. Articles claiming Hillary is terrifying Putin also suspect.
An administration that will be complicit and cover up crimes of the degree that is obvious to everyone else is never to be trusted.
-
quote author=Crafty_Dog Techie question: Does our recent diminishment of control of the internet to some international body lessen our ability to defend ourselves in the event of cyberattacks such as these/cyberwar?
===========================================
I don't know the tech answer to that, just speculate that of course it does. Leave the broader question open to be addressed as the evidence comes in, what are all the ill-effects of this disgraceful, anti-American policy?
-
A friend writes:
Marc,
There is another reason for concern about all these emails being found on the laptop jointly owned by Weiner and Abedin. I have not yet seen this aspect discussed publicly.
If Weiner were sending and receiving porn (underage or otherwise) from that laptop, then he was most likely frequenting unsecured file sharing services.
This is how child porn and other illegal porn is distributed outside of the usual pay internet sites. (Not to mention what gets attached to those
files) I know this from , , , . You get porn by allowing others to access your files directly from your computer storage via these file sharing sites for porn- especially underage porn.
Thus, if Huma's files from clintonemail.com to her Yahoo account were all stored on the same laptop that Weiner was using to share porn, then all those emails were subject to easy discovery by any interested party who would troll those boards for ways to hack into other peoples' computers and take them over for various purposes. The FBI trolls those boards in order to impersonate and catch child porn users and distributors. So, her IP address was known. Access to the file storage on the laptop was enabled.
Who knows what was attached to any of the files that Weiner would have accessed?
Not to mention that Yahoo was hacked and humaabedin@yahoo.com was likely compromised.
Just saying that there is a lot more potential security exposure here including a way for outside agencies to access everything on that laptop and cover their tracks inside Weiner's file sharing services.
-
PGC...and incredibly valid point.
Hope you don't mind if I steal this... it is a point that needs to be circulating on social media.
-
Please hold off for now.
-
http://www.oregonlive.com/today/index.ssf/2016/09/just_how_bad_is_yahoos_securit.html
Unsecure.
-
https://en.wikipedia.org/wiki/Tempest_(codename)
How could hostile nation states use this to target unsecure computers at Hillary's and Huma's?
-
DDF: You may forward it in its present form.
-
A friend writes:
Marc,
There is another reason for concern about all these emails being found on the laptop jointly owned by Weiner and Abedin. I have not yet seen this aspect discussed publicly.
If Weiner were sending and receiving porn (underage or otherwise) from that laptop, then he was most likely frequenting unsecured file sharing services.
This is how child porn and other illegal porn is distributed outside of the usual pay internet sites. (Not to mention what gets attached to those
files) I know this from , , , . You get porn by allowing others to access your files directly from your computer storage via these file sharing sites for porn- especially underage porn.
Thus, if Huma's files from clintonemail.com to her Yahoo account were all stored on the same laptop that Weiner was using to share porn, then all those emails were subject to easy discovery by any interested party who would troll those boards for ways to hack into other peoples' computers and take them over for various purposes. The FBI trolls those boards in order to impersonate and catch child porn users and distributors. So, her IP address was known. Access to the file storage on the laptop was enabled.
Who knows what was attached to any of the files that Weiner would have accessed?
Not to mention that Yahoo was hacked and humaabedin@yahoo.com was likely compromised.
Just saying that there is a lot more potential security exposure here including a way for outside agencies to access everything on that laptop and cover their tracks inside Weiner's file sharing services.
Besides setting up a culture of corruption, Hillary's leadership at State comprised and careless and reckless culture of disregard for security of national security information, each incident a felony.
The key here is to note that the motive for lax security, operating outside the government security, was an integral part of the premeditated corruption syndicate. They knew before the pay for play communications were sent and received what they intending to do with the Secretary of State's office. And Huma worked concurrently for both operations, not some inadvertent overlap of duties. All this the idea of Hillary unless she doesn't run her own operations. http://www.bloomberg.com/politics/articles/2016-08-15/huma-abedin-s-overlapping-jobs-renew-focus-on-clinton-conflicts
This was an planned and organized crime operation, not a mistake. They knew these communications would not hold up to public or law enforcement scrutiny. Even when totally and completely busted they act like nothing is wrong. With the evidence all over the internet, they say the FBI Director has nothing, just out to get her!
We need the voters to speak on this.
-
Doug writes,
"We need the voters to speak on this."
I think THIS is the only remedy. From what I read , unless I misunderstand the law, is that if she is elected there will be zero way to get real justice. She will get away with it all.
She can pardon herself. She can't be impeached for crimes that occurred 'before ' she is President (not that Democrats would get on bard anyway), no government agency is going to be able to not be corrupted to go after its boss, and she can refuse to appoint an independent counsel.
Am I wrong on this??
-
https://blog.fortinet.com/2016/11/14/cybersecurity-in-this-new-political-era5829eb18519ce
-
The Year in Cybercrime: Exploiting the Weakest Link
Analysis
November 30, 2016 | 09:04 GMT Print
Text Size
The weapons used to conduct cyberattacks are relatively new, but the tactics employed have been around for centuries. (KIRILL KUDRYAVTSEV/AFP/Getty Images)
Forecast
Hackers will continue to rely on social engineering tactics to exploit their victims.
State and state-sponsored actors will turn increasingly to cybercrime to advance their national interests.
Technological improvements to counter cybercrime will not protect against human vulnerability.
Analysis
Editor's Note: This analysis was produced by Threat Lens, Stratfor's unique protective intelligence product. Designed with corporate security leaders in mind, Threat Lens enables industry professionals to anticipate, identify, measure and mitigate emerging threats to people and assets around the world.
Learn more here.
The rise of the internet and related technologies has transformed the world, revolutionizing nearly all aspects of everyday life, including crime. In September, the Global Cyber Security Leaders summit in Berlin highlighted the cyberattack tactics that pose the greatest concern to security professionals. Many of these coincide with the threats that we have covered over the past year on Threat Lens, Stratfor's new security portal. Some transcend criminal activity and involve state or state-sponsored actors using tricks of the cybercriminal trade to advance their countries' agendas. Though the weapons used to conduct cyberattacks are relatively new — and rapidly evolving — the tactics have been around for centuries. Over the past year, several major crimes have combined the new platforms and greater access that the information age affords with the age-old art of social engineering. The tactics described below are by no means the most sophisticated of their kind, but they have proved to be some of the most successful and enduring.
An Online Heist in Bangladesh
One of the first cyberattacks of the year was also one of the most troubling. In February, suspected North Korean hackers managed to finagle $81 million in transfers from Bangladesh's central bank — well short of the attempted $1 billion, but an impressive sum nonetheless. The hackers first gained access to Bangladesh Bank's Society for Worldwide Interbank Financial Telecommunication (SWIFT) system, which banks use to make and track transfers. Posing as officers from Bangladesh Bank, the hackers then used the SWIFT software to request transfers from the central bank's accounts with the New York Federal
Reserve to various entities around Asia.
The SWIFT platform is an attractive target for hackers because it handles tens of millions of transfer requests each day across virtually the entire global financial industry. (SWIFT is so widely used that the U.S. government has sought the service's cooperation to block terrorist financing and enforce sanctions against rival countries such as Iran.) Gaining access to a bank's SWIFT account is tantamount to obtaining the keys to its vault, but it was not enough to pull off the crime without a hitch. Once the hackers gained access to Bangladesh Bank's secured networks, they studied the institution's common practices and got into the bank's SWIFT account. The hackers astutely planned their attack for a bank holiday and then covered their digital tracks, buying them time to steal the funds unnoticed. The incident was clearly the work of advanced and experienced operators armed with a shrewd plan.
The attack's meticulous planning and execution also suggest that it was carried out by a team with a state sponsor, and investigators later found the attack deployed code similar to that used in past cybercrimes linked to North Korea. On their own, North Korea's well-known financial woes would certainly provide a motive for a major theft like the Bangladesh Bank heist. But for Pyongyang, there is the added allure of attacking part of the international financial system that has kept sanctions on the country for its nuclear weapons program. Though the sanctions against North Korea have never gone so far as to restrict its SWIFT access, they have all but cut the country's economy off from the rest of the world. As a target, SWIFT offered a perfect opportunity for Pyongyang to antagonize the international financial services sector and make some money in the process.
Despite its technical proficiency, the attack was also opportunistic. Investigations found significant security failures in Bangladesh Bank's networks that the hackers likely exploited. Still, the theft was unique in that it targeted SWIFT using an old trick known as the fake CEO scam, or as the FBI calls it, the Business Email Compromise — something of a misnomer since the tactic long predates email. In fact, one of the most famous examples of the scam was carried out by phone. Gilbert Chikli swindled millions of dollars out of various companies in the mid-2000s by calling employees and, posing as their company executive, instructing them to transfer money to certain accounts — all his — under the guise of official business. In the Bangladesh Bank case, the perpetrators used the same strategy with slightly different tactics, infiltrating the bank's email network, likely through a phishing attack, and using the SWIFT system to order money transfers to dozens of accounts. After the heist, the FBI and SWIFT noted an uptick in both CEO scams and attacks on the financial messaging service over the past year. But the Bangladesh Bank incident is the first reported theft to use the tactics in tandem, to devastating financial effect.
Taking Data Hostage
The past year has seen a rise in ransomware attacks, in which perpetrators gain access to and seize files, and sometimes entire devices, freezing them until their owner pays a ransom. In conducting these attacks, cybercriminals typically go after a high volume of targets ill-equipped to deal with such a strike and demand a relatively small sum of money from each, usually in bitcoin or another digital currency. Even people without the savvy to set up a ransomware ploy on their own can purchase kits online for a few hundred dollars and get their money's worth after a single successful strike. Most of the high-profile ransomware cases this year targeted hospitals, which lost access to critical files for the duration of the attacks. Some victims, such as the Hollywood Presbyterian Medical Center in Los Angeles, opted to pay a relatively inexpensive ransom ($17,000 in this case) rather than deal with the cost and inconvenience of retrieving the data with help from information technology personnel. In April, a NASCAR team also found it more expedient to pay its $500 ransom to get back an estimated $2 million worth of information just days before a race worth millions more in advertising.
But paying a ransom does not guarantee that the locked data will be recovered. In many instances, ransomware operators leave files frozen after receiving payment out of negligence or incompetence. Furthermore, even if the data is retrieved, the attack may have compromised its integrity. Ransomware attacks are fairly easy to overcome, however. The tactic compels businesses to pay up by disrupting workflow — for instance, preventing a hospital from accessing patient files or a NASCAR team from seeing the wind-tunnel data it needs to adjust the aerodynamics on a car. If that data is backed up somewhere accessible, the victim will have less need to comply with attackers. San Francisco's light rail, the Muni Metro, demonstrated the value of that strategy Nov. 26, when a ransomware attack disabled its ticketing system — though only temporarily. Instead of forking over the ransom, Muni Metro's IT department worked around the problem and got the system back up and running the next day. In the meantime, riders were allowed to use the light rail for free.
So far, reported cases of ransomware have all been fairly modest in strategy and execution; attackers seem to be casting a wide net and charging their victims indiscriminately. In the future, though, more sophisticated attackers may do their research, targeting major banks, government agencies or strategic industries and demanding payments commensurate with the value of the locked data. Ransomware is still an opportunistic weapon, but with more deliberate planning and pre-operational intelligence, criminals could easily use it in a targeted application for a bigger payout, much as "tiger kidnappers" leverage their victims to get hefty rewards.
The Physical Dangers of Phishing
This year has also demonstrated the enduring popularity — and efficacy — of phishing and spear-phishing, cyberattack techniques that rely on social engineering to gain illicit access to networks and information. In August, following a yearlong doping scandal that eventually barred 118 Russian athletes from participating in the 2016 Summer Olympics, the World Anti-Doping Agency reported that Russian-backed hackers had used a phishing attack to infiltrate its networks. The attackers then stole information about athletes in the agency's database, including Yulia Stepanova, the Russian runner who blew the whistle on her country's doping program.
Though the hack in general seemed to be an attempt to incriminate other athletes, the intruders released personal details about Stepanova, such as her home address, in an apparent act of intimidation. Stepanova subsequently announced in a press conference that "if something happens to us … it's not an accident." No ill has befallen her or her family, but she had good cause for worry: The director of Russia's anti-doping agency died suddenly in February, two months after he tendered his resignation in response to the scandal. Even without evidence of foul play in his death, its timing was enough to spook Stepanova, and the passive threat against her illustrates the possible physical applications of a cyberattack.
Similarly, a spear-phishing attack on Ahmed Mansoor, an Emirati human rights activist, could have had grave repercussions offline. In August, Mansoor received a series of enticing text messages in which the anonymous sender included a hyperlink said to lead to new revelations about torture in the United Arab Emirates' prisons. Having been the target of previous spear-phishing attacks, Mansoor knew better than to click on the link and instead forwarded the messages to a Canadian research group. The group determined that the text was an attack containing software that could have allowed his attackers control over his cellphone and the means to track his movement. Though it is unclear what the assailants planned to do with the information, given his controversial line of work, it is easy to imagine that they might have tried to do their victim physical harm.
Intent Without Ability
On the other side of the screen, Charles Eccleston pleaded guilty in February to charges that he had been involved in a spear-phishing scheme. Using his position as a scientist at the U.S. Department of Energy, Eccleston sent emails to employees at nuclear labs infected with what he thought was malware. (The incident was actually part of an FBI sting operation against Eccleston, who had been identified as a threat after approaching foreign governments and offering to sell them the email addresses of all Department of Energy employees.) As an insider, Eccleston had access to and knowledge of contacts in sensitive positions that enabled him to tailor his emails to make them more specific and believable — traits that distinguish more sophisticated spear-phishing from phishing. But like the dozens of aspiring jihadists who have been wrapped up in similar FBI stings over the years, Eccleston lacked the know-how to carry out the attack. He had to seek outside help to weaponize his privileged position, which led him to an undercover agent.
As cyber weapons become more accessible and easier to use, would-be attackers such as Eccleston may have an easier time carrying out attacks on their own. This would pose a big problem for counterintelligence agencies. After all, had authorities not identified him ahead of time, Eccleston could have used his insider knowledge to introduce hostile intelligence assets into Department of Energy and related networks.
Tried-and-True Tactics
Throughout the year, these attack methods have stolen headlines and set the cybersecurity world abuzz, but they are far from the only threats lurking online. Hacks into email servers at sensitive times — for instance, during the U.S. presidential race — commanded the world's attention this year, and similar attacks will remain a popular tool. A distributed denial of service attack that shut down major media websites in October demonstrated the vulnerabilities that the internet of things has introduced by connecting more and more devices, risks that will only increase as the technology expands. Several unlimited attacks on ATMs over the year have also highlighted the growing intersection between cyber and traditional crime, a trend that will likely continue.
To combat the proliferating risks they face in the cyber realm, countries around the world will keep honing their technical prowess. But as with physical threats, the most advanced weapons will not necessarily be the most effective against cyberthreats. As technological defenses improve, cybercriminals will continue to focus their attacks on the most vulnerable link in the technological chain: the human.
-
I'm thinking maybe this is the better thread for the ongoing Russian brouhaha.
-
https://www.washingtonpost.com/world/national-security/fbi-backs-cia-view-that-russia-intervened-to-help-trump-win-election/2016/12/16/05b42c0e-c3bf-11e6-9a51-cd56ea1c2bb7_story.html?utm_term=.2eb311c38f8d&wpisrc=al_alert-COMBO-politics%252Bnation
-
http://www.nytimes.com/2016/12/17/us/politics/obama-putin-russia-hacking-us-elections.html?emc=edit_th_20161218&nl=todaysheadlines&nlid=49641193&_r=0
-
http://www.nytimes.com/2016/12/17/us/politics/obama-putin-russia-hacking-us-elections.html?emc=edit_th_20161218&nl=todaysheadlines&nlid=49641193&_r=0
“Is there something we can do to them, that they would see, they would realize 98 percent that we did it, but that wouldn’t be so obvious that they would then have to respond for their own honor?” David H. Petraeus, the former director of the Central Intelligence Agency under Mr. Obama, asked on Friday, at a conference here sponsored by Harvard’s Belfer Center for Science and International Affairs.
**Perhaps we can wait for Putin to get snared by an extramarital relationship that results in the mishandling of classified materials? If only the Belfer Center invited a subject matter expert on that to this conference...
“Our goal continues to be to send a clear message to Russia or others not to do this to us because we can do stuff to you,” he said. “But it is also important to us to do that in a thoughtful, methodical way. Some of it, we will do publicly. Some of it we will do in a way that they know, but not everybody will.”
(https://s-media-cache-ak0.pinimg.com/236x/8b/7d/52/8b7d52eb5868039335ed1b8e428bb8a3.jpg)
-
President-elect Donald Trump will assume office next month dogged by the question of whether a covert ploy by the Russian government had a decisive effect on his election.
While a conclusive answer is likely to remain elusive, American voters deserve as many details as can be ascertained about Russia’s role in the campaign, to better protect the political process from similar interference in the future. The assessment by American intelligence agencies that the Russian government stole and leaked Clinton campaign emails has been accepted across the political spectrum, with the notable exception of Mr. Trump.
The House speaker, Paul Ryan, called Russian meddling “unacceptable,” and said that under President Vladimir Putin, Moscow “has been an aggressor that consistently undermines American interests.” Mitch McConnell, the Senate majority leader, said in a recent interview that the fact that the “Russians were messing around in our election” is a “matter of genuine concern.”
Addressing the issue properly will require a bipartisan congressional investigation led by people with the authority and intent to get to the truth, however disturbing that might be for the incoming administration and the Republican Party. The intelligence agencies concluded that the Russian hacking was meant to help elect Mr. Trump.
Mr. McConnell and Mr. Ryan have both called for a congressional inquiry, but they want it handled by the permanent standing committees, a bad idea for practical and political reasons. A far better approach would be to establish a select committee, with both House and Senate members, that would examine the Russian hacking across many areas of expertise. Senators John McCain of Arizona, Lindsey Graham of South Carolina and Cory Gardner of Colorado, all Republicans, argue that a select committee is necessary for an investigation as complex and politically delicate as this one. So does Senator Chuck Schumer, soon to be the Senate minority leader.
Cybersecurity threats cut across the jurisdictional lines of permanent congressional committees. Such threats have been examined by at least 19 standing committees in the House and Senate, including those that focus on the work of intelligence agencies, homeland security programs and military operations. If Mr. McConnell’s approach prevails, several House and Senate committees are likely to do overlapping work. Because those investigations would be run by lawmakers with varying degrees of loyalty to the White House, their disparate conclusions would probably be seen through a political lens.
A bipartisan select committee with subpoena power could examine the Russian hack in a comprehensive, dispassionate manner, with an eye to shielding its conclusions from charges of partisanship.
“This cannot become a partisan issue,” Mr. McCain, Mr. Graham and Mr. Schumer said in a statement. “The stakes are too high for our country.”
Mr. Trump, who broke with Republican Party orthodoxy by striking an admiring tone toward Moscow during the campaign, has rejected reports of Russian meddling as “ridiculous,” even though in July he called on the Russians to find and leak more Clinton emails. Unless Mr. Trump’s team actually colluded with the Russian government, it would be in his interest to support congressional Republicans in seeking an independent, comprehensive investigation. Any other position would suggest that he has something to hide or simply doesn’t care about the integrity of America’s elections.
-
Ukraine power grids a sign of things to come for U.S.?
Comment Share Tweet Stumble Email
Russian hacking to influence the election has dominated the news. But CBS News has also noticed a hacking attack that could be a future means to the U.S. Last weekend, parts of the Ukrainian capitol Kiev went dark. It appears Russia has figured out how to crash a power grid with a click.
Last December, a similar attack occurred when nearly a quarter of a million people lost power in the Ivano-Frankivsk region of Ukraine when it was targeted by a suspected Russian attack.
Vasyl Pemchuk is the electric control center manager, and said that when hackers took over their computers, all his workers could do was film it with their cell phones.
“It was illogical and chaotic,” he said. “It seemed like something in a Hollywood movie.”
williams-ukraine-grid-pkg-new-013.jpg
Vasyl Pemchuk in the control center that was hacked
CBS News
The hackers sent emails with infected attachments to power company employees, stealing their login credentials and then taking control of the grid’s systems to cut the circuit breakers at nearly 60 substations.
The suspected motive for the attack is the war in eastern Ukraine, where Russian-backed separatists are fighting against Ukrainian government forces.
But hackers could launch a similar attack in the U.S.
“We can’t just look at the Ukraine attack and go ‘oh we’re safe against that attack,’” said Rob Lee, a former cyberwarfare operations officer in the U.S. military, investigated the Ukraine attack.
williams-ukraine-grid-pkg-new-01.jpg
Rob Lee
CBS News
“Even if we just lose a portion, right? If we have New York City or Washington D.C. go down for a day, two days, a week, what does life look like at that point?” he said.
He said that some U.S. electric utilities have weaker security than Ukraine, and the malicious software the hackers used has already been detected in the U.S.
“It’s very concerning that these same actors using similar capabilities and tradecraft are preparing and are getting access to these business networks, getting access to portions of the power grid,” he said.
In Ukraine, they restarted the power in just hours. But an attack in the U.S. could leave people without electricity for days, or even weeks, according to experts. Because, ironically, America’s advanced, automated grid would be much harder to fix.
-
https://www.washingtonpost.com/world/national-security/the-white-house-is-scrambling-for-a-way-to-punish-russian-hackers-via-sanctions/2016/12/27/0eee2fdc-c58f-11e6-85b5-76616a33048d_story.html?utm_term=.7c02022e0e99
-
https://www.washingtonpost.com/world/national-security/the-white-house-is-scrambling-for-a-way-to-punish-russian-hackers-via-sanctions/2016/12/27/0eee2fdc-c58f-11e6-85b5-76616a33048d_story.html?utm_term=.7c02022e0e99
Better get ready for a possible grid down scenario.
-
https://theintercept.com/2016/12/31/russia-hysteria-infects-washpost-again-false-story-about-hacking-u-s-electric-grid/
-
second post
http://www.rollingstone.com/politics/features/something-about-this-russia-story-stinks-w458439
-
http://www.scmp.com/news/china/diplomacy-defence/article/2057608/chinese-corporate-hackers-accused-attacking-us-law
Chinese ‘corporate hackers’ accused of attacking US law firms
The three, including two suspects from Macau, charged with stealing information on corporate deals, allowing them to profit from share trading
PUBLISHED : Wednesday, 28 December, 2016, 11:20am
UPDATED : Wednesday, 28 December, 2016, 11:40pm
The US Securities and Exchange Commission yesterday charged three Chinese citizens with fraudulently trading on information they had obtained from hacking into the email networks of two New York City law firms, hauling in almost US$3 million in illicit profits.
In a complaint unsealed on Tuesday, the commission said that between April 2014 and late 2015 Iat Hong and Chin Hung from Macau, and Bo Zheng from Changsha, Hunan province, installed malware on the law firms’ networks, thereby gaining access to the email accounts of attorneys advising corporate clients on mergers and acquisitions. Armed with proprietary information on these clients, the trio traded big.
The commission said the three spent roughly US$7.5 million on shares of semiconductor company Altera before news of it being in talks to be acquired by Intel Corporation became public.
The three suspects are charged with trading on information that gained by hacking emails. Photo: Shutterstock
In addition, hours after extracting emails about a deal involving an e-commerce company, Hong and Hung purchased shares that amounted to 25 per cent of the company’s trading volume on certain days in advance of the 2015 deal’s announcement.
Hong and Zheng are also accused of trading in 2014 ahead of a merger announcement of a pharmaceutical company. They also stole schematic designs of a robot vacuum cleaner made by an American company, the commission’s complaint said.
Hong, 26, and Hung, 50, were employed at a robotics company founded by Zheng, 30, to develop robot controller chips and provide control system solutions, according to authorities.
Hackers in Greater China target online transactions, building ‘dossiers’ of information on individuals, expert says
The trio was accused of copying and transmitting dozens of gigabytes of emails to remote internet locations.
Hong was arrested in Hong Kong on Christmas Day with extradition proceedings scheduled to begin in mid-January.
Hong’s mother was also named as a relief defendant for the purpose of recovering money in her accounts from her son’s illicit trading, the commission said.
It is the first time the commission has charged anyone with hacking into a law firm’s computer network.
The Securities and Futures Commission of Hong Kong has assisted with the ongoing investigation.
In Beijing, Foreign Ministry spokeswoman Hua Chunying said in a daily press briefing that she was aware of the reports, but did not know the details.
The commission has asked for a judgement ordering the three to pay penalties and relinquish their illegal gains, plus interest.
Two government agencies in Hong Kong attacked by hackers, US firm says
The commission is also seeking to freeze an account opened in Hong’s mother’s name.
The US Attorney’s Office for the Southern District of New York also announced a 13-count indictment against the three stemming from the hacking.
Each count carries a maximum sentence of five to 20 years.
“This case of cyber meets securities fraud should serve as a wake-up call for law firms around the world,” said Manhattan US Attorney Preet Bharara in a statement.
“You are and will be targets of cyber hacking, because you have information valuable to would-be criminals.”
Additional reporting by Bloomberg and Reuters
-
Critiques of the DHS/FBI’s GRIZZLY STEPPE Report
http://www.robertmlee.org/critiques-of-the-dhsfbis-grizzly-steppe-report/
Article about the Indicators of Compromise (IOC) released in the US CERT Report:
Some notes on IoCs
http://blog.erratasec.com/2016/12/some-notes-on-iocs.html#.WGychxsrKC8
Russian election hacking sanctions
http://malwarejake.blogspot.com/2017/01/russian-election-hacking-sanctions.html
-
https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/
-
https://www.buzzfeed.com/alimwatkins/the-fbi-never-asked-for-access-to-hacked-computer-servers?utm_term=.jqd1wro5W#.fyobOa9Yj
-
https://www.buzzfeed.com/alimwatkins/the-fbi-never-asked-for-access-to-hacked-computer-servers?utm_term=.jqd1wro5W#.fyobOa9Yj
If it doesn't fit their narrative, it's irrelevant.
(https://westernrifleshooters.files.wordpress.com/2016/12/cz-rtgixeaag-f.jpg)
-
http://www.powerlineblog.com/archives/2017/01/ishmael-jones-from-russia-with-doubt.php
Posted on January 5, 2017 by Scott Johnson in Intelligence, Russia
Ishmael Jones: From Russia with doubt
The pseudonymous Ishmael Jones is a former CIA case officer and author of The Human Factor: Inside the CIA’s Dysfunctional Intelligence Culture. He writes with a timely comment on the current intelligence controversy that is reaching a fever pitch. Mr. Jones advises that his commentary has been reviewed and approved by the CIA’s publications review board. He writes:
CIA intelligence reporting stating that the Russian government hacked the presidential election in order to elect Donald Trump is false. It is merely a political attack against Donald Trump with the goal of delegitimizing his presidency.
The depth and quality of the CIA reporting are too good to be true. A December 16 NBC report states, for example: “Putin personally directed how hacked material from Democrats was leaked and otherwise used.” Everyone knows that a great deal of hacking comes out of Russia. But evidence of hacking does not lead to the conclusion that there was a Russian government conspiracy to get Mr. Trump elected.
Such a conclusion would require access to Putin’s inner circle and knowledge of Putin’s plans and intentions. Any spy that close to Putin would be one of the best intelligence sources of all time.
If such a source existed, he doesn’t exist any more. The leaked reporting would have put him in grave danger, and he would already have been imprisoned or executed.
The reporting instead reflects the political opinions and agendas of bureaucrats. CIA bureaucrats are a big blue voting machine with a long record of creating information harmful to Republican presidents. The danger to Mr. Trump is ratcheted up because the recent election influenced many people at the CIA to believe that Trump is the second coming of Hitler. And to stop Hitler, anything is ethical, even treason. CIA bureaucrats have chosen to attack Mr. Trump before he even takes office.
The CIA is meant to spy upon foreign countries. The secrets we seek are located in foreign countries. Yet the bloated CIA bureaucracy exists almost entirely within the United States. CIA bureaucrats appear to find foreign service disagreeable. They enjoy their lifestyle and will fight with aggressive passivity to keep it that way. More than 90% of CIA employees spend their careers living and working entirely within the United States.
James Bond would periodically come in from the field to report to the chief of British intelligence, “M.” On the way into M’s office he would joke around with M’s secretary, Miss Moneypenny.
When I reported to CIA Headquarters, there were thousands of these people – thousands of M’s and thousands of Miss Moneypennys. The CIA cafeteria looks like a great herd grazing peacefully upon the plains.
The incoming CIA chief, Mike Pompeo, will be astonished by how many of his senior leaders have not had an overseas assignment in decades. Brief junkets and TDY’s to foreign countries do not count. CIA boss John Brennan’s 40-plus years of CIA service have occurred almost entirely within the Headquarters building. During a 20-year career, the Left’s favorite spy, Valerie Plame, spent less than two and a half years in foreign operational assignments, mostly during an initial tour in Europe.
The CIA has a military origin, and in the military, huge staffs are required for planning and logistics. There are relatively few actual fighting infantrymen – at the point of the spear – because to send that infantryman to combat requires support from tanks, artillery, aircraft and so on, which need massive expenditure and meticulous planning. The CIA has the massive expenditure and the huge staffs, but the CIA’s equivalent of the infantryman is the case officer, and the best case officers require only a passport and an airline ticket to get half a world away and produce.
Michael Morell, author of the New York Times op-ed column “I Ran the CIA. Now I’m Endorsing Hillary Clinton” inhabited the Washington, D.C., area for nearly all of his 33 years in the CIA. In the article, he writes: “I will do everything I can to ensure she is elected.”
While at the CIA, Morell’s top goal was to promote greater inclusiveness and diversity. The CIA has come a long way since the days of the polygraph question, “Have you ever held another man’s penis in your hand?” Today we have more employees working in encouraging diversity and, as of recently, more transgender employees than we do case officers operating under cover in Russia, China, Libya, Syria, Yemen, Iran, and North Korea combined. We should try to do both. Let’s be dedicated to diversity and also spy on our enemies.
Mr. Pompeo’s staff may wish to contact the staff of former CIA chief Porter Goss. Goss was the last Republican appointee to attempt change at the CIA and his staff will be able to provide valuable insights, especially former staffer Patrick Murray
Gritty foreign countries with their strange ways and pungent smells are not the only reason for bureaucrats to live in the United States. CIA Headquarters is also the place to make deals. Fighting fraud will be a real challenge to Mr. Pompeo. Most bureaucrats retire and become contractors, wheedling contracts from their pals still at the CIA. I hear many tales from colleagues about waste, theft, and great riches accruing to phony contractors. The CIA paid $40 million to contractors to review documents to help prepare the Senate torture report, according to ABC News on December 10, 2014, for example. Had Hillary won, Michael Morell’s support may have put him on track to be a billionaire. Forty million here and forty million there really starts to add up.
It may be possible to make great progress in draining the swamp by firing or prosecuting just one leaker – just a single one. And by imprisoning just one phony contractor – just one. Word will spread that there’s a new sheriff in town and Mr. Pompeo may be pleasantly surprised to see that the swamp starts to drain itself.
-
Trump is really looking bad on this Russian cyber thing , , , losing Woolsey is a big deal.
http://www.huffingtonpost.com/entry/james-woolsey-trump-adviser_us_586ede23e4b043ad97e2b932?2k4posi7ocf53766r
-
If someone, somewhere actually has something that actually resembles evidence, I'd sure like to see it.
-
See my Reply #397.
-
See my Reply #397.
Lots of conjecture, nothing resembling evidence.
-
https://www.youtube.com/watch?v=DyUVLX2-rP0
-
Fair enough.
-
http://townhall.com/tipsheet/leahbarkoukis/2017/01/06/new-emails-show-more-extremely-careless-behavior-by-clinton-n2267895
-
https://info.publicintelligence.net/ODNI-RussianElectionOperations.pdf
-
NR's Andrew McCarthy does it again - he picks apart the Obama's narrative. The "intelligence" report leaves out one name. Surely, nothing suspicious about that ! Except the name is Podesta. The mafia guy must have cooked a home meal of pasta (while in his bath robe) for the "intelligence chiefs " to get them to leave his name out of the report.
It certainly is suspicious of the political bent of the report his name , the owner of hacked emails that are part of the material that is the topic of the whole issue , is not mentioned once.
http://www.nationalreview.com/article/443655/intelligence-report-fbi-cia-nsa-russia-vladimir-putin-hillary-clinton-john-podesta-donald-trump
-
https://www.youtube.com/watch?v=E7t5zbKnvQk
https://www.youtube.com/watch?v=Dvj0v0W6yjk
-
https://www.washingtonpost.com/opinions/the-russia-hacking-report-is-an-indictment-of-obama-not-trump/2017/01/09/e544b0d2-d684-11e6-b8b2-cb5164beba6b_story.html?utm_term=.ccc02db1e70d
-
https://www.washingtonpost.com/opinions/the-russia-hacking-report-is-an-indictment-of-obama-not-trump/2017/01/09/e544b0d2-d684-11e6-b8b2-cb5164beba6b_story.html?utm_term=.ccc02db1e70d
Right. How did this story morph from our lack of security and embarrassing communication to spies spying. These breaches happened under this President's watch, no matter the party or candidates hurt by it. In hindsight, they should hired that guy that invented the internet away from his more profitable climate hoax work, Al Gore, first Secretary of CyberSecurity!
Meanwhile the same President unilaterally gave up the American lead on governing the internet - and received nothing in return.
They can't figure out why Americans went out and hired a better negotiator in chief.
-
https://www.youtube.com/watch?v=pL9q2lOZ1Fw&feature=youtu.be
:-o :-o :-o
-
Another midnight move from the corrupt Obama DOJ under Lorreta Lynch , one of the most corrupt officials we have ever had hiding behind her grandmother looks:
"Now, because of the Lynch secret order, revealed by The New York Times late last week, the NSA may share any of its data with any other intelligence agency or law enforcement agency that has an intelligence arm based on -- you guessed it -- the non-standard of governmental need."
"All these statutes and unauthorized spying practices have brought us to where we were on Jan. 2 -- namely, with the NSA having a standard operating procedure of capturing every keystroke on every computer and mobile device, every telephone conversation on every landline and cellphone, and all domestic electronic traffic -- including medical, legal and banking records -- of every person in America 24/7, without knowing of or showing any wrongdoing on the part of those spied upon.
The NSA can use data from your cellphone to learn where you are, and it can utilize your cellphone as a listening device to hear your in-person conversations, even if you have turned it off -- that is, if you still have one of the older phones that can be turned off."
http://www.foxnews.com/opinion/2017/01/19/andrew-napolitano-attorney-general-loretta-lynch-and-parting-shot-at-personal-freedom.html
-
Another midnight move from the corrupt Obama DOJ under Lorreta Lynch , one of the most corrupt officials we have ever had hiding behind her grandmother looks:
"Now, because of the Lynch secret order, revealed by The New York Times late last week, the NSA may share any of its data with any other intelligence agency or law enforcement agency that has an intelligence arm based on -- you guessed it -- the non-standard of governmental need."
"All these statutes and unauthorized spying practices have brought us to where we were on Jan. 2 -- namely, with the NSA having a standard operating procedure of capturing every keystroke on every computer and mobile device, every telephone conversation on every landline and cellphone, and all domestic electronic traffic -- including medical, legal and banking records -- of every person in America 24/7, without knowing of or showing any wrongdoing on the part of those spied upon.
The NSA can use data from your cellphone to learn where you are, and it can utilize your cellphone as a listening device to hear your in-person conversations, even if you have turned it off -- that is, if you still have one of the older phones that can be turned off."
http://www.foxnews.com/opinion/2017/01/19/andrew-napolitano-attorney-general-loretta-lynch-and-parting-shot-at-personal-freedom.html
They said if I voted for Romney, the US government would end all 4th amendment protections, and they were right!
-
The Dems these days, "how dare you impugn: a "career government official".
As though some are not corrupt or self preserving and promoting people like from every group of people:
http://www.nationalreview.com/article/443978/donald-trump-intelligence-community-comments-recognize-agencies-politicization
-
See my Reply #397.
Lots of conjecture, nothing resembling evidence.
Even a lefty from the NY Review of books sees how weak the report is.
http://www.nybooks.com/daily/2017/01/09/russia-trump-election-flawed-intelligence/
Russia, Trump & Flawed Intelligence
Masha Gessen
US Defense Under Secretary for Intelligence Marcel Lettre, Director of National Intelligence James Clapper, and National Security Agency Director Michael Rogers testifying before the Senate, Washington, D.C., January 5, 2017
Jonathan Ernst/Reuters
US Defense Under Secretary for Intelligence Marcel Lettre, Director of National Intelligence James Clapper, and National Security Agency Director Michael Rogers testifying before the Senate, Washington, D.C., January 5, 2017
After months of anticipation, speculation, and hand-wringing by politicians and journalists, American intelligence agencies have finally released a declassified version of a report on the part they believe Russia played in the US presidential election. On Friday, when the report appeared, the major newspapers came out with virtually identical headlines highlighting the agencies’ finding that Russian president Vladimir Putin ordered an “influence campaign” to help Donald Trump win the presidency—a finding the agencies say they hold “with high confidence.”
A close reading of the report shows that it barely supports such a conclusion. Indeed, it barely supports any conclusion. There is not much to read: the declassified version is twenty-five pages, of which two are blank, four are decorative, one contains an explanation of terms, one a table of contents, and seven are a previously published unclassified report by the CIA’s Open Source division. There is even less to process: the report adds hardly anything to what we already knew. The strongest allegations—including about the nature of the DNC hacking—had already been spelled out in much greater detail in earlier media reports.
But the real problems come with the findings themselves. The report leads with three “key judgments”:
ADVERTISING
“We assess Russian President Vladimir Putin ordered an influence campaign in 2016 aimed at the US presidential election”;
“Moscow’s influence campaign followed a Russian messaging strategy that blends covert intelligence operations—such as cyber activity—with overt efforts by Russian Government agencies, state-funded media, third-party intermediaries, and paid social media users or ‘trolls’”;
“We assess Moscow will apply lessons learned from its Putin-ordered campaign aimed at the US presidential election to future influence efforts worldwide, including against US allies and their election processes.”
It is the first of these judgments that made headlines, so let us look at the evidence the document provides for this assertion. This evidence takes up just over a page and contains nine points. The first four make the argument that Putin wanted Hillary Clinton to lose. I will paraphrase for the sake of brevity and clarity:
Putin and the Russian government aimed to help Trump by making public statements discrediting Hillary Clinton;
the Kremlin’s goal is to undermine “the US-led liberal democratic order”;
Putin claimed that the Panama Papers leak and the Olympic doping scandal were “US-directed efforts to defame Russia,” and this suggests that he would use defamatory tactics against the United States;
Putin personally dislikes Hillary Clinton and blames her for inspiring popular unrest in Russia in 2011-2012.
None of this is new or particularly illuminating—at least for anyone who has been following Russian media in any language; some of it seems irrelevant. (Though the report notes that the NSA has only “moderate confidence” in point number one, unlike the CIA and FBI, which have “high confidence” in it.) The next set of points aim to buttress the assertion that Putin “developed a clear preference for President-elect Trump over Secretary Clinton.” The following is an exact quote:
Beginning in June, Putin’s public comments about the US presidential race avoided directly praising President-elect Trump, probably because Kremlin officials thought that any praise from Putin personally would backfire in the United States. Nonetheless, Putin publicly indicated a preference for President-elect Trump’s stated policy to work with Russia, and pro-Kremlin figures spoke highly about what they saw as his Russia-friendly positions on Syria and Ukraine.
The wording makes it sound as though before June 2016 Putin had been constantly praising Trump in his public statements. In fact, though, Putin had spoken of Trump exactly once—when asked a question about him as he was leaving the hall following his annual press conference in December 2015. At that time, he said,
Well, he is a colorful person. Talented, without a doubt. But it’s none of our business, it’s up to the voters in the United States. But he is the absolute leader of the presidential race. He says he wants to shift to a different mode or relations, a deeper level of relations with Russia. How could we not welcome that? Of course we welcome it. As for the domestic politics of it, the turns of phrase he uses to increase his popularity, I’ll repeat, it’s not our business to evaluate his work.
Nothing in this statement is remarkable. At the time, Trump, who was polling well in the Republican primary race, was the only aspiring presidential candidate to have indicated a willingness to dial back US-Russian hostilities. The topic was clearly judged not important enough to be included in the main body of Putin’s more-than-four-hour press conference but deserving of a boilerplate “we hear you” message sent as Putin literally headed out the door.
The Russian word for “colorful”—yarkiy—can be translated as “bright,” as in a “bright color.” That must be how Trump came to think that Putin had called him “brilliant,” an assertion that the US media (and, it appears, US intelligence agencies) failed to fact-check. In June 2016, at the St. Petersburg Economic Forum, American journalist Fareed Zakaria, moderating a panel, asked Putin, “The American Republican presumptive nominee, Donald Trump—you called him ‘brilliant,’ ‘outstanding,’ ‘talented.’ These comments were reported around the world. I was wondering what in him led you to that judgment, and do you still hold that judgment?” Of the epithets listed by Zakaria, Putin had used only the word “talented,” and he had not specified what sort of talent he had seen in Trump. Putin reprimanded Zakaria for exaggerating. “Look at what I said,” he said. “I made an off-hand remark about Trump being a colorful person. Are you saying he is not colorful? He is colorful. I did not characterize him in any other way. But what I did note, and what I certainly welcome, and I see nothing wrong with this—Mr. Trump has stated that he is ready for the renewal of a full-fledged relationship between Russia and the United States. What is wrong with that? We all welcome it. Don’t you?” Zakaria looked mortified: he had been caught asking an ill-informed question. Putin, on the other hand, was telling the truth for once. As for the American intelligence agencies marshaling this exchange as evidence of a change of tone and more—evidence of Russian meddling in the election—that is plainly misleading.
The next two points purporting to prove that Putin had a preference for Trump are, incredibly, even weaker arguments:
Putin thought that he and Trump would be able to create an international anti-ISIS coalition;
Putin likes to work with political leaders “whose business interests made them more disposed to deal with Russia, such as former Italian Prime Minister Silvio Berlusconi and former German Chancellor Gerhard Schroeder.”
Number 6 is puzzling. Nominally, Russia and the United States have already been cooperating in the fight against ISIS. The reference is probably to Putin’s offer, made in September 2015 in a speech to the UN General Assembly, to form an international anti-terrorist coalition that, Putin seemed to suggest, would stop the criticism and sanctions imposed in response to Russia’s war against Ukraine. Obama snubbed the offer then. Then again, this is my conjecture: the report contains no elucidation of this ascertainment of Putin’s motives. As for Number 7, not only is it conjecture on the part of the report’s authors, it is also anachronistic: Schroeder was a career politician before becoming a businessman with interests in Russia, as his term in political office was drawing to a close.
The final two arguments in this section of the report focus on the fact that Russian officials and propagandists stopped criticizing the US election process after election day and Russian trolls dropped a planned #DemocracyRIP campaign, which they had planned in anticipation of Hillary Clinton’s victory. (Notably, according to the intelligence agencies, whatever influence the Russians were trying to exert, they themselves seem to have assumed that Clinton would win regardless—and this is in fact supported by outside evidence.) The logic of these arguments is as sound as saying, “You were so happy to see it rain yesterday that you must have caused the rain yourself.”
That is the entirety of the evidence the report offers to support its estimation of Putin’s motives for allegedly working to elect Trump: conjecture based on other politicians in other periods, on other continents—and also on misreported or mistranslated public statements.
The next two and a half pages of the report deal with the mechanics of Russia’s ostensible intervention in the election. It confirms, briefly, earlier reports that the intelligence agencies believe that the hacks of the Democratic National Committee were carried out by an individual connected to the General Staff Main Intelligence Directorate (GRU). It also notes, without elaboration, that “Russian intelligence accessed elements of multiple state or local electoral boards,” though, according to the Department of Homeland Security, not the type of systems that are involved in vote tallying. And then the report goes from vague to strange: it lists the elements of Russia’s “state-run propaganda machine” that ostensibly exemplify the Kremlin’s campaign for Trump and denigration of Clinton. These include RT, the Russian English-language propaganda channel (as well as Sputnik, a state-funded online news site); a Russian television personality; and a fringe Russian politician named Vladimir Zhirinovsky. According to the report:
Pro-Kremlin proxy Vladimir Zhirinovsky, leader of the nationalist Liberal Democratic Party of Russia, proclaimed just before the election that if President-elect Trump won, Russia would “drink champagne” in anticipation of being able to advance its positions on Syria and Ukraine.
In the Russian political sphere, Zhirinovsky is far from the mainstream. A man who has advocated mobilizing the Russian military to shoot all migratory birds in order to prevent an epidemic of bird flu, he is a far-right comic sidekick to the Kremlin’s straight man. Dictators like to keep his kind around as reminders of the chaos and extremism that could threaten the world in their absence. In Hungary, for example, the extremist Jobbik party allows Prime Minister Viktor Orbán to look moderate in comparison. The particular statement about drinking champagne was made during a televised talk show in which several Russian personalities get together to beat up rhetorically on a former insurance executive named Michael Bohm, who has fashioned a career of playing an American pundit on Russian TV. Here is the exchange that preceded Zhirinovsky’s promise to drink champagne:
They threaten to cut Russia off from international financial systems. They can do that! But then we won’t give America a single dollar back. That’s hundreds of billions of dollars! Hundreds of billions! If they cut us off, they cut off the repayment of all our debts. Hundreds of billions! They are not dumb, so they’ll never do it. Never. As for the arms race, sometimes we are ahead and sometimes they are. We’ve got parity. But there is another danger to America. They have a hundred nuclear power stations. And we can reach all of them. And the destruction of a single nuclear power station kills every living thing on a territory of five hundred thousand square kilometers. That’s fifty million square kilometers. But all of America is just ten million square kilometers. So a single explosion will destroy America five times over. Same thing with us. But our stations are on the fringes. Theirs are in densely populated areas. So blowing up their nuclear reactors will kill more people in America. Plus, we have lots of empty space. So they have weighed it: Russia’s survival rates will be higher than America’s. More of them will die in case of nuclear war.
Host: Remember you also told us about magnetic weapons that will make us stick to our beds and incapable of getting up?
Zhirinovsky: Yes, there is that, too.
[A brief exchange about the arms race between two other participants]
Zhirinovsky: I hope that Aleppo is free of guerrilla fighters before November 8!
Sergei Stankevich [a largely forgotten Yeltsin-era politician]: But then we have to think about what happens November 9, if we’ve already liberated Aleppo.
Zhirinovsky: We are going to be drinking champagne to celebrate a Trump victory! [to Bohm] And to the defeat of your friend Hillary Clinton!
Remarkably, the report manages not only to offer a few words thrown out during this absurd exchange as evidence of a larger Russian strategy, but also to distort those words in the process: contrary to the report’s assertion, Zhironovsky made no mention of being able to advance Russia’s positions in Syria and Ukraine following a Trump victory. Of course, he could have—indeed, he could have said anything, given the tenor of the conversation. Whatever he said, it’s difficult to imagine how it could be connected to Russia’s ostensible influence on the American election.
Other evidence in this part of the report includes the statement, “Russian media hailed President-elect Trump’s victory as a vindication of Putin’s advocacy of global populist movements—the theme of Putin’s annual conference for Western academics in October 2016.” This statement is false. The theme of Putin’s annual conference, known as the Valdai Club, was “The Future Begins Today: Outlines of the World of Tomorrow.” The program reads like the program of the annual World Affairs Council conference in San Francisco—which last year, coincidentally, was called “Day One: The World That Awaits.” This is not to say that Putin has not supported populist movements around the world—he demonstrably has. But once again the particular evidence offered by the report on this point is both weak and false.
Finally, the bulk of the rest of the report is devoted to RT, the television network formerly known as Russia Today.
RT’s coverage of Secretary Clinton throughout the US presidential campaign was consistently negative and focused on her leaked e-mails and accused her of corruption, poor physical and mental health, and ties to Islamic extremism. Some Russian officials echoed Russian lines for the influence campaign that Secretary Clinton’s election could lead to a war between the United States and Russia.
In other words, RT acted much like homegrown American media outlets such as Fox News and Breitbart. A seven-page annex to the report details RT activities, including hosting third-party candidate debates, broadcasting a documentary about the Occupy Wall Street movement and “anti-fracking programming, highlighting environmental issues and the impacts on public health”—perfectly appropriate journalistic activities, even if they do appear on what is certainly a propaganda outlet funded by an aggressive dictatorship. An entire page is devoted to RT’s social media footprint: the network appears to score more YouTube views than CNN (though far fewer Facebook likes). Even this part of the report is slightly misleading: RT’s tactics for inflating its viewership numbers in order to secure continued Kremlin funding has been the subject of some convincing scholarship. That is the entirety of the case the intelligence agencies have presented: Putin wanted Trump to win and used WikiLeaks and RT to ensure that outcome.
Despite its brevity, the report makes many repetitive statements remarkable for their misplaced modifiers, mangled assertions, and missing words. This is not just bad English: this is muddled thinking and vague or entirely absent argument. Take, for example, this phrase: “Moscow most likely chose WikiLeaks because of its self-proclaimed reputation for authenticity.” I think, though I cannot be sure, that the authors of the report are speculating that Moscow gave the products of its hacking operation to WikiLeaks because WikiLeaks is known as a reliable source. The next line, however, makes this speculation unnecessary: “Disclosures through WikiLeaks did not contain any evident forgeries.”
Or consider this: “Putin most likely wanted to discredit Secretary Clinton because he has publicly blamed her since 2011 for inciting mass protests against his regime in late 2011 and early 2012, and because he holds a grudge for comments he almost certainly saw as disparaging him.” Did Putin’s desire to discredit Clinton stem from his own public statements, or are the intelligence agencies basing their appraisal of Putin’s motives on his public statements? Logic suggests the latter, but grammar indicates the former. The fog is not coincidental: if the report’s vague assertions were clarified and its circular logic straightened out, nothing would be left.
It is conceivable that the classified version of the report, which includes additional “supporting information” and sourcing, adds up to a stronger case. But considering the arc of the argument contained in the report, and the principal findings (which are apparently “identical” to those in the classified version), this would be a charitable reading. An appropriate headline for a news story on this report might be something like, “Intel Report on Russia Reveals Few New Facts,” or, say, “Intelligence Agencies Claim Russian Propaganda TV Influenced Election.” Instead, however, the major newspapers and commentators spoke in unison, broadcasting the report’s assertion of Putin’s intent without examining the arguments.
The New York Times called it “a strong statement from three intelligence agencies,” and followed its uncritical coverage with a story mocking Trump supporters for asking, “What’s the big deal?”
“How is it possible, if these intelligence reports are true, to count the 2016 Presidential election as unsullied?” asked New Yorker editor David Remnick in a piece published Friday. But since when has “unsullied” been a criterion on which a democratic process is judged? Standard measures include transparency, fairness, openness, accessibility to all voters and to different candidates. Anything that compromises these standards, whether because of domestic or external causes, may throw a result into doubt. But Remnick’s rhetorical question seems to reach for an entirely different standard: that of a process that is demonstrably free of any outside influence. Last month Paul Krugman at The New York Times railed, similarly, that the election was “tainted.” Democracy is messy, as autocrats the world over will never tire of pointing out. They are the ones who usually traffic in ideas of order and purity—as well as in conspiracy theories based on sweeping arguments and scant, haphazard evidence.
The election of Donald Trump is anomalous, both because of the campaign he ran and the peculiar vote mathematics that brought him victory. His use of fake news, his serial lying, his conning his way into free air time, his instrumentalization of partisanship and naked aggression certainly violated the norms of American democracy. But the intelligence report does nothing to clarify the abnormalities of Trump’s campaign and election. Instead, it risks perpetuating the fallacy that Trump is some sort of a foreign agent rather than a home-grown demagogue, while doing further damage to our faith in the electoral system. It also suggests that the US intelligence agencies’ Russia expertise is weak and throws into question their ability to process and present information—all this, two weeks before a man with no government experience but with a short Twitter fuse takes the oath of office.
January 9, 2017, 10:17 pm
-
https://www.theatlantic.com/technology/archive/2017/02/what-happened-to-trumps-secret-hacking-intel/515889/?utm_source=polfb
“I know a lot about hacking,” Trump said to the reporters, according to The New York Times. “And hacking is a very hard thing to prove. So it could be somebody else.” He was referring to the intelligence community’s determination that Russia was behind the cyberattacks.
Then, a bombshell: “And I also know things that other people don’t know, and so they cannot be sure of the situation.” Asked what he was talking about, Trump replied, “You’ll find out on Tuesday or Wednesday.”
Tuesday and Wednesday came and went without any new information on the cyberattacks from the president-elect.
-
https://www.theatlantic.com/technology/archive/2017/02/what-happened-to-trumps-secret-hacking-intel/515889/?utm_source=polfb
“I know a lot about hacking,” Trump said to the reporters, according to The New York Times. “And hacking is a very hard thing to prove. So it could be somebody else.” He was referring to the intelligence community’s determination that Russia was behind the cyberattacks.
Then, a bombshell: “And I also know things that other people don’t know, and so they cannot be sure of the situation.” Asked what he was talking about, Trump replied, “You’ll find out on Tuesday or Wednesday.”
Tuesday and Wednesday came and went without any new information on the cyberattacks from the president-elect.
Still nothing from anyone resembling proof, showing who accessed the dem's emails.
-
This story broken at about that time:
http://dailycaller.com/2017/02/04/exclusive-house-intelligence-it-staffers-fired-in-computer-security-probe/
Three brothers who managed office information technology for members of the House Permanent Select Committee on Intelligence and other lawmakers were abruptly relieved of their duties on suspicion that they accessed congressional computers without permission.
Nothing excuses the Russians, if they are guilty. But aren't all rivals and enemies trying to hack at all times? Security is part of governing competence. Or incompetence in the choice of John Podesta and the person who hired him.
Hillary's nefarious activities were exposed by her own disclosures, those of the state department, the FBI, as well as wikileaks who say the source is not the Russians.
Does anyone think the 2017 election was wrongly swung by Russian interference? IF they were guilty of hacking and releasing, didn't they release what Hillary herself already promised to release. Don't we want to know that the media and the DNC were inappropriately helping Hillary over Bernie? That deserves to be exposed, IMHO. I never saw private emails of the wedding and yoga classes revealed. I only saw the kind of emails that gave us a more accurate look at her work product.
-
Assange: WikiLeaks Will Help Tech Firms Defend Against CIA Hacking
CIA lashes out against WikiLeaks, saying founder Julian Assange is ‘not exactly a bastion of truth and integrity’
0:00 / 0:00
WikiLeaks founder Julian Assange on Thursday pledged to share with technology companies the technical details of the purported CIA hacking tools his organization described earlier this week. Photo: Zuma Press
By Robert McMillan
Updated March 9, 2017 1:56 p.m. ET
108 COMMENTS
WikiLeaks founder Julian Assange pledged Thursday to provide technology companies with the technical details needed to fix product flaws that were exposed when his organization published documents that apparently show how the Central Intelligence Agency hacks into phones and other devices.
The 8,761 documents that WikiLeaks posted on its website Tuesday described malware and other tools used to exploit a wide range of commercial products including smartphones, software and equipment from Apple Inc., Alphabet Inc.’s Google, Samsung Electronics Co., and Microsoft Corp.
The documents sent companies scrambling to uncover what specific security flaws the attacks might be exploiting. And Mr. Assange’s offer on Thursday created a fresh set of complications for the companies dealing with the leak.
White House press secretary Sean Spicer warned companies on Thursday that accepting classified material from WikiLeaks could be violating the law. They should check with the Justice Department in advance, he said.
When WikiLeaks released the information the antisecrecy organization said it obtained from the CIA files, the organization had put tech companies in the position of knowing they might have security vulnerabilities but not knowing how to address the flaws and protect their customers.
FBI Probing How WikiLeaks Obtained CIA Spy Tools
Tech Firms Rush to Assess Damage
Related Video
0:00 / 0:00
In light of WikiLeaks' release said to detail CIA hacking methods, WSJ's Nathan Olivarez-Giles outlines ways consumers can reinforce the protection of their devices and TVs against intrusion on Lunch Break with Tanya Rivero. Photo: Zuma Press
“After considering what we think is the best way to proceed and hearing the calls from some of the manufacturers, we have decided to work with them to give them some exclusive access to the additional technical details we have so that fixes can be developed and pushed out,” Mr. Assange said during a news conference broadcast online.
The CIA lashed out Thursday at Mr. Assange and WikiLeaks for disclosures that the group has said represents an overreach by U.S. intelligence officials. Neither the CIA nor the White House has commented on the authenticity of the documents.
“Julian Assange is not exactly a bastion of truth and integrity,” CIA spokesman Jonathan Liu said. “Despite the efforts of Assange and his ilk, [the] CIA continues to aggressively collect foreign intelligence overseas to protect America from terrorists, hostile nation states and other adversaries.”
The tech companies must now decide whether they’re willing to accept WikiLeaks’ offer. Having in hand the actual code used in the purported CIA hacking tools would enable the companies to understand the exact holes in their products. But the prospect of working with an organization that publishes stolen government secrets also raises delicate ethical, legal and public-relations issues.
Although it would be “unheard of” for the federal government to prosecute a company for using leaked classified information to improve its products, there “are some issues with the fact that the information is classified,” said Jennifer Granick, director of civil liberties at Stanford Law School’s Center for Internet and Society.
Given uncertainty about the views of the Justice Department, “I can see why legal counsel at big companies might hesitate to reach out to Julian Assange to negotiate access to classified information,” she said.
Apple and Samsung didn’t respond to requests for comment Thursday. Google declined to comment on whether it would work with WikiLeaks.
“We’ve seen Julian Assange’s statement and have not yet been contacted,” a Microsoft spokesman said Thursday.
The spokesman said that Microsoft’s initial review of the WikiLeaks documents showed that most of the issues are dated and likely have been addressed in its latest software.
Several other companies named in the documents, including Apple and Google, said Wednesday that their initial reviews indicated that existing software updates had already addressed many of the vulnerabilities described in the WikiLeaks document. Still, they said, the reviews were continuing.
In a blog post Wednesday, Cisco Systems Inc. said that its ability to address issues the documents raised was limited without more detail, but once the code was released the company would be able to analyze it and produce updates if necessary. Most of the companies whose products are mentioned in the WikiLeaks documents face the same situation, security experts said.
Cisco declined to comment Thursday on whether it is willing to work with WikiLeaks. The company said it has a protocol for investigating and fixing bugs if it receives a report of a vulnerability.
WikiLeaks plans to release more of the documents and files that the organization obtained.
“Once this material is effectively disarmed by us by removing critical components, we will publish additional details of what has been occurring,” Mr. Assange said.
Mr. Assange said that the need to fix these flaws is pressing, given that others might be in possession of the tools.
“It is impossible to keep effective control of cyberweapons,” he said. “If you build them, you will lose them.”
In a statement Wednesday, the CIA gave what appeared to be a justification for amassing an arsenal of high-tech hacking tools.
“It is the CIA’s job to be innovative, cutting-edge, and the first line of defense in protecting this country form enemies abroad,” the agency said. “America deserves nothing less.”
The agency also said it is legally prohibited from conducting electronic surveillance targeting Americans at home in the U.S. and doesn’t do so. The CIA said Americans should be troubled by any WikiLeaks disclosure designed to damage the U.S. intelligence community’s ability to protect America from adversaries.
“Such disclosures not only jeopardize U.S. personnel and operations, but also equip our adversaries with tools and information to do us harm,” the CIA said.
WikiLeaks said it had disclosed the information to inspire a debate about what limits should be placed on the CIA’s ability to hack computers and electronic devices.
—Shane Harris,
Rachael King, Paul Sonne, Jay Greene and Jack Nicas contributed to this article.
-
http://jewishworldreview.com/cols/thomas030917.php3
http://insider.foxnews.com/2017/03/09/samsung-mi5-collaboration-wikileaks-release-cia-documents-judge-napolitano-reacts
-
WTF?!?
http://www.frontpagemag.com/fpm/265729/muslim-brotherhood-security-breach-congress-daniel-greenfield
-
second post
https://www.nytimes.com/2017/03/12/world/europe/russia-hacker-evgeniy-bogachev.html?emc=edit_ta_20170312&nl=top-stories&nlid=49641193&ref=cta&_r=0
To the F.B.I., Evgeniy M. Bogachev is the most wanted cybercriminal in the world. The bureau has announced a $3 million bounty for his capture, the most ever for computer crimes, and has been attempting to track his movements in hopes of grabbing him if he strays outside his home turf in Russia.
He has been indicted in the United States, accused of creating a sprawling network of virus-infected computers to siphon hundreds of millions of dollars from bank accounts around the world, targeting anyone with enough money worth stealing — from a pest control company in North Carolina to a police department in Massachusetts to a Native American tribe in Washington.
In December, the Obama administration announced sanctions against Mr. Bogachev and five others in response to intelligence agencies’ conclusions that Russia had meddled in the presidential election. Publicly, law enforcement officials said it was his criminal exploits that landed Mr. Bogachev on the sanctions list, not any specific role in the hacking of the Democratic National Committee.
But it is clear that for Russia, he is more than just a criminal. At one point, Mr. Bogachev had control over as many as a million computers in multiple countries, with possible access to everything from family vacation photographs and term papers to business proposals and highly confidential personal information. It is almost certain that computers belonging to government officials and contractors in a number of countries were among the infected devices. For Russia’s surveillance-obsessed intelligence community, Mr. Bogachev’s exploits may have created an irresistible opportunity for espionage.
While Mr. Bogachev was draining bank accounts, it appears that the Russian authorities were looking over his shoulder, searching the same computers for files and emails. In effect, they were grafting an intelligence operation onto a far-reaching cybercriminal scheme, sparing themselves the hard work of hacking into the computers themselves, officials said.
The Russians were particularly interested, it seems, in information from military and intelligence services regarding fighting in eastern Ukraine and the war in Syria, according to law enforcement officials and the cybersecurity firm Fox-IT. But there also appear to have been attempts to gain access to sensitive military and intelligence information on infected computers in the United States, often consisting of searching for documents containing the words “top secret” or “Department of Defense.”
The Russian government has plenty of its own cyberspace tools for gathering intelligence. But the piggybacking on Mr. Bogachev’s activities offers some clues to the breadth and creativity of Russia’s espionage efforts at a time when the United States and Europe are scrambling to counter increasingly sophisticated attacks capable of destroying critical infrastructure, disrupting bank operations, stealing government secrets and undermining democratic elections.
This relationship is illustrated by the improbable mix of characters targeted with the sanctions announced by the Obama administration. Four were senior officers with Russia’s powerful military intelligence agency, the G.R.U. Two were suspected cyberthieves on the F.B.I.’s most wanted list: an ethnic Russian from Latvia named Alexsey Belan with a red-tinted Justin Bieber haircut, and Mr. Bogachev, whose F.B.I. file includes a photograph of him holding his spotted Bengal cat while wearing a matching set of leopard-print pajamas.
His involvement with Russian intelligence may help explain why Mr. Bogachev, 33, is hardly a man on the run. F.B.I. officials say he lives openly in Anapa, a run-down resort town on the Black Sea in southern Russia. He has a large apartment near the shore and possibly another in Moscow, officials say, as well as a collection of luxury cars, though he seems to favor driving his Jeep Grand Cherokee. American investigators say he enjoys sailing and owns a yacht.
Running the criminal scheme was hard work. Mr. Bogachev often complained of being exhausted and “of having too little time for his family,” said Aleksandr Panin, a Russian hacker, now in a federal prison in Kentucky for bank fraud, who used to communicate with Mr. Bogachev online. “He mentioned a wife and two kids as far as I remember,” Mr. Panin wrote in an email.
Beyond that, little is known about Mr. Bogachev, who preferred to operate anonymously behind various screen names: slavik, lucky12345, pollingsoon. Even close business associates never met him in person or knew his real name. “He was very, very paranoid,” said J. Keith Mularski, an F.B.I. supervisor in Pittsburgh whose investigation of Mr. Bogachev led to an indictment in 2014. “He didn’t trust anybody.”
Russia does not have an extradition treaty with the United States, and Russian officials say that so long as Mr. Bogachev has not committed a crime on Russian territory, there are no grounds to arrest him.
Attempts to reach Mr. Bogachev for this article were unsuccessful. In response to questions, his lawyer in Anapa, Aleksei Stotskii, said, “The fact that he is wanted by the F.B.I. prevents me morally from saying anything.”
A line in Mr. Bogachev’s file with the Ukrainian Interior Ministry, which has helped the F.B.I. track his movements, describes him as “working under the supervision of a special unit of the F.S.B.,” referring to the Federal Security Service, Russia’s main intelligence agency. The F.S.B. did not respond to request for comment.
That Mr. Bogachev remains at large “is the most powerful argument” that he is an asset of the Russian government, said Austin Berglas, who was an assistant special agent in charge of cyberinvestigations out of the F.B.I.’s New York field office until 2015. Hackers like Mr. Bogachev are “moonlighters,” Mr. Berglas said, “doing the bidding of Russian intelligence services, whether economic espionage or straight-up espionage.”
Such an arrangement offers the Kremlin a convenient cover story and an easy opportunity to take a peek into the extensive networks of computers infected by Russian hackers, security experts say. Russian intelligence agencies also appear to occasionally employ malware tools developed for criminal purposes, including the popular BlackEnergy, to attack the computers of enemy governments. The recent revelations by WikiLeaks about C.I.A. spying tools suggest that the agency also kept a large reference library of hacking kits, some of which appear to have been produced by Russia.
It also hints at a struggle to recruit top talent. A job with the Russian intelligence agencies does not command the prestige it did in the Soviet era. The Russian state has to compete against the dream of six-figure salaries and stock options in Silicon Valley. A recruiting pitch from a few years ago for the Defense Ministry’s cyberwarfare brigade offered college graduates the rank of lieutenant and a bed in a room with four other people.
And so the Kremlin at times turns to the “dark web” or Russian-language forums devoted to cyberfraud and spam. Mr. Bogachev, according to court papers from his criminal case, used to sell malicious software on a site called Carding World, where thieves buy and sell stolen credit card numbers and hacking kits, according to the F.B.I. One recent posting offered to sell American credit card information with CVV security numbers for $5. A user named MrRaiX was selling a malware supposedly designed to pilfer passwords from programs like Google Chrome and Outlook Express.
Rather than shut down such sites, as the F.B.I. typically tries to do, Russian intelligence agents appear to have infiltrated them, security experts say.
Some of the forums state specifically that almost any type of criminality is allowed — bank fraud, counterfeiting documents, weapons sales. One of the few rules: no work in Russia or the former Soviet Union. In Carding World, and in many other forums, a violation results in a lifetime ban.
The F.B.I. has long been stymied in its efforts to get Russian cybercriminals. For a time, the bureau had high hopes that its agents and Russian investigators with the F.S.B. would work together to target Russian thieves who had made a specialty of stealing Americans’ credit card information and breaking into their bank accounts. “Here’s to great investigations,” F.B.I. and F.S.B. agents would toast each other at Manhattan steakhouses during periodic trust-building visits, Mr. Berglas said.
But help rarely seemed to materialize. After awhile, agents began to worry that the Russian authorities were recruiting the very suspects that the F.B.I. was pursuing. The joke among Justice Department officials was the Russians were more likely to pin a medal on a suspected criminal hacker than help the F.B.I. nab him.
“Almost all the hackers who have been announced by the U.S. government through indictments are immediately tracked by the Russian government,” said Arkady Bukh, a New York-based lawyer who often represents Russian hackers arrested in the United States. “All the time they’re asked to provide logistical and technical support.”
While it was a widely held suspicion, it is tough to prove the connection between cyberthieves and Russian intelligence. But in one case, Mr. Berglas said, F.B.I. agents monitoring an infected computer were surprised to see a hacker who was the target of their investigation share a copy of his passport with a person the F.B.I. believed to be a Russian intelligence agent — a likely signal that the suspect was being recruited or protected. “That was the closest we ever came,” he said.
Fishing for Top Secrets
Mr. Bogachev’s hacking career began well over a decade ago, leading to the creation of a malicious software program called GameOver ZeuS that he managed with the help of about a half-dozen close associates who called themselves the Business Club, according to the F.B.I. and security researchers. Working around the clock, his criminal gang infected an ever growing network of computers. They were able to bypass the most advanced banking security measures to quickly empty accounts and transfer the money abroad through a web of intermediaries called money mules. F.B.I. officials said it was the most sophisticated online larceny scheme they had encountered — and for years, it was impenetrable.
Mr. Bogachev became extremely wealthy. At one point, he owned two villas in France and kept a fleet of cars parked around Europe so he would never have to rent a vehicle while on vacation, according to a Ukrainian law enforcement official with knowledge of the Bogachev case, who requested anonymity to discuss the continuing investigation. Officials say he had three Russian passports with different aliases allowing him to travel undercover.
At the height of his operations, Mr. Bogachev had between 500,000 and a million computers under his control, American officials said. And there is evidence that the Russian government took an interest in knowing what was on them.
Beginning around 2011, according to an analysis by Fox-IT, computers under Mr. Bogachev’s control started receiving requests for information — not about banking transactions, but for files relating to various geopolitical developments pulled from the headlines.
Around the time that former President Barack Obama publicly agreed to start sending small arms and ammunition to Syrian rebels, in 2013, Turkish computers infected by Mr. Bogachev’s network were hit with keyword searches that included the terms “weapon delivery” and “arms delivery.” There were also searches for “Russian mercenary” and “Caucasian mercenary,” suggesting concerns about Russian citizens fighting in the war.
Ahead of Russia’s military intervention in Ukraine in 2014, infected computers were searched for information about top-secret files from the country’s main intelligence directorate, the S.B.U. Some of the queries involved searches for personal information about government security officials, including emails from Georgia’s foreign intelligence service, the Turkish Foreign Ministry and others, said Michael Sandee, one of the researchers from Fox-IT.
And at some point between March 2013 and February 2014, there were searches for English-language documents, which seemed to be fishing for American military and intelligence documents. The queries were for terms including “top secret” and “Department of Defense,” said Brett Stone-Gross, a cybersecurity analyst involved in analyzing GameOver ZeuS. “These were in English,” he said. “That was different.”
Cybersecurity experts who studied the case say there is no way to know who ordered the queries. But they were so disconnected from the larceny and fraud that drove Mr. Bogachev’s operation that analysts say there can be no other motive but espionage.
Whether the searches turned up any classified document or sensitive government material is unknown, although the odds are likely that there were a number of federal government employees or defense contractors with infected personal computers. “They had such a large number of infections, I would say it’s highly likely they had computers belonging to U.S. government and foreign government employees,” Mr. Stone-Gross said.
In the summer of 2014, the F.B.I., together with law enforcement agencies in over half a dozen countries, carried out Operation Tovar, a coordinated attack on Mr. Bogachev’s criminal infrastructure that successfully shut down his network and liberated computers infected with GameOver ZeuS.
Prosecutors said they were in talks with the Russian government, trying to secure cooperation for the capture of Mr. Bogachev. But the only apparent legal trouble Mr. Bogachev has faced in Russia was a lawsuit filed against him by a real estate company in 2011 over payment of about $75,000 on his apartment in Anapa, according to court papers there. And even that he managed to beat.
These days, officials believe Mr. Bogachev is living under his own name in Anapa and occasionally takes boat trips to Crimea, the Ukrainian peninsula that Russia occupied in 2014. Mr. Mularski, the F.B.I. supervisor, said his agents were “still pursuing leads.”
-
http://www.mcclatchydc.com/news/nation-world/national/national-security/article137816228.html
-
http://www.politico.com/story/2017/03/house-democrats-it-staffers-hina-alvi-imran-awan-235569
-
http://thehill.com/policy/cybersecurity/273796-house-establishes-encryption-working-group
-
As best as I can tell, the man who recommended this article knows his stuff:
http://quietstorm.io/post/158377722775/vault-7-the-cia-and-the-truth
-
https://twitter.com/foxandfriends/status/841619127999508480?ref_src=twsrc%5Etfw
-
https://twitter.com/foxandfriends/status/841619127999508480?ref_src=twsrc%5Etfw
This is not uncommon. The law enforcement or intelligence agencies of friendly countries can intercept communications then pass it back to US entities. No law in the UK that would prevent the GCHQ from listening in on anyone's calls. Intercepting foreign comms is what they do.
-
The obvious question is why would anyone leave a laptop in their vehicle in driveway? Even if it was for a few minutes. I have had people get into my car trunk while I was in the post office of at a gas station with my back turned getting a cup of coffee:
http://www.tmz.com/2017/03/20/mystery-thief-secret-service-laptop/
-
https://www.nytimes.com/2017/03/25/technology/north-korea-hackers-global-banks.html?emc=edit_th_20170326&nl=todaysheadlines&nlid=49641193&_r=0
-
America Is Ill-Prepared to Counter Russia’s Information Warfare
Propaganda is nothing new. But Moscow is frighteningly effective—and worse is on the way.
By Mike Rogers
March 27, 2017 6:59 p.m. ET
22 COMMENTS
When historians look back at the 2016 election, they will likely determine that it represented one of the most successful information operation campaigns ever conducted. A foreign power, through the targeted application of cyber tools to influence America’s electoral process, was able to cast doubt on the election’s legitimacy, engender doubts about the victor’s fitness for office, tarnish the outcome of the vote, and frustrate the president’s agenda.
Historians will also see a feckless Congress—both Democrats and Republicans—that focused on playing partisan “gotcha” and fundamentally failed in its duty to gather information, hold officials accountable, and ultimately serve the country’s interests.
Whether or not the Trump campaign or its staff were complicit in Moscow’s meddling is missing the broader point: Russia’s intervention has affected how Americans view the peaceful transition of power from one president to the next. About this we should not be surprised. Far from it.
Propaganda is perhaps the second- or third-oldest profession. Using information as a tool to affect outcomes is as old as politics. Propaganda was familiar to the ancient Greeks and Romans, the Byzantines, and the Han Dynasty. Each generation applies the technology of the day in trying to influence an adversary’s people.
What’s new today is the reach of social media, the anonymity of the internet, and the speed with which falsehoods and fabrications can propagate. Twitter averaged 319 million monthly active users in the fourth quarter of 2016. Instagram had 600 million accounts at the end of last year. Facebook’s monthly active users total 1.86 billion—a quarter of the global population. Yet even these staggering figures don’t fully capture the internet’s reach.
In February, Russia’s minister of defense, Sergei Shoigu, announced a realignment in its cyber and digital assets. “We have information troops who are much more effective and stronger than the former ‘counter-propaganda’ section,” Mr. Shoigu said, according to the BBC. Russia, more than any other country, recognizes the value of information as a weapon. Moscow deployed it with deadly effect in Estonia, in Georgia and most recently in Ukraine, introducing doubt into the minds of locals, spreading lies about their politicians, and obfuscating Russia’s true intentions.
A report last year by RAND Corp., “The Russian ‘Firehose of Falsehood’ Propaganda Model ,” noted that cyberpropaganda is practically a career path in Russia. A former paid troll told Radio Free Europe that teams were on duty around the clock in 12-hour shifts and he was required to post at least 135 comments of not fewer than 200 characters each.
In effect, Moscow has developed a high-volume, multichannel propaganda machine aimed at advancing its foreign and security policy. Along with the traditional propaganda tools—favoring friendly outlets and sponsoring ideological journals—this represents an incredibly powerful tool.
Now extrapolate one step further: Apply botnets, artificial intelligence and other next-generation technology. The result will be automated propaganda, rapid spamming and more. We shouldn’t be surprised to see any of this in the future.
Imagine an American senator who vocally advocates a new strategic-forces treaty with European allies. Moscow, feeling threatened, launches a directed information campaign to undermine the senator. His emails are breached and published, disclosing personal details and family disputes, alongside draft policy papers without context. Social media is spammed with seemingly legitimate comments opposing the senator’s position. The senator’s phone lines are flooded with robocalls. Fake news articles are pushed out on Russian-controlled media suggesting that the senator has broken campaign-finance laws.
Can you imagine the disruption to American society? The confusion in the legislative process? The erosion of trust in democracy? Unfortunately, this is the reality the U.S. faces, and without a concerted effort it will get worse.
Congress is too focused on the trees to see the frightening forest. Rather than engaging in sharp-edged partisanship, lawmakers should be investigating Russian propaganda operations and information warfare. They should be figuring out how to reduce the influence of foreign trolls, and teaching Americans about Moscow’s capabilities. That would go a long way to save the republic.
Mr. Rogers was chairman of the House Permanent Select Committee on Intelligence, 2011-15.
Appeared in the Mar. 28, 2017, print edition.
-
An alternative view from the one CD posted above. The Russian narrative about how they influenced our election is a farce. I subscribe to this view:
http://www.nationalreview.com/article/446148/russian-farce-trump-collusion-hysteria-diverts-attention-surveillance-scandal
-
BTW, IIRC Mike Rogers was the fg idiot that gave Dems major ammo when he chortled that the Benghazi Committee was a chance to get Hillary; that does not mean he is wrong here. Headed out now, will read CCP's post when I get back.
-
I do trust him on security issues. John Bolton also comments on this issue here and I respect his opinion and while Cheney is probably not a huge fan of Trump he and Bolton are not freakin Dems just trying to make hay and delegitimize Trump:
http://www.foxnews.com/world/2017/03/28/cheney-blasts-russia-alleged-interference-in-us-election.html
-
Why is it only Repubs who do this to their own:
http://www.nationalreview.com/article/446179/devin-nunes-trump-surveillance-campaign-investigation-house-intel-committee-russia
McCarthy's rebuttel to French:
Nunes need not "recuse" himself and Dems calling for this are being totally political. And yet some REpubs fall for the bait. Perhaps Schiff should step down as he is totally political and doing everything he can to "get" the President:
http://www.nationalreview.com/article/446210/devin-nunes-investigation-chairman-house-intel-committee-michael-flynn
-
That belongs in some other thread-- Politics perhaps?
-
http://www.seattletimes.com/seattle-news/politics/uw-professor-the-information-war-is-real-and-were-losing-it/
-
http://www.anonews.co/secretive-spy-us/ :-o :-o :-o
-
May 15, 2017 7:02 p.m. ET
40 COMMENTS
At least 150 countries are still working to contain a malicious computer worm that emerged on Friday. The unprecedented planet-wide attack is another harbinger of the world’s exposure to hackers and digital terrorists.
From London to Beijing to Moscow, hundreds of thousands of users were infected with a new variant of so-called ransomware, known as “WannaCry,” which encrypted their data and then solicited a blackmail payment to resume normal operations. This sophisticated, self-propagating malware was designed to spread to all other computers on the same network after infecting one machine. The culprits are unknown and could take years to track down, if ever.
WannaCry has renewed a debate about the obligations of defense departments to the private sector. The virus was developed by taking advantage of a software flaw in Microsoft ’s Windows operating system that the U.S. National Security Agency identified last August. The NSA develops libraries of such exploits, and an online group named Shadow Brokers infiltrated the database last year and published the material that led to WannaCry.
Microsoft blames the NSA for researching such hacking methods, but in this case the NSA followed the protocol known as the Vulnerabilities Equities Process that determines which flaws should be reserved for intelligence gathering and which should be disclosed to protect consumers. The NSA alerted Microsoft.
The company fixed the problem with a software patch in March, but users who failed to upgrade their OS remained vulnerable. Too many corporate and government information technology departments are behind the curve.
The episode underscores the folly of the U.S. law enforcement demand that tech companies install backdoors into their devices and services. Defrocked FBI Director James Comey ran a public pressure campaign against Apple in 2015 and 2016 when his agents couldn’t break the encryption of the iPhones of the San Bernardino killers, and asked Congress to mandate dedicated built-in decryption keys. WannaCry takes advantage of a coding error. An intentional outside entry point that leaked or fell into the wrong hands could lead to even larger havoc.
Witness the WannaCry meltdown at Britain’s National Health Service, where 45% of hospitals, doctors offices and ambulances were crippled. Even emergency room services had to be curtailed. The Russian Interior Ministry was also compromised. A successful cyber-attack on the banking system, the electric grid, traffic lights or electronic medical records could do far more economic and security damage.
The Pentagon stood up a cyber command in 2012, but the effort has been impaired by bureaucratic turf protection and blurred lines of accountability. Infamously in 2013, Defense, Homeland Security, the FBI and other agencies required 75 drafts of a single Power Point slide to define their respective division of responsibilities for cybersecurity.
Abuse and even acts of war are never far behind technological advance, and the damage will be worse next time if the U.S. can’t modernize its cyberdefenses.
Appeared in the May. 16, 2017, print edition.
-
Hat tip to a geek friend for this-- for I certainly have not a clue in these things:
https://securelist.com/blog/research/78431/wannacry-and-lazarus-group-the-missing-link/
-
Hat tip to my geek friend:
https://www.sans.org/newsletters/newsbites/xix/43
Top of the news:
An Overview of US's Cyber Adversaries - https://www.sans.org/newsletters/newsbites/xix/43#200
UN North Korea Sanctions Investigation Panel Reports Cyber Attack https://www.sans.org/newsletters/newsbites/xix/43#202
-
http://dailysignal.com/2017/06/29/russias-hybrid-warfare-battlefield-ukraine-heats/?utm_source=TDS_Email&utm_medium=email&utm_campaign=MorningBell&mkt_tok=eyJpIjoiTTJRNVptSTRNVGRtWTJWayIsInQiOiJDMnZPS0dNTDVBbEwzU1NaVGVYWlZIXC9ES1BLYWRRRkw5KzB3ZytteHE4VlM1Mlk5K0hrWWlaMVJGRVlrU1BJSGw1bHdGS1IzUlhmYTk0UU8yc0FObTNISFM3SFpHaXAzWjFoY1p3USt0NUowSE14UDBxa0puWDIyeTJJVG92ZVQifQ%3D%3D
-
http://thehill.com/homenews/sunday-talk-shows/341192-trump-talk-of-cyber-security-unit-with-russia-earns-mixed-reviews?rnd=1499618846
-
I can only think he thinks he can outsmart Putin with this suggestion/concept.
If he does he is "deluding" himself.
But it really thinks we could somehow work as partners with this
then he is plain "delusional".
-
Definitely leaves me ill at ease, though I suppose it could be a place for cyber-spooks to play their games , , ,
-
https://www.blackhat.com/docs/us-17/2017-Black-Hat-Attendee-Survey.pdf
-
https://www.blackhat.com/docs/us-17/2017-Black-Hat-Attendee-Survey.pdf
Important stuff. Plan accordingly.
-
What are you doing?
-
What are you doing?
Moving away from an urban death zone.
-
Silly me, I was thinking electronically :lol: e.g. storing this forum in some sort of device, unconnected to the internet so this forum can be resurrected with our work of all these years saved.
-
Silly me, I was thinking electronically :lol: e.g. storing this forum in some sort of device, unconnected to the internet so this forum can be resurrected with our work of all these years saved.
I'm planning on scenarios that put immediate concerns much lower on Maslow's hierarchy of needs.
-
https://www.eenews.net/energywire/stories/1060057718/search
SECURITY
Grid threats require 'imagining the unimaginable' — report
Peter Behr, E&E News reporter Published: Friday, July 21, 2017
Power grid at sunset. Photo credit: Pixabay
A new National Academy of Sciences report has stark warnings for the U.S. electric power network. Pixabay
The U.S. electric power network is poorly equipped to restore electricity service to large areas blacked out by natural disasters or hostile attacks, a National Academy of Sciences panel warned yesterday in a report that looks into dark future scenarios that it says the nation and the public have not fully faced up to.
"The electricity system, and associated supporting infrastructure, is susceptible to widespread uncontrolled cascading failure, based on the interconnected and interdependent nature of the networks," the panel concluded in a 297-page report ordered by Congress and funded by the Department of Energy. "Despite all best efforts, it is impossible to avoid occasional, potentially large outages caused by natural disasters or pernicious physical or cyber attacks."
The panel, headed by M. Granger Morgan, an engineering professor at Carnegie Mellon University, proposed a long list of actions needed to create a "resilient" power grid that could recover from an unprecedented blow.
Morgan said the challenge should be a top priority, not in the sense of "do it tomorrow, or we're toast. But in the time scale of months, it's quite urgent."
"At present, planning for all types of hazards to public infrastructure is a disorganized and decentralized activity," the report said. "Too often in the past, the United States has made progress on the issue of resilience by 'muddling through,'" but that response is no longer tolerable, the report said. Multiple threats to the grid require authorities and industry to start "imagining the unimaginable" and planning for lower-probability but potentially catastrophic events.
The report comes as Energy Secretary Rick Perry's leadership team is completing a high-level review of power grid reliability and is working on a report on cybersecurity threats called for by President Trump. Both reports will set policy benchmarks for how the Trump administration will prioritize and fund federal responses to grid threats.
Travis Fisher, the DOE political appointee heading the reliability study, minimized the risk of a state-sponsored, large-scale cyber outage in a 2015 paper issued by the Institute for Energy Research, a pro-fossil-fuels advocacy organization. "Even though cyber threats do exist and are concerning, fears of catastrophic damage from a cyber attack are likely overblown," Fisher wrote then, saying that would-be attackers are deterred by the certainty of a U.S. in-kind response.
Some grid executives and federal security officials have said the same, but most cyber professionals conclude that the grid's exposure to potential attack is expanding constantly. Responding to a question yesterday, DOE spokeswoman Shaylyn Hynes said the IER paper "is not relevant to the grid study or cyber study."
The panel, whose members included academics, DOE laboratory scientists and a former regional grid chief executive, said the responsibility for recovery from a widespread power outage starts at the top.
Fragmented responsibility
"No single entity is responsible for, or has the authority to implement a comprehensive approach to assure the resilience of the nation's electricity system," the report said. "Even in federal programs focused explicitly on increasing grid resilience, planning and implementation of research and policy responses are fragmented across federal agencies. It is impossible to describe all of the relevant efforts succinctly."
The panel challenged DOE to fill that gap, leading longer-term federal, state and community actions to increase the grid's recovery capability. "No other entity in the United States has the mission to support such work," it said.
While many recommendations centered on the federal government, others pointed at the power industry.
"There has been a tendency among utilities and other commercial entities not to share information about cyber breaches and to look inward rather than seeking help, which limits potential for collaboration across organizations. Most utilities are not likely to have adequate internal staff directly experienced in large-scale cyber restoration," the report said.
It also urged more research on how electric vehicles, customer-owned solar power and microgrids could help the grid recover. In worst-case scenarios, customers might have to endure lengthy recoveries in which power is rationed, the study said. Families that have home systems able to use limited power supplies to run refrigerators and furnaces might avoid evacuation after a disaster, the authors said.
The report urged more financial support for DOE offices that fund research, development and demonstration programs on cybersecurity defenses and power grid monitoring and control systems. Trump's fiscal 2018 budget request proposed 41 percent spending cuts for both DOE's Office of Electricity Delivery and Energy Reliability and its Office of Energy Efficiency and Renewable Energy, two centers of that research.
"If funding is not provided by the federal government, the committee is concerned that this gap would not be filled either by states or by the private sector," the panel said.
It called on DOE to lead in the stockpiling of crucial grid power transformers, to complement industry programs.
Much more technology is needed to deal with wide-area outages, the panel said, including control room software to help grid operators recognize and respond to fast-moving outages. "During a major event such as Hurricane Katrina or Superstorm Sandy, thousands of alarms can overwhelm the system operator" in control rooms, it said. "Artificial intelligence could help quickly prioritize these alarms."
Several recommendations addressed what the panel saw as a lack of understanding among government officials and the public about the consequences of a widespread emergency — including deliberate, targeted blackouts of some areas to protect vital equipment that would be needed to bring the grid back up.
In an uncontrolled, cascading grid collapse, parts of the interstate grid would automatically break into smaller subdivisions called "islands," resulting in significant outages, the panel said. Planned "islanding" in an emergency could limit the damage and speed recovery, the report said.
DOE and DHS should create a "visioning" process to portray and assess plausible large-area, long-duration grid disruptions that could have major impacts on the public, to help hospitals, communications providers, first responders and other critical resources prepare, the report said.
The Federal Energy Regulatory Commission and the North American Energy Standards Board should do more to coordinate operations of natural gas pipelines and the power companies that depend on gas to run generators, it said.
The recovery challenge must be recognized at the state level, too, the panel said.
In one case in point, a new cybersecurity strategy issued last week by Connecticut Gov. Dannel Malloy (D) describes critical infrastructure as the state's "Achilles' heel," noting that "experts have called our electric grid the glass jaw of American industry." The document concludes, "There are potential attackers, vulnerable places they could attack and many ways to amplify the effects of a cyber attack by combining it with other emergencies."
"I can't give you concrete, specific, best solutions for all these problems," said Art House, Connecticut's chief cybersecurity risk officer and a former utility regulator there. "But I think that what we have to do is recognize the vulnerability, recognize that there has to be a culture of cybersecurity, and then go about finding the answers to it."
Twitter: @PeteBehrEENews Email: pbehr@eenews.net
-
https://fas.org/sgp/crs/homesec/R43604.pdf
___________________________________________________
https://www.csmonitor.com/World/Passcode/Passcode-Voices/2017/0320/How-China-is-preparing-for-cyberwar
Preparing for informationized wars
The 2015 Chinese Military Strategy White Paper states that the PLA must prepare for “informationized local wars” against technologically advanced adversaries. As a result, Chinese hackers breach Defense Department networks in order to better understand US military capabilities, accelerate the modernization of the People’s Liberation Army, and prepare of military conflict and the disruption of US forces.
Two PLA groups, Units 61938 and 61486, have reportedly stolen information from over two dozen Defense Department weapons programs, including the Patriot missile system and the US Navy’s new littoral combat ship. The most high-profile case has been the hacking of defense contractors involved in the F-35, which have forced the redesign of specialized communications and antenna arrays for the stealth aircraft. Department of Defense officials say that the most sensitive flight control data were not taken because they were stored offline, but the fuselage of China’s second stealth fighter jet, the J-31, is very similar to that of the F-35. In response to a question about attacks on defense contractors, Lieutenant General Vincent Stewart, director of the Defense Intelligence Agency, told a congressional hearing, “I do not believe we are at this point losing our technological edge, but it is at risk based on some of their cyberactivities,” referring to China.
Chinese hackers also break into US networks in preparation for a potential military conflict. Chinese military analysts often write of the PLA’s need to seize information dominance at the beginning stages of a conflict with a technologically advanced adversary through cyber attacks against command and control computers as well as satellite and communication networks. The PLA would also attempt to disrupt US forces in the Western Pacific through attacks on transportation and logistics systems. Preparing for these attacks requires cyber espionage.
Chinese military writings also suggest that cyberattacks can have a deterrent effect, given American dependence on banking, telecommunication, and other critical networks. A highly disruptive or destructive attack on these networks might reduce the chances that the United States might get involved in a regional conflict. Some Chinese intrusions into critical infrastructure may intentionally leave evidence behind to act as a warning that the US homeland may not be immune to attack in the case of a conflict over Taiwan or the South China Sea.
______________________________________
http://www.indiandefencereview.com/spotlights/acupuncture-warfare-chinas-cyberwar-doctrine-and-implications-for-india/
If there is another conflict with China, it can be visualised that the war will begin in cyberspace much before a single shot is fired or the first missile is launched. In fact, frequent hacking attempts, some of them successful, are ongoing on a daily basis even now when there is peace at the border
Read more at:
http://www.indiandefencereview.com/spotlights/acupuncture-warfare-chinas-cyberwar-doctrine-and-implications-for-india/
-
http://www.eiscouncil.com/EarthEx
Today’s lifeline infrastructures are interconnected and resourced on unprecedented scales, with supply chains spanning the nation and, increasingly, the world. With this growing integration and global reach, they have brought us remarkable capabilities.
At a price.
Concerns have grown over the potential for severe malicious or natural “Black Sky” hazards associated with subcontinent scale, long duration power outages, with cascading failure of all our other increasingly interdependent infrastructures. This creates a grim and difficult dilemma: Restoration of any sector will only be possible with at least minimal operation of all the others.
To deal with this deadlock, careful sector by sector and cross-sector resilience planning is crucial. However, such plans, to be effective, must be exercised. With the diversity and the national and global scale of the infrastructures we now depend on, this requires an unprecedented, multi-sector, national and international exercise series.
WHAT IS EARTH EX?
EARTH EX is an evolving, distributed, collaborative partner-developed exercise designed to meet this need.
-
https://www.wsj.com/articles/sec-discloses-edgar-corporate-filing-system-was-hacked-in-2016-1505956552
-
The SEC’s Cyber Embarrassment
The agency that lectures private companies can’t secure its own files.
Photo: istock/Getty Images
By The Editorial Board
Sept. 21, 2017 7:16 p.m. ET
16 COMMENTS
The Securities and Exchange Commission let slip Wednesday evening—nearly half way into a 4,000-word statement on cybersecurity—that it learned last month that a hacking “incident previously detected in 2016 may have provided the basis for illicit gain through trading.” In journalism, this is known as burying the lead.
The SEC’s four-line disclosure provides few details other than that the breach affected its EDGAR system, which receives and processes more than 1.7 million electronic filings a year. Hackers were able to exploit a software vulnerability in the system to obtain nonpublic information. The agency says the weakness was patched promptly, though its investigation is “ongoing.”
So the SEC waited weeks after learning that its filing system had been penetrated for potentially illicit gain to disclose the break-in. And then it discreetly dropped the news into a lengthy memo advising companies and exchanges about their regulatory obligations to manage and disclose cyber risks.
A few questions: Why didn’t the agency report the incident when it occurred last year—and exactly when?—and what took it so long to figure out that the hack might have resulted in illegal trading activity?
The SEC provides no explanation but notes that there are “frequent attempts by unauthorized actors to disrupt access to our public-facing systems, access our data, or otherwise cause damage to our technology infrastructure” and “in certain cases cyber threat actors have managed to access or misuse our systems.” This suggests that there been other successful hacks that the SEC has not disclosed, perhaps because it doesn’t have evidence that they resulted in securities fraud.
One hypothesis is that the SEC was worried that disclosing the hack would raise questions about the security of its Consolidated Audit Trail, a centralized database that will give the agency access to “significant, nonpublic, market sensitive data and personally identifiable information.” The system, in the works for seven years, is supposed to come online this fall. But executives from U.S. financial exchanges have warned that it will be a rich target for hackers.
The SEC might also fear undermining its authority on cybersecurity. In 2014 the SEC issued regulations requiring exchanges and clearinghouses to “take corrective action with respect to systems disruptions, compliance issues and intrusions” and notify the SEC. It has also threatened legal action against public companies that don’t make adequate disclosures.
Yet the SEC has been rebuked several times by the Government Accountability Office and its own Inspector General for lax cyber controls. A 2014 review by its IG found that some SEC laptops that may have contained non-public information couldn’t be located. Agency staff have also transmitted non-public information through non-secure personal email accounts.
The SEC disclosure is particularly embarrassing in the wake of the Equifax data breach, which is being investigated by federal and state regulators amid much political outrage. Before regulators in glass houses take legal action against private companies, they can at least secure their own cyber walls.
-
As I have said for years from my own experience.
But no one cares unless you piss off the Democrat Party bosses:
https://www.hackread.com/hacking-offline-computer-and-phone/
-
http://www.newsmax.com/Newsfront/equifax-white-house-social/2017/10/03/id/817427/
-
WSJ
By Gordon Lubold and
Shane Harris
Updated Oct. 5, 2017 7:31 p.m. ET
994 COMMENTS
WASHINGTON—Hackers working for the Russian government stole details of how the U.S. penetrates foreign computer networks and defends against cyberattacks after a National Security Agency contractor removed the highly classified material and put it on his home computer, according to multiple people with knowledge of the matter.
The hackers appear to have targeted the contractor after identifying the files through the contractor’s use of a popular antivirus software made by Russia-based Kaspersky Lab, these people said.
The theft, which hasn’t been disclosed, is considered by experts to be one of the most significant security breaches in recent years. It offers a rare glimpse into how the intelligence community thinks Russian intelligence exploits a widely available commercial software product to spy on the U.S.
The incident occurred in 2015 but wasn’t discovered until spring of last year, said the people familiar with the matter.
The stolen material included details about how the NSA penetrates foreign computer networks, the computer code it uses for such spying and how it defends networks inside the U.S., these people said.
Having such information could give the Russian government information on how to protect its own networks, making it more difficult for the NSA to conduct its work. It also could give the Russians methods to infiltrate the networks of the U.S. and other nations, these people said.
The breach is the first known incident in which Kaspersky software is believed to have been exploited by Russian hackers to conduct espionage against the U.S. government. The company, which sells its antivirus products in the U.S., had revenue of more than half a billion dollars in Western Europe and the Americas in 2016, according to International Data Corp. Kaspersky says it has more than 400 million users world-wide.
The revelation comes as concern over Russian infiltration of American computer networks and social media platforms is growing amid a U.S. special counsel’s investigation into whether Donald Trump’s presidential campaign sought or received assistance from the Russian government. Mr. Trump denies any impropriety and has called the matter a “witch hunt.”
Intelligence officials have concluded that a campaign authorized by the highest levels of the Russian government hacked into state election-board systems and the email networks of political organizations to damage the candidacy of Democratic presidential nominee Hillary Clinton.
A spokesman for the NSA didn’t comment on the security breach. “Whether the information is credible or not, NSA’s policy is never to comment on affiliate or personnel matters,” he said. He noted that the Defense Department, of which the NSA is a part, has a contract for antivirus software with another company, not Kaspersky.
In a statement, Kaspersky Lab said it “has not been provided any information or evidence substantiating this alleged incident, and as a result, we must assume that this is another example of a false accusation.”
Kremlin spokesman Dmitry Peskov in a statement didn’t address whether the Russian government stole NSA materials using Kaspersky software. But he criticized the U.S. government’s decision to ban the software from use by U.S. agencies as “undermining the competitive positions of Russian companies on the world arena.”
Sen. Jeanne Shaheen, (D., N.H.) on Thursday asked the Senate Armed Services Committee to hold hearings on the issue. “As you are aware, I have been concerned about the serious dangers of using Kaspersky software due to the company’s strong ties to the Kremlin,” she wrote in a letter to Sen. John McCain (R., Ariz.), the committee chairman.
She urged Mr. McCain to “expeditiously” schedule a hearing with the NSA’s director, Adm. Michael Rogers, and other administration officials.
The Kaspersky incident is the third publicly known breach at the NSA involving a contractor’s access to a huge trove of highly classified materials. It prompted an official letter of reprimand to Adm. Rogers by his superiors, people familiar with the situation said.
Adm. Rogers came into his post in 2014 promising to staunch leaks after the disclosure that NSA contractor Edward Snowden the year before gave classified documents to journalists that revealed surveillance programs run by the U.S. and allied nations.
The Kaspersky-linked incident predates the arrest last year of another NSA contractor, Harold Martin, who allegedly removed massive amounts of classified information from the agency’s headquarters and kept it at his home, but wasn’t thought to have shared the data.
Mr. Martin pleaded not guilty to charges that include stealing classified information. His lawyer has said he took the information home only to get better at his job and never intended to reveal secrets.
The name of the NSA contractor in the Kaspersky-related incident and the company he worked for aren’t publicly known. People familiar with the matter said he is thought to have purposely taken home numerous documents and other materials from NSA headquarters, possibly to continue working beyond his normal office hours.
The man isn’t believed to have wittingly aided a foreign government, but knew that removing classified information without authorization is a violation of NSA policies and potentially a criminal act, said people with knowledge of the breach. It is unclear whether he has been dismissed from his job or faces charges. The incident remains under federal investigation, said people familiar with the matter.
Kaspersky software once was authorized for use by nearly two dozen U.S. government agencies, including the Army, Navy and Air Force, and the departments of Defense, State, Homeland Security, Energy, Veterans Affairs, Justice and Treasury.
NSA employees and contractors never had been authorized to use Kaspersky software at work. While there was no prohibition against these employees or contractors using it at home, they were advised not to before the 2015 incident, said people with knowledge of the guidance the agency gave.
For years, U.S. national security officials have suspected that Kaspersky Lab, founded by a computer scientist who was trained at a KGB-sponsored technical school, is a proxy of the Russian government, which under Russian law can compel the company’s assistance in intercepting communications as they move through Russian computer networks.
Kaspersky said in its statement: “As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts.”
Suspicions about the company prompted the Department of Homeland Security last month to take the extraordinary step of banning all U.S. government departments and agencies from using Kaspersky products and services. Officials determined that “malicious cyber actors” could use the company’s antivirus software to gain access to a computer’s files, said people familiar with the matter.
The government’s decision came after months of intensive discussions inside the intelligence community, as well as a study of how the software works and the company’s suspected connections to the Russian government, said people familiar with the events.
They said intelligence officials also were concerned that given the prevalence of Kaspersky on the commercial market, countless people could be targeted, including family members of senior government officials, or that Russia could use the software to steal information for competitive economic advantage.
“The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security,” the DHS said Sept. 13 in announcing the government ban.
All antivirus software scans computers looking for malicious code, comparing what is on the machine to a master list housed at the software company. But that scanning also gives makers of the software an inventory of what is on the computer, experts say.
“It’s basically the equivalent of digital dumpster diving,” said Blake Darché, a former NSA employee who worked in the agency’s elite hacking group that targets foreign computer systems.
Kaspersky is “aggressive” in its methods of hunting for malware, Mr. Darché said, “in that they will make copies of files on a computer, anything that they think is interesting.” He said the product’s user license agreement, which few customers probably read, allows this.
“You’re basically surrendering your right to privacy by using Kaspersky software,” said Mr. Darché, who is chief security officer for Area 1, a computer security company.
“We aggressively detect and mitigate malware infections no matter the source and we have been proudly doing it for 20 years,” the company said in its statement. “We make no apologies for being aggressive in the battle against malware and cybercriminals.”
U.S. investigators believe the contractor’s use of the software alerted Russian hackers to the presence of files that may have been taken from the NSA, according to people with knowledge of the investigation. Experts said the software, in searching for malicious code, may have found samples of it in the data the contractor removed from the NSA.
But how the antivirus system made that determination is unclear, such as whether Kaspersky technicians programed the software to look for specific parameters that indicated NSA material. Also unclear is whether Kaspersky employees alerted the Russian government to the finding.
Investigators did determine that, armed with the knowledge that Kaspersky’s software provided of what files were suspected on the contractor’s PC, hackers working for Russia homed in on the machine and obtained a large amount of information, said the people familiar with the matter.
The breach illustrates the chronic problem the NSA has had with keeping highly classified secrets from spilling out, former intelligence personnel say. They say they were rarely searched while entering or leaving their workplaces to see if they were carrying classified documents or removable storage media, such as a thumb drive.
Then-Defense Secretary Ash Carter and then-Director of National Intelligence James Clapper pushed President Barack Obama to remove Adm. Rogers as NSA head, due in part to the number of data breaches on his watch, according to several officials familiar with the matter.
The NSA director had fallen out of White House favor when he traveled to Bedminster, N.J., last November to meet with president-elect Donald Trump about taking a job in his administration, said people familiar with the matter. Adm. Rogers didn’t notify his superiors, an extraordinary step for a senior military officer, U.S. officials said.
Adm. Rogers wasn’t fired for a number of reasons, including a pending restructuring of the NSA that would have been further complicated by his departure, according to people with knowledge of internal deliberations. An NSA spokesman didn’t comment on efforts to remove Adm. Rogers.
Write to Gordon Lubold at Gordon.Lubold@wsj.com and Shane Harris at shane.harris@wsj.com
Appeared in the October 6, 2017, print edition as 'Russian Hackers Stole NSA Spy Secrets.'
-
October 10, 2017
Trust Busters
This year’s Nobel prize winner for economics, Richard Thaler, had won a measure of fame before this award. He played a central role in persuading many economists that human behavior, and thus irrational behavior, was often predictable and could be ‘nudged’ to change decision-making.
As obvious as this sounds today, it was a great departure from classical economics, which firmly stuck to the belief that people behave, OMG, rationally.
“In order to do good economics, you have to keep in mind that people are human,” Thaler said at a news conference after the Nobel announcement.
This recalls an insight shared by another Nobel winner, physicist Richard Feynman, who said that “reality must take precedence over public relations, for nature cannot be fooled.”
Cass Sunstein, (Marc: :-o :-o :-o) who co-wrote a book titled “Nudge” with Thaler, which helped to popularize his ideas on behavioral economics, wrote this yesterday:
“Focusing on what he called ‘mental illusions,’ Thaler explained that human beings make a lot of blunders. With clear examples, a sense of play and a little math, he showed that people just don’t act in the way predicted by standard economic theory.”
Thaler’s influence and insights, along with those of Daniel Kahneman and Amos Tversky – the godfathers of behavioral economics – have been widely embraced well beyond the profession.
Facebook, for example, led a team of researchers in 2012 for an experiment on emotional priming, without the awareness of the 700,000 users involved, to see whether manipulation of their news feeds would affect the positivity or negativity of their own posts. When this became known in 2014 it was generally seen as an unacceptable form of psychological manipulation. But Facebook defended the research on the grounds that its users’ consent to their terms of service was sufficient to imply consent to such experiments.
Now, we’ve just learned that Facebook revealed 3,000 ads bought by a Russian operative reached 10 million of its users. As it turns out, a big multiple of that audience was exposed to the ads purchased by a single Russian troll farm called the Internet Research Agency. The actual reach encompasses all the activity of the Russian-controlled accounts – each post, each ‘like,’ each comment and also all of the ads. With this understanding, the effect of each ad organically metastasized to poison a population of potentially hundreds of millions on the social media site.
“This is cultural hacking,” said Jonathan Albright, research director at Columbia University’s Tow Center for Digital Journalism. “They are using systems that were already set up by these platforms to increase engagement. They’re feeding outrage –and it’s easy to do, because outrage and emotion is how people share.”
Facebook is not an isolated case. Google has uncovered evidence that Russian operatives exploited the company’s platforms in an attempt to interfere in the 2016 election. Google, which runs the world’s largest online advertising business, has found that tens of thousands of dollars were spent on ads by Russian agents who aimed to spread disinformation across Google’s widely-used products, including YouTube and Gmail.
The ads do not appear to be from the same Kremlin-affiliated troll farm that bought ads on Facebook. This suggests that the Russian effort to spread disinformation online may be a much broader problem than Silicon Valley companies have unearthed so far.
Meanwhile, Twitter shut down 201 accounts associated with the Internet Research Agency, disclosing that the account for the Kremlin-linked news site RT spent $274,100 on its platform in 2016.
Russia’s bag of tricks isn’t isolated to social media. Hackers working for the Russian government stole details of how the US penetrates foreign computer networks and defends against cyberattacks, after a National Security Agency contractor removed the highly classified material and put it on his home computer.
The theft, which occurred in 2015, is considered to be one of the most significant security breaches in recent years. It appears that Russian intelligence targeted the contractor after identifying the files through the contractor’s use of a popular antivirus software made by Russia-based Kaspersky Lab.
Most troubling, however, is that serious data breaches are becoming everyday occurrences.
In December, six months before it was taken over by Verizon for $4.5 billion, Yahoo revealed that a data theft incident in 2013 had affected around 1 billion user accounts. However, the company disclosed this week that new intelligence indicates every Yahoo account that existed at the time was affected by the breach.
The massive Equifax data breach, which exposed the sensitive personal information of nearly 146 million Americans, happened because of a mistake by a single employee, the credit reporting company’s former CEO told members of Congress last week. On multiple occasions, he referred to an ‘individual’ in Equifax’s technology department who had failed to heed security warnings and did not ensure the implementation of software fixes that would have prevented the breach.
US government agencies have also publicly confronted digital crimes perpetuated on sensitive data.
A major headache for the IRS in recent years has been identity theft, which has resulted in a wave of tax fraud. After digital thieves had stolen taxpayers' information from social-media platforms or large-scale security breaches, they file fake tax returns in a bid to collect refund checks.
The SEC recently discovered a vulnerability in its corporate filing database that could cause the system to collapse. A September 22 memo reveals that the SEC’s EDGAR database, containing financial reports from US public companies and mutual funds, could be at risk of ‘denial of service’ attacks, a type of cyber intrusion that floods a network, overwhelming it and forcing it to close.
In other words, if hackers wanted to, they could “basically take down the whole EDGAR system” by submitting a malicious data file, said one cyber security expert with experience securing networks of financial regulators.
Organizational Behavior: Humans are Prime Element in Cybersecurity
451 Research found that reports of ‘significant’ security incidents are dramatically higher at larger companies than smaller ones. A survey revealed that while 17% of companies with less than 1,000 employees experienced a notable breach, it climbs to 44% for organizations with more than 10,000 people.
Reasons for the disparity between the biggest and smallest firms may be due to the greater level of investment in security monitoring at larger organizations, enabling them to better detect breaches than less-equipped groups.
It could also be that hackers are more inclined to target large companies because the prizes are greater, and the human vulnerabilities can be exploited more readily.
The top pain points are User Behavior (34%), followed by Organizational Politics/Lack of Attention to Information Security (21%) and Staffing Information Security (21%), according to 451 Research.
The top security concerns over the last 90 days were Hackers/Crackers with Malicious Intent (53%) and Compliance (49%).
In the words of one information security respondent: The real concern is the people and not the tech – “[The greatest insider threat] is always going to be people … People are the only wild-card. The technology can be trusted.”
Naturally, a challenge for organizations is finding and hiring skilled cybersecurity professionals, who are especially important when it comes to security analytics and operations. It takes highly experienced pros to investigate security incidents, synthesize threat intelligence, or perform proactive hunting exercises.
In order to address the security skills gap, slightly more than half of the 451 Research respondents plan to train existing staff and 44% will hire contractors.
While 35% said they would hire new staff, very large organizations with more than 10,000 employees were nearly twice as likely (51% vs. 26%) compared to very small organizations with less than 250 employees.
‘Plastics’ once had seized the day for college grads, today it’s ‘cybersecurity.’
-
second post
https://mobile.nytimes.com/2017/10/10/technology/kaspersky-lab-israel-russia-hacking.html
-
https://pjmedia.com/instapundit/278161/
OCTOBER 12, 2017
CYBERWAR: Cyberattack Captures Data on U.S. Weapons in Four-Month Assault.
A cyberattacker nicknamed “Alf” gained access to an Australian defense contractor’s computers and began a four-month raid that snared data on sophisticated U.S. weapons systems.
Using the simple combinations of login names and passwords “admin; admin” and “guest; guest” and exploiting a vulnerability in the company’s help-desk portal, the attacker roved the firm’s network for four months. The Australian military referred to the breach as “Alf’s Mystery Happy Fun Time,” referring to a character from the soap opera “Home and Away.”
The incident, detailed by a senior Australian intelligence official in a speech on Wednesday, was the third major breach of sensitive U.S. military and intelligence data to come to light in the past week.
On Tuesday, a South Korean lawmaker said North Korean hackers had accessed a military database and stolen top-secret files, including a plan for a decapitation strike against top leaders in Pyongyang. That followed reports that hackers working for the Russian government stole details of how the U.S. penetrates foreign computer networks and defends its own.
The identity and affiliation of the hackers in the Australian attack weren’t disclosed, but officials with knowledge of the intrusion said the attack was thought to have originated in China.
Doesn’t anybody take security seriously?
-
Is security even possible?
-
Is security even possible?
Yes, but it takes serious effort and investment.
-
http://www.zdnet.com/article/wpa2-security-flaw-lets-hackers-attack-almost-any-wifi-device/
PART OF A ZDNET SPECIAL FEATURE: CYBERWAR AND THE FUTURE OF CYBERSECURITY
WPA2 security flaw puts almost every Wi-Fi device at risk of hijack, eavesdropping
Security experts have said the bug is a total breakdown of the WPA2 security protocol.
Zack Whittaker
By Zack Whittaker for Zero Day | October 16, 2017 -- 10:00 GMT (03:00 PDT) | Topic: Cyberwar and the Future of Cybersecurity
2
(Image: file photo)
SECURITY 101
Tips for protecting your privacy from hackers and spies
Tips for protecting your privacy from hackers and spies
Take these simple steps to help protect yourself against hackers and government surveillance.
Read More
A security protocol at the heart of most modern Wi-Fi devices, including computers, phones, and routers, has been broken, putting almost every wireless-enabled device at risk of attack.
The bug, known as "KRACK" for Key Reinstallation Attack, exposes a fundamental flaw in WPA2, a common protocol used in securing most modern wireless networks. Mathy Vanhoef, a computer security academic, who found the flaw, said the weakness lies in the protocol's four-way handshake, which securely allows new devices with a pre-shared password to join the network.
That weakness can, at its worst, allow an attacker to decrypt network traffic from a WPA2-enabled device, hijack connections, and inject content into the traffic stream.
In other words: hackers can eavesdrop on your network traffic.
The bug represents a complete breakdown of the WPA2 protocol, for both personal and enterprise devices -- putting every supported device at risk.
"If your device supports Wi-Fi, it is most likely affected," said Vanhoef, on his website.
News of the vulnerability was later confirmed on Monday by US Homeland Security's cyber-emergency unit US-CERT, which about two months ago had confidentially warned vendors and experts of the bug, ZDNet has learned.
The warning came at around the time of the Black Hat security conference, when Vanhoef presented a talk on networking protocols, with a focus on the Wi-Fi handshake that authenticates a user joining a network.
The cyber-emergency unit has since reserved ten common vulnerabilities and exposures (CVE) records for the various vulnerabilities.
Cisco, Intel, Juniper, Samsung, and Toshiba are among the companies affected.
At its heart, the flaw is found in the cryptographic nonce, a randomly generated number that's used only once to prevent replay attacks, in which a hacker impersonates a user who was legitimately authenticated. In this case, an attacker can trick a victim into reinstalling a key that's already in use. Reusing the nonce can allow an adversary to attack the encryption by replaying, decrypting, or forging packets.
The flaw is "exceptionally devastating" for Android 6.0 Marshmallow and above, said Vanhoef. A patch is expected in the next few weeks.
"The core of the attack, hence its name, is that the attacker tricks the connected party into reinstalling an already-in-use key," Alan Woodward, a professor at the University of Surrey, told ZDNet.
Despite the ire many have with branded, or popularized vulnerabilities -- Heartbleed, Shellshock, and Poodle to name a few -- many renowned security and cryptographic experts are warning not to underestimate the severity of the flaw.
"It's not a trivial attack," said Woodward. He warned that the scale of the attack is "huge."
It's not the first attack that's hit WPA2. WPA2 was developed, ironically, as a way to replace a similar protocol, WEP, which was cracked just a few years after its debut in 1997.
Several researchers, including Vanhoef, have demonstrated valid attacks against the protocol. By far the most notable was in 2011 when a security researcher showed that an attacker could recover the code used in Wi-Fi Protected Setup, a feature that let users authenticate with a one-push button on the router, which could be easily cracked.
Like similar attacks against WPA2, an attacker needs to be within a close physical proximity of a vulnerable device, such as a router or even a cash register or point-of-sale device.
That's not to downplay the seriousness of the attack, however.
The downside is that nowadays, a hacker can launch an attack from hundreds of feet from a vulnerable device, Kenneth White, a security researcher, told ZDNet.
A table of vulnerable software. (Image: Mathy Vanhoef)
Matthew Green, a cryptography teacher at Johns Hopkins University, said in a tweet that this is "probably going to turn into a slew of TJ Maxxes," referring to a cyberattack on the department store, where hackers cracked the Wi-Fi password that connected the cash registers to the network.
White explained, however, that sites and services that provide content over strict HTTPS (known as HSTS) will encrypt traffic from the browser to the server.
In other words, it's still safe to access sites that encrypt your data over an insecure network.
Although Vanhoef said it wasn't clear if any attacks had been seen in the wild.
Several router and network equipment makers were briefed prior to Monday's announcement, including Cisco, HPE, and Arris. We reached out to all three but did not hear back at the time of writing.
Aruba, Ubiquiti, and Eero are said to have patches available, according to sources we spoke to at the time of writing. It's not known if others have -- but we will update as we find out.
But many products and device makers will likely not receive patches -- immediately, or ever. Katie Moussouris, founder of Luta Security, said in a tweet that Internet of Things devices will be some of the "hardest hit."
Until patches are available, Wi-Fi should be considered a no-go zone for anything mission critical, a feat almost impossible in today's age of ubiquitous and blanket wireless network access.
Contact me securely
Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755–8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.
-
Hacking: Another Weapon in the Asymmetrical Arsenal
By Scott Stewart
VP of Tactical Analysis, Stratfor
Hacking is far more affordable than traditional warfare.
Iran's Islamic Revolution could play out, in part, online. On Jan. 4, the Carnegie Endowment for International Peace published a report describing the country as a "third-tier cyberthreat." The report's authors note that despite Iran's success with cyberattacks such as Shamoon and a spear-phishing campaign that hit Deloitte and several other companies, Iranian attacks generally feature poor tradecraft. As a result, investigators haven't had much trouble tracking cyber operations back to the Islamic republic, whether because the attack code contained Farsi terms or because its associated IP address traced to Iran. Iranian spear-phishing attacks, likewise, frequently suffer from their perpetrators' poor command of the English language.
But even if its capabilities pale in comparison with those of Russia or China, Iran is still a cyberthreat, albeit a third-tier one. The Carnegie Endowment's report about the country's adoption and use of an asymmetrical weapon such as hacking called to mind the way governments and their agents have come to embrace and employ terrorism. Looking at the manner in which state sponsors, proxies and non-state actors have practiced terrorism can offer a useful framework for understanding how countries could turn hacking into a more dangerous tool of asymmetrical warfare.
Augmenting, Not Replacing, Terrorism
Before we begin though, I want to be clear: Hacking will not replace terrorism as an asymmetrical weapon. Terrorism is not going anywhere, and it remains a popular tool for state and non-state actors alike, as a glance at the battlefields in Syria, Afghanistan and Libya will attest. Instead, cyberattacks are a supplement to terrorism — just another wrench in the toolbox of Machiavellian statecraft. Many of the features that make terrorism attractive as a conduit for state power also apply to cyberattacks.
Both tactics offer the state employing them plausible deniability, for example. Iran exemplifies this strategy with its robust support of a global network of militant organizations. Among them, the Lebanese paramilitary group Hezbollah executed attacks throughout the 1980s under the banner of the Islamic Jihad Organization, the Revolutionary Justice Organization and the Organization of the Oppressed on Earth. By operating variously under so many different names, Hezbollah managed to create confusion while deflecting blame from its senior leaders and clerics and while hiding the role of its benefactors in Iran and Syria. Pakistan has taken a similar approach, throwing its support behind militant groups in India and Afghanistan and sheltering senior al Qaeda figures within its own borders. The shadowy operations of their terrorist proxies largely keep these sponsor states free from blame, though not necessarily suspicion, for attacks. And even when evidence reveals a country's role in terrorism — such as Iran's involvement in the Israeli Embassy bombing in Argentina in 1992 or Pakistan's part in the 2008 attack in Mumbai, India — the repercussions are usually too slight to offset the perceived benefit of this asymmetrical weapon.
So far, state-sanctioned cyberattacks have met with even less blowback. Though the exploits have caused significant disruptions for their targets — many of them major corporations — the state actors behind them have gotten off scot-free. More troubling is the lack of consequences for hacks against government and political targets. Authorities have implicated nation-states in high-profile attacks on institutions such the U.S. Office of Personnel Management and the Democratic National Committee. Yet despite the preponderance of evidence against them, the countries behind these hacks have faced little in the way of punishment. The low costs associated with cyberattacks doubtless will encourage more states to use this tactic, like terrorism before it.
Beyond the legal and political price, the financial cost of hacking, like that of terrorism, is also far more affordable than the cost of traditional warfare. A successful terrorist act or cyberattack, moreover, can have a disproportionate effect on its target, relative to the time and effort required to conduct it. Consider the staggering number of people affected by the attack on the credit reporting agency Equifax, for instance, or the enduring fallout of Russia's cyber meddling in foreign elections. In the realm of cyberattacks, a small investment can yield an outsize return.
The Tool Is Only as Good as the Craftsman
But a weapon is only as effective as the person (or country) wielding it. Just as levels of terrorist tradecraft vary widely from one state-sponsored militant group to the next, the skills and abilities of state-backed cyber operatives differ. Concerns are growing that as cyberattacks mature as an asymmetrical weapon, countries will emerge as state sponsors of hacking that can help propagate the technique. Along with the conventional weapons it sells to Iran and Syria, for example, Russia may one day supply them with cyber tools and training. Signs suggest that the United States and Israel have already collaborated on a cyber operation: the Stuxnet attack that debilitated Iran's uranium enrichment site in 2010.
Like state sponsors of terrorism, state hacker-backers could provide operatives with training and protection to carry out attacks. They might even arm proxy groups with cyber tools, much as Libya trained, sheltered and equipped terrorist groups such as the Abu Nidal Organization. Transferring knowledge in this way could enhance the skills and abilities of cyber operatives the world over. The Soviet-trained bombmakers of the Provisional Irish Republican Army, after all, passed their know-how on to fellow militant groups, including the Revolutionary Armed Forces of Colombia, and former Russian weapons scientists have helped nurture North Korea's nuclear program. In much the same way, cybermercenaries who have worked with Russian or Chinese hacking groups could provide training and tools to client states and proxy organizations far and wide. Countries such as Russia provide legal cover for patriotic criminal hackers as it is. The rise of state-sponsored proxy hackers could also make the world of cyberattacks even murkier.
To develop advanced cyber capabilities, though, a state needs many of the same assets necessary for building a first-tier military: a robust higher education system, investment in research and development, public-private cooperation, and scalability among them. Countries like Iran and North Korea, which fall short in some of these areas, will have a hard time cultivating or attracting world-class cyber talent as a result. But what they lack in resources, these states make up for in ambition and drive, as they have demonstrated in their quest for nuclear weapons. With a little outside expertise, this relentless focus could help them overcome their constraints and turn a third-tier cyberthreat such as Iran into a far more serious menace.
Scott Stewart supervises Stratfor's analysis of terrorism and security issues. Before joining Stratfor, he was a special agent with the U.S. State Department for 10 years and was involved in hundreds of terrorism investigations.
-
Let's use this thread for discussion of this issue:
==========================================
A surprisingly lucid article from Pravda on the Beach. (LA Times))
Russia tried and failed to sow discord in America. Then it discovered social media
By David Pierson
Feb 22, 2018 | 4:00 AM
Russia tried and failed to sow discord in America. Then it discovered social media
If your goal is to spread dissent and increase partisan polarization, you'd be hard pressed to find a better tool than Facebook or Twitter. (Dreamstime / TNS)
Russia has been trolling the United States for decades.
It bankrolled American authors who claimed Lee Harvey Oswald assassinated President Kennedy under the direction of the FBI and CIA; it planted articles arguing Martin Luther King Jr. was not radical enough; and it spread a conspiracy theory that the U.S. manufactured the AIDS virus.
None of these disinformation campaigns succeeded in undermining American stability, in part because the Soviets didn't have access to what may be the world's most powerful weapon for fomenting fear, outrage and unverified information: social media.
The indictments last week by special counsel Robert S. Mueller III against 13 Russians and three Russian companies accused of interfering in the 2016 presidential election laid bare the way America's biggest tech platforms have altered the centuries-old game of spycraft and political warfare.
Russian operatives couldn't have asked for better tools than Facebook and Twitter to spark conflict and deepen divisions within Americans, experts say. Never before could they fan propaganda with such ease and speed and needle the people most vulnerable to misinformation with such precision.
"They're using the same playbook; it's just a new medium," said Clint Watts, a former FBI agent and a senior fellow at the Center for Cyber and Homeland Security at George Washington University. "Social media is where you do this stuff now. It wasn't possible during the Cold War."
At the root of the strategy are the algorithms social networks employ to encourage more engagement — the comments, likes and shares that generate advertising revenue for their makers.
The problem, researchers say, is that humans typically gravitate toward things that make us angry online. Outrage generates more stimuli in our brains, increasing the odds we respond to news and posts that tick us off. The algorithms know this and serve up such content accordingly.
"Online platforms have profoundly changed the incentives of information sharing," Yale psychologist M.J. Crockett wrote in a paper for Nature Human Behavior. "Because they compete for our attention to generate advertising revenue, their algorithms promote content that is most likely to be shared, regardless of whether it benefits those who share it — or is even true."
Since the platforms insist they aren't media companies, they're under no legal obligation to verify what's posted. That allows falsehoods to spread faster, not in the least part, because most people don't actually read the links they share, according to a 2016 study by researchers at Columbia University and the French National Institute.
Social media companies argue that they help bring people together. Yet studies suggest anonymity and fake accounts are having a corrosive effect on discourse. People who would never dare shout someone down in public can do so freely from behind the safety of their screens. And the access to information in real-time — highlighted under "trending topics" or amplified with a hashtag — ensures there's never a shortage of issues to shout about.
The result is a feedback loop in which social media algorithms reward the loudest and angriest voices — often on some of the nation's most sensitive topics, be it gun control, abortion or race. Reasoned debate is made even more difficult because users are often siloed with like-minded people.
"It further inflames a topic or debate," said Karen North, a social media expert who teaches at USC's Annenberg School for Communication and Journalism. "And there's no incentive to compromise."
Nuance, on the other hand, is rarely rewarded. One of Facebook's ideas for expanding the scope of human emotions included adding emojis such as a heart and frowning face next to the obligatory "like" button. For Twitter, it meant doubling the limit of any tweet to 280 characters.
That would have been fine for internet users in the early days of social media more than a decade ago when tech companies had a better excuse to operate under the naive assumption that people would behave online the same way they do in the real world, said Jonathon Morgan, chief executive of New Knowledge, a company that tracks online disinformation.
"Social media was built around engagement that was very fast and almost like low-fidelity social contact," Morgan said. "What's changed over the years is that most people now get their information from these platforms, which were designed for frivolous interaction. There's a disconnect when people look for substance where it doesn't exist."
It was in this environment that Russian operatives allegedly plied their trade, according to the indictment filed Friday.
They established hundreds of accounts posing as politically active Americans on Facebook, Instagram and Twitter, investigators allege. They parroted both sides of the political spectrum in an effort to heighten acrimony, and launched Facebook groups to ensnare more unwitting supporters, according to the indictment. The activism even spilled out into the real world after the operatives organized dueling rallies in New York for and against then president-elect Trump, authorities say.
"They've been doing this stuff on their own population since the 1990s," said Watts, the former FBI agent.
It wasn't until the Arab Spring, Watts said, that Russia gained a greater appreciation for the power of social media. If these tools could help activists coordinate a revolt, it wouldn't be hard to imagine what they could do in the hands of the state, he said.
The platforms, slow to publicly acknowledge the meddling, have since cooperated with authorities and contacted users who engaged with Russian trolls. They've vowed to disclose backers of political ads to prevent a repeat of the Russian campaign. Twitter has also deleted thousands of automated bots.
But experts expect the likes of Facebook and Twitter to continue to be targeted by Russian operatives as long as Washington refrains from taking punitive action against Moscow for its interference.
"There's really no reason for Russia to stop trying to influence election outcomes through the use of social media," said Kimberly Marten, a professor of political science at Barnard College, Columbia University. "There is no meaningful response to what Russia is trying to do, beyond attempting to punish the perpetrators."
If misinformation continues to flood social media and technology companies fail to improve their moderation, the sole remedy may be in media literacy, Marten said.
"The only way we can address the problem effectively overall is to improve our own elementary and high school educational systems, so that as many people as possible become critical readers and thinkers, able to call out any fake news they read on social media," Marten said.
For now, it appears Russian influence campaigns aren't missing a beat.
Such networks have directed their accounts to pile onto divisive issues like the clamor earlier this year to release a controversial memo by House Intelligence Chairman Devin Nunes, according to the Alliance for Securing Democracy, a project of the nonpartisan German Marshall Fund think tank. More recently, Russian accounts have reportedly perpetuated a conspiracy theory that a Florida school shooting survivor is a paid actor.
In a sign that the tech platforms remain ill-equipped to deal with the onslaught, a YouTube video pushing that conspiracy theory was the top trending video on the platform at one point Wednesday.
Morgan of New Knowledge said the Russian interference campaign will inspire others to exploit social media as long as the platforms remain vulnerable.
"The solution available in the short term is to stop a particular behavior," Morgan said. "But to stop it in a general way will require years of redesigning the platforms. By then, the adversaries will be one step ahead. They've opened a can of worms and we probably have to accept things will never be the same."
-
The Big Loophole That Left Facebook Vulnerable to Russian Propaganda
The tech company’s filters can’t adequately detect misinformation distributed through altered images
How Russia Turned a Student Journalist's Web Post Into Fake News
A photograph and post by USC student journalist Tiana Lowe was doctored and used in a misinformation campaign. Photo illustration: Heather Seidel/The Wall Street Journal
By Georgia Wells,
Shelby Holliday and
Deepa Seetharaman
Feb. 22, 2018 10:44 a.m. ET
2 COMMENTS
A decade ago, at a pro-immigration march on the steps of the Capitol building in Little Rock, Ark., community organizer Randi Romo saw a woman carrying a sign that read “no human being is illegal.” She took a photograph and sent it to an activist group, which uploaded it to photo-sharing site Flickr.
Last August, the same image—digitally altered so the sign read “give me more free shit”—appeared on a Facebook page, Secured Borders, which called for the deportation of undocumented immigrants. The image was liked or shared hundreds of times, according to cached versions of the page.
This use of doctored images was a crucial and deceptively simple technique used by Russian propagandists to spread fabricated information during the 2016 election, one that exposes a loophole in tech company defenses. Facebook Inc. and Alphabet Inc.’s GOOGL +0.57% Google have traps to detect misinformation, but struggle—then and now—to identify falsehoods posted directly on their platforms, in particular through pictures.
A photo taken at a pro-immigration rally by Randi Romo, left, and the altered image as it appeared on a Russia-linked Facebook page, Secured Borders.
Facebook disclosed last fall that Secured Borders was one of 290 Facebook and Instagram pages created and run by Russia-backed accounts that sought to amplify divisive social issues, including immigration. Last week’s indictment secured by special counsel Robert Mueller cited the Secured Borders page as an example of how Russians invented fake personas in an effort to “sow discord in the U.S. political system.”
The campaigns conducted by some of those accounts, according to a Wall Street Journal review, often relied on images that were doctored or taken out of context.
Algorithms designed by big technology companies are years away from being able to accurately interpret the content of many images and detect indications they might have been distorted or taken out of context. Facebook says detecting even text-based content that violates its standards is still too difficult to automate exclusively. Facebook and Google continue to rely heavily on users to flag posts that contain potentially false information. On Wednesday, for example, YouTube said it mistakenly promoted a conspiratorial video falsely accusing a teenage witness in last week’s Florida school shooting of being an actor.
Automated systems are generally set up to suppress links to fake news articles. Falsehoods posted directly, such as within status updates, images and videos, escape scrutiny. Moreover, the companies are generally reluctant to remove content that is said to be false, to avoid refereeing the truth.
Users, meanwhile, are less likely to doubt the legitimacy of images, making distorted pictures unusually effective weapons in misinformation campaigns, says Claire Wardle, a research fellow and expert in social media and user-generated content at Harvard University’s Shorenstein Center.
Last week’s indictment described how a Russian organization called the Internet Research Agency issued guidance to its workers on ratios of texts in their posts and how to use graphics and videos.
“I created all these pictures and posts, and the Americans believed that it was written by their people,” one of the co-conspirators emailed a relative in September, the indictment said.
The Russian entities often added small icons known as watermarks to the corners of their doctored photos, which branded their impostor social-media accounts and lent an air of authenticity to the pictures.
“In a world where we’re kind of scrolling through on these small smartphone screens, images are incredibly powerful because we’re a lot less likely to stop and think, ‘does this look real?’ ” said Dr. Wardle, who also leads First Draft News , a nonprofit dedicated to fighting digital misinformation that works with tech companies on some projects.
Facebook is working to fix its platform and prevent further manipulation ahead of the U.S. midterm elections in November—an effort Facebook leaders have described as urgent. The company, along with Google and Twitter Inc., TWTR -2.34% has been under fire from lawmakers and other critics over the handling of Russian meddling in the presidential election.
“It’s abhorrent to us that a nation-state used our platform to wage a cyberwar intended to divide society,” Facebook executive Samidh Chakrabarti said in a blog last month, adding that the company should have done more to prevent it. “Now we’re making up for lost time.”
Facebook is refocusing to become what it calls “video first” and expects video will dominate its news feed within a few years, which suggests its challenges will only intensify.
The company plans to expand its program for tracking and suppressing links to fake news articles to include doctored images and videos, according to a Facebook spokesman. Facebook discussed the idea earlier this month with fact-checking groups it has been working with to check news stories, along with plans to build more tools to help identify when photos are taken out of context.
People tend to share images and videos more than plain text. During three months around the U.S. presidential election, tweets that included photos were nearly twice as likely to be retweeted than text-only tweets, according to researchers at Syracuse University studying how information spreads on social networks.
Tiana Lowe, a student at the University of Southern California, took a photo that was later used in a misleading way by a Russia-linked Facebook page.
On April 17, University of Southern California student Tiana Lowe spotted a racist sign hanging in front of a student housing complex near campus. On a piece of cardboard, the words “No Black People Allowed” appeared next to a drawing of the Confederate flag and the hashtag #MAGA, for President Donald Trump’s campaign slogan.
Ms. Lowe snapped a photo on her iPhone. In a story that day for the campus news site, the Tab, she questioned whether the incident was a hoax, writing that the sign had been hung by a black neighbor who was unaffiliated with the university following a dispute with the housing complex’s residents. USC’s Department of Public Safety said the man admitted to placing the sign. (The Tab, an independent campus news site, is partially funded by News Corp , owner of the Journal.)
The following day, a modified version of the photo appeared on a popular Facebook page, Blacktivist. The image was cropped, altered and watermarked with a Blacktivist logo, and the #MAGA hashtag was digitally removed. Information that could be used to identify the house, such as the phone number for the property’s leasing office, was cut out.
The Blacktivist page, which last Friday’s indictment said was controlled by Russian entities, cast the significance of the photo in a different light. The caption next to the photo made no mention of a hoax, instead portraying it as a racist act.
“Why racial intolerance still has a place in our country?” it read. “Racially-charged incidents continue to happen and it must receive national attention.” The Blacktivist page had more than 300,000 followers at the time.
“It had clearly been framed and repackaged as an act of white supremacy rather than a hate-crime hoax,” says Ms. Lowe. She became aware of the reuse of her photo two days later when a conservative college news site, the College Fix, picked up the Blacktivist post.
Ms. Lowe says she wrote a comment on the Blacktivist post saying the information had been taken out of context, and she tweeted a screenshot of the post calling Blacktivist “fake news.” She didn’t file a formal complaint with Facebook and didn’t learn more about Blacktivist until Facebook revealed months later it was linked to Russia.
Tech companies can detect exact or near-exact copies of images, videos and audio for copyright enforcement. Spotting doctored photos or videos is a different challenge because tracking those changes requires keeping tabs on the original image, which isn’t always available, says Krishna Bharat, who helped create Google News and now advises and invests in startups. Running a comparative analysis can be expensive, and there are legitimate reasons someone might crop, touch-up or add a new element to a photo.
Around the time last summer that Secured Borders posted Ms. Romo’s photo of the mother supposedly asking for handouts, the group also posted a meme that suggested millions of illegal immigrants may have voted in the 2008 election. It depicted a man who appeared to be Hispanic holding a document, implying that he had illegally voted.
The image originated in a newscast two years earlier on Los Angeles television station KTLA about a state program to provide driver’s licenses to illegal immigrants. A KTLA executive said he wasn’t aware that Secured Borders had used an image from the newscast.
When misleading content is flagged, tech companies wrestle with what to do next. Facebook, Twitter and Alphabet’s YouTube say they only remove content that violates their standards, such as promoting hate speech, spam or distributing child pornography. Misinformation by itself doesn’t count. Doctored images or status updates containing falsehoods can remain up if the posts don’t otherwise violate their policies.
When Facebook in September removed the 290 Russia-backed pages on Facebook and its photo-sharing platform Instagram, it said it did so because the accounts misrepresented their identity, not because of the veracity of the content.
One of the misleading photos disseminated by a Russia-backed page has remained on social media because Instagram said it doesn’t violate its content policies.
A photo of a Nigerian boy boxer taken by August Udoh, left, was used with inaccurate information on a Russia-backed Instagram page, BlackMattersUS.
BlackMattersUS, a Russia-backed page purporting to promote the black community, posted a misleading photo that was reshared on Instagram as recently as January 2017. It shows a young black boy with overlaid text saying that, because of homicide, suicide and incarceration, “the black male is effectively dying at the rate of an endangered species.” The BlackMattersUS account was taken down by Instagram, but because the image was shared by other legitimate accounts, the post remained online as of mid-February.
The meme—a photo with text on top, which is tougher for software to read than plain text—includes no citation of research or statistics. The image’s claim that black adult females greatly outnumber black adult males is false, census data indicate.
The authentic photo was part of a 2013 series on “dambe” boxers in northern Nigeria by Nigerian photographer August Udoh, who wasn’t aware his work was used by BlackMattersUS. “The thing is, the message itself is not even related to the image,” says Mr. Udoh. “How do you put those two together and make propaganda out of it? It’s crazy.”
Ms. Romo, the photographer of the pro-immigration march, says she discovered her photo had been manipulated by the Russia-backed account only when she got a call from a Journal reporter. “We are living in the greatest era of information access,” she says. “People will watch cat videos endlessly, but they won’t take a minute to ascertain whether what they are being told is true or not.”
-
BTW folks, let's keep in mind that Breitbart may be better since Bannon is gone, but it still remains for it to prove itself as a reputable site. Please read the article with care before posting here.
http://www.breitbart.com/national-security/2018/02/23/gaffney-warns-china-waging-unrestricted-financial-cyber-war-on-u-s-fire-mcmaster-to-combat-threat/
-
http://thehill.com/homenews/sunday-talk-shows/375463-former-fbi-official-russians-had-cheap-and-effective-way-to-sow?rnd=1519557441
-
http://thehill.com/homenews/sunday-talk-shows/375463-former-fbi-official-russians-had-cheap-and-effective-way-to-sow?rnd=1519557441
Let me know when the Russians get anywhere near to the damage done by the MSM/DNC.
-
CIA venture capital?
Why is James Carville and wife Matalin involved in this?
https://www.theverge.com/2018/2/27/17054740/palantir-predictive-policing-tool-new-orleans-nopd
sound a lot swampy to me.
Peter Thiel... Every time I read an article his name pops up.
-
"Let me know when the Russians get anywhere near to the damage done by the MSM/DNC."
Not a dig at GM, who was making a fair point with the above, but what about this? One suspects this may not be the only example of Russki perfidy.
http://dailysignal.com/2018/03/01/russia-uses-facebook-to-undermine-dakota-access-pipeline-other-us-energy-projects/?utm_source=TDS_Email&utm_medium=email&utm_campaign=MorningBell%22&mkt_tok=eyJpIjoiWVRVM01UazNOMkV6TkRZNSIsInQiOiJxYVArSlYyWWdzR0dEUnNOelZrd2FwQStMVFo5am01NDR2TFBpY292QTZ6MXBBbGRreUtKbSthN09OSG10VU1vajV0NkUzXC9LVko2bWt3YTJUQVl1bTE4MjQ0MXhNbE9JMnU2bDU2blYycGtONitKY1B4dVFYQjdnSGpXQ0NLSlAifQ%3D%3D
-
http://www.powerlineblog.com/archives/2018/03/how-russia-tried-to-block-us-energy-production.php
-
Moving my comments over to this thread:
Credit to John Hinderaker of Powerline (among others) for pointing this out and a Congressional report linked below for documenting it. Why (other than the ubiquitous Leftist media agenda) is there no interest in all the other ways that the Russians and Soviets have interfered in the politics of our country.
See their ads. They KNOW the American Left. I don't want to use the word unpatriotic for the Left but one should pause when your interests overlap perfectly with our enemies. The irony with Russia pretending to oppose energy production is that they are energy producers. Our new energy independence diminishes their economic and geopolitical power. Good, but not without a fight from the Left.
Interesting that the accused Russian stooge Trump got ANWR opened! And the pipeline approved, oil drilling on federal lands, missile defense back to east Europe, etc.
while the Russians and Dems join together on most issues.
--------------------------------------
http://www.powerlineblog.com/archives/2018/03/how-russia-tried-to-block-us-energy-production.php
HOW RUSSIA TRIED TO BLOCK US ENERGY PRODUCTION
Russia’s supposed “meddling” in the 2016 election has been an endless topic of news coverage, but for some reason our press has shown little interest in other instances of Russian meddling–the nuclear freeze movement of the 1980s, for example, or more recently, Russia’s effort to discredit fracking and rouse popular opposition to pipeline construction.
Last Thursday, the Majority Staff of the United States House of Representatives Committee on Science, Space, and Technology released a report titled “Russian Attempts to Influence U.S. Domestic Energy Markets by Exploiting Social Media.” It doesn’t seem to have gotten as much attention as it deserves.
https://science.house.gov/sites/republicans.science.house.gov/files/documents/SST%20Staff%20Report%20-%20Russian%20Attempts%20to%20Influence%20U.S.%20Domestic%20Energy%20Markets%20by%20Exploiting%20Social%20Media%2003.01.18.pdf
The House report notes Russia’s strong interest in depressing petroleum production in the U.S. (“American energy represents a direct threat to Russian energy interests.”) Russia has defended its interests by funding American environmental organizations:
Russian-sponsored agents funneled money to U.S. environmental organizations in an attempt to portray energy companies in a negative way and disrupt domestic energy markets.
***
Anders Fogh Rasmussen, then-Secretary General of NATO, told reporters in 2014, “Russia, as part of their sophisticated information and disinformation operations, engaged actively with so-called nongovernmental organizations—environmental organizations working against shale gas—to maintain dependence on imported Russian gas.”
Could we have a little accountability here? Which environmental organizations took money from Russia to try to weaken the American energy sector? Did they do it wittingly or unwittingly? What was the Russian money used for? Our press has shown a remarkable lack of curiosity about these basic questions.
Russia tried to discredit fracking and encourage opposition to pipeline construction:
Russia’s efforts to influence U.S. energy policy are well documented in the public domain. U.S. presidential candidates, European officials, and the U.S. intelligence community have all publicly noted that Russia and its government corporations are funding a covert anti-fracking campaign to suppress the widespread adoption of fracking in Europe and the U.S., all in an effort to protect the influence of the Russian oil and gas sector.
***
In January 2017, the Office of the Director of National Intelligence released a report that contained “clear evidence that the Kremlin is financing and choreographing anti-fracking propaganda in the United States.” The report found that the Russian-sponsored news agency RT (formerly Russia Today) “r[an] anti-fracking programing, highlighting environmental issues and the impacts on public health,” which “is likely reflective of the Russian Government’s concern about the impact of fracking and the U.S. natural gas production on the global energy market and the potential challenges to [Russian energy companies’] profitability,” such as state-controlled Russian energy giant Gazprom.
The Russians used social media, including Facebook, Twitter and Instagram, to push their messages, which generally played well with American liberals:
The Russian content targeting pipelines was not limited to the [Dakota Access Pipeline]. Russian posts also targeted several other pipelines, including Sabal Trail, Keystone XL, Colonial, Bayou Bridge, and Enbridge Line 5. Additionally, the efforts of the Russian agents went beyond stirring up existing controversy surrounding the pipelines. Russian agents attempted to incite Americans to take action against pipeline efforts by promoting links and references to online petitions. Numerous tweets, for example, encouraged viewers to follow links to petitions aimed at stopping the Dakota Access, Sabal Trail, and Enbridge Line 5 pipelines. This demonstrates that Russian agents attempted to directly influence the American energy industry. Russians, through [social media] posts, engaged in a concerted effort to undermine U.S. energy production.
These are some of the Russians’ social media posts. This one got a remarkable 1,794 likes on Instagram:
(https://i0.wp.com/www.powerlineblog.com/ed-assets/2018/03/Screen-Shot-2018-03-06-at-6.35.44-PM.png?w=560)
This one peddles fake news about “green energy” in Iowa. Once again, the number of likes is striking:
(https://i2.wp.com/www.powerlineblog.com/ed-assets/2018/03/Screen-Shot-2018-03-06-at-6.38.44-PM.png?w=560)
Russia cynically tried to block the Dakota Access pipeline by feigning sympathy with Native Americans. Here’s a question: who paid for the Dakota Access protests? Was it Russia, or American liberals? Both, presumably. Were their motives the same, or different?
(https://i0.wp.com/www.powerlineblog.com/ed-assets/2018/03/Screen-Shot-2018-03-06-at-6.36.38-PM.png?w=560)
More along the same lines, from the Russians’ “Blacktivist” account:
(https://i0.wp.com/www.powerlineblog.com/ed-assets/2018/03/Screen-Shot-2018-03-06-at-6.35.26-PM.png?zoom=2&resize=560%2C375)
Russia promoted “climate change” as a way to block U.S. fossil fuel development:
(https://i2.wp.com/www.powerlineblog.com/ed-assets/2018/03/Screen-Shot-2018-03-06-at-6.39.47-PM.png?w=560)
The Russians also used energy issues to sow regional discord, through a much smaller pro-drilling effort on social media. But their interests lay, obviously, in the other direction. Here, the Russians show a good sense of how American liberals think:
(https://i2.wp.com/www.powerlineblog.com/ed-assets/2018/03/Screen-Shot-2018-03-06-at-6.38.04-PM.png?w=560)
Russia’s anti-fracking and anti-pipeline campaign went farther than its participation in the presidential election. Russia not only spread propaganda through RT and American social media, it also donated money to allegedly respectable American environmental organizations. How much? We don’t know.
What we do know is that the effort to suppress American energy production meant a lot more to Russia’s rulers than its mischievous support for Bernie Sanders and Donald Trump, and opposition to Marco Rubio and Hillary Clinton. We know that the Russians spent only a few million dollars on their election “meddling.” How much did they spend to support American liberals in their effort to block U.S. energy development? We don’t know, but I, for one, would be very interested to find out.
-
Thank you Doug.
Gents, this IS a real issue, and it continues to grow rapidly.
Our thoughts?
-
"Gents, this IS a real issue, and it continues to grow rapidly.
Our thoughts?"
It is very hard to recognize fake news, fake movements, fake polling, fake grass roots support, fake internet comments, for certain. Much of twitter's alleged followers are faked to raise the perceived importance of a writer's message. Russian ads look like Soros ads (presumably legal), move-on.org ads, Tom Steyer ads, etc. The foreign influence just makes the homegrown resistance look larger, more popular and more people join in, especially young people. The Russian troll opinions look no worse than the Nobel Krugman view, it just makes more of them, more noise. The Russian fake climate crap is no worse than what is happening inside our agencies by credentialed scientists.
Besides the Facebook BS, read the comments on any news or opinion site. Yes, one or two foreign trolls add to the chaos but the chaos is already beyond help.
Somehow the people occasionally break through noise and choose truth. Answering the Russian cyberbombs on Keystone is no different than answering the Left, same message, on Keystone. Pipelines are 5 times safer than moving fuel by rail, truck or boat and oil is what powers ambulances, fire trucks and people. A war on cops doesn't help black neighborhoods. A unilateral freeze doesn't stop the Soviet threat whether it comes from a wrongheaded friend or a foreign enemy and American strength never was a danger in the world. Lack of American strength is the danger.
We will fight the cyber wars but we also need to message and persuade better. Bad ideas need to be defeated, loud and clear, over and over.
-
Well reasoned.
Question: What policy do we set about foreign forces pretending to be American?
a) Are they less likely to be honest? acting in good faith?
b) Do they skew the American people's sense of the political correlation of forces within the country?
c) if nothing, then how is this different than "open borders"?
d) and?
-
https://www.nytimes.com/2018/03/15/us/politics/russia-cyberattacks.html?emc=edit_ta_20180315&nl=top-stories&nlid=49641193&ref=cta
-
https://www.thecipherbrief.com/article/asia/time-rethink-deterring-russia
-
https://www.usatoday.com/story/news/2018/05/11/what-we-found-facebook-ads-russians-accused-election-meddling/602319002/
-
https://www.usatoday.com/story/news/2018/05/11/what-we-found-facebook-ads-russians-accused-election-meddling/602319002/
Sowing racial division? The Dems hate when others steal their main tactic.
-
There were people indicted this year for hacking into major US systems on behalf of an adversarial government
They weren't Russians.
They were Iranians!
(https://pbs.twimg.com/media/DdzjUl2U8AAurMs.jpg)
https://pbs.twimg.com/media/DdzjUl2U8AAurMs.jpg
-
I wonder how much of this was funded by the pallets of cash sent to them by Obama.
There were people indicted this year for hacking into major US systems on behalf of an adversarial government
They weren't Russians.
They were Iranians!
(https://pbs.twimg.com/media/DdzjUl2U8AAurMs.jpg)
https://pbs.twimg.com/media/DdzjUl2U8AAurMs.jpg
-
Anthony wrote:
""...As described in Chapter Five, the Midyear team did not seek to obtain every device or the contents of every email account that it had reason to believe a classified email traversed. Rather, the team focused the investigation on obtaining Clinton's servers and devices. Witnesses stated that, due to what they perceived to be systemic problems with handling classified information at the State Department, to expand the investigation beyond former Secretary Clinton's server systems and devices would have prolonged the investigation for years. They further stated that the State Department was the more appropriate agency to remediate classified spills by its own employees..." - Page 84 of 568, A Review of Various Actions by the Federal Bureau of Investigation and Department of Justice in Advance of the 2016 Election
https://l.facebook.com/l.php?u=https%3A%2F%2Fwww.justice.gov%2Ffile%2F1071991%2Fdownload&h=AT0ivOj177tSyfwU5DcQOSY9HRblHrJ5DkemSvpwLZH7NtgIv_ZK2S5cMAiePXgkcag3cy2FxIclSUpwN89ey3oLT10oy-AjgayH3R5vklOKaf6vcn6RJZHbIewiQynbyvBJbvUQ-4Q"
-
Russian Hackers Reach U.S. Utility Control Rooms, Homeland Security Officials Say
Blackouts could have been caused after the networks of trusted vendors were easily penetrated
Officials of the Department of Homeland Security said hackers have reached the control rooms of U.S. electric utilities. Photo: Andrew Harrer/Bloomberg News
By Rebecca Smith
July 23, 2018 7:21 p.m. ET
Hackers working for Russia claimed “hundreds of victims” last year in a giant and long-running campaign that put them inside the control rooms of U.S. electric utilities where they could have caused blackouts, federal officials said. They said the campaign likely is continuing.
The Russian hackers, who worked for a shadowy state-sponsored group previously identified as Dragonfly or Energetic Bear, broke into supposedly secure, “air-gapped” or isolated networks owned by utilities with relative ease by first penetrating the networks of key vendors who had trusted relationships with the power companies, said officials at the Department of Homeland Security.
“They got to the point where they could have thrown switches” and disrupted power flows, said Jonathan Homer, chief of industrial-control-system analysis for DHS.
DHS has been warning utility executives with security clearances about the Russian group’s threat to critical infrastructure since 2014. But the briefing on Monday was the first time that DHS has given out information in an unclassified setting with as much detail. It continues to withhold the names of victims but now says there were hundreds of victims, not a few dozen as had been said previously.
It also said some companies still may not know they have been compromised, because the attacks used credentials of actual employees to get inside utility networks, potentially making the intrusions more difficult to detect.
Experts have been warning about the Russian threat for some time.
“They’ve been intruding into our networks and are positioning themselves for a limited or widespread attack,” said Michael Carpenter, former deputy assistant secretary of defense, who now is a senior director at the Penn Biden Center at the University of Pennsylvania. “They are waging a covert war on the West.”
Russia has denied targeting critical infrastructure.
Mr. Homer said the cyberattack, which surfaced in the U.S. in the spring of 2016 and continued throughout 2017, exploited relationships that utilities have with vendors who have special access to update software, run diagnostics on equipment and perform other services that are needed to keep millions of pieces of gear in working order.
The attackers began by using conventional tools—spear-phishing emails and watering-hole attacks, which trick victims into entering their passwords on spoofed websites—to compromise the corporate networks of suppliers, many of whom were smaller companies without big budgets for cybersecurity.
Once inside the vendor networks, they pivoted to their real focus: the utilities. It was a relatively easy process, in many cases, for them to steal credentials from vendors and gain direct access to utility networks.
Newsletter Sign-up
Then they began stealing confidential information. For example, the hackers vacuumed up information showing how utility networks were configured, what equipment was in use and how it was controlled. They also familiarized themselves with how the facilities were supposed to work, because attackers “have to learn how to take the normal and make it abnormal” to cause disruptions, said Mr. Homer.
Their goal, he said: to disguise themselves as “the people who touch these systems on a daily basis.”
DHS is conducting the briefings—four are planned—hoping for more industry cooperation. One thing the agency is trying to learn is whether there are new infections, and whether the Russians have figured out ways to defeat security enhancements like multifactor authentication.
In addition, DHS is looking for evidence that the Russians are automating their attacks, which investigators worry could presage a large increase in hacking efforts. “To scale, they’re eventually going to have to automate,” Mr. Homer said.
“You’re seeing an uptick in the way government is sharing threats and vulnerabilities,” said Scott Aaronson, a cybersecurity expert for Edison Electric Institute, the utility industry trade group. He said information sharing and penetration detection have gotten much better since the Dragonfly attacks began.
It isn’t yet clear whether the hackers used their access to prepare the battlefield for some future, devastating blow, investigators said. For example, many experts fear that a skilled technician could use unfettered access to change some equipment’s settings. That could make them unreliable in unexpected ways, causing utility engineers to do things that would result in extensive damage and potentially lengthy blackouts.
Write to Rebecca Smith at rebecca.smith@wsj.com
Appeared in the July 24, 2018, print edition as 'Russia Hacks Its Way Into U.S. Utilities.'
-
I can't believe we put a utility shut-off switch on the internet.
Let's not share the next-generation internet technology with the Russians or the Chinese.
The minute they shut down any of our grid we should go live with our hacking on their networks with some messages they do not want disseminated, such as a documentary exposing the assassinations of Putin's political opponents, or scandals and abuse in the Chinese politburo. Mutual assured destruction.
-
A U.S. federal investigation has shown that Pyongyang has been planning its cyberattacks far in advance, typically with the aim of stealing money rather disrupting its enemies.
North Korea and others rely on invasive surveillance to increase the potency of their attacks, yet such action increases the chances that hackers will be detected ahead of time.
Investigations into hacking can force assailants to alter their tactics and operations, but they are not enough to stop them outright.
In July, we noted that the Islamic republic has been playing the numbers game in the world of cyberattacks, using relatively rudimentary tactics in a shotgun approach that targets thousands of individuals in the hopes that a small percentage become victims. Now, the recent release of a U.S. Department of Justice criminal complaint depicts a similar, yet very different, threat from North Korea over the past four years.
In addition to laying out in technical detail why North Korea was the mostly likely perpetrator of attacks on Sony Pictures in 2014, Bangladesh Bank in 2016, the WannaCry attacks in 2016 and 2017, and dozens of other lower-profile attacks in between, the complaint revealed many new insights into how the North Koreans allegedly crafted their operations to conduct those attacks. The operations that North Korea and Iran are suspected of shared much in terms of targeting and tactics, but one key difference provides insight into how the two countries approach their cyber campaigns. Whereas Iran tends to play the numbers game, North Korea plays the long game, preparing attacks months — or sometimes over a year — in advance. The differences in style between the two threats highlight the relevance of the cyberattack cycle and the important role preparation and surveillance play in such attacks. But even if the investigation has lifted the lid on some of the biggest state-sponsored hacks in recent years, it is unlikely to ever stop countries such as North Korea from refining their craft and homing in on other victims.
The Big Picture
As the United States and North Korea attempt to reach a settlement to their nearly 70-year-old conflict, new details from an investigation conducted by the U.S. Department of Justice on alleged North Korean cyberattacks portray a well-organized and determined threat.
See 2018 Annual Forecast
A Common Modus Operandi
The cyberattack cycle is quite similar to the criminal and terrorist attack cycles, and Iranian and North Korean operations are similar in the target selection, planning, attack and exploitation phases of the cycle. For example, both have targeted U.S. defense contractors and financial institutions (These are popular targets for most other hackers as well). Iran's distributed denial-of-service attacks on U.S. financial institutions from 2011 to 2013 cost millions of dollars in lost business, and the campaign was inexpensive for the Islamic republic. A series of North Korean attacks on financial institutions around the world reportedly earned the economically struggling regime hundreds of millions of dollars.
A chart showing the various stages of a cyberattack.
The tactics of both were similar, too. They relied on phishing, spear-phishing and watering-hole attacks, all of which attempt to trick their victims into downloading malware by posing as legitimate links or files. More specifically, both countries have used spear-phishing emails disguised as job applications. Iran's biggest cyber success, the 2012 Shamoon attack against Saudi Arabian Oil Co., and North Korea's $81 million theft from Bangladesh Bank both started with malware disguised as resumes and cover letters emailed to employees. And while Tehran has typically sought to create a disturbance with such attacks on financial institutions — in contrast to Pyongyang's quest to gain cash or political retribution — both have demonstrated a penchant for purely disruptive attacks. Indeed, while North Korea's 2017 WannaCry campaign was disguised as a ransomware attack, it quickly became apparent that its true intent was disruption.
Surveillance the North Korean Way
The differences between North Korea and Iran, however, emerge in their approaches to surveillance. In non-intrusive surveillance, hackers often conduct passive research on a targeted network, while in intrusive surveillance, they gain illegal access to the targeted network to monitor activity from the inside. Breaking into the network frequently represents a precursor to the main attack, whose goals might be to steal information or money or to deliver a piece of malware that wipes hard drives and renders computers worthless. Without question, Iranian hackers engage in their fair share of intrusive surveillance, and it is safe to assume that Iranian groups are currently embedded in networks around the world, seeking ways to exploit their access. The recent Department of Justice criminal complaint, however, indicates that North Korea has devoted much more time to conducting invasive surveillance in support of its attacks.
For example, North Korean operators apparently had began scanning servers associated with Sony Pictures Entertainment by September 2014, at least two months before Sony became aware of any hacking attempts. Leading up to the hack, North Korean operators operating under pseudonyms targeted multiple individuals associated with "The Interview," a controversial movie depicting the assassination of Kim Jong Un, which put Sony Pictures on Pyongyang's radar. The operators sent corrupted links to individuals on social media, as well as spear-phishing emails imitating legitimate warnings from Facebook and Google, in an attempt to steal login credentials. By early October 2014, the hackers had established a foothold in Sony's systems, and within another month, they had succeeded in stealing sensitive information and compromising networks, forcing Sony to disconnect about 8,000 workstations to prevent the spread of malware.
The operation against Bangladesh Bank lasted even longer. North Korean hackers started conducting surveillance against the financial institution 16 months before absconding with $81 million from its accounts in February 2016. As part of its non-intrusive surveillance, North Korean cyberattack teams began researching banks in Bangladesh in October 2014. By February 2015, the hackers had moved to intrusive surveillance by successfully spear-phishing at least two accounts at the bank, allowing them to establish a backdoor to the lender's network the following month.
During the 11 months that the North Korean hackers had access to Bangladesh Bank's servers, they presumably watched and took note of processes. They studied how the bank printed copies of each message pertaining to wire transfers using SWIFT; they were also mindful of who directed the transactions and when they sent the transfers, as well as the language they used. And thanks to the 11 months of invasive surveillance, the North Korean operators identified vulnerabilities in Bangladesh Bank's internal workings, leading them to develop a plan to direct $951 million in transfers from the lender to accounts they opened elsewhere in Asia. To do so, they developed code that would prevent the printing of any SWIFT messages in the bank's office that might alert employees about unauthorized transfers and delete itself once the operation was completed. Then, just days before the transactions, the hackers moved laterally through the network to gain access to the bank's SWIFT account. The operatives conducted the transfers just ahead of the Chinese New Year, when banks and businesses across the Asia-Pacific typically close.
A timeline depicting how North Korean operatives hacked Bangladesh Bank.
Cutting Corners
In the end, the operators only managed to steal $81 million, but they would have stolen much more if not for some elementary failures. A typo in one transfer order blocked the theft of $20 million, while the hackers accidentally used credentials stolen from a bank in South America several times before realizing their mistake and entering the correct credentials to enter the Bangladesh Bank accounts. This helped investigators connect the perpetrators of the Bangladesh Bank robbery to the attack on the South American bank (among others).
In conducting their numerous attacks, the North Korean hackers did what any organization would do to cut costs and increase efficiency: They repurposed and reused infrastructure across attacks. Naturally, the operatives obfuscated their identities through multiple layers of additional email addresses and proxy servers such as virtual private networks (VPNs) or other compromised computers, but the hackers essentially used the same handful of email accounts, social media handles, devices and IP addresses linked to China and North Korea in multiple attacks. The charges brought against North Korean hackers ultimately relied on these similarities to connect the attacks and link them back to North Korea, making it harder for Pyongyang to deny its involvement. Just like criminals and terrorists, hackers also make mistakes and cut corners. And just how understanding criminal and terrorist attack cycles can increase awareness of a pending attack — and, ideally, thwart it before it causes damage — understanding how that cycle applies to cyberattacks can help individuals, companies and state institutions remain safe online.
With invasive surveillance, the stakes are high for the malefactor and potential victim alike.
With invasive surveillance, the stakes are high for the malefactor and potential victim alike: The longer prospective assailants have to conduct invasive surveillance on a target, the more damaging the attack can be — even as the length of such surveillance increases the likelihood of detection. In terms of cyberattacks, a software update, virus scan or even a machine reboot can identify a threat or cause it to lose access. Accordingly, hackers must always weigh the advantage of conducting more surveillance against the risk of detection, which rises the longer they linger in a network.
The Upshot
The good news for potential targets is that they can deprive hackers of the luxury of prolonged, invasive surveillance if they monitor their networks vigilantly. The bad news is that hackers from countries such as North Korea (as well as Iran, China and Russia) will continue to pose a threat — either through the numbers game or the long game. Because many of the underlying accounts, IP addresses and devices linked to previous attacks are now public information, North Korean hackers will have to rebuild their capabilities if they wish to continue operating anonymously.
However, none of the state-backed foreign individuals or groups facing U.S. charges is ever likely to face prosecution given the protection they receive from their governments, meaning they will go on to restructure their operations and improve their craft. As it is, $13.5 million was stolen from an Indian bank through a combination of fraudulent SWIFT transfers and unauthorized ATM withdrawals just last month. The heist, a highly complex and organized attack that was a long time in the making, has been linked to Pyongyang — suggesting that North Korean hackers are already back in business and busy working on their next project.
-
Here’s the full text of Mike Pence’s cybersecurity speech
Vice President Mike Pence speaks during the Department of Homeland Security's Cybersecurity Summit on July 31, 2018, in New York City. Homeland Security Secretary Kirstjen Nielsen said, "Cyberattacks now exceed the danger of physical attacks. ... This has forced us to rethink homeland security."
At the first-ever National Cybersecurity Summit in New York City on July 31, Vice President Mike Pence gave an in-depth speech about what the Trump administration is doing, and what it says past administrations didn’t do, to address cybersecurity. The text below is from the official speech posted on the White House website.
THE VICE PRESIDENT: Well, thank you, Secretary Nielsen. And thank you for that kind introduction and for your leadership at the Department of Homeland Security. Would you all join me in thanking Secretary Kirstjen Nielsen for her leadership and for bringing together this historic summit today? (Applause.)
To the Secretary and to Secretary Perry, Director Wray, Director Alles, to all the public servants that are gathered here, and to all the leaders of industry and academia who’ve come from near and far: It is my honor to welcome you all at the close of the events today at the first-ever National Cybersecurity Summit. Thank you all for being here today. (Applause.)
Cyber Command chief prepared to conduct operations in response to election meddling
Cyber Command chief prepared to conduct operations in response to election meddling
During a press conference at the White House August 2, Gen. Paul Nakasone said that he was tracking foreign adversaries and was prepared to conduct operations against those attempting to undermine the U.S. midterm elections.
By: Justin Lynch
And I bring greetings and gratitude for your participation in this conference from a great champion of American security, President Donald Trump. I’m here today on behalf of the President because cybersecurity is a major focus of this administration.
Over the last year, at the President’s direction, we’ve taken unprecedented action to strengthen our digital infrastructure and defenses because we know that cybersecurity has never been more important to the American people.
America depends on the digital world more with every passing day, as all the industry leaders here know too well. It’s opened countless new doors of opportunity, created extraordinary new sources of prosperity, and unleashed a new era of entrepreneurship and innovation that has infused nearly every aspect of our lives and our society.
Federal officials raise alarm about election security
Federal officials raise alarm about election security
President Donald Trump has directed a “vast, government-wide effort” to protect American elections after Russian attempts to interfere in 2016, the White House said Thursday.
By: Zeke Miller
Yet while this revolution has spurred new opportunities, as you all have discussed here today, it has also spawned new threats.
Criminal terrorists, foreign adversaries constantly prowling this digital domain represent a threat to this nation. And America’s digital infrastructure is under constant cyberattack.
The federal government alone experiences hundreds of thousands of digital assaults every day. And across the entire country, the number of attacks on our digital infrastructure is impossible to calculate. Our digital foes are targeting every facet of our society.
They threaten our families’ privacy, like the hackers who breached the credit bureau Equifax last year and made off with the Social Security numbers and other personal information of nearly 150 million Americans.
Leaked chats show alleged Russian spy seeking hacking tools
Leaked chats show alleged Russian spy seeking hacking tools
Six years ago, a Russian-speaking cybersecurity researcher received an unsolicited email from Kate S. Milton.
By: Raphael Satter, The Associated Press, Matthew Bodner, The Associated Press
They extort our hard-earned money, as we saw in the North Korean “WannaCry” attack that held more than 200,000 devices in 150 countries hostage, demanding a ransom.
Foreign interests also routinely steal trade secrets from some of our most important industries. As our administration’s recent 301 trade investigation found, for many years, China has directed bureaucrats and businesses to find and steal our nation’s intellectual property and advanced technologies, especially those pertaining to our national defense.
Our cyber adversaries also seek to infiltrate our critical infrastructure, including our electrical grid, power stations, so that in some future conflict they might have the opportunity to shut down the nerve center of American energy and our national life.
They also target our economy. A single Russian malware attack last year cost a major American shipping company roughly $400 million. And in 2016, cyberattacks, it is estimated, cost our economy as much as $109 billion.
U.S. officials: Election safety is a top priority
▶ Play
In an August 2 White House briefing, Director of National Intelligence Dan Coats and DHS Secretary Kirstjen Neilsen explain what is being done to protect U.S. elections.
Cyber attackers also go after government at every level, such as in March, when criminal hackers hobbled the city of Atlanta and crippled many basic services for several days.
And as the American people know all too well, our adversaries increasingly use the digital world to manipulate, to divide, to chip away at our most cherished values.
In the face of these threats, the American people demand, and deserve, the strongest possible defense. And we will give it to them. (Applause.)
But sadly, previous administrations have let the American people down when it came to cyber defense. At the outset of this administration, it became clear from early on: In a very real sense, we inherited a cyber crisis. The last administration all but neglected cybersecurity, even though the digital threats were growing more numerous and more dangerous by the day. In 2014, a foreign government actually hacked into the White House network itself, and yet, in the face of constant attacks like that, the last administration too often chose silence and paralysis over strength and action.
But make no mistake about it: Those days are over. At President Trump’s direction, our administration has taken decisive action to fortify America’s cybersecurity capabilities. We’re also forging new partnerships, evidenced by this conference today, all across our society and also with state and local governments and with great corporations so well represented here.
We’ve secured vital new funding for cybersecurity. In our first year in office, we allocated an additional $1.2 billion for digital defense, and next year, our administration has requested a record $15 billion to secure America’s cyber frontiers. And we’ll continue to work with Congress to provide the resources we need to defend our nation from the threats we face in the digital domain.
But this critical issue requires more than new funding. America also needs a central hub for cybersecurity. And today we call on the United States Senate to follow the lead of the House of Representatives and, before the end of this year, enact legislation to create a new agency under the authority of DHS. The time has come for the Cybersecurity and Infrastructure Security Agency to commence. Thank you.
This agency will bring together the resources of our national government to focus on cybersecurity. And it’s an idea whose time has come.
In addition to funding and reforms, our administration is hardening federal networks as never before. We’re taking renewed action to identify and eliminate weaknesses that our adversaries could exploit.
For example, the federal government has long allowed Kaspersky Lab, a Russian anti-virus software, to be installed on federal devices, even though it has a direct relationship with the Russian government and intelligence services. This threat existed for many years, but our administration ended the threat last year when we banned Kaspersky Lab software from the entire federal government.
We’ve also dramatically increased information sharing with innovators, developers, and network defenders. America’s intelligence and law enforcement agencies have an unparalleled ability to discover weaknesses in digital products and software.
But while the last administrations almost always held on to this administration[information], in this White House I’m proud to report that we’ve significantly improved how much we share with the private sector and the speed with which we share it. Today, nearly a third of the threat indicators we share with businesses aren’t available from any other source, and will continue on that track.
And finally, our administration is putting the finishing touches on our National Cyber Strategy. This strategy will make clear that the United States will bring every element of our national power to bear to protect the integrity and security of the American digital domain.
Our actions have already made our adversaries’ actions more costly. And as we continue to reinforce our cyber defenses, we will deter them as never before. But as you well know, we can’t prevent every assault or attack in the digital sphere. The sheer size and magnitude of the danger, combined with the rapid evolution, means that some attempts will simply slip through the cracks.
Be assured, our government will continue to ensure the resilience of our digital infrastructure so that when these breaches may occur, we can get back on our feet fast, chart a path forward, learn from our vulnerability, and prevent the next attack.
But when it comes to stopping our cyber adversaries, resilience, though, isn’t enough. We also must be prepared to respond. And in this White House, I’m proud to report, we are.
Our administration has taken action to elevate the United States Cyber Command to a “combatant command,” putting it on the same level as the commands that oversee our military operations around the world. Gone are the days when America allows our adversaries to cyberattack us with impunity. Our goal remains: American security will be as dominant in the digital world as we are in the physical world.
But for all that we’ve done, and for all that we’re doing, there’s still much more work ahead. And what bring us all here today is the recognition that we cannot do it alone. Strengthening American cybersecurity does not belong solely to our national government in Washington, D.C. The greatest progress happens from the bottom up, not from the top down. And so beyond our government-wide approach, we need you. We need you to continue to partner with us for a nationwide approach, for together we can protect America’s digital domain. (Applause.)
You know, it’s been said “cybersecurity is a team sport.” It requires seamless collaboration between the federal government, state and local leaders, but also innovators, entrepreneurs, academic experts. In a word, it requires all of you in this room and all of those that you represent all across the nation.
We’ve already taken important steps, I’m pleased to report, to improve our partnerships at every level. And, in addition to this conference today, where you’ve heard much about those efforts, I’m particularly excited with the new initiative that Secretary Nielsen announced this morning: the National Risk Management Center.
This new center will be the gateway for American companies who want to work with the federal government more closely to strengthen our shared cybersecurity. And let me take this moment to thank all of you who have already expressed your intention to join this critical initiative.
Just a few weeks ago, in the Situation Room, I personally met with the President’s National Security Telecommunications Advisory Committee, also known as NSTAC, which brings together key industry leaders to develop recommendations on cyber policy.
I learned then, and will learn more in just a few short weeks, that NSTAC will soon launch a cybersecurity “moonshot” initiative to focus our national energies and skills on digital dominance. Those leaders that day informed me that America won the race to the moon. And, under this administration, in partnership with all of you, America will lead the way to cybersecurity and strength.
Now, the examples that I mentioned today are all essential to the security and prosperity of the American people. But as we gather today, the American people also deserve to know that our democracy is secure as well. So before I close, let me speak to our administration’s unprecedented action to safeguard the integrity of our elections.
While other nations certainly possess the capability, the fact is Russia meddled in our 2016 elections. That is the unambiguous judgment of our intelligence community, and, as the President said, we accept the intelligence community’s conclusion.
Russia’s goal was to sow discord and division and to weaken the American people’s faith in our democracy. And while no actual votes were changed, any attempt to interfere in our elections is an affront to our democracy, and it will not be allowed.
The United States of America will not tolerate any foreign interference in our elections from any nation state — not from Russia, China, Iran, North Korea, or anyone else. As President Trump said, “We’re not going to have it.”
To that end, over the past year, President Trump has directed our administration to create, as well, a whole-of-government approach to strengthen election security. As recently as last week, the President convened a National Security Council meeting for updates on the progress that we’ve made.
As the President has said, we’ve taken a “firm stance,” and we’ve backed it up with “strong action.”
The FBI has formed the Foreign Influence Task Force to identify secret foreign attempts to infiltrate our society and undermine our democracy.
The Department of Homeland Security has launched the Election Information Sharing Analysis Center. This project, which all 50 states and more than 900 counties have already joined, will help prevent attacks before they happen, identify them when they’re underway, and stop them before they can do any lasting damage.
Working with the Congress, we’ve also made $380 million available to states to help them ensure the security of their election systems, including upgrading voting machines and the most up-to-date and secure technology.
We’re deploying new sensors to monitor election networks and identify potential intrusions at the state and local level. Thirty-seven states have opted into this program, but before this November, we intend to expand a further twenty-two states and counties, as they request.
Our administration has also launched a “National Cyber Situational Awareness Room” that offers states a virtual connection between DHS and election offices on Election Day itself. In my home state of Indiana, as well as Ohio, North Carolina, and West Virginia, this system was used in the May 8th primary, and we’re working hard to expand this project for other states so that it’s ready before the midterm elections in November.
We’ve also been working to help state and local governments rapidly respond to cyberattacks. Less than two weeks ago, Finney County, Kansas, reached out to DHS for help after a malware attack forced them to shut down not just their election network, but the entire county’s network. Federal officials worked earnestly, hand-in-hand, with county officials to identify and ultimately eliminate this dangerous intrusion. This action was a model of the collaboration that we need to ensure the security of our elections, and we commend the state, and local, and federal officials that made it happen.
Now, make no mistake about it: Our administration recognizes that elections are administered and conducted at the state and local level. This administration has already been a champion of federalism and respected the purview and the authority of our state and local officials. Yet it concerns us that many states still don’t have concrete plans to upgrade their voting systems, and 14 states are struggling to replace outdated voting machines that lack paper trails before the next presidential election.
And so today, not just as Vice President, but as a former governor, I want to urge, with great respect, every state to take renewed action. Take advantage of the assistance offered by our administration. Do everything in your power to strengthen and protect your election systems. You owe your constituents that, and the American people expect nothing less.
This is a time for vigilance and resolve, and I can assure you our administration will continue to take strong action. We have already done more than any administration in American history to preserve the integrity of the ballot box, and we’ve just begun.
We will continue to work tirelessly to prevent foreign nations and malign actors from hacking into our election infrastructure with the potential of changing votes or election outcomes. As the President has said, we will “repel…any efforts to interfere in our elections.”
When anyone violates our laws, we will bring them to justice and utilize every element of our national power to respond, because our democracy demands and deserves the most vigorous defense we can give it.
And I want to assure you, we will do this in a manner that respects the God-given liberties enshrined in our Constitution, including the freedom of speech and the freedom of the press.
We will never stifle voices in a free society, but we can expose malign and fraudulent voices when they seek to undermine confidence in our democracy, and this we will do. Our administration will always make efforts to shed light on foreign attempts to interfere or sow malign influence in our elections in our society.
Our 16th President, Abraham Lincoln, probably said it best when he said, “Give the people the facts, and the Republic will be saved.” When the American people have the facts, they always uphold our most cherished institutions and values. And this is just as true today as it has ever been in our nation’s long and storied history.
So thank you again for being here and being a part of this important and historic gathering. You do the nation a great credit by participating in today’s discussion, and more important, by following through on the discussion with a greater partnership and collaboration in cybersecurity.
The truth is, cybersecurity is unlike any challenge we’ve ever faced. It is a work that’s never done. It is a process that is continuous. And so must our collaboration be.
Technologies are shifting by the minute, from the Internet of Things to 5G to artificial intelligence to quantum computing, and each advance is accompanied not only by new opportunities, but new challenges. And just as the threats are evolving, our defenses, too, must evolve. The only way to be strong and secure is if we stand strong and secure together on behalf of the American people.
Cybersecurity, then, is a shared responsibility. And I believe that cybersecurity is a civic duty. You’ve already distinguished yourselves as leaders and patriots in this cause long before this conference today by your efforts on behalf of the American people. And the President and I need you to continue to be advocates in your industry and among your peers for greater cybersecurity collaboration. The American people deserve nothing less.
Keep talking with your peers about how they need to enlist in this fight. Tell them that they have an obligation to identify the weaknesses in their own networks and platforms, because the weakest link creates the greatest vulnerability.
Tell them we need them to buy American when it comes to digital products and services, not just to support American jobs and innovation, but to support American security. Tell them they need to share their insights, ideas, and innovations that will strengthen our collective security.
And above all else, tell them what you’ve heard here today at this conference. Tell them we need to work together on an increasing basis, not just with our national government, but with state and local governments, to ensure the continued security and prosperity of our nation.
The American people are counting on all of us. They deserve to know that their homes are free from prying eyes, their personal information is safe and secure, that their bank accounts can’t be robbed, that the lights will turn on when they flip the switch in the morning, and the American people deserve to know that our democracy cannot be corrupted, and that our nation is stronger and more secure, even in the midst of a technological revolution than it’s ever been before. This, we can do together.
So thank you for the opportunity to address you today, to wrap up what I trust has been a meaningful and productive dialogue. But I hope you will not feel that you’ve come here today and done your part by this attendance. I hope you leave here today with a burden on your heart to do more.
The truth is, as the Old Book says, we should “not grow weary in doing good, for in due season we will reap a harvest if we do not give up.” So don’t grow weary. Don’t grow weary in standing up for the security of the American people in the cyber domain.
With the trust of the American people, with the patriotism and collaboration of all of you gathered here who work together with us on this vital issue, with the leadership of President Donald Trump, and, I know, with the support and the prayers of the American people, we will defend our nation. We will defend our nation on this cyber frontier. And I know, as Americans have always done, we will do it together.
-
https://arstechnica.com/information-technology/2018/11/strange-snafu-misroutes-domestic-us-internet-traffic-through-china-telecom/?comments=1
-
:-o :-o :-o
-
https://www.youtube.com/watch?v=ByZpkgxAR-w
-
https://thehill.com/policy/national-security/424649-worries-mount-as-cybersecurity-agency-struggles-amid-shutdown
-
https://thehill.com/policy/national-security/424649-worries-mount-as-cybersecurity-agency-struggles-amid-shutdown
Americans murdered and raped last year by cybercrime? How about illegal aliens? Which is the most immediate threat?
-
Q: "Americans murdered and raped last year by cybercrime? How about illegal aliens? Which is the most immediate threat?"
A: Both.
Cybersecurity [I didn't know we had any] should NOT be part of any 20% 'non-essential' shutdown. Somebody screwed up on that! Isn't the military funded? Military intelligence should be ready to step in and take up the slack on all foreign threats. Or use executive power to move military funds to those needs.
I must confess having similar defeatist reaction to the story, who needs digital security when we just leaving the door open. But we do need digital security - 24/7! The neglect of our security in both cases is unacceptable, threatening to the integrity and sovereignty our nation.
Thank you Bigdog for bringing this to our attention.
As Cher said to Speaker Pelosi, don't die on this hill. Make a compromise, open the government and put new agreements in place of what areas must be funded first during the inevitable future disputes.
-
Very glad to have you with us again BD :-)
-
Q: "Americans murdered and raped last year by cybercrime? How about illegal aliens? Which is the most immediate threat?"
A: Both.
Cybersecurity [I didn't know we had any] should NOT be part of any 20% 'non-essential' shutdown. Somebody screwed up on that! Isn't the military funded? Military intelligence should be ready to step in and take up the slack on all foreign threats. Or use executive power to move military funds to those needs.
I must confess having similar defeatist reaction to the story, who needs digital security when we just leaving the door open. But we do need digital security - 24/7! The neglect of our security in both cases is unacceptable, threatening to the integrity and sovereignty our nation.
Thank you Bigdog for bringing this to our attention.
As Cher said to Speaker Pelosi, don't die on this hill. Make a compromise, open the government and put new agreements in place of what areas must be funded first during the inevitable future disputes.
Gosh darn it, aside from the NSA, the US Mil cyber commands, the FBI and all the other multi-billion taxpayer dollar (And national debt) funded agencies, we were just one more multi-billion dollar agency aware from being protected!
Orange Man Bad! Amiright, Bigdog?
-
That is not what I got out of BD's post at all GM.
Not only is the shut down the Dems fault and not the Bad Orange Man, but I see no reason not to take it at face value-- that the 25% shutdown is having a cost on our cybersecurity capabilities while it lasts, plus some additional points.
-
https://uk.reuters.com/article/uk-usa-spying-raven-specialreport-idUKKCN1PO1A6?fbclid=IwAR2eVrpYDj7DVp1V5RgJ6THh0kHacGWhHqWBGT_Xr-v8sUBpRW9x-Ar9URY
-
https://www.defenseone.com/ideas/2019/02/coordinated-actions-against-huawei-are-cyber-deterrence-done-right/154870/?oref=defenseone_today_nl
-
Australia under cyber fire. In an address to the Australian Parliament today, Prime Minister Scott Morrison revealed that authorities believed that a Feb. 7 cyberattack, which breached the computer networks of Australia’s Parliament and major political parties, was carried out by a “sophisticated state actor.” The prime minister did not point directly to a specific state, but Australian media has made it clear that the government believes that China is the culprit. Morrison insisted that the attack had not compromised the integrity of Australia’s electoral system in advance of upcoming federal elections. This episode is the latest sign that relations between Australia and China are souring.
-
Pasting here from the Homeland thread:
https://chicagoboyz.net/archives/59310.html
-
New Book Announcement: Click Here to Kill Everybody
[2018.09.04] I am pleased to announce the publication of my latest book: Click Here to Kill Everybody: Security and Survival in a Hyper-connected World. In it, I examine how our new immersive world of physically capable computers affects our security.
I argue that this changes everything about security. Attacks are no longer just about data, they now affect life and property: cars, medical devices, thermostats, power plants, drones, and so on. All of our security assumptions assume that computers are fundamentally benign. That, no matter how bad the breach or vulnerability is, it's just data. That's simply not true anymore. As automation, autonomy, and physical agency become more prevalent, the trade-offs we made for things like authentication, patching, and supply chain security no longer make any sense. The things we've done before will no longer work in the future.
This is a book about technology, and it's also a book about policy. The regulation-free Internet that we've enjoyed for the past decades will not survive this new, more dangerous, world. I fear that our choice is no longer between government regulation and no government regulation; it's between smart government regulation and stupid regulation. My aim is to discuss what a regulated Internet might look like before one is thrust upon us after a disaster.
Click Here to Kill Everybody is available starting today. You can order a copy from Amazon, Barnes & Noble, Books-a-Million, Norton's webpage, or anyplace else books are sold. If you're going to buy it, please do so this week. First-week sales matter in this business.
Reviews so far from the Financial Times, Nature, and Kirkus.
** *** ***** ******* *********** *************
Speculation Attack Against Intel's SGX
[2018.08.16] Another speculative-execution attack against Intel's SGX.
At a high level, SGX is a new feature in modern Intel CPUs which allows computers to protect users' data even if the entire system falls under the attacker's control. While it was previously believed that SGX is resilient to speculative execution attacks (such as Meltdown and Spectre), Foreshadow demonstrates how speculative execution can be exploited for reading the contents of SGX-protected memory as well as extracting the machine's private attestation key. Making things worse, due to SGX's privacy features, an attestation report cannot be linked to the identity of its signer. Thus, it only takes a single compromised SGX machine to erode trust in the entire SGX ecosystem.
News article.
The details of the Foreshadow attack are a little more complicated than those of Meltdown. In Meltdown, the attempt to perform an illegal read of kernel memory triggers the page fault mechanism (by which the processor and operating system cooperate to determine which bit of physical memory a memory access corresponds to, or they crash the program if there's no such mapping). Attempts to read SGX data from outside an enclave receive special handling by the processor: reads always return a specific value (-1), and writes are ignored completely. The special handling is called "abort page semantics" and should be enough to prevent speculative reads from being able to learn anything.
However, the Foreshadow researchers found a way to bypass the abort page semantics. The data structures used to control the mapping of virtual-memory addresses to physical addresses include a flag to say whether a piece of memory is present (loaded into RAM somewhere) or not. If memory is marked as not being present at all, the processor stops performing any further permissions checks and immediately triggers the page fault mechanism: this means that the abort page mechanics aren't used. It turns out that applications can mark memory, including enclave memory, as not being present by removing all permissions (read, write, execute) from that memory.
EDITED TO ADD: Intel has responded:
L1 Terminal Fault is addressed by microcode updates released earlier this year, coupled with corresponding updates to operating system and hypervisor software that are available starting today. We've provided more information on our web site and continue to encourage everyone to keep their systems up-to-date, as it's one of the best ways to stay protected.
I think this is the "more information" they're referring to, although this is a comprehensive link to everything the company is
saying about the vulnerability.
** *** ***** ******* *********** *************
New Ways to Track Internet Browsing
[2018.08.17] Interesting research on web tracking: "Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies:
Abstract: Nowadays, cookies are the most prominent mechanism to identify and authenticate users on the Internet. Although protected by the Same Origin Policy, popular browsers include cookies in all requests, even when these are cross-site. Unfortunately, these third-party cookies enable both cross-site attacks and third-party tracking. As a response to these nefarious consequences, various countermeasures have been developed in the form of browser extensions or even protection mechanisms that are built directly into the browser.
In this paper, we evaluate the effectiveness of these defense mechanisms by leveraging a framework that automatically evaluates the enforcement of the policies imposed to third-party requests. By applying our framework, which generates a comprehensive set of test cases covering various web mechanisms, we identify several flaws in the policy implementations of the 7 browsers and 46 browser extensions that were evaluated. We find that even built-in protection mechanisms can be circumvented by multiple novel techniques we discover. Based on these results, we argue that our proposed framework is a much-needed tool to detect bypasses and evaluate solutions to the exposed leaks. Finally, we analyze the origin of the identified bypass techniques, and find that these are due to a variety of implementation, configuration and design flaws.
The researchers discovered many new tracking techniques that work despite all existing anonymous browsing tools. These have not yet been seen in the wild, but that will change soon.
Three news articles. Boing Boing post.
** *** ***** ******* *********** *************
James Mickens on the Current State of Computer Security
[2018.08.20] James Mickens gave an excellent keynote at the USENIX Security Conference last week, talking about the social aspects of security -- racism, sexism, etc. -- and the problems with machine learning and the Internet.
Worth watching.
** *** ***** ******* *********** *************
"Two Stage" BMW Theft Attempt
[2018.08.21] Modern cars have alarm systems that automatically connect to a remote call center. This makes cars harder to steal, since tripping the alarm causes a quick response. This article describes a theft attempt that tried to neutralize that security system. In the first attack, the thieves just disabled the alarm system and then left. If the owner had not immediately repaired the car, the thieves would have returned the next night and -- no longer working under time pressure -- stolen the car.
** *** ***** ******* *********** *************
Good Primer on Two-Factor Authentication Security
[2018.08.22] Stuart Schechter published a good primer on the security issues surrounding two-factor authentication.
While it's often an important security measure, it's not a panacea. Stuart discusses the usability and security issues that you have to think about before deploying the system.
** *** ***** ******* *********** *************
John Mueller and Mark Stewart on the Risks of Terrorism
[2018.08.23] Another excellent paper by the Mueller/Stewart team: "Terrorism and Bathtubs: Comparing and Assessing the Risks":
Abstract: The likelihood that anyone outside a war zone will be killed by an Islamist extremist terrorist is extremely small. In the United States, for example, some six people have perished each year since 9/11 at the hands of such terrorists -- vastly smaller than the number of people who die in bathtub drownings. Some argue, however, that the incidence of terrorist destruction is low because counterterrorism measures are so effective. They also contend that terrorism may well become more frequent and destructive in the future as terrorists plot and plan and learn from experience, and that terrorism, unlike bathtubs, provides no benefit and exacts costs far beyond those in the event itself by damagingly sowing fear and anxiety and by requiring policy makers to adopt countermeasures that are costly and excessive. This paper finds these arguments to be wanting. In the process, it concludes that terrorism is rare outside war zones because, to a substantial degree, terrorists don't exist there. In general, as with rare diseases that kill few, it makes more policy sense to expend limited funds on hazards that inflict far more damage. It also discusses the issue of risk communication for this hazard.
** *** ***** ******* *********** *************
Future Cyberwar
[2018.08.27] A report for the Center for Strategic and International Studies looks at surprise and war. One of the report's cyberwar scenarios is particularly compelling. It doesn't just map cyber onto today's tactics, but completely reimagines future tactics that include a cyber component (quote starts on page 110).
The U.S. secretary of defense had wondered this past week when the other shoe would drop. Finally, it had, though the U.S. military would be unable to respond effectively for a while.
The scope and detail of the attack, not to mention its sheer audacity, had earned the grudging respect of the secretary. Years of worry about a possible Chinese "Assassin's Mace" -- a silver bullet super-weapon capable of disabling key parts of the American military -- turned out to be focused on the wrong thing.
The cyber attacks varied. Sailors stationed at the 7th Fleet' s homeport in Japan awoke one day to find their financial accounts, and those of their dependents, empty. Checking, savings, retirement funds: simply gone. The Marines based on Okinawa were under virtual siege by the populace, whose simmering resentment at their presence had boiled over after a YouTube video posted under the account of a Marine stationed there had gone viral. The video featured a dozen Marines drunkenly gang-raping two teenaged Okinawan girls. The video was vivid, the girls' cries heart-wrenching the cheers of Marines sickening And all of it fake. The National Security Agency's initial analysis of the video had uncovered digital fingerprints showing that it was a computer-assisted lie, and could prove that the Marine's account under which it had been posted was hacked. But the damage had been done.
There was the commanding officer of Edwards Air Force Base whose Internet browser history had been posted on the squadron's Facebook page. His command turned on him as a pervert; his weak protestations that he had not visited most of the posted links could not counter his admission that he had, in fact, trafficked some of them. Lies mixed with the truth.
Soldiers at Fort Sill were at each other's throats thanks to a series of text messages that allegedly unearthed an adultery ring on base.
The variations elsewhere were endless. Marines suddenly owed hundreds of thousands of dollars on credit lines they had never opened; sailors received death threats on their Twitter feeds; spouses and female service members had private pictures of themselves plastered across the Internet; older service members received notifications about cancerous conditions discovered in their latest physical.
Leadership was not exempt. Under the hashtag # PACOMMUSTGO a dozen women allegedly described harassment by the commander of Pacific command. Editorial writers demanded that, under the administration's "zero tolerance" policy, he step aside while Congress held hearings.
There was not an American service member or dependent whose life had not been digitally turned upside down. In response, the secretary had declared "an operational pause," directing units to stand down until things were sorted out.
Then, China had made its move, flooding the South China Sea with its conventional forces, enforcing a sea and air identification zone there, and blockading Taiwan. But the secretary could only respond weakly with a few air patrols and diversions of ships already at sea. Word was coming in through back channels that the Taiwanese government, suddenly stripped of its most ardent defender, was already considering capitulation.
I found this excerpt here. The author is Mark Cancian.
** *** ***** ******* *********** *************
NotPetya
[2018.08.28] Andy Greenberg wrote a fascinating account of the Russian NotPetya worm, with an emphasis on its effects on the company Maersk.
Boing Boing post.
** *** ***** ******* *********** *************
CIA Network Exposed through Insecure Communications System
[2018.08.29] Interesting story of a CIA intelligence network in China that was exposed partly because of a computer security failure:
Although they used some of the same coding, the interim system and the main covert communication platform used in China at this time were supposed to be clearly separated. In theory, if the interim system were discovered or turned over to Chinese intelligence, people using the main system would still be protected -- and there would be no way to trace the communication back to the CIA. But the CIA's interim system contained a technical error: It connected back architecturally to the CIA's main covert communications platform. When the compromise was suspected, the FBI and NSA both ran "penetration tests" to determine the security of the interim system. They found that cyber experts with access to the interim system could also access the broader covert communications system the agency was using to interact with its vetted sources, according to the former officials.
In the words of one of the former officials, the CIA had "[f*cked] up the firewall" between the two systems.
U.S. intelligence officers were also able to identify digital links between the covert communications system and the U.S. government itself, according to one former official -- links the Chinese agencies almost certainly found as well. These digital links would have made it relatively easy for China to deduce that the covert communications system was being used by the CIA. In fact, some of these links pointed back to parts of the CIA's own website, according to the former official.
People died because of that mistake.
The moral -- which is to go back to pre-computer systems in these high-risk sophisticated-adversary circumstances -- is the right one, I think.
** *** ***** ******* *********** *************
Cheating in Bird Racing
[2018.08.30] I've previously written about people cheating in marathon racing by driving -- or otherwise getting near the end of the race by faster means than running. In China, two people were convicted of cheating in a pigeon race:
The essence of the plan involved training the pigeons to believe they had two homes. The birds had been secretly raised not just in Shanghai but also in Shangqiu.
When the race was held in the spring of last year, the Shanghai Pigeon Association took all the entrants from Shanghai to Shangqiu and released them. Most of the pigeons started flying back to Shanghai.
But the four specially raised pigeons flew instead to their second home in Shangqiu. According to the court, the two men caught the birds there and then carried them on a bullet train back to Shanghai, concealed in milk cartons. (China prohibits live animals on bullet trains.)
When the men arrived in Shanghai, they released the pigeons, which quickly fluttered to their Shanghai loft, seemingly winning the race.
** *** ***** ******* *********** *************
Eavesdropping on Computer Screens through the Webcam Mic
[2018.08.31] Yet another way of eavesdropping on someone's computer activity: using the webcam microphone to "listen" to the computer's screen.
** *** ***** ******* *********** *************
Using a Smartphone's Microphone and Speakers to Eavesdrop on Passwords
[2018.09.05] It's amazing that this is even possible: "SonarSnoop: Active Acoustic Side-Channel Attacks":
Abstract: We report the first active acoustic side-channel attack. Speakers are used to emit human inaudible acoustic signals and the echo is recorded via microphones, turning the acoustic system of a smart phone into a sonar system. The echo signal can be used to profile user interaction with the device. For example, a victim's finger movements can be inferred to steal Android phone unlock patterns. In our empirical study, the number of candidate unlock patterns that an attacker must try to authenticate herself to a Samsung S4 Android phone can be reduced by up to 70% using this novel acoustic side-channel. Our approach can be easily applied to other application scenarios and device types. Overall, our work highlights a new family of security threats.
News article.
** *** ***** ******* *********** *************
Five-Eyes Intelligence Services Choose Surveillance Over Security
[2018.09.06] The Five Eyes -- the intelligence consortium of the rich English-speaking countries (the US, Canada, the UK, Australia, and New Zealand) -- have issued a "Statement of Principles on Access to Evidence and Encryption" where they claim their needs for surveillance outweigh everyone's needs for security and privacy.
...the increasing use and sophistication of certain encryption designs present challenges for nations in combatting serious crimes and threats to national and global security. Many of the same means of encryption that are being used to protect personal, commercial and government information are also being used by criminals, including child sex offenders, terrorists and organized crime groups to frustrate investigations and avoid detection and prosecution.
Privacy laws must prevent arbitrary or unlawful interference, but privacy is not absolute. It is an established principle that
appropriate government authorities should be able to seek access to otherwise private information when a court or independent authority has authorized such access based on established legal standards. The same principles have long permitted government authorities to search homes, vehicles, and personal effects with valid legal authority.
The increasing gap between the ability of law enforcement to lawfully access data and their ability to acquire and use the content of that data is a pressing international concern that requires urgent, sustained attention and informed discussion on the complexity of the issues and interests at stake. Otherwise, court decisions about legitimate access to data are increasingly rendered meaningless, threatening to undermine the systems of justice established in our democratic nations.
To put it bluntly, this is reckless and shortsighted. I've repeatedly written about why this can't be done technically, and why trying results in insecurity. But there's a greater principle at first: we need to decide, as nations and as society, to put defense first. We need a "defense dominant" strategy for securing the Internet and everything attached to it.
This is important. Our national security depends on the security of our technologies. Demanding that technology companies add backdoors to computers and communications systems puts us all at risk. We need to understand that these systems are too critical to our society and -- now that they can affect the world in a direct physical manner -- affect our lives and property as well.
This is what I just wrote, in Click Here to Kill Everybody:
There is simply no way to secure US networks while at the same time leaving foreign networks open to eavesdropping and attack. There's no way to secure our phones and computers from criminals and terrorists without also securing the phones and computers of those criminals and terrorists. On the generalized worldwide network that is the Internet, anything we do to secure its hardware and software secures it everywhere in the world. And everything we do to keep it insecure similarly affects the entire world.
This leaves us with a choice: either we secure our stuff, and as a side effect also secure their stuff; or we keep their stuff vulnerable, and as a side effect keep our own stuff vulnerable. It's actually not a hard choice. An analogy might bring this point home. Imagine that every house could be opened with a master key, and this was known to the criminals. Fixing those locks would also mean that criminals' safe houses would be more secure, but it's pretty clear that this downside would be worth the trade-off of protecting everyone's house. With the Internet+ increasing the risks from insecurity dramatically, the choice is even more obvious. We must secure the information systems used by our elected officials, our critical infrastructure providers, and our businesses.
Yes, increasing our security will make it harder for us to eavesdrop, and attack, our enemies in cyberspace. (It won't make it impossible for law enforcement to solve crimes; I'll get to that later in this chapter.) Regardless, it's worth it. If we are ever going to secure the Internet+, we need to prioritize defense over offense in all of its aspects. We've got more to lose through our Internet+ vulnerabilities than our adversaries do, and more to gain through Internet+ security. We need to recognize that the security benefits of a secure Internet+ greatly outweigh the security benefits of a vulnerable one.
We need to have this debate at the level of national security. Putting spy agencies in charge of this trade-off is wrong, and will result in bad decisions.
Cory Doctorow has a good reaction.
Slashdot post.
** *** ***** ******* *********** *************
Reddit AMA
[2018.09.07] I did a Reddit AMA on Thursday, September 6.
** *** ***** ******* *********** *************
Using Hacked IoT Devices to Disrupt the Power Grid
[2018.09.11] This is really interesting research: "BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid":
Abstract: We demonstrate that an Internet of Things (IoT) botnet of high wattage devices -- such as air conditioners and heaters -- gives a unique ability to adversaries to launch large-scale coordinated attacks on the power grid. In particular, we reveal a new class of potential attacks on power grids called the Manipulation of demand via IoT (MadIoT) attacks that can leverage such a botnet in order to manipulate the power demand in the grid. We study five variations of the MadIoT attacks and evaluate their effectiveness via state-of-the-art simulators on real-world power grid models. These simulation results demonstrate that the MadIoT attacks can result in local power outages and in the worst cases, large-scale blackouts.
Moreover, we show that these attacks can rather be used to increase the operating cost of the grid to benefit a few utilities in the electricity market. This work sheds light upon the interdependency between the vulnerability of the IoT and that of the other networks such as the power grid whose security requires attention from both the systems security and power engineering communities.
I have been collecting examples of surprising vulnerabilities that result when we connect things to each other. This is a good example of that.
Wired article.
** *** ***** ******* *********** *************
Security Vulnerability in Smart Electric Outlets
[2018.09.12] A security vulnerability in Belkin's Wemo Insight "smartplugs" allows hackers to not only take over the plug, but use it as a jumping-off point to attack everything else on the network.
From the Register:
The bug underscores the primary risk posed by IoT devices and connected appliances. Because they are commonly built by bolting on network connectivity to existing appliances, many IoT devices have little in the way of built-in network security.
Even when security measures are added to the devices, the third-party hardware used to make the appliances "smart" can itself contain security flaws or bad configurations that leave the device vulnerable.
"IoT devices are frequently overlooked from a security perspective; this may be because many are used for seemingly innocuous purposes such as simple home automation," the McAfee researchers wrote.
"However, these devices run operating systems and require just as much protection as desktop computers."
I'll bet you anything that the plug cannot be patched, and that the vulnerability will remain until people throw them away.
Boing Boing post. McAfee's original security bulletin.
** *** ***** ******* *********** *************
Security Risks of Government Hacking
[2018.09.13] Some of us -- myself included -- have proposed lawful government hacking as an alternative to backdoors. A new report from the Center of Internet and Society looks at the security risks of allowing government hacking. They include:
• Disincentive for vulnerability disclosure
• Cultivation of a market for surveillance tools
• Attackers co-opt hacking tools over which governments have lost control
• Attackers learn of vulnerabilities through government use of malware
• Government incentives to push for less-secure software and standards
• Government malware affects innocent users.
These risks are real, but I think they're much less than mandating backdoors for everyone. From the report's conclusion:
Government hacking is often lauded as a solution to the "going dark" problem. It is too dangerous to mandate encryption backdoors, but targeted hacking of endpoints could ensure investigators access to same or similar necessary data with less risk. Vulnerabilities will never affect everyone, contingent as they are on software, network configuration, and patch management. Backdoors, however, mean everybody is vulnerable and a security failure fails catastrophically. In addition, backdoors are often secret, while eventually, vulnerabilities will typically be disclosed and patched.
The key to minimizing the risks is to ensure that law enforcement (or whoever) report all vulnerabilities discovered through the normal process, and use them for lawful hacking during the period between reporting and patching. Yes, that's a big ask, but the alternatives are worse.
This is the canonical lawful hacking paper.
** *** ***** ******* *********** *************
Quantum Computing and Cryptography
[2018.09.14] Quantum computing is a new way of computing -- one that could allow humankind to perform computations that are simply impossible using today's computing technologies. It allows for very fast searching, something that would break some of the encryption algorithms we use today. And it allows us to easily factor large numbers, something that would break the RSA cryptosystem for any key length.
This is why cryptographers are hard at work designing and analyzing "quantum-resistant" public-key algorithms. Currently, quantum computing is too nascent for cryptographers to be sure of what is secure and what isn't. But even assuming aliens have developed the technology to its full potential, quantum computing doesn't spell the end of the world for cryptography.
Symmetric cryptography is easy to make quantum-resistant, and we're working on quantum-resistant public-key algorithms. If public-key cryptography ends up being a temporary anomaly based on our mathematical knowledge and computational ability, we'll still survive. And if some inconceivable alien technology can break all of cryptography, we still can have secrecy based on information theory -- albeit with significant loss of capability.
At its core, cryptography relies on the mathematical quirk that some things are easier to do than to undo. Just as it's easier to smash a plate than to glue all the pieces back together, it's much easier to multiply two prime numbers together to obtain one large number than it is to factor that large number back into two prime numbers. Asymmetries of this kind -- one-way functions and trap-door one-way functions -- underlie all of cryptography.
To encrypt a message, we combine it with a key to form ciphertext. Without the key, reversing the process is more difficult. Not just a little more difficult, but astronomically more difficult. Modern encryption algorithms are so fast that they can secure your entire hard drive without any noticeable slowdown, but that encryption can't be broken before the heat death of the universe.
With symmetric cryptography -- the kind used to encrypt messages, files, and drives -- that imbalance is exponential, and is amplified as the keys get larger. Adding one bit of key increases the complexity of encryption by less than a percent (I'm hand-waving here) but doubles the cost to break. So a 256-bit key might seem only twice as complex as a 128-bit key, but (with our current knowledge of mathematics) it's 340,282,366,920,938,463,463,374,607,431,768,211,456 times harder to break.
Public-key encryption (used primarily for key exchange) and digital signatures are more complicated. Because they rely on hard mathematical problems like factoring, there are more potential tricks to reverse them. So you'll see key lengths of 2,048 bits for RSA, and 384 bits for algorithms based on elliptic curves. Here again, though, the costs to reverse the algorithms with these key lengths are beyond the current reach of humankind.
This one-wayness is based on our mathematical knowledge. When you hear about a cryptographer "breaking" an algorithm, what happened is that they've found a new trick that makes reversing easier. Cryptographers discover new tricks all the time, which is why we tend to use key lengths that are longer than strictly necessary. This is true for both symmetric and public-key algorithms; we're trying to future-proof them.
Quantum computers promise to upend a lot of this. Because of the way they work, they excel at the sorts of computations necessary to reverse these one-way functions. For symmetric cryptography, this isn't too bad. Grover's algorithm shows that a quantum computer speeds up these attacks to effectively halve the key length. This would mean that a 256-bit key is as strong against a quantum computer as a 128-bit key is against a conventional computer; both are secure for the foreseeable future.
For public-key cryptography, the results are more dire. Shor's algorithm can easily break all of the commonly used public-key algorithms based on both factoring and the discrete logarithm problem. Doubling the key length increases the difficulty to break by a factor of eight. That's not enough of a sustainable edge.
There are a lot of caveats to those two paragraphs, the biggest of which is that quantum computers capable of doing anything like this don't currently exist, and no one knows when -- or even if ¬- we'll be able to build one. We also don't know what sorts of practical difficulties will arise when we try to implement Grover's or Shor's algorithms for anything but toy key sizes.
(Error correction on a quantum computer could easily be an unsurmountable problem.) On the other hand, we don't know what other techniques will be discovered once people start working with actual quantum computers. My bet is that we will overcome the engineering challenges, and that there will be many advances and new techniques¬but they're going to take time to discover and invent. Just as it took decades for us to get supercomputers in our pockets, it will take decades to work through all the engineering problems necessary to build large-enough quantum computers.
In the short term, cryptographers are putting considerable effort into designing and analyzing quantum-resistant algorithms, and those are likely to remain secure for decades. This is a necessarily slow process, as both good cryptanalysis transitioning standards take time. Luckily, we have time. Practical quantum computing seems to always remain "ten years in the future," which means no one has any idea.
After that, though, there is always the possibility that those algorithms will fall to aliens with better quantum techniques. I am less worried about symmetric cryptography, where Grover's algorithm is basically an upper limit on quantum improvements, than I am about public-key algorithms based on number theory, which feel more fragile. It's possible that quantum computers will someday break all of them, even those that today are quantum resistant.
If that happens, we will face a world without strong public-key cryptography. That would be a huge blow to security and would break a lot of stuff we currently do, but we could adapt. In the 1980s, Kerberos was an all-symmetric authentication and encryption system. More recently, the GSM cellular standard does both authentication and key distribution -- at scale -- with only symmetric cryptography. Yes, those systems have centralized points of trust and failure, but it's possible to design other systems that use both secret splitting and secret sharing to minimize that risk. (Imagine that a pair of communicants get a piece of their session key from each of five different key servers.) The ubiquity of communications also makes things easier today. We can use out-of-band protocols where, for example, your phone helps you create a key for your computer. We can use in-person registration for added security, maybe at the store where you buy your smartphone or initialize your Internet service. Advances in hardware may also help to secure keys in this world. I'm not trying to design anything here, only to point out that there are many design possibilities. We know that cryptography is all about trust, and we have a lot more techniques to manage trust than we did in the early years of the Internet. Some important properties like forward secrecy will be blunted and far more complex, but as long as symmetric cryptography still works, we'll still have security.
It's a weird future. Maybe the whole idea of number theory¬-based encryption, which is what our modern public-key systems are, is a temporary detour based on our incomplete model of computing. Now that our model has expanded to include quantum computing, we might end up back to where we were in the late 1970s and early 1980s: symmetric cryptography, code-based cryptography, Merkle hash signatures. That would be both amusing and ironic.
Yes, I know that quantum key distribution is a potential replacement for public-key cryptography. But come on -- does anyone expect a system that requires specialized communications hardware and cables to be useful for anything but niche applications? The future is mobile, always-on, embedded computing devices. Any security for those will necessarily be software only.
There's one more future scenario to consider, one that doesn't require a quantum computer. While there are several mathematical theories that underpin the one-wayness we use in cryptography, proving the validity of those theories is in fact one of the great open problems in computer science. Just as it is possible for a smart cryptographer to find a new trick that makes it easier to break a particular algorithm, we might imagine aliens with sufficient mathematical theory to break all encryption algorithms. To us, today, this is ridiculous. Public- key cryptography is all number theory, and potentially vulnerable to more mathematically inclined aliens. Symmetric cryptography is so much nonlinear muddle, so easy to make more complex, and so easy to increase key length, that this future is unimaginable. Consider an AES variant with a 512-bit block and key size, and 128 rounds. Unless mathematics is fundamentally different than our current understanding, that'll be secure until computers are made of something other than matter and occupy something other than space.
But if the unimaginable happens, that would leave us with cryptography based solely on information theory: one-time pads and their variants. This would be a huge blow to security. One-time pads might be theoretically secure, but in practical terms they are unusable for anything other than specialized niche applications. Today, only crackpots try to build general-use systems based on one-time pads -- and cryptographers laugh at them, because they replace algorithm design problems (easy) with key management and physical security problems (much, much harder). In our alien-ridden science-fiction future, we might have nothing else.
Against these godlike aliens, cryptography will be the only technology we can be sure of. Our nukes might refuse to detonate and our fighter jets might fall out of the sky, but we will still be able to communicate securely using one-time pads. There's an optimism in that.
This essay originally appeared in IEEE Security and Privacy.
** *** ***** ******* *********** *************
Click Here to Kill Everybody Reviews and Press Mentions
[2018.09.14] It's impossible to know all the details, but my latest book seems to be selling well. Initial reviews have been really positive: Boing Boing, Financial Times, Harris Online, Kirkus Reviews, Nature, Politico, and Virus Bulletin.
I've also done a bunch of interviews -- either written or radio/podcast -- including the Washington Post, a Reddit AMA, "The 1A " on NPR, Security Ledger, MIT Technology Review, and WNYC Radio.
There have been others -- like the Lawfare, Cyberlaw, and Hidden Forces podcasts -- but they haven't been published yet. I also did a book talk at Google that should appear on YouTube soon.
If you've bought and read the book, thank you. Please consider leaving a review on Amazon.
** *** ***** ******* *********** *************
Upcoming Speaking Engagements
[2018.08.31] This is a current list of where and when I am scheduled to speak:
• I'm giving a book talk at Fordham Law School in New York City on September 17, 2018.
• I'm giving an InfoGuard Talk in Zug, Switzerland on September 19, 2018.
• I'm speaking at the IBM Security Summit in Stockholm on September 20, 2018.
• I'm giving a book talk at Harvard Law School's Wasserstein Hall on September 25, 2018.
• I'm giving a talk on "Securing a World of Physically Capable Computers" at the University of Rochester in Rochester, New York on October 5, 2018.
• I'm keynoting at SpiceWorld in Austin, Texas on October 9, 2018.
• I'm speaking at Cyber Security Nordic in Helsinki on October 10, 2018.
• I'm speaking at the Cyber Security Summit in Minneapolis, Minnesota on October 24, 2018.
• I'm speaking at ISF's 29th Annual World Congress in Las Vegas, Nevada on October 30, 2018.
• I'm speaking at Kiwicon in Wellington, New Zealand on November 16, 2018.
• I'm speaking at the The Digital Society Conference 2018: Empowering Ecosystems on December 11, 2018.
• I'm speaking at the Hyperledger Forum in Basel, Switzerland on December 13, 2018.
The list is maintained on this page.
** *** ***** ******* *********** *************
Since 1998, CRYPTO-GRAM has been a free monthly newsletter providing summaries, analyses, insights, and commentaries on security technology. To subscribe, or to read back issues, see Crypto-Gram's web page.
You can also read these articles on my blog, Schneier on Security.
Please feel free to forward CRYPTO-GRAM, in whole or in part, to colleagues and friends who will find it valuable. Permission is also granted to reprint CRYPTO-GRAM, as long as it is reprinted in its entirety.
Bruce Schneier is an internationally renowned security technologist, called a security guru by the Economist. He is the author of 14 books -- including the New York Times best-seller Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World -- as well as hundreds of articles, essays, and academic papers. His newsletter and blog are read by over 250,000 people. Schneier is a fellow at the Berkman Klein Center for Internet and Society at Harvard University; a Lecturer in Public Policy at the Harvard Kennedy School; a board member of the Electronic Frontier Foundation, AccessNow, and the Tor Project; and an advisory board member of EPIC and VerifiedVoting.org. He is also a special advisor to IBM Security and the CTO of IBM Resilient.
Crypto-Gram is a personal newsletter. Opinions expressed are not necessarily those of IBM, IBM Security, or IBM Resilient.
Copyright © 2018 by Bruce Schneier.
-
Third post of the day
A New, More Aggressive U.S. Cybersecurity Policy Complements Traditional Methods
U.S. President Donald Trump speaks during a Jan. 31, 2017, White House meeting with cybersecurity experts.
(CHIP SOMODEVILLA/Getty Images)
Highlights
Recent moves by the Trump administration appear to loosen previous restrictions on U.S. offensive cyber operations.
A more offensive policy will complement, not replace, the traditional U.S. methods of maintaining cybersecurity: regulation, cooperation with the private sector and the legal process.
A best-case scenario for a U.S. cyberattack would be disabling computer systems and networks being used against U.S. interests to prevent an attack from happening or to disrupt an attack that is in progress.
Perhaps the main challenge to U.S. engagement in tit-for-tat cyberattacks is that the United States is by far the biggest target for such attacks.
Editor's Note: This security-focused assessment is one of many such analyses found at Stratfor Threat Lens, a unique protective intelligence product designed with corporate security leaders in mind. Threat Lens enables industry professionals and organizations to anticipate, identify, measure and mitigate emerging threats to people, assets and intellectual property the world over. Threat Lens is the only unified solution that analyzes and forecasts security risk from a holistic perspective, bringing all the most relevant global insights into a single, interactive threat dashboard.
The administration of U.S. President Donald Trump released its National Cyber Strategy on Sept. 20, which most notably indicated a greater willingness than before to conduct offensive cyber operations against adversaries. Discussing the strategy, national security adviser John Bolton hinted that the administration had already taken steps to bolster offensive efforts in recent weeks, warning that the United States is no longer just playing defense when it comes to cybersecurity. But despite the Trump administration's more hawkish tone regarding cybersecurity, it will continue mainly to rely on traditional measures such as the legal process, regulations and cooperation with the private sector when it comes to cybersecurity.
A More Aggressive Policy
In introducing the new National Cyber Strategy, Bolton also confirmed a Wall Street Journal article from August which reported that Trump had rescinded former U.S. President Barack Obama's guidance on conducting cyber activities, replacing it with a policy that gives more authority to the U.S. Cyber Command. Former National Security Agency contractor Edward Snowden leaked the previous guidance, Presidential Policy Directive 20 of October 2012. He sought to expose how the U.S. government was considering offensive cyber operations, defined as those that could cause physical harm or major property damage. The old guidance made clear that such drastic measures should be taken only as a last resort and with the express permission of the president. Presidential Policy Directive 20 also emphasized that cyber operations should follow the interagency process in order to coordinate the response and ensure a "whole-of-government" approach.
While we do know that Trump issued National Security Presidential Memorandum 13 (ostensibly covering cybersecurity policy) around the same time that he rescinded Presidential Policy Directive 20, likely laying out the new policy, the contents of the new memo remain classified. But though a side-by-side comparison of the two policies is not possible, Bolton's statements regarding the new policy clearly suggest it takes a more aggressive approach.
Little precedent exists for assessing offensive U.S. cyber capabilities. The Stuxnet attack on Iran's nuclear program is one of the few true offensive cyberattacks attributed to the United States available for analysis due to a mistake in its execution. Stuxnet was designed to look like an internal technical failure instead of a cyberattack, and was discovered only because it spread more rapidly than intended.
Clandestine, discreet attacks are certainly already key elements of U.S. cyber tactics. There have likely been more examples of U.S.-launched attacks that have not come to light, perhaps because they were never recognized as cyberattacks. While the less known about U.S. cyber capabilities, the more effective they will be when deployed, this by definition limits the deterrence value of U.S. cyber capabilities.
Traditional Approaches Likely to Remain Dominant
Despite Bolton's implication that offensive operations will form a greater share of the U.S. cybersecurity mix, regulation, cooperation with the private sector and the legal process will still account for the bulk of the mix. For example, regulatory bodies like the U.S. Securities and Exchange Commission can punish (or threaten to punish) firms that do not implement best cybersecurity practices and therefore leave themselves vulnerable to external attack. Government cooperation with the private sector, meanwhile, was on display in recent cases like the September indictment of North Korean cyber operatives, which displayed heavy FBI reliance on private security firms such as Mandiant and Alphabet to collect technical evidence and carry out investigations. Finally, prosecution through the traditional legal process will remain the preferred response to cyberattacks in the United States. Of course, this approach will continue to work better on the domestic front, where U.S. law enforcement agencies have the advantage of jurisdiction.
But when it comes to punishing foreign cyber intrusions, the three tools listed above are much weaker. Certainly, federal law enforcement agencies can continue to indict individuals and groups associated with foreign cyberthreats, but the chances they will ever see a U.S. courtroom are slim.
Indictments against foreign government officials for cyberattacks go back to 2014 when the Department of Justice accused the People's Liberation Army Unit 61398 of engaging in cyberattacks against the United States. Dozens of other investigations have uncovered efforts by foreign governments to gain access to critical U.S. networks. So far in 2018 alone, major indictments have been made against North Koreans, Iranians and 13 Russian individuals directly involved in the campaign to disrupt the 2016 U.S. presidential election. While such investigations are helpful for naming and shaming foreign cyberthreats, they rarely stop them. And this is where the appeal of offensive cyber operations comes into play.
Obstacles to Offensive Cyber Operations
The limitations on the traditional U.S. methods of maintaining cybersecurity can increase the appeal of more aggressive cyber operations to those in charge of U.S. national security. The individuals and groups targeted with U.S. indictments for cyberattacks are primary candidates for the administration's more aggressive cyber policies. Judging by the details available in the latest criminal complaint against North Korean hackers, for example, U.S. investigators were able to piece together a very detailed picture of the networks that targeted Sony Pictures and Bangladesh Bank.
Whereas the U.S. government used that intelligence to name and shame in an indictment, a more offensive-minded administration could use the same intelligence to infiltrate the hostile network and sabotage the group's work. Any such operations would be quiet, and attempts would be made to hide the origin of the attack. A U.S. response on a par with Iranian or North Korean cyber operations is unlikely, if for no other reason than that so public a response would reduce the effectiveness of similar future U.S. attacks.
As Erica Borghard and Shawn Lonergan point out in an article published last month by the Council on Foreign Relations, an offensive U.S. response would not necessarily be immediate. Offensive cyber actions represent carefully cultivated operations involving intensive and tedious intelligence work that requires gaining access to foreign devices and servers, monitoring activity and assessing vulnerabilities to exploit. Sometimes, the tailor-made exploit can be used only once because, to use the Stuxnet example, once the vulnerability has been identified, software developers around the world develop patches that render the weapon useless for future attacks against all but the most vulnerable devices.
Borghard and Lonergan also point out that cyber responses are limited in their destructive power. A best-case scenario for a cyberattack would be disabling computer systems and networks being used against U.S. interests to prevent an attack from happening, or to disrupt an attack that is underway. While this is better than nothing, it still leaves the individuals behind the operation free to learn from their mistakes and mount another attack. While using cyber operations against known threats in conjunction with indictments that name and shame perpetrators — along with specific details on how they carried out their alleged crimes — would certainly make it harder for individuals to reuse the same infrastructure for a future attack, regeneration is always possible, especially with state support.
A chart showing the number of world IP addresses by country.
Perhaps the main challenge to U.S. engagement in tit-for-tat cyberattacks is that the United States is by far the biggest target for such attacks. The number of IPv4 addresses — the standard for identifying unique devices connected to the internet — shows that the United States accounts for over one-third of all the world's connected devices. China, the runner-up, has just one-quarter of the unique IP addresses that the United States has, while Russia, Iran and North Korea are tiny by comparison.
The U.S. reliance on and integration with cyberspace simply makes the United States a bigger, and potentially more vulnerable, target.
-
https://www.lawfareblog.com/lawfare-podcast-shorts-fbi-director-wray-combating-cyberthreats
-
Some deep implications here methinks. Why wouldn't this logic be applied to pesky Russki interference in US elections for example?
============================================
Highlights
As Russia continues to develop and foster what it terms "internet sovereignty," it could eventually adopt similar infrastructure and integrate with the networks of other like-minded countries, such as China.
While the development of sovereign internet structures would restructure the global internet to some degree, it would not necessarily affect its functionality at the core level.
However, the additional independence and protection that accompany sovereign internet structures could ignite more state competition in the digital world, hampering global efforts to establish global norms on cyberspace.
Since its inception, the free-for-all nature of the global internet has defied the most robust forms of state control, but perhaps not for much longer. By April 1, the Russian government is expected to conduct a countrywide test of its ability to disconnect its internet infrastructure from the rest of the world's, following the Duma's passage of a draft law last month mandating changes to the country's internet infrastructure, Runet. While a test that actually disconnects the Russian web from the rest of the global internet may or may not eventually take place, one thing is certain: Russia is making significant changes to create infrastructure and a legal framework for what it terms a "sovereign internet." In essence, Russia hopes to develop a domestic intranet that can operate independently from the rest of the world, thereby giving it the opportunity to both protect online traffic — and go on the offensive against foreign internet traffic, if necessary.
The Big Picture
The divisions between Russia and the West have become more pronounced in recent years in a variety of fields, including, now, the cyber domain. Much as in the physical world, where Moscow has been developing a military deterrence and pursuing economic independence from the West to withstand threats and sanctions, Russia is shaping its internet infrastructure so that it can deal more effectively with internal challenges to its centralized rule, as well as external threats in the form of interstate competition.
The Quest for an Independent Internet
The idea for a sovereign internet emerged in China, but Russia has now taken the lead in developing the actual infrastructure needed to realize such plans. A sovereign internet differs slightly from existing control systems, such as North Korea's countrywide network, which is entirely disconnected from the global internet. And while sovereign internet systems bear some semblance to the "Great Firewall of China," or the control mechanisms that Iran has implemented — particularly in terms of the control of data flows in and out of the country — their aim is not simply to grant authorities control over internet access in a particular geographic area. Instead, the real target is to provide the state with the means to exercise the same level of sovereignty in the digital realm as it does in the physical world. In such a situation, the state assumes direct control over the internet infrastructure on its soil, allowing it to defend its systems from external attacks — much like states aim to guarantee their territorial integrity in the physical domain.
Sovereign internet infrastructure, moreover, allows states to reduce their dependence on foreign organizations that have assumed responsibility for its functions. Currently, the U.S.-based nongovernmental association ICANN manages the infrastructure that underpins the global internet. For Russia and China, this situation presents a liability since the organization — independent though it may be of the U.S. government — could become vulnerable to Washington's interference. Ultimately, the concept of a sovereign internet rests heavily on the idea that there should be equality among states in providing foundations for the internet's core functions through direct control over Domain Name System (DNS) servers, which essentially direct all traffic online.
For Russia, of course, this is not simply a principled quest for equality in internet infrastructure. Moscow has very real and practical goals in mind as it considers changes in the operation of Runet. Given the growing rifts between Moscow and the West — and particularly amid the increasing focus on the cyber domain — Russia is concerned about the vulnerability of its domestic infrastructure to large foreign cyberattacks. In the end, a more independent infrastructure, as well as the ability to maintain some level of functionality domestically when severing connections with the outside world, provides a blunt, yet effective, defense against such threats.
At the same time, information security is central to Moscow's efforts regarding Runet. Due to the inherent nature of the internet, online correspondence between Russian citizens and entities often leaves Russia's domestic infrastructure, raising the risk — as far as Moscow is concerned — that foreign powers could snoop on or disrupt such exchanges. Thus, as it redesigns its internet infrastructure to address such threats, Moscow is also seeking to ensure that digital communications or data transfers between Russians do not leave the country's domestic infrastructure.
This schematic diagram shows the rough workings of the future Russian internet
Naturally, controlling the flow of data in and out of Russia also assists the government on another major concern: countering domestic political opposition. In the past, Russia has attempted to block the use of messaging services like Telegram, which anti-government activists have used to evade state surveillance, on the grounds that it facilitated terrorism, but these interdictions have been crude, resulting in major disruptions to other services. Accordingly, the reconfiguration of the Russian internet could make Moscow's task of denying them access to foreign-hosted services much easier.
Russia's quest for a sovereign internet is part and parcel of its efforts to insulate itself economically in response to the Russia-West standoff that began in 2014. On an even more global level, Russia's actions also exemplify a broader effort by states to regulate the internet and establish common norms on behavior in cyberspace; the European Union, for one, has attempted to move forward on this front by enacting regulations on the General Data Protection Regulation to protect privacy. The establishment of a Russian sovereign internet ultimately touches upon a much broader dynamic — sovereignty over cyberspace, which raises the question of what rights countries have in the digital realm.
The concept of a sovereign internet rests heavily on the idea that there should be equality between states in providing foundations for the web's core functions.
The Nuts and Bolts of an Independent Internet
One of the core elements of Russia's push to develop an independent internet infrastructure revolves around the functioning of the DNS servers that are a key component of the global internet infrastructure. These servers function as centralized directories that connect internet users with their intended destination. When someone attempts to visit a website or connect to an online service, DNS servers function as a high-level phonebook for internet domains. This means that when trying to connect to a service on the Russian .ru domain, the DNS servers will provide information on the location of the more detailed .ru registries to foster a connection.
While hundreds of DNS servers and mirrors (which reflect the former's datasets, thus improving capacity) are located in Russia and around the world, ICANN has centralized the management of this directory. Updated directories are distributed from one root server to the others before proceeding to a multitude of mirrors. But Russia is concerned that if the United States, for example, sought to remove the .ru domain from these directories, Moscow would have no direct control over the constellation of DNS servers to prevent it. In the past, Russia and China have tried to bring the management of the DNS system under the auspices of the United Nations, where they wield greater influence, but ICANN's assumption of responsibility for these monitoring tasks — instead of the U.S. government's — has precluded that effort. Whatever the case, the prospect of the .ru domain's erasure is remote, as the organizations sustaining the global internet infrastructure would unlikely tolerate any politicization of the domain directory.
Ultimately, Russia feels as if it must develop its own DNS infrastructure that it controls directly, both because it would be unable to rely on the global DNS infrastructure if it willingly disconnected from the global internet and because it wishes to prevent the unlikely event of anyone tampering with DNS functionality through the current structure to its detriment. In such a scenario, Russia's own independent DNS servers would continue to operate as intended and facilitate internet functionality within Runet alone, even if the .ru domain lost connection with the rest of the world.
Many, however, fear that such moves could balkanize the internet, replacing the current centralized and homogenous DNS infrastructure with separate groups of competing DNS networks. While this could occur if the trend of implementing sovereign internet infrastructure spreads to different countries, it would be unlikely to impede the functionality of the internet as a whole. After all, the very goal of creating independent DNS infrastructure is to impose sovereignty on domestic network infrastructure, all while maintaining compatibility with the rest of the worldwide internet.
What Happens in Russia Stays in Russia
Russia, meanwhile, has also enacted some legislation (and is proposing more) to force large service providers like Google, Facebook, Twitter and others to physically locate their servers or data centers within Russia. This effort is central to Russia's attempts to keep Russian internet traffic within the country, while also subjecting these operations to national legislation.
The very structure of Runet might already facilitate Russian cyberwarfare activities.
Internet service providers operating within Russia, for example, are required by law to provide a surveillance suite that allows Russian authorities to intercept online communications. By keeping all internet traffic among Russian entities contained in the country, the government will guarantee its ability to intercept all communications, reinforcing its internal security capabilities. In response to the rise of satellite-provided internet that threatens this capability, Moscow enacted a law that obligates all providers of such services in the country to establish Russian-based ground stations that would relay all traffic. Accordingly, even internet over the airwaves would fall under the purview of the system of surveillance that the Russian state has developed.
Such measures, however, are also designed to allow Runet, as much as possible, to operate independently. This means that while Russia hones its ability to conduct surveillance over Russian internet traffic, it also reduces the chances for others to do so. Furthermore, in the extreme event that Runet lost its connection with the rest of the world, it would still retain a large degree of functionality to continue operating in isolation in Russia. Without question, however, such an event would still be highly disruptive to Russia itself, as internet usage drawing on services located outside the country would no longer be able to function. In such a situation, the economic consequences could be vast.
Escalation in the Cyber Domain
Russia's exertions to create a sovereign internet, meanwhile, could also increase the feasibility of large-scale cyber offensives. Russia's very ability to disconnect itself from the rest of the world is not only a defensive measure shielding the country from the rest of the world, but also something that could allow Moscow to theoretically disrupt the global internet infrastructure to a significant degree while insulating itself from the aftereffects. In reality, however, such an act would be tantamount to economic suicide, meaning it would likely only occur in prelude to a war or as an act of desperation. As long as Runet is intertwined with the global internet infrastructure, an attack of that magnitude would damage Russia as much as it does others.
But it's not just a Russian disconnect and an attack against global internet infrastructure that could result in an escalation between Moscow and the rest of the world. The very structure of Runet might already facilitate Russian cyberwarfare activities and afford Moscow more room to invoke plausible deniability. Shielding all Russian internet activity on Russian-controlled DNS servers would significantly impede the investigation of malicious cyberactivity when attacks do occur. International investigators might still be able to point the finger at Russia following such attacks, but the isolation of Runet would complicate their efforts to assign responsibility to specific entities inside the country. Equally, forces outside Russian infrastructure would find it much more difficult to directly target separate Russian entities online.
Beyond the potential for an escalation in cyberactivity this added degree of protection provides, this infrastructure also gives Moscow a greater opportunity to repress internet activity within Russia. Moscow has been conducting a constant battle to block certain internet services, such as Telegram, that it has dubbed a threat to stability. As countries attempt to block such services, however, creative minds invariably find ways around the barriers. Developing the ability to sever Runet from the global internet infrastructure, accordingly, provides the ultimate response. While a scorched earth operation — internet style — would also disrupt a significant share of non-hostile foreign internet usage, it could provide Russia with a last-ditch defense in the event of an uprising against the government. In the end, a sovereign internet offers Russia a route to greater political stability — particularly as it would grant it greater control over the heretofore unruly web — and more resilience in the face of outside pressure. Given that, it's a prospect that Moscow is unlikely to pass up.
-
I posted the other day about how China is bypassing our various Maginot lines. Here is one example I mentioned, in greater detail from a lefty Jewish publication.
https://www.tabletmag.com/jewish-arts-and-culture/281731/chinas-plan-for-global-supremacy
-
Huawei still under pressure, still churning out profits. The U.K.’s National Cyber Security Center released on Thursday a report criticizing the telecom giant for failing to patch security vulnerabilities in its equipment first identified in 2012. This comes as the U.S. continues to warn friends and allies that doing business with Huawei might force Washington to curtail intelligence-sharing and military cooperation. The company has good reason to be concerned about the campaign led by the “Five Eyes” countries (Australia, Canada, New Zealand, the U.K. and the U.S.) to freeze out the firm. On Wednesday, rival firm ZTE posted $1.03 billion in losses in 2018, with sales dropping 21 percent in part because of a brief U.S. ban on selling critical components like semiconductors to the company. Nonetheless, for the most part, Huawei is still riding high. Most European countries have thus far shrugged off the U.S. pressure and declined to freeze out the firm. And this morning, Huawei announced that its net profits soared more than 25 percent last year, with sales revenue topping $100 billion for the first time.
-
https://www.defenseone.com/technology/2019/04/new-consensus-emerging-how-handle-risk-chinas-5g/156355/?oref=defenseone_today_nl
Quelle coincidence!
https://arstechnica.com/gadgets/2019/03/how-microsoft-found-a-huawei-driver-that-opened-systems-up-to-attack/
-
https://www.defenseone.com/technology/2019/04/new-consensus-emerging-how-handle-risk-chinas-5g/156355/?oref=defenseone_today_nl
Quelle coincidence!
https://arstechnica.com/gadgets/2019/03/how-microsoft-found-a-huawei-driver-that-opened-systems-up-to-attack/
5G is a serious threat to privacy. 5G from Huawei? If you want Beijing's surveillance state to extend globally, far beyond what it does now.
-
I'm new to Defense One as a source-- it seems to cover serious issues, but it often seems to be of seriously Democrat wooliness.
-
I'm new to Defense One as a source-- it seems to cover serious issues, but it often seems to be of seriously Democrat wooliness.
Yes. To both points.
-
"5G is a serious threat to privacy. 5G from Huawei? If you want Beijing's surveillance state to extend globally, far beyond what it does now."
It's a good article, asks the right questions but I don't think is finding the right answers.
"don’t let Huawei near their sensitive intelligence facilities"
"allow Huawei to play in the portion of the Radio Access Network where individual users connect to cell towers but not in what’s called the core network, where those towers connect and communicate to one another via a shared central node."
-------------------------------
What? 'Don't let them near'? But let them be connected? The time it takes a connected signal or collected data to travel from USA to Beijing is .03 seconds by my calculation. How far are you going to keep them away, the most distant star?
“The more we connect things, the greater insecurity,” he says. That trend of connecting things shows no signs of stopping.
Sounds like a failed security model.
Installing Chinese 5G Gear is Dangerous — and Probably Inevitable: NATO
https://www.defenseone.com/technology/2019/04/installing-chinese-5g-gear-dangerous-and-probably-inevitable-nato-report/156007/
The settlement between Apple and Qualcomm is an indication that US based Qualcomm will make the 5G modem chips - and Intel dropped out. But who else besides Huawei makes the core network, Nokia?
https://www.lightreading.com/artificial-intelligence-machine-learning/huawei-dwarfs-ericsson-nokia-on-randd-spend-in-2017/d/d-id/741944
I don't want my "things" connected and 4G is great speed for most applications.
-
A compendium of Stratfor videos, maps, infographics and interactive content.
Explore & Discover
Apr 17, 2019 | 22:59 GMT
5 mins read
Qualcomm Ends Its Fight With Apple, but an Antitrust Threat Still Looms
Qualcomm and Apple recently announced a worldwide legal settlement -- effectively ending the various royalty and patent disputes between the two U.S. tech giants.
(BRENDAN SMIALOWSKI/AFP/Getty Images)
Print
Highlights
Apple and Qualcomm have resolved their litany of global legal disputes, which will likely allow Apple to introduce a 5G iPhone by 2020 and without having to partner with a rival to do so.
But other legal challenges to Qualcomm's business model and preeminence in telecommunications remain, including a pending antitrust lawsuit from the U.S. Federal Trade Commission (FTC).
Behind Qualcomm, China's Huawei and South Korea's Samsung are the next most influential leaders in the telecommunications space.
Should the FTC ruling result in the breakup of Qualcomm's monopoly, it risks damaging the United States' dominance of the tech sector by opening the door for China to set standards for the future development of telecommunications technologies.
After years of litigation involving a number of countries and myriad disputes, Qualcomm and Apple agreed to put aside their differences and settle. As part of their accord, the two U.S. tech giants have also agreed to a new six-year supply agreement for Apple to buy Qualcomm chips, including its 5G modems. However, while the agreement may have freed Apple to develop 5G-capable iPhones using Qualcomm's chips, Qualcomm is still fending off other legal challenges from global regulators that could place the United States' current tech dominance in peril.
The Big Picture
The United States' long-held place at the forefront of developing emerging technologies is largely owed to the influence that U.S. companies, such as Apple and Qualcomm, wield in global markets. However, sweeping court decisions and anti-trust lawsuits now risk breaking up some of these large tech companies, and by proxy, their power. As a result, the United States may find that amid its ongoing tech war with China, the biggest risk to maintaining its dominance may come not from Beijing, but rather Washington.
The Lesser of Three Evils
To keep pace with the high-stakes, highly competitive 5G race in the smartphone sector, Apple had little choice but to make amends with Qualcomm. Qualcomm is one of only four companies in the world that currently have the capacity to develop of 5G modems for high-end smartphones, along with China's Huawei, South Korea's Samsung and the United States' Intel.
In 2016, Apple had stopped purchasing Qualcomm's modems for its smartphones because of the alleged overcharging of excessive royalties for use of chip patents. In doing so, Apple had counted on Intel developing a 5G modem in time for the 2020 iPhone model. But engineering challenges have bogged down Intel's 5G development since then, fueling concern that the company wouldn't be able to release a commercial modem until 2021 — two full years after Apple's biggest global rivals, Samsung and Huawei, were slated to release their line of 5G smartphones.
Such a delay was surely unacceptable for Apple, but so was the idea of having to partner with its two biggest global rivals, Samsung or Huawei, for a 5G modem. Huawei was reportedly open to working with Apple, but doing so would be a political impossibility thanks to the United States' increasingly heated campaign against the Chinese tech giant. Thus, in order to keep on schedule with its release of a 5G iPhone by 2020, the only feasible option Apple was left with was to resolve its disputes with Qualcomm.
Qualcomm's Legal Woes Are Far From Over
But while the agreement may have settled its legal disputes with Apple, Qualcomm is still facing other significant legal challenges from global regulators over its business model, which could place the United States' tech dominance in peril. Then is especially apparent when considering an antitrust lawsuit levied by the U.S. Federal Trade Commission (FTC). The FTC has accused Qualcomm of leveraging its monopoly over patents for certain designs (such as modems for smartphones) to force its customers into unfair licensing agreements. The trial wrapped up earlier this year, and is currently awaiting a decision from a federal district court judge in California. However, should a court decision result in an FTC victory, it could force Qualcomm to break up its monopoly and thus, its influence in the market — opening the door for Chinese Huawei to swoop in and take its spot.
Becoming a leader in chip manufacturing is an expensive and difficult process, which is why the sector is dominated by so few companies. Qualcomm has earned its current place at the top by investing across a wide spectrum of technologies — arming it with the kind of comprehensive end-to-end capabilities that allow Qualcomm to have such a key role in the global standardization, interoperability and development of telecommunications networks. While other large U.S. tech companies (such as Apple and Intel) share some narrow overlap with Qualcomm's business capabilities, their scope is nowhere near what's needed to lead the global debate on setting standards anytime soon. Shortly following Apple and Qualcomm's statement, Intel also announced that it was stopping its development of 5G modems for smartphones altogether.
A legally mandated breakup of Qualcomm could inadvertently pave the way to Chinese dominance in the tech sector, despite the United States' best efforts to maintain an edge.
The only other companies with the capabilities and influence to quickly replace Qualcomm are Samsung and Huawei — neither or which face realistic antitrust threats. In its effort to become a more significant player in global regulations on communications technology, China-based Huawei has been focusing on developing end-to-end expertise that goes beyond even Qualcomm's capabilities.
Without a viable U.S. alternative to take Qualcomm's place, the United States risks losing its place at the negotiating table, and its ability to set global standards for the tech sector — particularly, on key decisions on telecommunications and interoperability of systems. Without Qualcomm, U.S. leadership when it comes to 5G developments — and future generations, including 6G technology — will erode more quickly. A legally mandated breakup of Qualcomm may, therefore, inadvertently give way to China's rise in the tech sector, despite the United States' best efforts to maintain its edge over its chief Eastern rival.
-
"A legally mandated breakup of Qualcomm could inadvertently pave the way to Chinese dominance"
Right. The FTC should drop this now that Apple settled and Intel dropped out, except to enforce laws and punish any specific antitrust violations they have found.
-
The Age of Splinternet: The Inevitable Fracturing of the Internet
By Matthew Bey
Senior Global Analyst, Stratfor
Highlights
The days of a global internet with relative openness are over as regulation and digital borders rapidly increase in the coming years.
Nationalism and concerns about digital colonization and privacy are driving the "splinternet." Those forces will not reverse, but only accelerate.
The United States will still back a relatively open internet model, but it has clearly assessed that a global pact to govern cyberspace would tie its own hands in the competition with China.
A complex labyrinth of different regulations, rules and cybersecurity challenges will rule the internet of tomorrow, which will become increasingly difficult for corporations to navigate.
In 2001, Amazon founder Jeff Bezos — whose company had yet to turn a quarterly profit — said in an interview, "I very much believe the internet is indeed all it is cracked up to be." Now, 18 years later, the emphasis should be placed on how "cracked up" the internet could become. The concept of a "splinternet" or the "balkanization of the internet" — in which the global digital information network would be sectioned off into smaller internets by a growing series of rules and regulations — has existed for years. But we're now barreling toward a point where concept will become reality.
The Big Picture
The first three decades of the internet's development will be remembered as the period of a largely open internet, with few regulations beyond unique cases like China. But that narrative is ending. Countries and companies are erecting new digital walls on the internet every day. That concept has been given many names — splinternet, the balkanization of the internet and the fragmentation of the internet — but regardless of the nomenclature, the concept is here to stay. And accelerate.
The Wild West days of an open internet are gone for good, and the implications of an increasingly fragmented internet will be profound. It will result in a regulatory minefield that will present new challenges to the current dominance of large U.S. multinational internet companies, like Amazon, and consequently has the potential to leave the United States with less ability to exert "soft power" through its corporate giants.
The Open Internet Rests in Peace
The internet developed in tandem with the United States' rise as the world's sole superpower; once the Cold War ended, it became a key hallmark of U.S. dominance. The internet began as something called ARPANET, a creation of the U.S. Defense Department, before going public in the 1990s. But although the internet became global, the United States still maintained its role as its primary manager through the Internet Corporation for Assigned Names and Numbers' (ICANN) contract with the U.S. government. ICANN plays a key role in managing the domain name system (DNS), a set of databases in root servers that make the internet functional.
The U.S. policy that information and data are human rights that should flow freely among countries, companies and individuals, combined with the country's internet managerial role, has helped facilitate the current U.S. dominance in the global internet sector. The largest U.S. internet companies — Amazon, Google, Facebook, Netflix and others — have been able to extend their dominance over most of the world relatively unencumbered by drastically different regulations or viable local competitors. The dominance of U.S. corporations has meant that U.S. companies also primarily control the 21st century's equivalent of oil (aka the most prized resource of the time): data. And they can spin it to their advantage. The omnipresence of U.S. companies in some countries has become akin to digital colonialism, exemplified by Facebook's control over mobile experiences in dozens of countries through its Free Basics program and Google's control over advertising. Moreover, as the Edward Snowden revelations in 2013 showed, U.S. intelligence services and law enforcement branches have more freedom than other countries to access data — legally or illegally — since it lives on U.S.-based servers.
Those dual realities — U.S. corporate dominance of the internet and its incomparable access to data — have fueled a backlash against the open internet model. At the same time, companies and countries have developed new tools that make it less expensive for authoritarian states to limit and stifle the free movement of information internally, as well as more easily use bots on social media to try to spin a narrative in their favor. Backlash against the open internet comes from multiple directions, and it's not going away.
A Divided Internet as an Authoritarian Tool
U.S. rivals are increasingly taking steps to compartmentalize the internet, creating global and domestic spheres. Most well-known is China, which for years has controlled the movement of information between global cyberspace and domestic cyberspace through its Great Firewall, which controls domestic access to the web, for instance restricting access to specific foreign sites. But Russia and Iran are taking notes from China and going one step further: creating domestic internets that can be cut off from the global internet if necessary while remaining internally intact and functional. Iran's National Information Network is now fully operational, and the country has been trying to force its netizens to set up websites and Iranian-made competitors to Western apps on Iran's domestic internet rather than the World Wide Web. Russia has done the same, although it's unclear whether a purported test to cut off all access to the global internet it had planned to carry out at some point before April 1 was actually conducted.
The U.S. corporate dominance of the internet and its incomparable access to data have fueled a backlash against the open internet model.
Russia, Iran and China setting up their own networks out of concern over meddling from Western countries may only be the tip of the iceberg of authoritarian governments developing robust internal networks to control information. As the price of internet control tools declines, they will be increasingly accessible to smaller and less developed countries. Obvious candidates for setting up domestic internets or employing robust internet filtering systems include Egypt, Saudi Arabia, Turkey and Brazil. (The latter has floated the possibility of increasing internet regulations in the past.) Russia has even proposed a smaller internet exclusive to BRICS countries (Brazil, Russia, India, China and South Africa) as a means of breaking free from U.S. digital hegemony.
Nationalism and the Push for More Data Privacy
It's not just authoritarian countries that are taking notice of U.S. internet hegemony. At the opposite end of the spectrum, data privacy, data nationalism and economic nationalism are driving internet regulations and controls. This is perhaps most true in Europe. Despite being as wealthy as the United States, Europe has struggled to create internet companies that can compete with U.S. counterparts. There is no European equivalent to Facebook, Google or Amazon. And individual European nations are too small for country-focused companies to compete with the financial firepower that U.S. competitors can wield in investments. Perhaps unsurprisingly, as nationalism has increased across Europe, so has a desire to lessen the United States' internet dominance. Examples so far include antitrust and monopoly investigations against Google, as well as increased regulations requiring data localization and calls for higher taxes.
Data privacy has been a crucial component of European reactions to U.S. internet control, particularly the European Union's deeply impactful May 2018 introduction of General Data Protection Regulation (GDPR). The regulatory scheme forced new compliance rules on data privacy, including how data can be used, where it is stored and how people can give consent on data issues. GDPR was driven in part by Snowden's revelations that the National Security Agency and the so-called "Five Eyes" intelligence-sharing alliance were accessing data globally. It introduced an enormous set of regulations, which require companies to uniquely navigate each European country's jurisdiction. And while this does not exactly equate to a wholly separate, physically divided internet like the Russian and Iranian proposals, it has a similar effect of increasing regulations and decreasing the global all-access quality of the internet.
Even in the United States, movements to increase internet fragmentation are emerging. Proponents aim to reduce the hegemony of large companies and their unparalleled control of data, and they also want to increase personal data protections, perhaps by introducing GDPR-like mechanisms in certain states.
And companies are also increasingly interested in slicing up the internet in different ways, as ecosystems start to emerge around certain platforms. Apple's business model has drawn in and locked down users to the Apple and iOS ecosystem. Amazon and Google have done the same with their offerings, as have China's Alibaba and Tencent, increasingly. As concrete, country-led internet fragmentation occurs, these company-specific ecosystem approaches could come to dominate certain sets of affiliated countries or regions, further fomenting new digital boundaries.
Divided Opinions About Dividing the Internet
The last two years have highlighted the extremely divided international viewpoints about how the internet should be governed. On five different occasions, the United Nations has tasked a group of government experts with establishing rules and norms for global digital governance. After the fifth group failed to do so in July 2017, no sixth group has been created. In November 2018, French President Emmanuel Macron announced the Paris Call for Trust and Security in Cyberspace, a new initiative to establish international norms that was signed by more than 50 nations, 90 nonprofit groups and universities and 130 private corporations including Facebook and Google.
But the United States, China and Russia did not sign the Paris Call initiative, and those three countries also blocked each of the U.N. efforts. After all, the great power competition heating up among the United States, China and Russia extends to cyberspace. The United States has been able to exert enormous amounts of soft power through the internet, and China's rise is now becoming a more important geopolitical threat to the United States in all ways, including digitally. Washington has recently focused heavily on ensuring that international agreements about cyberspace do not introduce the added challenge of making it harder for the United States to compete with its Chinese adversary.
The great power competition heating up among the United States, China and Russia extends to cyberspace.
Countries' domestic laws and national regulations reign supreme due to the physical requirements of the current internet, so the United States, China, Russia and others truly can go their own way in cyberspace. That means that global internet governance issues are likely to remain stalled while regional or affinity groups, or extremely nationalistic countries, introduce their own localized regulations, firewalls and, in some cases, domestic internets with a limited connection to the outside world.
A Complex Future Is Already Here
China provides a good case study of how this domestic internet control can affect the dominance of U.S. companies when taken to the extreme. China's Great Firewall and extremely tech-nationalist rules have essentially made it impossible for U.S. companies to operate in the country. The government explicitly bans some companies, while others are subject to so much censorship and surveillance that they simply choose not to pursue the Chinese market. This situation has allowed Chinese companies to dominate inside China, evolving and catering to the domestic market. Even when U.S. companies have tried to compete, they've failed. In the future, this type of domestic dominance may likely emerge in other countries with extreme nationalist internet policies, such as Iran.
Globally this means that businesses — purely internet-based and otherwise — should be prepared to navigate an increasingly complicated minefield of different internet regulations. In the 21st century, almost every sector of the world economy is deeply dependent on quick, seamless connectivity to the internet and data flow, and increasing regulations will slow and disrupt operations in many ways, no matter how large or small a business may be. Indeed, in many niches of the tech sphere, national competitors to formerly dominant international behemoths will emerge. But small companies will also be put at a large disadvantage when trying to expand beyond one or two countries because of the overhead costs of having to comply with different rules and regulations that can vary vastly.
U.S. tech companies will struggle to maintain their global influence in a world of internet fragmentation where national sovereignty reigns supreme.
Ironically, the major U.S. and Chinese companies can most easily afford to comply if they choose to. Yet, this will only reinforce concerns of digital colonialism and privacy — eventually likely provoking an even stronger backlash against large U.S. companies. In the West, this opposition will focus on data privacy and how to treat data, particularly as artificial intelligence and the Internet of Things create even more personal data from our lives.
Looking Forward
U.S. tech companies will struggle to maintain their global influence in a world of internet fragmentation where national sovereignty reigns supreme. For China, on the other hand, that scenario is preferable. Its nurtured giants Tencent and Alibaba, for example, are beginning to export the ecosystems that they've built in China to some of China's neighbors, eating into markets that have traditionally been dominated by U.S. companies. This may drive some backlash against Chinese digital colonization, but since China is new to that particular game, it will still be making progress in its power competition with the United States even if it faces limits and opposition.
The end result is that the next 25 years of internet regulation and changing guidelines about how information flows across boundaries will be far more complicated than the previous 25. The extreme version of the splinternet, in which every country creates its own internet with limited connections to the global internet, is unlikely to come to pass. The requirements of a modern economy simply won't allow that eventuality. Instead, companies will be required to jump through increasingly more hoops, and domestic demands for local ownership or data regulation will grow steadily. Corporate America will still demand an open internet for all — even making massive investments in satellite technology to try to do so — but it will not be able to prevent the inevitable.
The age of the splinternet is at hand.
Matthew Bey is an energy and technology analyst for Stratfor, where he monitors a variety of global issues and trends. In particular, he focuses on energy and political developments in OPEC member states and the consequences of such developments on oil producers and the international oil market. Mr. Bey's work includes studies on the global impact of rising U.S. energy production, the recent fall in oil prices, Russia's political influence on Europe through energy, and long-term trends in energy and manufacturing.
-
second post
https://www.defenseone.com/technology/2019/04/russians-will-soon-lose-uncensored-access-internet/156531/?oref=defenseone_today_nl
-
https://www.defenseone.com/politics/2019/04/top-cyber-diplomat-us-needs-allies-help-punish-cyberattacks/156510/?oref=d_brief_nl
-
second post
https://www.defenseone.com/technology/2019/04/russians-will-soon-lose-uncensored-access-internet/156531/?oref=defenseone_today_nl
Coming here soon. Plan accordingly.
-
Russia regulates the web. Russian President Vladimir Putin signed into law an internet regulation bill that the Kremlin says will help protect the country from cyber attacks. Under the new law, Russian authorities will have the ability to switch off certain servers and regulate certain types of traffic. Though the law will take effect in November, its more complex components like cryptographic protection and a national domain name system will not be implemented until January 2021. Russia still needs to build out its tech infrastructure if it wants to establish its own internet system, but it seems the Russian public is somewhat hesitant about the new measures. A recent survey conducted by the state-funded Russian Public Opinion Research Center revealed 52 percent of Russians oppose the law and only 23 percent support it. Only about two-thirds of Russians use the internet on a daily basis, while 18 percent do not use the internet at all.
-
Russia regulates the web. Russian President Vladimir Putin signed into law an internet regulation bill that the Kremlin says will help protect the country from cyber attacks. Under the new law, Russian authorities will have the ability to switch off certain servers and regulate certain types of traffic. Though the law will take effect in November, its more complex components like cryptographic protection and a national domain name system will not be implemented until January 2021. Russia still needs to build out its tech infrastructure if it wants to establish its own internet system, but it seems the Russian public is somewhat hesitant about the new measures. A recent survey conducted by the state-funded Russian Public Opinion Research Center revealed 52 percent of Russians oppose the law and only 23 percent support it. Only about two-thirds of Russians use the internet on a daily basis, while 18 percent do not use the internet at all.
Sounds like a third world country to me. Also it is a lot like regulation the Left has in mind for us.
-
https://www.newyorker.com/news/annals-of-communications/the-terrifying-potential-of-the-5g-network?fbclid=IwAR3U02ysEV0PIR3q4nNr1ih-meory3s1ff32KtZ_vwFRkpR0uUW-fGBLdv8
-
second post
https://www.defenseone.com/ideas/2019/05/trump-signs-executive-order-boost-federal-cyber-workforce/156740/?oref=d_brief_nl
-
https://www.newyorker.com/news/annals-of-communications/the-terrifying-potential-of-the-5g-network?fbclid=IwAR3U02ysEV0PIR3q4nNr1ih-meory3s1ff32KtZ_vwFRkpR0uUW-fGBLdv8
The internet of things is a huge trap.
Live off grid as much as possible. A nice prison is still a prison.
-
I agree
I don't want everything I do on some sort of network
the fuckers at wall street will be shoving this shit down our throats
eventually they will force us into it whether we like it or not by phasing everything else out.
Its obvious from the ads I see on cable emails phone google searches I am being watched at everything I do.
-
There are things you can do to mitigate and/or eliminate that.
I agree
I don't want everything I do on some sort of network
the fuckers at wall street will be shoving this shit down our throats
eventually they will force us into it whether we like it or not by phasing everything else out.
Its obvious from the ads I see on cable emails phone google searches I am being watched at everything I do.
-
This seems to be very well informed, but what I get out of this is that the Chinese problem will not be solved by this guy's thinking.
=============================
The Yeoman Work Behind 5G Wizardry
Tomorrow’s wireless world may be a revolution as promised. But Qualcomm’s Dino Flore tells how the tech is forged slowly in a world-wide effort.
By Mene Ukueberuwa
May 10, 2019 7:04 p.m. ET
Illustration: Ken Fallin
San Diego
It took President Trump more than a year to renounce the idea of nationalizing America’s next-generation wireless network after his administration floated it early in 2018. His hesitation might have been inspired by the headlines. From technology blogs to national newspapers, countless articles frame U.S. progress on its fifth-generation, or 5G, network as a race for international superiority, with mortal stakes for national security. The new network depends in part on federal support, so it may not seem crazy to envision 5G as a modern-day Manhattan Project.
But a man with a much closer view describes the matter very differently. “You have to understand this is a huge human endeavor, and actually the nation is kind of marginal,” says Dino Flore, vice president of technology at Qualcomm , a leading maker of equipment that connects mobile devices to the cellular network. Rather than a coordinated public initiative, he says, the new systems for cellular communications arose from “years of big R&D, planning and design, then standardization”—all led by private developers like Qualcomm and the wireless carriers that operate the network.
True, the U.S. has reason to be careful about foreign participation in its domestic 5G rollout. But Mr. Flore stresses that commercial cooperation across borders is a key part of creating the technology. “There’s thousands of companies” setting common design standards in what he describes as “a truly global initiative.”
On a sunny San Diego afternoon, Qualcomm’s palm-tree-lined campus feels a world away from the political, policy and press buzz of the East Coast. Mr. Flore, 43, is even further removed. Based in Barcelona, where he oversees 5G products in Europe, the Middle East and Africa, he visits headquarters wearing a hooded sweatshirt and jeans. Yet neither he nor Qualcomm quite fits the personality of a Silicon Valley software firm. Instead of high-minded rhetoric about connecting the world, he offers straightforward descriptions of the hardware systems that actually do so. He’s worth listening to, having helped design that technology for nearly two decades.
Mr. Flore recalls that “the first formal act” in creating international 5G standards “was a workshop in September 2015, which I chaired.” “About every 10 years,” he explains, “there is a need for a new platform, which is much more powerful and flexible than the previous one.” Developers plan each generation of cellular technology on a prearranged timeline, and 5G will gradually replace the increasingly strained 4G architecture.
“Today we have about eight billion cellular connections” world-wide, Mr. Flore notes, “which is a scale unprecedented, actually, in human history.” But as more users come online in the developing world and wealthy nations adopt more connected products, “we are talking about expanding that to tens of billions. So the scale—it’s unimaginable.”
Now that 5G hardware is available, carriers are racing to create more coverage so they can entice consumers to upgrade their devices. Deployment of 5G in the U.S. began this year with trials in select cities, but America is lagging far behind China, where telecom firms Huawei and ZTE have built about 10 times as many new cell sites. This advantage in 5G activation could allow Chinese companies to gain an edge in designing the next generation of wireless devices.
Security is one main reason for the gap. The state-supported Chinese firms offer the best and cheapest core-network infrastructure, but have been suspected of using their systems to bug communications on Beijing’s behalf, as in Britain’s 2014 expulsion of Huawei from certain government offices. As a result, the four major U.S. carriers reached an informal agreement with the Federal Communications Commission to exclude Chinese hardware from their domestic 5G networks. With no American company building core cellular hardware, that leaves U.S. telecoms dependent on Europe’s Nokia and Ericsson, which some analysts suggest are about a year behind the Chinese in releasing high-quality 5G systems.
Each major component of 5G is meant to increase the strength of wireless signals, and the system’s capacity to broadcast simultaneous signals. Qualcomm and the carriers eagerly advertise the new network’s theoretical benefits for devices “beyond the smartphone,” as Mr. Flore puts it, including “the Internet of Things, connected cars, augmented reality and virtual reality.” One study—which Qualcomm commissioned—found that 5G will spur about $12 trillion of global economic output over 15 years.
But in the first two to three years of 5G rollout, users will see the simpler benefit of far better speed and reliability on 5G-enabled phones and computers. The first step toward these improvements, Mr. Flore says, was “working with mobile operators over the years to enhance network capacity by adding new spectrum.”
When you make a call or load a webpage, your phone emits a signal at a particular frequency to connect with your carrier’s nearest cell tower. “There has been an exponential growth of data consumption,” Mr. Flore says. That clogs the current frequency bands, causing failures and delays. So he and his fellow 5G developers focused on “unlocking a large amount of new spectrum in the high frequencies,” commonly called millimeter waves. The FCC is auctioning off this mostly unused spectrum for cellular use.
Millimeter waves can help only so much. Signals in those frequencies “don’t propagate from outdoor to indoor,” Mr. Flore explains, “so it doesn’t cross brick walls, or concrete walls.” Same for organic matter like foliage—or the human body: “Even the simple fact that you hold the phone with your hand creates some blockage.” That means carriers like Verizon, which originally teased a nationwide millimeter-wave network, now say they’ll deploy high frequencies mostly in dense urban environments. Mr. Flore says millimeter waves will also serve certain indoor uses through “the placement of small cells”: pillow-size transceivers that can be mounted on rooftops to send signals into high-usage buildings like factories and offices.
For the broader 5G network serving people on the go, better signal quality will come from an increase in sheer capacity. Think of the wireless spectrum as a highway: The easiest way to increase the speed of traffic is to raise the speed limit. “When we did LTE,” Mr. Flore says—referring to “Long Term Evolution,” the prevailing high-speed standard—“we kept evolving the data rate, because it’s easier.” But when the road has too many cars, the only way to prevent traffic jams—network congestion, in the telecom analogy—is to add more lanes. Today most cell towers have between three and 15 antennas. With 5G, “you will gain, easily, 10 times more capacity,” Mr. Flore says, as towers will have as many as 128 antennas. Open frequency lanes will let neighbors watch videos smoothly over the air.
Putting more antennas on a single tower is possible because of the last key capacity-boosting technology, beamforming. “It’s really the ability to create beams, which direct the energy toward specific users,” says Mr. Flore. Most current antennas broadcast over a wide field, with an angle of either 120 or 90 degrees. Certain 5G antennas will be able to “direct different beams to different users, without interference.” That will allow carriers to “reuse spectrum over and over again with multiple users at the same time.”
Mr. Flore began his career working on many of these technologies at a time when they seemed like far-fetched dreams. Raised in Ostuni, a town near the Adriatic coast on Italy’s heel, he came to the U.S. in 2000 to join a Bay Area startup, ArrayComm. It was the height of the dot-com bubble, but the firm harked back to Silicon Valley’s earlier era by focusing on hardware. With an eye on the maturing cellphone market, the company envisioned cellular systems Mr. Flore believes foreshadowed 5G: “many antennas, and beamforming.”
But ArrayComm and other telecom startups lacked the scale to turn their ideas into workable products. So after four years, Mr. Flore moved down the California coast to join his friend and countryman Lorenzo Casaccia at Qualcomm. “I said, ‘I’ll go for a startup and I’ll change the world,’ ” Mr. Flore recalls of his decision to join ArrayComm. “But the startup failed, and Lorenzo said, ‘OK, come. Enough playing with changing the world—come with me and change it for real.’ ” (Mr. Casaccia is still with Qualcomm, where he’s vice president of technical standards.)
Mr. Flore describes Qualcomm as “an R&D engine, fundamentally—as much as we are a maker of chips and so on.” Sales of that chip technology have caused controversy lately: The Federal Trade Commission is suing Qualcomm over its licensing methods, and last month the company settled a suit brought by Apple on the same issue. From Mr. Flore’s perspective, those licensing fees support “R&D in all of these vectors of innovation in big cellular systems.”
Even a research giant like Qualcomm can’t drive cellular technology on its own. To ensure that a given device can access the network anywhere in the world, every company in the business must accord with a set of shared technical specifications. To “keep things evolving, at the pace of every year or year and a half,” Mr. Flore says, Qualcomm and hundreds of other firms collaborate through the 3rd Generation Partnership Project. Founded in 1998, 3GPP is the organization that devises standards for cellular communications across the world’s major markets: North America, Europe and Asia.
“It’s kind of a huge human endeavor, with thousands of people involved,” Mr. Flore says. Eighteen working groups with hundreds of engineers meet about six times a year in cities around the world. “Usually not in tier-1 cities, as they are expensive,” Mr. Flore notes. “But that makes it fun. I have visited cities in the Midwest or in the middle of China I would have probably never seen otherwise.”
Inevitably 3GPP features frequent conflict. Engineers disagree about the best technical solutions, and firms jockey to give their own systems an advantage. In one recent dispute, Huawei and other Asian companies pushed a technique called polar coding, in which they have led development, while Qualcomm preferred low-density, parity-check coding, a method pioneered in North America and Europe. “Both LDPC and polar codes have been included in the standard” says Mr. Flore, who wasn’t directly involved in the matter. Yet analysts describe the outcome as a win for Huawei, because polar codes have never filled such an important and lucrative role.
The structure of 3GPP allows cooperation to emerge among competitors. Chairmen are chosen by secret ballot “so that people elect someone they trust,” and “delegates do not always go with the company guidance for voting.” The influence of government is similarly limited. “Of course 3GPP has to comply with local regulations,” Mr. Flore says, and “some governments put their own security requirements.”
But he adds that market incentives go a long way toward ensuring secure designs. “It would be very, very tough if everybody made a huge investment, and then after three years somebody breaks the security of a 3GPP system.” Mr. Flore says security has “worked very well in the past, but we don’t take it for granted.” As “a massive amount of things are connected around us,” engineers have devoted increasing effort to “the security and integrity of the systems.”
Now in the hands of the carriers, 5G deployment will unfold at an uneven pace, and game-changing applications will come in bursts. Under his unzipped hoodie, Mr. Flore’s T-shirt announces: “5G is here.” But he’s the first to admit no one knows exactly what that will mean. “There’s lots of discussion,” he says, “about what’s going to be the ‘killer app.’ But I have a great track record, like everyone else in the industry, of being wrong 90% of the time.”
As a wireless developer, Mr. Flore sees his role as merely to make a “more powerful, flexible platform” for an endless range of product makers to build on. Instead of great leap forward, expect 5G to provide incremental improvements, and remember that the wireless industry has always developed, as Mr. Flore says, “in such an unpredictable way.”
Mr. Ukueberuwa is an assistant editorial features editor at the Journal.
-
held hostage:
https://baltimore.cbslocal.com/2019/05/16/baltimore-continues-to-struggle-with-ransomware-attack/
-
held hostage:
https://baltimore.cbslocal.com/2019/05/16/baltimore-continues-to-struggle-with-ransomware-attack/
Strange that such a well run city should have this problem.
-
https://www.forbes.com/sites/daveywinder/2019/05/30/china-prepares-to-drop-microsoft-windows-blames-u-s-hacking-threat/?fbclid=IwAR2fmFxL__00WCYK9ltNkT2qr-uDL9iUKerIx2lD-b24QwvInd32RbEki80#65173d3f2c50
-
Does that mean they will stop pirating their software?
There were estimates some years ago that if China paid for all the software, music and movies they stole from the US there would be no trade deficit.
-
https://interactive.pri.org/2018/03/russian-meme/index.html
-
experts calm fears -> no problem . :roll:
https://www.bloomberg.com/news/articles/2019-06-19/threat-of-gps-spoofing-for-autonomous-cars-seen-as-overblown?srnd=premium
-
https://www.reuters.com/article/us-cyber-telecoms-cybereason-idUSKCN1TQ0BC?utm_campaign=trueAnthem%3A+Trending+Content&utm_content=5d11b503704ea700019098f5&utm_medium=trueAnthem&utm_source=facebook&fbclid=IwAR1pv9pessfNfrCG5kJSGAi_qaOxBg0jEx8IQ8oYuULYg-jCddxAfm2nKPE
-
https://www.defenseone.com/technology/2019/07/report-pentagon-should-assume-us-satellites-are-already-hacked/158215/?oref=defenseone_today_nl
-
https://www.defenseone.com/technology/2019/07/report-pentagon-should-assume-us-satellites-are-already-hacked/158215/?oref=defenseone_today_nl
I am going to go with a YES.
-
The U.S. Unleashes Its Cyberweapons
An executive order by U.S. President Donald Trump has shifted the focus of the Pentagon's cyberwar doctrine from defense to offense.
The United States has made a strategic shift toward a more aggressive stance of conducting offensive cyberattacks to achieve strategic and tactical objectives.
The change has been years in the making, shaped by the unique architecture of cyberspace and on continued cyberattacks that have necessitated a shift in strategy by several Western powers toward incorporating offensive capabilities.
With the United States increasingly viewing the world through the lens of competition with China and Russia, the shift in strategy to incorporate the increasing use of offensive cyberoperations is likely to be permanent.
In late June, an Iranian missile knocked a U.S. unmanned aerial vehicle (UAV) on a reconnaissance mission out of the sky and into the Gulf of Oman. The shootdown sent ripples of concern throughout the Persian Gulf that the incident could lead both countries down a path to greater conflict. But the U.S. military response barely made a splash. That's because instead of a conventional airstrike against Iranian forces, the U.S. response came in the form of a cyberattack targeting missile command and control systems of the Islamic Revolutionary Guard Corps.
That response heralded a fundamental shift in the U.S. approach to cyberwarfare. The likely tactical objective of the retaliation was to degrade Iran's ability to carry out similar attacks. It also had a strategic component — deterring it from similar actions. Significantly, the response appeared to mark a first for the United States under new rules meant to streamline the approval process for cyberattacks.
The Big Picture
Over the past three years, the United States has substantially refocused its defense posture to deal with emerging threats from what the White House calls "revisionist" powers Russia and China. One critical piece of the puzzle has been a shift in U.S. cybersecurity strategy to prioritize the response to threats from its near-peers and other state actors.
Whether the response achieved U.S. tactical objectives isn't clear; future Iranian actions will provide a measure of the success of its strategic goals. Whatever the outcome, the U.S. response itself marks a shift in the country's cyberwar strategy. The White House has not been shy about expanding the U.S. cyberwar capabilities, nor has it shied from the idea of taking the offensive in cyberspace. This was, after all, a central part of the 2018 National Cyber Strategy; such considerations will outlive the administration of U.S. President Donald Trump.
A Shift Years in the Making
Over the past two decades, the U.S. approach to cyberspace has evolved in parallel with the emergence of the technology as a key defense and commerce platform for state and nonstate actors alike. The rising stature of the U.S. Cyber Command tracks with the increasing focus on cyberspace at the Pentagon. The organization, which originated as a joint task force, became a subunified command under U.S. Strategic Command in 2009. In May 2018, U.S. Cyber Command was split off into its own separate unit. That was, in part, a culmination of U.S. thinking about exactly how cyberspace fit into its overall defense strategy. Historically, the primary U.S. concern centered on protecting the country's critical infrastructure – both civilian and military — an understandable objective. Indeed, the overall strategy in cyberspace pursued under former President Barack Obama had three pillars: raising the level of U.S. cyberdefense, deterring malignant cyberactivity aimed at the United States, and developing effective response and recovery from attacks. This paradigm is based on the concept of defending the United States, not on executing attacks abroad.
That said, the United States has not refrained from cyberspace offensives in the past, nor has it neglected to develop its offensive capabilities. The United States is strongly suspected of involvement in the 2010 Stuxnet virus attack that crippled the Iranian nuclear program. It also was rumored to have explored ways to use cyberwar techniques to sabotage the North Korean ballistic missile program. By their nature, classified programs such as these are difficult to verify, and there are often strategic reasons that the United States would refrain from publicizing such an attack. It would, for example, be more advantageous to allow the Iranians or North Koreans to believe that their own error caused the failure of a nuclear centrifuge or a missile test.
It has become quite clear to many strategists that the classical concept of strategic deterrence has its limitations in cyberspace.
For the most part, however, the U.S. posture toward cyberspace was more defensive in nature and focused on strategic deterrence. The United States calculated that the perception of its retaliatory capabilities would make adversaries think twice before launching significant attacks targeting it. Leaks by National Security Agency contractor Edward Snowden detailing U.S. cyberactivity and the tools that the agency has at its disposal only reinforced the views of U.S. capabilities. In many ways, the split of U.S. Cyber Command away from Strategic Command, which oversees strategic deterrence, is emblematic of the shift in U.S. posture in cyberspace from defense toward what has been described as "persistent engagement."
In its 2018 Command Vision, the cyber command lays out its objective that the United States must "defend forward as close as possible to the origin of adversary activity, and persistently contest malicious cyberspace actors to generate continuous tactical, operational, and strategic advantage." This belief was reinforced in the Trump White House's first full National Cyber Strategy released in September. If fully implemented, the strategy would entail frequent cyberactivity against aggressors in cyberspace — and in the case of the response after Iran's downing of the UAV, a willingness to retaliate for physical attacks through cyberwarfare.
A Change in Global Dynamics
While it may be easy to connect the more aggressive cybersecurity posture of the United States with Trump's America First strategy, multiple drivers have pushed the country in that direction.
It has become quite clear to many strategists that the classical concept of strategic deterrence has its limitations in cyberspace. While U.S. adversaries certainly calculate that a significant cyberattack against the United States could draw a U.S. response, they also know the difficulties of attributing those attacks to a specific state actor. That's why countries with such intent in cyberspace, including Russia, Iran and China, often employ nonstate actors to carry out offensives against the United States and its allies, giving them a higher degree of plausible deniability. This makes it difficult to rely on strategic deterrence, in which an adversary desiring to launch a cyberattack must first assess the probability of counterattack. This is why disruption, as opposed to deterrence, has become a more appealing option for U.S. strategists.
From an empirical perspective, the concept of deterrence hasn't held up in recent years, as the United States has faced dozens of state-backed cyberattacks from virtually every one of its adversaries. For Russia, online disinformation campaigns, of which its activities during the 2016 U.S. general elections are but one example, are extensions of its decades-old military strategy. But it does not limit its cyberspace activities to the shaping of perceptions. Its other cyberwar operations include a series of attacks testing the defenses surrounding critical U.S. infrastructure, including operations, still likely ongoing, targeting the U.S. electricity grid and its operators. While China has yet to carry out the same level of sophisticated disinformation campaigns as Russia, Chinese cyberattacks against U.S. infrastructure and network probes continue to be a key U.S. concern – although publicly released information detailing its activities is understandably rare. The simple fact is that, short of preventing a significant loss of life or economic activity, China's and Russia's actions show that the U.S. doctrine of deterrence has not held at the lower and middle levels. This same dynamic persists for North Korea and Iran – both of which have pursued actions targeting the United States in cyberspace despite the threat of retaliation. As the United States repositions its national strategy to focus more on the competition with other peer or near-peer powers like Russia and China, a shift in thinking on cyberspace has become almost a necessity. Both have shown a repeated willingness to take on the United States in cyberspace, making it necessary for the Pentagon to develop a holistic strategy to counter their actions. And in the event of a war, the United States will need to have offensive cybertools at its disposal. Malware, backdoors and other code needed to implement a cyberattack can't necessarily be developed and deployed on the fly. So if the United States wants to tap that option at a moment's notice, it will need to preemptively probe its adversaries' defenses and install the needed components before the outbreak of conflict.
Although Iran is not a true U.S. peer in the sense of equal international power, it should come as no surprise that offensive U.S. cyber doctrine is extending to the Islamic republic. The U.S. cyberattack on Iran was clearly designed to degrade its capability to launch future attacks. This is thought to have been the first publicly acknowledged attack under new guidelines that the Trump administration put into place last year to streamline the approval process for conducting cyberattacks on U.S. adversaries, and it came just hours after the UAV was shot down — a testament to the Trump-era policy regarding cyberoffensives.
In August 2018, Trump issued an order reversing an Obama-era policy establishing intricate rules for an interagency process that must be followed before the United States could launch a cyberattack. After the reversal was publicly acknowledged, U.S. national security adviser John Bolton trumpeted the fact that the United States was no longer limited in its ability to carry out cyberoffensives. He has since delivered not-so-subtle messages aimed at Russia and China that the United States would go on the offensive in cyberspace. Trump's new marching orders, as outlined in the secret National Security Presidential Memorandum 13, are thought to grant the Pentagon greater authority to conduct cyberattacks – and to conduct hacks to set up those attacks – while reducing oversight by other U.S. agencies, like the State Department. That memo is also thought to give the Defense Department greater authority to act without presidential approval – a tactical necessity in a future hypothetical conflict between the United States and a near-peer power. While the cyberattack on Iran was publicly acknowledged, other U.S. efforts in this area have not been. The New York Times reported in June that the United States has stepped up attempts to penetrate the cybersecurity surrounding Russia's electric power grid, although U.S. officials have denied it.
The United States is not the only Western country developing its offensive cybercapabilities. In January, France unveiled a strategy shifting its own posture away from an "active defense" to incorporate offensive cyberoperations. It also announced a budget increase to expand its cyberwarfare force and said that France will not be scared of using offensive cyberoperations in the future. In 2018, The United Kingdom announced plans to create a new 2,000-strong offensive cyberforce to, in part, deal with the emerging threat from Russia. In 2013, the United Kingdom became the first Western country to announce that it had developed offensive cyberweapons. NATO, which indicated it will not conduct offensive cyberoperations itself, has said that that it would integrate and coordinate the activities of its member states.
In announcing the cyberattack in retaliation for Iran's kinetic attack on a U.S. drone, the United States has announced to the rest of the world that it will make full use of its cyberspace capabilities and will carry out offensive operations if need be. The rules and norms governing such activity in cyberspace among the United States, Russia and China will continue to evolve over time. This will invariably lead to the question of how such norms will be established, but thus far, the three leading cyberpowers have shunned the idea of talks over the topic, even grinding Europe-led and U.N.-led processes for establishing them to a halt. It is unlikely that even a clear set of norms governing cyberspace — much less a broad treaty — will occur, unless they are narrowly focused (such as a promise to refrain from attacks targeting one another's nuclear command and control systems). So with a click of the mouse, the United States has shown that it is now willing to take the gloves off in cyberspace.
-
Security and the 'Holographic Society'
By Eric B. Schnurer
Board of Contributors
Eric B. Schnurer
Eric B. Schnurer
Board of Contributors
A NATO training center conducts an exercise on cyberwarfare and security on June 22, 2017, in Bydgoszcz, Poland.
(JAAP ARRIENS/NurPhoto via Getty Images)
Contributor Perspectives offer insight, analysis and commentary from Stratfor’s Board of Contributors and guest contributors who are distinguished leaders in their fields of expertise.
Highlights
The very distinction between the virtual and physical worlds is itself dissolving. Is it time we started thinking about security in the physical world as we do in cyber?
Successful attacks cannot be entirely prevented but can be survived by building multiple pathways so the enemy cannot take down the entire system.
Every point in the network has access to the information, so it can, as a practical matter, never be destroyed or altered, something like a hologram. In that way, blockchain essentially models the logic of “defense” as dispersion and redundancy.
"Distributed" rather than concentrated systems are more survivable and secure in the real world, not just the virtual: To the extent that our concern is purely physical survival, even then, the more dispersed or redundant a population, an economy or a culture, the less a physical attack on it will make any sense.
Cyberattack is slowly becoming the preeminent form of international engagement, so much so that it's simply been assumed that current U.S. retaliation against Iran includes cyberattacks. That just makes it part of an ongoing, "larger pattern of cyber exchanges" between the two adversaries, as Brandon Valeriano and Benjamin Jensen phrased it recently in The Washington Post — and of the growing presence of cyber operations in global conflict.
The cyber world is dissolving distinctions between war and non-war, between what's "inside" a country and what's outside it, between the state and society. In fact, the very distinction between the virtual and physical worlds is itself dissolving. So perhaps we ought to be thinking about security in the physical world as we do in cyber.
North Korea's hack of Sony, the U.S.-Israeli Stuxnet attack on Iran's nuclear centrifuges and Russia's shutting down a civilian Ukrainian power plant through hacking as part of its invasion of Crimea all produced real-world, physical damage. Russia and the Islamic State have penetrated U.S. computer systems to explore the possibility of hacking dams to implode them or nuclear plants to explode them. Additionally, The New York Times recently reported that the United States is striking an increasingly offensive cyber stance by implanting sleeper code deep into the control systems of the Russian grid in case of future hostilities. Simply knocking out the internet, without any other direct physical violence, would disrupt practically every aspect of modern life, causing untold deaths and physical suffering. In sum, it's not at all clear that there's a meaningful distinction to be made anymore between "security" and "cybersecurity" — or "defense" and "cyberdefense."
One result is that cyberwar and cyberdefense are not just military, or even public sector, issues. As Benjamin Wittes and Gabriella Blum argue in The Future of Violence, the technology democratizing threats also democratizes defense, "distributing" the nation-state's activities across a wider range of actors — notably private sector providers of the "pipes," both traditional utilities and information technology, upon which modern society now depends. "It's very difficult to draw the line," Liina Areng, who helped oversee the cybersecurity of the entire cyber-dependent Estonian government, told me. Technology has not just expanded the battlefield to all actors in all places, as Wittes and Blum describe, destroying the distinctions between what's a military and a nonmilitary asset — and what's "inside" a country and what's not — it has also diluted time, making every moment an opportunity for, and threat of, conflict. Because cyberattacks can occur without invoking the same responses as physical attacks and incursions, they are occurring right now between global combatants, constantly, as you read this.
Virtual conflict, in short, is occurring everywhere, all the time.
A Lesson From a Former Soviet Republic
Once a small independent country until forcibly incorporated into the Soviet Union in the mid-20th century, Estonia reestablished its independence in 1991 as the Soviet Union imploded. It found itself, like many former Soviet republics, with a moribund economy and antiquated infrastructure. But, fatefully, Estonia set a goal of becoming the world leader in information technology by the end of the decade. Today, Estonia has the world's fastest and most widespread Wi-Fi, and almost the entire economy and all government services — from elections to tax collections, to the national health care plan — are online. Its "e-resident" program allows it essentially to export its government worldwide to virtual Estonians.
Being the most virtual country in the world, however, also made Estonia the most vulnerable to a virtual attack. Such an attack, widely regarded as the world's first, came in early 2007, with Russian hackers disrupting the country's public and private sectors for several days before order was restored. Estonians still anticipate further attacks from Russia — including outright invasion. The government, therefore, has placed all its operations on servers throughout the world — and is looking to move them to satellites beyond earth — so that it could continue operating as a country "in the cloud" without a physical foothold in Estonia. For all these reasons, Estonia has become the world leader in cybersecurity and home to NATO's cyber defense center of excellence.
Successful attacks cannot be entirely prevented but can be survived by building multiple pathways so the enemy cannot take down the entire system.
Both military and civil defense, Areng said, "are really about resiliency, building redundancy and information-sharing." In our conversation, Areng returned repeatedly to redundancy and resiliency as the keystones of both cyber and physical security: the idea that successful attacks cannot be entirely prevented but can be survived by building multiple pathways so the enemy cannot take down the entire system.
This concept, now common in the cyber world, goes back to the Cold War: The U.S. telecommunications system stood out as a likely target in the event of war with the Soviet Union. The traditional approach called for "hardening" the target — for instance, investing in "a nuclear-resistant buried cable network (costing) $2.4 billion," writes Andrew Keen in his book, The Internet Is Not the Answer. However, a young Rand analyst named Paul Baran had a different idea, a "user-to-user rather than … center-to-center operation," a "distributed network" that "would be survivable in a nuclear attack because it … would have no heart, no hierarchy, no central dot."
The answer was the internet, the title of Keen's book notwithstanding. Societies tend to conceptualize their worlds based on their technologies: In an age of increasingly precise machinery, social and economic activity was conceived as mechanistic, and both corporate and government entities came to reflect the factory; in the postwar era, not just the technology of the computer but a philosophy of computer-like analysis increasingly gained ascendance over economic and political decision-making and structures. The internet and, consequently, the economics of networks, networks as decision-making systems and netwar as the framework of conflict, structure today's thinking.
Rendering an Attack Pointless
The next model is, likely, blockchain technology, in which information is distributed across millions of computers — every point in the network has access to the information, so it can, as a practical matter, never be destroyed or altered, something like a hologram. In that way, blockchain essentially models the logic of "defense" as dispersion and redundancy. Increasingly, then, dispersion — making potential targets "softer," or more ephemeral and diffuse, rather than "harder" — is becoming the modern strategy to render attack pointless.
Physical destruction matters less and less in an increasingly virtual economy. Killing people and occupying their territory are not the most productive economic or military objectives anymore. Many future-of-war theorists believe that conflict will rarely involve the physical any longer, but rather attempts to "win" by controlling virtually either their rivals' politics (as Russia has arguably succeeded in doing to the United States since 2016) or their economies without seizing direct physical control over people and territory. As Lauri Aasmann, chief of the NATO cyberwar center's law and policy branch, told me, "there's a disincentive for taking down an entire cyber system." As an aggressor, eventually "you want to use it (yourself) for propaganda and espionage purposes."
"Distributed" rather than concentrated systems are more survivable and secure in the real world, not just the virtual: To the extent that our concern is purely physical survival, even then, the more dispersed or redundant a population, an economy or a culture, the less a physical attack on it will make any sense.
American culture, values and economic products are increasingly difficult to destroy. The United States is the epitome of the "holographic" society.
Can one, in any event, actually "virtualize" or "distribute" a country? Estonia is sure trying. But to a greater extent than we generally appreciate, the United States already has done so: American culture and values are ever more broadly dispersed, having essentially conquered the world. The great global conflict today is not between countries so much as between two cultures that cross, and coexist within, existing national borders — one culture is as fluid and amebic as the technology on which it rests, while the other is based on "harder" technologies and harder borders and is reacting against the spread of the former. The United States is not only the nation most enmeshed in this emerging supranational world: It is the one that has done the most to create and shape it — and has done so largely in its own image.
A physical attack on the United States might lower the quality of cinema worldwide, depending on whether the gap is filled primarily by France or Bollywood, but it's hard to see how it would stop all the other ways in which "America" largely dominates the world. Even if the United States were destroyed as a physical or governmental entity, American culture, values and economic products are increasingly difficult to destroy. The United States is the epitome of the "holographic" society.
In the siege mentality sweeping much of the world, including President Donald Trump's "American carnage" worldview, safety lies only within territorially defined, demographically homogeneous nations with autochthonous economies and not just firm, but also largely impenetrable, borders that keep all threats at bay. This outlook may have it backward, however, putting America and its interests at greater risk. Physical security as well as cybersecurity in the 21st century increasingly lie not in becoming a fortress nation, but in doubling down on being a holographic one: promoting greater global integration, sending our people and products abroad more aggressively, and welcoming a more diverse array of the rest of the world's peoples and products within our national borders.
-
National Security Concerns Threaten Undersea Data Link Backed by Google, Facebook
U.S. firms and Chinese partner have sunk hundreds of millions of dollars into Los Angeles-Hong Kong cable project
The U.S. has never denied an undersea cable license on national security grounds. Above, a SubCom cable-laying ship. Photo: SubCom
By Kate O’Keeffe and
Drew FitzGerald in Washington and
Jeremy Page in Beijing
Updated Aug. 28, 2019 10:15 am ET
U.S. officials are seeking to block an undersea cable backed by Google, Facebook Inc. and a Chinese partner, in a national security review that could rewrite the rules of internet connectivity between the U.S. and China, according to people involved in the discussions.
The Justice Department, which leads a multiagency panel that reviews telecommunications matters, has signaled staunch opposition to the project because of concerns over its Chinese investor, Beijing-based Dr. Peng Telecom & Media Group Co., and the direct link to Hong Kong the cable would provide, the people said.
Ships have already draped most of the 8,000-mile Pacific Light Cable Network across the seafloor between the Chinese territory and Los Angeles, promising faster connections for its investors on both sides of the Pacific. The work so far has been conducted under a temporary permit expiring in September. But people familiar with the review say it is in danger of failing to win the necessary license to conduct business because of the objections coming from the panel, known as Team Telecom.
Team Telecom has consistently approved past cable projects, including ones directly linking the U.S. to mainland China or involving state-owned Chinese telecom operators, once they were satisfied the company responsible for its U.S. beachhead had taken steps to prevent foreign governments from blocking or tapping traffic.
If the U.S. rejects Pacific Light’s application, it would be the first time it has ever denied an undersea cable license based on national security grounds, and it could signal regulators are adopting a new, tougher stance on China projects.
The threat of a failed approval process reflects growing distrust of Chinese ambitions and comes amid escalating tensions between China and the U.S., part of a broad rivalry between the world’s two largest economic powers. A prolonged trade conflict has each side affixing tariffs on hundreds of billions of dollars in goods flowing between the two countries, while Washington has sought to blunt Beijing’s ambitions to expand military and economic influence in Southeast Asia, the Pacific, Africa and elsewhere.
A number of U.S. officials—as well as some from allied countries—also have been waging a high-profile campaign to exclude China’s Huawei Technologies Co. from next-generation mobile networks, and to limit its role in the undersea cable networks that ferry nearly all of the world’s internet data.
The Pacific Light project cost at least $300 million to build based on its route, according to consultants who advise companies on subsea cable construction. Companies like Google and Facebook have spent the past decade funding similar cables to handle ever-growing network traffic between the U.S. and Asia. The new link to Hong Kong would give them greater bandwidth to a major regional internet hub with links to growing markets in the Philippines, Malaysia and Indonesia as well as mainland China.
While U.S. security officials have openly targeted Huawei’s operations in the airwaves, they have been less vocal about another potential security threat: its undersea cables. Experts say in theory these cables could enable China to spy. Photo: George Downs/The Wall Street Journal
Team Telecom’s concerns over Pacific Light include Dr. Peng’s Chinese-government ties and the declining autonomy of Hong Kong, where pro-democracy protesters have been holding massive demonstrations for months against Beijing’s efforts to integrate the territory more closely. Dr. Peng is China’s fourth-biggest telecom operator. Listed in Shanghai, the private firm serves millions of domestic broadband customers. In the past, a cable link to Hong Kong would have been viewed as more secure than one to mainland China, but the distinction is becoming less relevant, these people say.
Proponents of the project say its approval would give the U.S. better oversight over the data that flows through the cable because Team Telecom could advise the FCC to force the companies to agree to certain conditions to protect security. Even if the U.S. thwarts this particular cable, the need for greater data capacity will still exist, and that data will just find its way through other cables that aren’t necessarily within the U.S.’s jurisdiction, they say.
The Internet’s Undersea Arteries
Roughly 380 active submarine cables carry almost all the world’s intercontinental internet traffic via about 1,000 landing stations.
Team Telecom last year reversed its long-held stance on Chinese applications to provide telecom services through U.S. networks, and recommended for the first time the denial of an application based on national security and law-enforcement concerns. In May, the Federal Communications Commission adopted the recommendation that came after years of deliberation, voting unanimously to deny an application from China Mobile Ltd. ’s U.S. arm even though it had previously approved applications from fellow state-owned operators China Telecom and China Unicom .
Though the FCC makes the final decision on whether to grant a license for the Pacific Light project, it has historically deferred to recommendations from Team Telecom after its members coalesce around a unified view. The ad hoc group has no resolution mechanism in the event of a dispute. It isn’t known how strongly other members of the team, including the Defense and Homeland Security Departments, feel about the issue.
Should the Justice Department hold firm in its opposition and win support from other Team Telecom members, the group’s negative view would likely kill the project. If other team members decide to fight the Justice Department on the issue—and it refuses to back down—any approval could be delayed indefinitely, leaving the project in limbo. It is possible regulators might extend the temporary permit in the interim. Team Telecom, meanwhile, could still recommend the FCC approve the project if the Justice Department changes its position.
Pacific Light Data Communication Co., the Hong Kong company managing the cable project, said it has already installed more than 6,800 miles of the cable system, which will be ready for service by December or January. Senior Vice President Winston Qiu said he hadn’t heard of any U.S. regulatory problems. “We didn’t hear any opposition,” he said.
Share Your Thoughts
What are your thoughts on the U.S. citing national security concerns as a reason for possibly stopping this venture? Join the conversation below.
Dr. Peng didn’t respond to emailed and faxed requests for comment. Repeated calls to its offices and those of its subsidiaries and biggest shareholder went unanswered.
A Google spokeswoman said the company has “been working through established channels for many years in order to obtain U.S. cable landing licenses for various undersea cables. We are currently engaged in active and productive conversations with U.S. government agencies about satisfying their requirements specifically for the PLCN cable.” A Facebook spokeswoman declined to comment.
A Justice Department spokesman declined to comment on the project and said its reviews and recommendations are “tailored to address the national security and law enforcement risks that are unique to each applicant or license holder.” The Pentagon referred questions to the Justice Department as the team’s lead agency. Spokesmen for the Department of Homeland Security and the FCC declined to comment.
The Pacific Light project has taken an atypical path. Google owner Alphabet Inc. teamed up with Facebook in 2016 to provide its U.S. financing, adding to the tech companies’ growing inventory of internet infrastructure. Google took responsibility for its U.S. landing site. The Hong Kong end fell to a company controlled by a mainland Chinese real-estate magnate that had only recently entered the telecom sector.
The Chinese partner later sold its majority stake in the project to Dr. Peng, a company with interests in telecom, media and surveillance technology. In 2014, Dr. Peng signed a strategic cooperation agreement with Huawei to jointly research cloud computing, artificial intelligence and 5G mobile technology, according to an exchange filing. Dr. Peng’s website lists Huawei as a partner.
Dr. Peng’s chairman, Yang Xueping, is a former Shenzhen government official, according to the company’s website, and its subsidiaries have worked on several projects with government entities, including building a fiber-optic surveillance network for Beijing police, its website and filings show. Last year, Dr. Peng said in an exchange filing that two wholly owned subsidiaries had been fined 2 million yuan ($279,000) after some of their executives were convicted of bribing Chinese officials in connection with Beijing police projects.
—Xiao Xiao in Beijing contributed to this article.
Write to Kate O’Keeffe at kathryn.okeeffe@wsj.com, Drew FitzGerald at andrew.fitzgerald@wsj.com and Jeremy Page at jeremy.page@wsj.com
-
U.S. Targets North Korean Hacking as Rising National-Security Threat
For Pyongyang, cyber prowess is crucial source of revenue, political leverage
North Korean leader Kim Jong Un’s willingness to talk about denuclearization may stem from a belief that the country’s cyber arsenal can partially supplant its weapons as a threat to other nations. Photo: KCNA/KNS/Associated Press
By Ian Talley and
Dustin Volz
Sept. 15, 2019 7:00 am ET
WASHINGTON—New U.S. sanctions against North Korean hackers and revelations about North Korean malware show how Pyongyang’s cyber operations have become a crucial revenue stream and a security threat that soon could rival its weapons program, U.S. and industry officials say.
North Korea’s hacks of financial systems and critical infrastructure world-wide reveal sophisticated cyber capabilities developed to counter global sanctions and expand Pyongyang’s geopolitical power, according to these officials.
The U.S. Treasury Department, in blacklisting the three hacking groups allegedly run by North Korea’s primary intelligence service, said Friday they collectively were responsible for operations across 10 countries, stealing hundreds of millions of dollars from banks and cryptocurrency exchanges, pilfering military secrets, destabilizing infrastructure and intimidating adversaries.
Attacks that cyber experts suspect were orchestrated by North Korea are becoming more frequent.
Treasury says one collective, called Lazarus Group, and two subsidiaries, known as Bluenoroff and Andariel, have stolen around $700 million in the last three years and have attempted to steal nearly $2 billion.
U.S. security officials and cyber experts say those sums of money likely underrepresent the amount of cash Pyongyang’s hackers have secured. United Nations investigators last month tallied proceeds from all reported operations, including those carried out by other North Korean hacking groups, at $2 billion in recent years. Some thefts likely aren’t reported to authorities for fear of embarrassment and exposure, a senior U.S. official said.
North Korean officials didn’t respond to a request for comment but historically have denied accusations of engaging in malicious cyber activity.
Treasury said it also has been working with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, as well as with the U.S. military’s Cyber Command in recent months to disclose malware samples to private industry. Last week, under its North Korean malicious cyberactivity rubric “Hidden Cobra,” the administration issued a public alert about a new version of malware dubbed “ELECTRICFISH” that burrows into victims’ computers to steal data.
Senior administration and industry officials say that many reported, but not publicly disclosed, attacks on banks and other companies bear hallmarks of North Korean involvement.
“Though these operations may fund the hackers themselves, their sheer scale suggests that they are a financial lifeline for a regime that has long depended on illicit activities to fund itself,” said John Hultquist, director of intelligence analysis at the U.S. cybersecurity company FireEye Inc.
Cyber Command ranks North Korea’s capabilities along with China, Russia and Iran as top strategic threats to U.S. national security.
Underscoring the geopolitical leverage its hacking abilities give Pyongyang, industry experts say North Korean leader Kim Jong Un ’s willingness to at least talk about denuclearization over the past year may be from a belief that the country’s cyber arsenal can partially supplant its weapons as a threat to other nations.
U.N. investigators and members of a North Korean defectors group in South Korea say the North’s hackers are carefully selected and groomed at an early age by the military and secret services and given specialized training. Photo: Wong Maye-E/Associated Press
“North Korea’s cyber operations broaden the Kim family regime’s toolkit for threatening the military, economic, and even the political strength of its adversaries and enemies,” said Mathew Ha and David Maxwell, North Korean experts at the Foundation for Defense of Democracies, a Washington nonpartisan think tank, in a report.
With the U.N. and U.S. squeezing traditional high-value revenue streams such as North Korean coal exports, the hacking operations appear to be so lucrative for the cash-hungry regime that cybersecurity experts say it is unlikely Pyongyang will be pressured through sanctions into curtailing its malicious behavior.
U.S. officials say their investigations show that some of the money from cyber-theft is channeled into Mr. Kim’s nuclear weapons and ballistic-missile programs. Cyber-enabled heists also have become an essential source of revenue keeping the regime in power and insulating the economy from the global sanctions meant to force Pyongyang into giving up its weapons of mass destruction, U.S. and U.N. officials say.
In addition, North Korea’s cyberattacks generate income in ways that are harder to trace than many of its other illicit activities, U.N. officials said in a report last month. The U.N. is investigating at least 35 reported North Korean cyberattacks across five continents targeting banks, cryptocurrency exchanges and mining companies.
The Trump administration previously has blamed the Lazarus Group for the WannaCry worm, which was unleashed in 2017, infecting more than 300,000 computers in more than 150 countries, crippling banks, hospitals and other companies. The Justice Department last year charged a North Korean operative, Park Jin Hyok, and unnamed co-conspirators, tying them to the WannaCry work, the 2014 hack on Sony Pictures and the $81 million stolen from Bangladesh’s account at the Federal Reserve Bank of New York in 2016.
It was only a typo in the Bangladesh heist that prevented the hackers from stealing $851 million they planned to transfer, officials say.
Since the beginning of 2019 alone, North Korean agents have attempted five major cyber-thefts world-wide, including a successful $49 million heist from an institution in Kuwait, according to the U.N.
U.N. investigators and members of a North Korean defectors group in South Korea say the North’s hackers are carefully selected and groomed at an early age by the military and secret services and given specialized training.
North Korean cyber collectives often use a variety of different schemes for revenue generation, as well as lay the groundwork for future hacks, according to experts on North Korea and cybersecurity.
U.S. intelligence, security companies and North Korea watchers say that while they believe many of the freelance operations are largely for revenue-generation purposes, they also represent a major threat because of their infiltration of Western security systems.
They do so by working as software programmers who contract their services through freelance platforms, concealing that they are North Korean agents.
Many companies rely on the freelance software platforms where “there’s no vetting process or validation to ensure you’re not working with sanctioned entities,” said a top official at a private technology company that sells its products to the U.S. government and other Western allies.
Write to Ian Talley at ian.talley@wsj.com and Dustin Volz at dustin.volz@wsj.com
-
https://www.theepochtimes.com/china-involved-in-a-quarter-of-significant-cyber-incidents-in-past-year-report-says_3080899.html?utm_source=Epoch+Times+Newsletters&utm_campaign=2b5a469fac-EMAIL_CAMPAIGN_2019_09_14_06_00&utm_medium=email&utm_term=0_4fba358ecf-2b5a469fac-239065853
-
https://www.npr.org/2019/09/26/763545811/how-the-u-s-hacked-isis?utm_campaign=storyshare&utm_source=facebook.com&utm_medium=social&fbclid=IwAR0rdboHmjka2By08Nz3JaR105xSiMWIvQXviJSYNIccpA0ACx-Wnxiewhw
-
In the War Against Chinese Tech, the U.S. May Go It Alone
By
Phillip Orchard -
July 8, 2019
Open as PDF
Summary
The United States has been on a crusade to block Chinese tech firms out of the development of 5G networks. Its allies, big and small, are reluctant to fall in line as they weigh the potential political and military costs of bucking Washington’s demands against the dollars-and-cents cost of excluding tech companies like Huawei. Ultimately, few countries are likely to adopt a blanket ban on Chinese tech. But it may not matter if the U.S. proves willing and capable of crippling Chinese tech firms unilaterally.
For much of the past half a decade, the U.S. has warned that trouble awaits countries that build their fifth-generation, or 5G, mobile networks with Chinese technology. Fearing that the proliferation of Chinese telecommunications infrastructure would give Beijing unprecedented cyberespionage and network sabotage capabilities, the Trump administration has since tightened the noose, moving gradually to ban Chinese software and equipment – and even foreign tech made or designed in China – from U.S. networks. It wants friends and allies across the globe, on whose telecommunications networks the U.S. military relies, to follow suit. Using Chinese tech was always risky, but the U.S. has threatened to raise the stakes, saying countries that use it could face a future without U.S. military and intelligence cooperation.
This kind of absolutist approach by the U.S. speaks both to just how alarmed it is by China’s creeping telecommunications dominance and how little credence it gives to claims that such threats are manageable. Yet, widespread reluctance to comply with U.S. pressure has raised the question of whether the U.S. is really willing to walk away from the multilateral network of friends and allies it has been cultivating since World War II, with profound potential implications for the global system. But the U.S. won’t have to make this call any time soon. It’s not yet settled whether a blanket ban on Chinese 5G-related tech is really necessary. And U.S. moves to take matters into its own hands and stop Huawei’s rise may well put the whole issue to rest.
Why Other Countries Aren’t Falling in Line
Thus far, the U.S. campaign has found at best mixed success. Only Australia and, to a lesser extent, New Zealand, Japan, Taiwan and Vietnam have come anywhere close to a blanket ban on Chinese telecommunications tech. Elsewhere, responses have ranged generally from “We’re exploring other options, but don’t force us to take an overtly anti-China position” (see: Singapore, South Korea) to “Partial restrictions and careful vetting will be sufficient” (Europe) to “We’ll use as much Huawei tech as we darn well please, so stop nagging us about it” (Malaysian Prime Minister Mahathir Mohammad). Skeptics include the U.K. and Canada – fellow members of the crucial Five Eyes intelligence-sharing network (none of whom, inexplicably, are home to a major Huawei competitor); countries hosting or pursuing major U.S. military bases like Germany, South Korea and Poland; and nominal allies familiar with Chinese aggression like the Philippines. Even the African Union, whose Huawei-wired headquarters reportedly leaked a torrent of data to servers in China every night for five years, recently signed a new cooperation agreement with Huawei.
This reluctance is rooted, above all, in matters of dollars and cents. The physical requirements of 5G make rollouts breathtakingly expensive. It’s not just about upgrading existing cell towers. 5G will operate primarily on high frequency spectrum, which will unleash blistering data processing speeds with exponentially higher traffic capacity, but only at very short range. To ensure network stability and minimize latency, then, it will require a vast and dense network of base stations and antennas, plus millions of miles of new fiber-optic cable. Little of what 5G promises – driverless cars, automation, artificial intelligence, “smart cities,” “the internet of things” and so forth – can be realized without major capital expenditures.
Huawei and ZTE can make the leap to 5G less painful. Just three competitors – Finland’s Nokia, Sweden’s Ericsson and South Korea’s Samsung – are currently capable of delivering a similarly comprehensive suite of network equipment. (The United States’ Cisco and other smaller players will be competitive in narrow segments of 5G systems.) None have Huawei’s ability to achieve economies of scale and its levels of state backing, so it can often undercut its rivals by 20-30 percent. (It’s not a matter of sacrificing quality, either; some Huawei tech is considered the best in the business.) Moreover, the initial phases of 5G rollouts in all but a few countries will be built largely on existing 4G infrastructure – which, in many countries, is already built with Huawei tech. Ripping out all the existing Huawei equipment before upgrading would make the process even more expensive. Vodafone UK, for example, says it would need to replace some 6,000 base stations, costing hundreds of millions of pounds. It would also add costly delays, putting domestic industries behind the curve in developing profitable 5G applications. Germany’s Deutsche Telekom, the largest telecommunications operator in Europe, said a blanket ban on Huawei would set back its 5G roll outs by at least two years.
Poorer and less densely populated countries will benefit the most from Huawei’s cost advantages, of course, but even highly urbanized countries – those best-equipped to develop and reap the economic benefits of 5G applications, and with perhaps the most to lose from delays – aren’t immune. The race to roll out 5G networks is not a winner-take-all contest, despite how it is often portrayed. Still, there are certainly first-mover advantages in the development of new 5G applications, influence over international standards and securing new patents. Even outside the tech world, a firm in any sector – from heavy industry to manufacturing to transportation to healthcare – primed to harness 5G’s power could reap cost and quality advantages over foreign competitors effectively stuck in what might feel like the digital stone age. Add to this the costs associated with potential Chinese economic retaliation and other forms of coercion, and it’s easy to understand why countries insist on exploring protective measures before deciding whether to assume the costs of an all-out ban.
Is a Blanket Ban Really Necessary?
Skeptical governments have relied on four main arguments to explain their reluctance to fully ban Chinese telecommunications firms. Two are falling on deaf ears; two may ultimately gain traction.
The first is that the U.S. has not provided any evidence that Huawei has installed “back doors” into its existing overseas networks or knowingly facilitated state-sponsored cyberespionage. (The U.K.’s Huawei Cyber Security Centre Oversight Board did find defects in Huawei source code and concluded that the firm failed to address security issues in the past, but this doesn’t prove that the company has acted with malicious intent.) Absent evidence, they say, the U.S. is acting primarily on suspicion rooted in its own strategic and trade-related tensions with China – ones that other countries may not share. If the U.S. was really worried about cybersecurity, they say, it wouldn’t have abandoned an Obama-era push to include cybersecurity measures in international 5G technical standards. Nor would the Trump administration be so quick to ease pressure on Huawei and ZTE in the interest of reaching a trade deal with China.
The second argument is that, with proper vetting and oversight, security vulnerabilities in Chinese tech can be detected, obviating the need for a costly ban. To enhance this argument, Huawei has opened up its source code to inspection at security labs it’s established in Brussels, Bonn and the U.K.
To Washington, these two arguments miss the mark. This is, in part, because back doors are largely indistinguishable from common coding errors in network software or firmware, making it nearly impossible to obtain smoking gun evidence of malicious intent. The sheer scale of 5G architecture will also make vetting too slow and expensive, considering the frequency of software and firmware updates involved, to be done thoroughly and regularly. (Modern software testing processes aren’t particularly good at detecting carefully designed back doors, anyway.) Moreover, the full spectrum of potential vulnerabilities with 5G won’t become known for years to come, until its myriad potential applications are developed and until, as expected, tens of billions of “smart devices” are linked into the system. By then, countries may have effectively locked themselves into partnerships with the Chinese. The costs of reversing course would be prohibitive.
To the U.S., then, it’s perfectly rational to want to deprive an adversary of capabilities that might prove dangerous – and to kneecap a company that might act on that government’s behalf. Lack of trust and competing strategic interests have everything to do with it. After all, in the 2000s the U.S. compelled its own tech firms to facilitate government surveillance in the service of national security. It would be naive to expect China to behave any differently, even if you ignored Beijing’s history of coercive activities abroad, the abundance of China-linked cyberattacks, the autocratic nature of the Chinese regime and its national security law requiring firms like Huawei to cooperate.
The other two arguments hint at a possible way for the U.S. and its allies to meet in the middle. One is that, if Chinese tech is limited to the periphery of 5G networks, any damage Beijing could do could be tightly contained. 5G networks consist of a tightly protected “core,” where servers and software execute the most sensitive and crucial functions, and the radio access network equipment (towers, masts, small cells inside buildings and along streets, and so forth) on the “edge” that connect wireless devices to the core.
(click to enlarge)
If China could slip back doors into the core, where encryption keys are stored and authentication functions take place, it could gain unprecedented snooping power and even the ability to shut down key parts of a network altogether. As the dependency of critical infrastructure (including power grids and hospitals) on 5G networks increases, so too would Beijing’s capabilities to conduct crippling sabotage attacks. By comparison, if a Chinese firm slips a backdoor into edge components like, say, the base station or antennas outside your house or the operating system of the phone in your pocket, it could potentially monitor unencrypted data and encrypted metadata or infect user devices with malware, posing a small-scale espionage problem (especially if you happen to be a high-level intelligence target). But it’s doubtful that edge equipment could be used to conduct mass espionage or to bring down large parts of the network.
At this point, governments in France, Germany and the U.K. all plan to ban cheaper Chinese tech from the core but not the edge. Since the edge is where the bulk of new capital investment will be required – and where most Huawei equipment is located in Western 4G networks – this ostensibly makes it possible to harness Chinese cost advantages without incurring Chinese risks. But others, including the U.S. and Australia, say the decentralized nature of 5G networks will erode the distinctions between the core and the edge over time, with edge devices taking on more and more “smart” computing power and sensitive functions. To them, the only sure solution is a blanket ban. Skeptics of this argument say components in an even more decentralized core will still be distinct and protected from edge components.
The final argument is basically that supplier-inserted back doors are just one of a dizzying array of cyber threats facing 5G, and fixating on who makes the equipment addresses the problem too narrowly to justify the cost of a blanket ban. Indeed, this approach could make some cybersecurity challenges harder to address. Any network equipment, whether manufactured in Shenzhen, Silicon Valley or Sarawak, will inevitably be laced with exploitable security flaws, and the biggest threats will still be familiar ones like spearfishing and malware-infected software inadvertently downloaded by users. It’s certainly easier for a malicious actor to hack a system if it built in a backdoor itself. But ultimately, the best way to prevent espionage is widespread adoption of sound end-to-end encryption practices and use of other tools like virtual private networks. And the best protection against network sabotage is system redundancy. This means additional spending on backup network infrastructure from multiple suppliers. Cutting out one of the few major telecommunications suppliers available (and the cheapest one, to boot) would make redundancy harder.
The debate is clearly far from settled. But if the U.S. can be persuaded that the distinction between the edge and core will hold, and if protective measures like end-to-end encryption can be adopted widely enough (no small feat, considering that billions of connected devices will need to be configured to operate on secure channels), the U.S. may be willing to compromise and adopt a more tailored approach to Chinese tech.
Is the U.S. Bluffing?
There’s another, largely unspoken reason countries are resisting U.S. pressure on the issue: They think the U.S. might be bluffing on its threats to sharply curb military and intelligence cooperation. Consider the potential costs. The U.S. currently has troops in dozens of countries. Its warships stop in dozens more. Its critical logistics networks crisscross the globe. Its intelligence-sharing agreements allow it to act nimbly and entrench its partnerships. It would be one thing if there were enough strategically located countries shunning Huawei that the U.S. could keep its global operations humming. But there are not. So, to make good on its threats, the U.S. would have to dramatically scale back its global military footprint and deprive itself of access to vital intelligence flows, potentially putting the global balance of power in flux. It defies imagination to see how the risks of 5G outweigh these costs.
(click to enlarge)
To be sure, the proliferation of Chinese 5G tech could indeed pose extraordinary new challenges to U.S. intelligence and military operations abroad, especially if its arguments about the network security risks prove valid – and particularly when operating in or with countries that allow Chinese access to the network core or fail to adopt prudent network security practices. The battlefield implications could likewise be dramatic; China could realistically shut down military communications, disrupt critical supply lines, collect and exploit signals intelligence, and so forth. The U.S. will need to become ever more judicious about how and where it sets up logistics networks, with whom it shares sensitive information, and how much it can afford to rely on next-generation weapons systems that depend on unhindered connectivity. It will probably need to develop more sophisticated and secure communications systems and consider helping partner governments bear the expense of ensuring network diversity and redundancy.
To an extent, the nature of these challenges isn’t new. The U.S. has long been a global superpower well practiced in handling adversaries keen to steal U.S. secrets, frustrate its best-laid plans and exploit asymmetric capabilities to blunt inherent U.S. advantages. And it’ll certainly be able to exploit these same capabilities itself. (A leaked National Security Agency document from 2014 claimed the agency had penetrated Huawei networks so thoroughly that it didn’t know what to do with all the data it collected.)
The scale and complexity of the new risks are too much for the U.S. to ignore. Yet if it can’t pressure the world to shun Chinese tech or make peace with available security measures, it won’t blow up its alliance network. Washington will instead try to make the whole debate moot by taking matters into its own hands. The U.S. already started this process in earnest in May, when it announced a ban on exports of U.S.-made component parts and software to Huawei, ZTE and other Chinese firms. Last week, to restart negotiations with Beijing on a trade deal, Trump signaled a willingness to relax the ban, though exactly how much remains unclear. But it remains an enormously powerful measure that the U.S. will likely return to eventually. U.S. firms no longer dominate as many sectors of the telecommunications industry as they once did, but they do dominate some of the fundamental building blocks such as semiconductors and mobile chips. This means any foreign firm in Huawei’s supply chain whose products contain these components also has to comply with the ban, lest it be sanctioned by the U.S. (Huawei’s own research and development into semiconductors and microchips is widely believed to be inadequate for its needs.) Whether a ban would kill the company, or just weaken the quality of some of its tech and force it to scale back its product offerings, is impossible to say. U.S. pressure has already damaged Huawei’s reputation and revenue streams. At minimum, even the continued threat of a ban will make some countries think twice about partnering with a company that may not be able to continue to innovate.
There’s also a risk that the move would backfire by eventually accelerating China’s pursuit to develop indigenous components and ushering in an era of Chinese tech parity. Yet the U.S. has enormous incentives to follow through. A ban wouldn’t just hit the Chinese telecommunications sector; it would also hamper China’s broader drive to dominate high-tech industries, its breakneck military modernization, and its sprawling diplomatic ambitions. The U.S.-China strategic rivalry isn’t going away anytime soon, and the U.S. has an opportunity to cement its alliance structure and strike at multiple dimensions of Chinese power with a single blow. In other words, this is one of the few cases in which the U.S. may be better off acting alone.
TAGS
5G
China
Huawei
tech war
Trade war
United States
Facebook
Twitter
Linkedin
Email
Phillip Orchard
Phillip Orchard
Phillip Orchard is an analyst at Geopolitical Futures. Prior to joining the company, Mr. Orchard spent nearly six years at Stratfor, working as an editor and writing about East Asian geopolitics. He’s spent more than six years abroad, primarily in Southeast Asia and Latin America, where he’s had formative, immersive experiences with the problems arising from mass political upheaval, civil conflict and human migration. Mr. Orchard holds a master’s degree in Security, Law and Diplomacy from the Lyndon B. Johnson School of Public Affairs, where he focused on energy and national security, Chinese foreign policy, intelligence analysis, and institutional pathologies. He also earned a bachelor’s degree in journalism from the University of Texas. He speaks Spanish and some Thai and Lao.
-
When Espionage Skills Are for Sale, So Is Your Security
Scott Stewart
Scott Stewart
VP of Tactical Analysis, Stratfor
6 MINS READOct 22, 2019 | 10:00 GMT
A woman walks in front of an office belonging to the Israeli cybersecurity company, NSO Group, in August 2016 near Tel Aviv.
(JACK GUEZ/AFP/Getty Images)
The governments of Mexico and Saudi Arabia both reportedly surveilled journalists and political opponents using spyware bought from NSO Group, the Israeli company whose office near Tel Aviv is pictured above.
Highlgihts
Anyone with the intent, interest and budget to buy espionage tools and expertise can now acquire the capability to steal a specific piece of information.
It can thus be presumed that any national intelligence agency, large corporation or organized crime group can access whatever data they deem valuable enough to pay for.
Reports emerged Oct. 16 that UAE-based cybersecurity company DarkMatter recruited officers who had previously worked for Israel's elite cyber intelligence outfit, Unit 8200. Interestingly, the story also noted that many of the Unit 8200 personnel had first worked at the Israeli cybersecurity company NSO Group before reportedly departing the company for larger salaries at DarkMatter. Both NSO Group and DarkMatter have generated a great deal of media coverage for allegedly arming governments with intelligence tools to spy on potential dissidents and journalists, among other targets. These cases, however, undoubtedly only scratch the surface of a much larger threat — that is, the increasing proliferation of intelligence tools and skills on the open market. Today, more actors than ever can purchase advanced intelligence capabilities, forcing us to reconsider the way we think about, analyze and protect against corporate espionage threats.
The Big Picture
Corporate espionage is a serious, pervasive and persistent threat that emanates from a widening array of state and private actors. Today, tools such as LinkedIn are increasingly being used to not only acquire recruiting intelligence sources, but intelligence tradecraft by hiring officers and operators with world-class skills.
See Security
An Emerging Black Market
When assessing the corporate espionage threat posed by a hostile actor, Stratfor has long used a three-pronged model that gauges the actor's interest, intent and capability. Over the course of my career, I've encountered numerous cases in which an actor had the interest and intent to conduct espionage, but lacked the innate capability to effectively steal some piece of proprietary information or monitor a private organization's activities and communications. State sponsors have helped intelligence services punch far above their weight class in decades past. The training and equipment that the Soviet KGB and the East German Stasi provided Cuba in the 1960s and 70s, for example, helped propel its intelligence agency to top-tier status. Likewise, Jordanian intelligence has become quite competent thanks to its long association with U.S. counterparts. Many other nations and other espionage actors simply did not possess, and largely could not obtain, world-class intelligence capabilities.
But that is changing under this new model of intelligence capabilities proliferation. Certainly, the United Arab Emirates has taken a very big jump in its capabilities by creating DarkMatter and employing some of the world's most elite intelligence officers. Meanwhile, other countries such as Mexico and Saudi Arabia have allegedly purchased and used tools developed by the Israel-based NSO Group to ostensibly spy on journalists, opposition politicians and human rights organizations seen as threats to the regime. China's partner governments in Africa are also reportedly using technology manufactured by tech giant Huawei to track political opponents and other targets.
But while these cases involving Huawei, NSO Group and DarkMatter have garnered headlines, the threat extends far beyond the cyber realm. It has become increasingly common for intelligence professionals to parlay the tradecraft skills they acquired during their government service into high-paying, private sector jobs. This not only includes cyber skills used for hacking, but human intelligence know-how such as source recruitment and handling, as well as other esoteric tradecraft skills such as conducting black-bag jobs. As a result, the full array of espionage tools — including human intelligence tradecraft — is now available for purchase.
In some cases, the price tag for such tools and skills can be relatively steep. The base fee for NSO Group's Pegasus software used by the Mexican and Saudi governments reportedly cost $500,000 — with an additional $650,000 to hack the phones of 10 targets. But while expensive, these fees are certainly well within the budget of not only the intelligence agencies of even small countries, but private companies and large organized crime groups. Drug cartels in Mexico, for example, have hired hackers to help them gather information on their enemies. The notorious Sinaloa cartel also purchased state-of-the-art encrypted cellphones from the Canada-based Phantom Secure to protect both its operations and Joaquin "El Chapo" Guzman Loera's communications with his various wives and mistresses.
The Limitations of Outsourcing Expertise
This new model of intelligence capabilities outsourcing, however, is not without risk. First, as we've seen in Saudi Arabia's alleged killing of journalist Jamal Khashoggi, it can bring a great deal of unwanted attention upon the instigator when intelligence tools are used to help facilitate atrocities or otherwise violate international norms. Since the two stories first broke in late 2018, the Saudi and Mexican governments' use of the NSO Group's software have also resulted in a public uproar and court cases in both countries.
Anyone with the means can now buy advanced espionage skills, and presuming otherwise is as foolish as it is dangerous.
Second is the concern of loyalty. Intelligence providers will know who their clients are targeting, which can grant valuable insight into the internal dynamics of a country or its foreign affairs. There will thus always be some unease over the possibility that the providers of these intelligence capabilities could be double agents who are either still reporting to their former employers, or sharing that information with others — including those being targeted by the client. Take the case of Saudi Arabia: Even if the cyber tools are being employed by Saudi personnel, can the kingdom be positive that the software isn't reporting back to the NSO Group through some sort of backdoor channel where it can then be passed on to Israeli intelligence?
And last but not least, the intelligence tools and techniques up for purchase are either industry-standard or one-size-fits-all, and thus may be somewhat outdated and less effective in going after truly hard targets. Such capabilities are therefore unlikely to grant clients capabilities that rival those of first-tier intelligence agencies, such as the U.S. National Security Agency or the Chinese Ministry of State Security. But they can — and indeed have — sufficed when used to target less difficult targets, such as companies, journalists or nongovernmental organizations. And we expect to see them used increasingly against such softer targets going forward.
Because of this new reality, it is imperative that we update the way we think about the intelligence threat triad. Now, if an actor has interest in a piece of information and the intent to use espionage tools to obtain it — as well as the resources to afford outsourced tools and tradecraft — we must believe that they can acquire the capability to do so; to presume otherwise in an era where anyone can buy advanced espionage proficiency is as foolish as it is dangerous.
-
China and the Swamp Are 5G Allies
Shades of Tom Wheeler as the FCC buckles to a Trump agenda instead of freeing up spectrum.
By Holman W. Jenkins, Jr.
Nov. 15, 2019 6:42 pm ET
Sen. John Kennedy on Capitol Hill, July 16. PHOTO: ERIN SCOTT/REUTERS
The swamp has lately gained a face—that of Louisiana Republican Sen. John Kennedy. The guide who would lead us out of the swamp and into the broad, sunlit uplands of 5G freedom also has a face—that of Federal Communications Commission Chairman Ajit Pai.
This is their story. Of hundreds of public and private parties that long ago were entitled to occupy the nation’s airwaves, three private satellite companies figured out that, by using new compression algorithms and launching new satellites, they could free up more than half their spectrum and sell it off for more-valuable 5G uses. But of course they need a government OK to do so. Enter Sen. Kennedy, who noticed that two firms are headquartered in Luxembourg and one in Canada. “These three foreign corporations want the FCC to give them the airwaves,” he declared incredulously on the Senate floor. “The foreign companies get to keep the money” (emphasis added).
Mr. Kennedy, usually a reliable Trump defender, recently made squishy noises about impeachment. For whatever reason, President Trump is reported to be heeding his complaint and leaning toward quashing a deal carefully worked out by FCC Chairman Pai that would let the satellite companies go ahead while sharing the eventual proceeds with the taxpayer. Instead, the White House would somehow reclaim the currently occupied spectrum and auction it off so taxpayers can control the proceeds, apparently believing this can be done in heroic fashion in only a year’s time.
Except it will never happen. The satellite companies, which are currently using their full spectrum allocation, cannot give up valuable rights without a fight (they have shareholders). Past such battles have dragged on for years and ended badly for the government. Plus, designing and approving a new government-led auction would take more years if previous experience is any guide.
Put aside that Mr. Kennedy’s taxpayer windfall might not be realized for a decade, if ever. The sum would still be dwarfed by the value to the U.S. economy, as well as the eventual tax flows to the government itself, of getting the spectrum reallocated quickly to new 5G industries.
Worse are the knock-on effects. The plan was weeks away from being formally approved by the FCC. Look at the publicly available U.S. frequency allocation chart and strain your eyes over the myriad divisions representing hundreds of inefficient, grandfathered users who would now lose any incentive to contemplate giving up a valuable resource. Another downside would be the loss of an opportunity for U.S. and other non-Chinese equipment makers to stay in business by supplying 5G gear to the new networks that would be built on the released spectrum.
All this, it pains me to say, emits a passing odor of President Obama’s notorious big-footing of his own FCC chief, Tom Wheeler, over net neutrality. One of Mr. Pai’s first acts was to reassert his agency’s authority to make choices based on law and technical expertise, not the White House partisan agenda du jour.
In every way, Sen. Kennedy’s view of the matter is simplistic and wrongheaded on the question of what really would serve the country’s interest. Mr. Pai knows this, but is apparently under pressure from the White House. If so, kiss goodbye his broader and ambitious agenda to free up swaths of licensed and unlicensed spectrum for wireless broadband. Mr. Pai’s mission to keep America atop the industries of the future would be all the more likely to be swallowed up in similar swamp-like excretions.
The Journal ran an excellent piece this week on how a range of Trump administration 5G initiatives already are being stymied by bureaucratic turf fights. Serious authors and thinkers don’t see America coming to an end because Donald Trump suspends the Constitution to build a golf course on the National Mall. Strangulation by bureaucracy and interest groups is the nemesis that fills books like Joseph Tainter’s “The Collapse of Complex Societies” and Jonathan Rauch’s “Demosclerosis.”
Getting the satellite company proposal this far took a mighty effort by many interested and disinterested parties (including think tankers and journalists). That a carefully vetted project is about to be scuttled by last-minute politicking is all too typical. Swamp temptations are the enduring threat to a society that lives by its dynamism and ability to grow wealth and jobs for its people.
Opinion: China's Cyber Operations Will Give You Cold War Nostalgia
YOU MAY ALSO LIKE
UP NEXT
Opinion: China's Cyber Operations Will Give You Cold War Nostalgia
Opinion: China's Cyber Operations Will Give You Cold War Nostalgia
Global View: As China and the United States move towards great power competition, the complexities of the information age could create more unknowns than the nuclear oriented cold war with the Soviet Union. Photo: Getty Images/Istockphoto
-
https://www.technologyreview.com/s/614689/ghost-ships-crop-circles-and-soft-gold-a-gps-mystery-in-shanghai/?utm_source=pocket-newtab&fbclid=IwAR3-I9KSW0uslozNUVJNsSqgVTEvjAfLMAIiqu5VPVVeiqv3qZnAh746FYs
-
https://www.technologyreview.com/s/614689/ghost-ships-crop-circles-and-soft-gold-a-gps-mystery-in-shanghai/?utm_source=pocket-newtab&fbclid=IwAR3-I9KSW0uslozNUVJNsSqgVTEvjAfLMAIiqu5VPVVeiqv3qZnAh746FYs
I am going to go with a yes.
-
Washington’s Chinese Tech Conundrum
By: Phillip Orchard
In early November, the budding U.S.-China “tech cold war” took a rather surreal turn. The U.S. government announced a national security review on the threat posed not by Chinese telecommunications giants like Huawei or Chinese artificial intelligence firms developing battlefield applications for the People’s Liberation Army, but rather by TikTok, a wildly popular Chinese social media platform best known for 15-second clips of Gen Zers (those born between 1996 and 2010) doing very Gen Z things. Last week, U.S. Senate Minority Leader Chuck Schumer pressed the secretary of the Army to refrain from using TikTok as a recruiting tool.
The supposed threat has to do with data. With some 500 million users, including 80 million in the United States, TikTok is collecting a ton of data. TikTok is owned by ByteDance, a private Chinese firm, and it’s not even available inside China. But since even private firms in China have little choice but to cooperate with the Communist Party of China’s demands, Beijing could ostensibly use the app to, say, monitor the movements of intelligence targets. Such concerns are not wholly invalid. After all, even U.S.-based tech giants are under mounting scrutiny over the oceans of user data they can hoard.
This illustrates a fundamental feature of U.S.-China competition: Given the blurring lines between commercial and military or intelligence technologies, it’s not hard to come up with reasons why just about any emerging Chinese technology could threaten U.S. interests. Chinese 5G infrastructure, for example, could ostensibly be weaponized to divert sensitive data to Beijing or wreak havoc on U.S. military logistics and communications lines just as the PLA makes its move on Taiwan. Chinese-made train cars could be rigged to paralyze major U.S. cities. Chinese-made smart refrigerators could be programmed to become sentient en masse and stage an ice boxer rebellion. (Theoretically, at least.)
As a result, Washington is scrambling to develop a coherent approach to managing an array of threats that’s extremely unclear in both scope and severity. Just as problematic, Washington’s ability to mitigate such threats without doing more harm than good to U.S. interests is similarly murky. Bottom line: The U.S. will struggle to strike an ideal balance, but the broader geopolitical competition will push the U.S. to err on the side of mitigating worst-case scenarios – however real or imagined.
Three Uncertainties
Over the next few months, using new powers granted by the Export Control Reform Act of 2018, the U.S. Commerce Department is expected to clarify what Chinese “emerging and foundational technologies” it truly considers problematic. It will also continue laying the groundwork for concrete measures to address them, including export controls, import bans, restrictions on investment and research and development collaboration, and so forth. This task is complicated by three sources of uncertainty.
The first question, of course, is just how much any particular Chinese technology – or even U.S. technologies manufactured in China – can realistically harm U.S. national security. Some are fairly obvious; the U.S. has ample interest in keeping Chinese nationals from swiping research from U.S. biotech labs, for instance, or in depriving Chinese weapons-makers of cutting-edge U.S. semiconductors and software. Undeniably, Chinese advances in quantum computing, artificial intelligence, robotics, aeronautics, space and so on have the potential to diminish the U.S. military’s conventional edge over the PLA.
But with most other Chinese tech and advanced manufacturing firms in the U.S. crosshairs, the threat is largely theoretical at this point. Even concerns about 5G hinge largely on a range of assumptions about how quickly and widely the technology will be adopted, what sorts of applications it spawns, and the difficulty developing sufficient cybersecurity measures such as encryption. There’s also a tendency to overrate China’s innovative capacity. Beijing is helping Chinese firms narrow the gap with the U.S. in R&D spending, sure, but the innovation record of Chinese firms (particularly bloated state-owned enterprises) has been mixed, at best. The U.S. and its high-tech allies in Northeast Asia and Europe have a decadeslong lead in most sectors, and China cannot close the gap through forced technology transfers or cyberespionage alone.
(click to enlarge)
The second question is whether the U.S. really has the tools to address potential threats. U.S. tools can be lumped into two categories: defensive and offensive. Implementing most defensive measures would be relatively straightforward. The U.S. could, for example, simply prohibit members of its military, intelligence community, and other sensitive departments from using data-hoarding Chinese apps like TikTok – or just ban such apps from the U.S. altogether. Already, it’s effectively banned Chinese telecommunications equipment from U.S. networks. It’s also likely to do more to encourage the development (and widespread adoption) of more sophisticated encryption and cybersecurity practices.
But defensive measures won’t cover everything. All telecommunications networks, with or without Chinese tech, will be inherently vulnerable to Chinese cyber operations. Moreover, U.S. interests aren’t confined to U.S. shores. Thus, the U.S. is also toying with offensive measures effectively aimed at taking down potentially problematic Chinese firms altogether. This is the point of the on-again, off-again controls on exports of U.S. components and software to Huawei, which relies overwhelmingly on U.S. semiconductors, software and chip design – as well as the diplomatic offensive aimed at keeping Huawei equipment out of places the U.S. relies on for military logistics. When the U.S. briefly slapped an export ban on Huawei’s state-owned rival, ZTE, in May 2018, it nearly brought the firm to its knees.
However, there are several reasons to doubt the effectiveness of offensive measures like export controls. For one, it only really works if a Chinese firm is truly dependent on U.S. technology, market access or funding. And the U.S. has near-total dominance over only a small number of sectors, such as semiconductors. For another, as demonstrated this summer when several U.S. suppliers announced that they had exploited loopholes in the soft ban on sales to Huawei, private multinational firms would have overwhelming incentives to find ways to continue selling to China – even if it requires moving operations overseas. Finally, it’s unclear how long Chinese dependence on U.S. firms will actually last. A core reason why Chinese firms like Huawei and ZTE have struggled to make the leap in sectors like semiconductors is that it just always made more sense to keep buying from the U.S. and focus their resources on what they’re actually good at (or on serving Beijing’s political and diplomatic goals). Cut off from critical suppliers, such firms would come under enormous pressure to develop suitable replacements – while Beijing ensures that they don’t wither and die in the meantime. It may sound trite, but necessity really is the mother of innovation.
More Harm Than Good?
This highlights the third source of uncertainty: Can the U.S. go after Chinese firms without doing more harm than good to U.S. interests in the process? The reality is: Most proposed U.S. measures would carry major potential risks and costs – to U.S. consumers, to U.S. diplomatic relationships, or to the health and innovative capacity of the U.S. firms that Washington would ostensibly be trying to protect. It’s estimated, for example, that between 10 percent and 30 percent of the revenues of leading U.S. firms like Intel, Advanced Micro Devices and Qualcomm come from China. Every semiconductor they can’t sell to Huawei is less revenue for them to sink into R&D. As mentioned, there’s also the thorny fact that the U.S. has a monopoly on only a handful of technologies. So, there’d be little point in banning sales to China in industries where tech is already widely available.
Indeed, U.S. export controls on globally available satellite technologies in the 1990s were deemed counterproductive.
Meanwhile, Silicon Valley startups would suffer from the loss of Chinese investment. A core U.S. strength, moreover, is its ability to attract the best and brightest from other countries, so a U.S. crackdown on Chinese immigrants, students and research collaboration wouldn’t be cost free. Already, the threat of additional U.S. tariffs, along with potential bans on federal procurement of ITC equipment with components made in China, has forced U.S. electronics makers with manufacturing operations in China to spend billions rerouting complicated supply chains elsewhere. Chinese retaliation would be inevitable, whether in the form of reciprocal sanctions, nationalist consumer boycotts, harassment of U.S. firms in China or the ever-looming ban on rare earths exports.
Finally, there could be costs to the U.S. diplomatic and alliance structure. With 5G, for example, the U.S. has effectively threatened to curtail intelligence and military cooperation with countries that use Huawei telecommunications equipment. For most countries, caving to the U.S. would be breathtakingly expensive and delay their 5G rollout by several years. (Many use Huawei for 4G, meaning they’d need to rip out old infrastructure in addition to taking on the vast buildout required for 5G – and do so with more expensive suppliers.)
(click to enlarge)
The underlying problem for the U.S. is that preparing for potential tech threats means estimating the power of technological applications that often don’t even yet exist – and tech innovation moves fast. When faced with an unclear emerging threat, the U.S. tends to ignore the problem before overcorrecting to overwhelm it with blunt power. Ideally, the solution for the U.S. would be a “small yard, high fence” approach that preserves national security without undermining its own ability to innovate and compete in global markets – and without upending its invaluable global alliance structure. But the threat environment is simply too murky, too dynamic and too laden with potential for unintended consequences for the U.S. realistically to be able to strike an optimal balance anytime soon.
The problem for China, meanwhile, is that it can do little to allay U.S. fears of worst-case scenarios. Chinese firms can promise to refuse state demands for cooperation, but it’d be naive to put much faith in that. They can open up their source code to foreign inspectors, but source code can quickly change. China certainly can’t abandon its attempt to scramble up the manufacturing value chain or turn the PLA into a high-tech fighting force. So, the issue cannot be separated from the broader suspicions and colliding interests that will define U.S.-China relations for decades to come. To the U.S., in other words, it’s perfectly rational to consider depriving a potential adversary of capabilities that might prove dangerous – however blunt and potentially destructive. And given the trajectory of Chinese firms and the possibility that U.S. leverage may soon evaporate, Washington will be tempted to strike fast and ask questions later.
-
https://www.theepochtimes.com/fcc-votes-5-0-to-bar-chinas-huawei-zte-from-government-subsidy-program_3154372.html?utm_source=Epoch+Times+Newsletters&utm_campaign=476dedd106-EMAIL_CAMPAIGN_2019_11_25_12_21&utm_medium=email&utm_term=0_4fba358ecf-476dedd106-239065853
-
https://www.rollingstone.com/politics/politics-features/russia-troll-2020-election-interference-twitter-916482/?fbclid=IwAR0kxLpZW7ceIQTqlSw1TDyNAX5nt7LkyCL2a6iSC83C4BHgwvDFQuL-IJY
-
The Growing Power and Threat of Government-Imposed Internet Blackouts
4 MINS READ
Nov 21, 2019 | 10:00 GMT
During the latest protests, the government of Iran has shut off access to the internet in most of the country.
(MAXIMUMM/Shutterstock)
HIGHLIGHTS
The government of Iran has shut off access to the internet in most of the country amid recent protests, a tactic also used to control civil unrest in India, Ethiopia, Iraq and Sudan.
Such restrictions are aimed at preventing protesters from organizing, halting the spread of misinformation, quelling communal violence and even obstructing communications among coup plotters.
Governments are likely to continue to use internet blackouts for the foreseeable future, especially as they gain more control over internet and mobile networks.
Editor's Note: This security-focused assessment is one of many such analyses found at Stratfor Threat Lens, a unique protective intelligence product designed with corporate security leaders in mind. Threat Lens enables industry professionals and organizations to anticipate, identify, measure and mitigate emerging threats to people, assets and intellectual property the world over. Threat Lens is the only unified solution that analyzes and forecasts security risk from a holistic perspective, bringing all the most relevant global insights into a single, interactive threat dashboard.
Amid the recent bout of nationwide protests in Iran, government-enforced blackouts have taken more than 90 percent of the country's internet offline and blocked most Iranians from communicating with the outside world. The move has drawn substantial international media attention, and #Internet4Iran has been a worldwide trending topic on Twitter. Tehran blocked the internet during protests in late 2017 and early 2018, but the scale of the current blackouts is unprecedented in Iran. The government has been working toward greater control of its networks by building an intranet, similar to what China and Russia have done or plan to do. With it, Tehran can also block external influence. Such internal networks give governments more power when shutting down internet connections — permitting local services to continue while cutting off access to external networks and channels.
Iran isn't the only country that has limited or cut internet access in response to domestic unrest. Government attempts at control have ranged from the shutdown of social networks such as Facebook and WhatsApp to the blockage of all online activity. The restrictions are aimed at preventing protesters from organizing, halting the spread of misinformation, quelling communal violence and even obstructing communications among coup plotters. Though governments can use their control over networks for other corrupt purposes, including economic espionage, the use of that power to black out the internet has been particularly disruptive and pronounced during 2019. Some examples include:
India used internet blockages to quell communal violence during its elections in May 2019.
Ethiopia used them during a regional coup in June 2019, the latest instance of many by the government.
Iraq implemented partial and complete internet shutdowns in Baghdad and much of southern Iraq during strong civil unrest in October and November.
Sudan used them during a crackdown by security forces in June 2019.
Governments are likely to continue to use internet blackouts for the foreseeable future, especially as they gain more control over internet and mobile networks. The internet restrictions create problems for travelers and businesses by blocking communication with others within a country and, notably, with partners outside a country. Moreover, businesses that rely on the mobile internet — such as ride-hailing services (Uber, Careem, Lyft) — are unable to function, disrupting a significant portion of road traffic. Multinational companies reliant on internet access are unable to process transactions, and roadside stalls and other local businesses that need to process credit card transactions are also unable to operate.
The restrictions are aimed at preventing protesters from organizing, halting the spread of misinformation, quelling communal violence and even obstructing communications among coup plotters.
The following measures can help businesses and travelers anticipate and mitigate internet outages:
Understanding the local political climate and whether significant events, such as elections, are likely to trigger such measures.
Gauging whether the government has the capability and intent to impose such a blackout — for example, authoritarian governments are more likely to use them, countries that have imposed them are likely to do so again and nations with their own intranet face fewer internal disruptions from cutting external connections.
Developing contingency plans for operations to continue in the event of an internet blackout.
Securing alternative means of communication, particularly devices that aren't reliant on an internet connection.
-
https://www.defenseone.com/technology/2019/12/russian-trolls-are-hammering-away-natos-presence-lithuania/161654/?oref=defense_one_breaking_nl
-
https://www.schneier.com/crypto-gram/archives/2019/1215.html
-
https://www.defenseone.com/technology/2019/12/russia-plans-cut-some-internet-access-next-week/162028/?oref=defense_one_breaking_nl
-
https://www.defenseone.com/ideas/2020/01/russias-data-localization-push-may-guide-other-governments/162380/?oref=defense_one_breaking_nl
-
The U.K. lets Huawei in. The U.K. has decided once and for all to allow cellular carriers to use equipment made by Chinese telecom giant Huawei and other “high-risk vendors” in their 5G buildouts. The announcement isn’t exactly a surprise; some British carriers had already been moving forward with Huawei. Still, it’s important, in part because the U.S. has continued threatening to curtail intelligence-sharing with countries that include Huawei in their 5G networks. Just yesterday, Senate Republicans introduced legislation that would turn such threats into a formal ban. As a core “Five Eyes” member, the U.K. boasts a robust intelligence relationship with the U.S., so London’s decision, especially if the U.S. proves to be bluffing on the matter, will likely serve as a de facto green light to other countries that have been reluctant to do business with the Chinese. The Pentagon's move last week to block Commerce Department plans to ban exports of components and software to Chinese telecom firms will further undermine the U.S. campaign to isolate Huawei.
It’s worth noting that the U.K. isn’t exactly embracing Huawei wholeheartedly. It’s effectively limiting Huawei gear to what’s known as the “edge” of 5G networks – think base stations, routers and antennas – where the security vulnerabilities are arguably the lowest and the buildout costs are certainly highest. It’s also limiting the market share of “high-risk vendors” to 35 percent in order to address sabotage concerns, while banning their equipment from networks around military bases and other sensitive installations.
-
https://getpocket.com/explore/item/the-hidden-signs-that-can-reveal-a-fake-photo?utm_source=pocket-newtab
-
Winning a 5G Battle but Not the War
An FCC chief outsmarts the swamp but the U.S. has not solved the puzzle of competing with China.
By Holman W. Jenkins, Jr.
Feb. 7, 2020 6:28 pm ET
SAVE
PRINT
TEXT
12
FCC Chairman Ajit Pai in Washington, April 12, 2019.
PHOTO: EVAN VUCCI/ASSOCIATED PRESS
This column hereby rescinds its Tom Wheeler award to Ajit Pai, chairman of Federal Communications Commission. (Don’t misunderstand. The award is distinctly uncoveted.)
It doesn’t matter if a cat is black or white as long as it catches mice, and Mr. Pai’s newly announced solution to a vexed satellite spectrum puzzle would effectively catch the 5G mice. Most important is a point stressed by New Street Research’s Blair Levin, himself a former federal broadband czar: The plan likely avoids a replay of World War I in the courts that would tie up desirable spectrum for years.
Everyone understands that more spectrum is needed if the U.S. is to compete with China in 5G. Yet, out of respect for the populist grousing of a single GOP senator, the White House in recent weeks scuttled an FCC proposal that would have rewarded a handful of satellite companies for giving up part of their licensed U.S. spectrum. Why scuttle it? Because they are foreign-owed satellite companies.
Tom Wheeler was the Obama FCC chief bigfooted by the White House over his own carefully crafted net-neutrality plan. Mr. Pai seemed destined for similar ignominy. Then, a day after Mr. Trump secured his Senate acquittal, Mr. Pai undid much of the damage by announcing his own proposal to dangle $9.7 billion in incentive payments in front of the license holders.
Understand: His goal was not to induce ecstasy in the satellite companies, but to elicit their cheerful, non-litigating cooperation in adapting their businesses to allow about half their spectrum to be shifted quickly to 5G. (In contrast, the major wireless carriers were ecstatic.)
Insiders credit fellow Commissioner Michael O’Rielly with much of the legwork, but the chairman’s support was crucial. In a well-received speech on Thursday, Mr. Pai stressed the importance of speed to keep pace with China. He cited the encouragement the deal would give other spectrum holders to cough up underutilized spectrum.
He didn’t mention, but might have, a related issue: If taken as a signal that more spectrum will be coming to the market in the future, it could help alleviate the inflated pricing and hoarding that has bedeviled wireless providers.
The FCC understandably is torn on this point—it likes to report fat spectrum auction proceeds to Congress. But the original goal of allocating the airwaves through auctions was to make sure spectrum is efficiently priced and used. Artificially high prices aren’t only bad for the economy and downstream users but contribute to Washington’s difficult 5G conundrum.
The Chinese government is not handcuffed by such concerns. By declaring “let there be 5G,” it creates opportunities for Huawei and other Chinese companies speedily to climb the learning curve in developing equipment for the new networks. The U.S. deprives itself of Huawei’s learning when it closes off its market. The U.S. might have acted sooner to capture Huawei by forcing it to become a trusted U.S. supplier in return for access to then-leading Western networks. Unfortunately, that mouse has long since eluded the cat. Yet we kid ourselves in thinking we are very much safer. Anybody’s equipment can be compromised and Chinese spies are constantly looking for ways (as are Western spies).
In the meantime, high spectrum prices and equipment costs compound a problem for our major telecommunications companies. We may quiver in anticipation of driverless cars and virtual reality, but these 5G-enabled goodies are not just around the corner. In the first phase, companies will roll out 5G so everyday mobile broadband doesn’t break down under constantly growing consumer demand. Guess what? This won’t be remunerative. Consumers have demonstrated their unwillingness to pay higher bills for service that isn’t noticeably improving. Though companies are desperately trying, hanging on a 5G label probably isn’t going to change that.
Throw in the collision that 5G necessarily invites between the wireless and cable giants. Throw in the evident need of the wireless industry, directly and indirectly, to subsidize the streaming wars that gobble up ever more bandwidth. AT&T has its own WarnerMedia streaming service about to launch in May. Verizon and T-Mobile have been subsidizing their customers to consume, respectively, Disney+ and Netflix.
The crystal ball does not state categorically that another episode of value destruction lies ahead for the telecom industry like the one that engulfed it in the late 1990s (rest in peace, Bernie Ebbers ). But investors and policy makers might want to be alert to the possibility. The ability of our telecom companies to finance the ambitious rollout Washington wants ought to be part of our 5G conversation too.
-
Pentagon Shifts Stance on Sales to Huawei
Defense Department drops opposition to tightening Chinese company’s access to shipments from U.S. chip makers
National-security concerns prompted the U.S. Commerce Department to put Huawei on an export-control list last year.
PHOTO: GEERT VANDEN WIJNGAERT/BLOOMBERG NEWS
By Katy Stech Ferek, Bob Davis and Asa Fitch
Updated Feb. 14, 2020 7:49 pm ET
SAVE
PRINT
TEXT
43
The Pentagon has dropped its opposition to efforts within the Trump administration to make it harder for U.S. chip makers and other companies to supply China’s Huawei Technologies Co. from their overseas facilities, according to people familiar with the situation.
The Defense Department’s shift on a potential rule comes as the U.S. steps up its campaign to persuade allies that Huawei’s gear poses a security threat. Adding to the pressure, a federal indictment was unsealed this week charging Huawei and two U.S. subsidiaries with racketeering conspiracy and conspiracy to steal trade secrets. Huawei says the charges are unfounded.
Huawei is the world’s largest telecommunications-equipment manufacturer and a leader in next-generation 5G wireless networks. The U.S. contends its equipment could be used for Chinese government espionage, a claim that Huawei has repeatedly denied.
The Trump administration has been moving to further restrict U.S. companies from selling to Huawei, even while granting some suppliers temporary exemptions from restrictions imposed last spring.
In discussions within the administration, Department of Defense officials had voiced concerns that cutting off sales to Huawei would deprive U.S. chip makers of vital revenue needed to fund advanced research. The Pentagon itself spends heavily on research to stay on the cutting edge of weaponry and defensive capabilities.
The change in the department’s stance, which was reported earlier by Politico, removes a hurdle for a new export-control measure designed to reduce the flow of U.S.-made products to Huawei out of national-security concerns.
But the potential tightening still faces opposition within the administration. Treasury objected to the possible change and successfully lobbied for the scheduling of a cabinet-level meeting on the matter and other China issues later this month. Also National Economic Council director Larry Kudlow has signaled his opposition.
Most significantly, President Trump hasn’t weighed in. At the Group-of-20 meeting in Japan last summer he said he wanted U.S. companies to continue to supply Huawei so long as the products don’t compromise national security.
Pentagon spokeswoman Sue Gough declined to comment on the Defense Department’s position on the potential rule. She said generally the Pentagon “supports a collaborative interagency process that allows the facts and concerns of all parties to be heard before adopting potential major regulatory changes.”
Citing national security, Commerce Department officials put Huawei on an export blacklist in May, cutting it off from some U.S. semiconductor makers and other companies that have sent billions of dollars’ worth of components to Huawei. U.S. companies supplying chips to Huawei, which is also a major smartphone maker, have included Micron Technology Inc., Qualcomm Inc. and Intel Corp.
Some Trump administration officials have been frustrated that the move doesn’t appear to have hurt Huawei financially. Shortly after the ban, some semiconductor makers resumed shipments to Huawei by relying on overseas production—using what some say is a loophole in Commerce Department regulations. Huawei leaders, meanwhile, have boasted about finding ways to make its equipment without U.S.-made semiconductors.
The possible new rule would tighten the regulation of shipments to the Chinese company. Without a Commerce Department license, the existing rules allow continued shipments to blacklisted companies for products made overseas and with less-than-25% U.S. content. The rule change reduces the threshold to 10% for Huawei shipments, which would sharply limit the items that U.S. companies could sell the Chinese company without an export license.
On Friday, Sen. Rick Scott (R., Fla.) proposed a bill that would force the Commerce Department to implement the 10% rule.
“We know Huawei is supported and controlled by the communist regime in Beijing, which continues to violate human rights and steal our data, technology, and intellectual property,” Sen. Scott said in a statement. “Companies in the United States should not be allowed to sell to Huawei.”
Related Video
Why It's Almost Impossible to Extract Huawei From Telecom Networks
Why It's Almost Impossible to Extract Huawei From Telecom Networks
Allies are under U.S. pressure to shun Huawei. But the company's prevalence in existing telecom networks and dominance in 5G technology make that nearly impossible. Illustration: Crystal Tai
Meanwhile, tensions between Huawei and U.S. officials flared Friday at a global security gathering in Munich.
John Suffolk, a Huawei senior vice president, dismissed the new U.S. charges against his company, saying they were predominantly recycled from civil disputes over the past 20 years that had been litigated and settled.
“They are hoping that if they throw enough mud, some of the mud will stick,” Mr. Suffolk said at the Munich Security Conference.
Senior U.S. officials pushed back against Huawei’s defense in a press conference of their own.
“Over the last couple of years there’s been more than enough evidence of the way the Chinese government has been using its national champions, so really the onus is on Huawei now. They have to show they are a trustworthy partner. They have to separate themselves from the Chinese government,” said Robert B. Blair, U.S. special representative for international telecommunications policy.
As a part of the Trump administration’s campaign, U.S. officials allege that Huawei has maintained a so-called backdoor in its equipment that allows it access normally reserved for law enforcement. The accusation was first reported by The Wall Street Journal.
Mr. Suffolk said that it was impossible for Huawei to access networks because the equipment was contained in a box that isn’t part of Huawei gear and is under strict control of the operator.
“We don’t run the networks, so we don’t know what equipment has been installed,” he said. “So we don’t have access to this equipment. We provide one side of the box, which is blind to the other side of the box.”
“If you’ve got evidence, publish it. Let the world see it,” Mr. Suffolk said.
The escalating war of words comes as the U.S. government is struggling to convince European allies to shut Huawei out of future superfast 5G mobile networks. Britain, the closest U.S. ally in Europe, decided to allow Huawei to bid for 5G contracts with some limitations, while Germany’s government is putting forward legislation that, if adopted, would have a similar effect.
—Bojan Pancevski contributed to this article
-
Internet Shutdowns Become a Favorite Tool of Governments: ‘It’s Like We Suddenly Went Blind’
Governments increasingly order telecoms to turn off web access in neighborhoods, regions or whole countries, sometimes for months
By Feliz Solomon
Updated Feb. 25, 2020 12:02 pm ET
SAVE
SHARE
TEXT
112 RESPONSES
PONNAGYUN, Myanmar—Last June, the Myanmar subsidiary of telecom Telenor Group received an urgent government order it was told it must not disclose. Turn off the internet in nine townships.
Hans Martin, a senior executive at the Norwegian company, saw red flags. He said Myanmar’s justification—that people were using the internet to “coordinate illegal activities”—was vague, and no end-date was given. The telecom said it had little legal basis to refuse the order, and complied.
Nearly 250 days later, western Myanmar has become the site of one of the longest internet shutdowns documented anywhere in the world.
From autocratic Iran to democratic India, governments are cutting people off from the global web with growing frequency and little scrutiny. Parts or all of the internet were shut down at least 213 times in 33 countries last year, the most ever recorded, according to Access Now, a nonprofit that advocates for a free internet and has monitored the practice for a decade. The shutdowns were used to stop protests, censor speeches, control elections and silence people, human-rights advocates said.
Pakistan tailored shutdowns to isolate and control specific neighborhoods, while Iraq automated internet curfews at certain times of the day. Venezuela blocked social media apps, such as Facebook and Twitter. Bangladesh throttled mobile data speeds to 2G levels, making it impossible to share photographs, watch videos or even load most websites.
“What I’m seeing is a definite increase in the shutting down of the internet for political reasons,” said David Kaye, the United Nations’ special rapporteur for the protection of free expression, who monitors rights violations across the globe and reports to the U.N.’s Human Rights Council.
Dozens of interviews with telecom officials, diplomats, researchers and rights advocates revealed how very little stands in the way of governments that want to block the internet, even for long periods.
No global agreements explicitly cover internet freedoms, though the right to information is guaranteed under the Universal Declaration of Human Rights, a nonbinding set of principles adopted by the U.N. Telecom companies, which rely on government licenses and agree to follow a nation’s laws, rarely push back. Those that try to ask questions or negotiate find they don’t have much leverage.
Myanmar’s telecom ministry didn’t respond to requests for comment.
Across the world, hundreds of companies offer access to the internet, including private-sector multinationals and state-owned firms. Their control over who can do what online makes them valuable to governments. The companies can pinpoint user locations, block apps and websites, and turn off access within minutes.
Growing Disconnect
More countries are cutting people off from the global web, often to quell protests andsilence critics.
Number of countries where shutdowns have occurred
2016
’17
’18
’19
0
10
20
30
40
The total number of internet shutdowns is increasing. India used the practice more than any other country.
Number of internet shutdowns
Source: Access Now
India
Other
2016
’17
’18
’19
0
50
100
150
200
250
Companies emerging as prominent players in markets across Africa, Asia and the Middle East—including India’s Bharti Airtel Ltd., Malaysia’s Axiata Group Bhd. and Qatar’s Ooredoo QPSC—disclose little information about how they handle government orders or when and why they turn the internet off. The companies didn’t respond to requests for comment.
Only a few telecom firms publish data on the number of government requests they receive to intercept messages, shut down networks, restrict content and share user details. Even those reports leave out orders or actions that authorities want to keep secret.
“We’re often restricted by law to disclose the details or acknowledge any requests received,” said Laura Okkonen, the senior human-rights manager for U.K.-based Vodafone Group PLC. “We have, as a company, tried to be as transparent as legally possible.”
In the U.S., major telecommunications companies such as AT&T Inc. and Verizon Communications Inc. publish reports disclosing the number and nature of demands they receive from government and law-enforcement bodies. These can include subpoenas for subscriber information, court orders for wiretaps, emergency requests for information and in some cases rough estimates of National Security Letters issued by the FBI.
To uncover or confirm shutdowns that aren’t disclosed, some internet monitoring groups rely on diagnostic tools that measure changes in network activity. Access Now and U.K.-based NetBlocks track dips in network data to call attention to disruptions, such as in Venezuela and Iran in recent months.
After Iran ordered a shutdown in November, a research lab in California, the Center for Applied Internet Data Analysis, ran tests measuring connectivity. It produced a detailed sequence of the weeklong blackout, including how devices were severed from the global internet, though users could visit Iranian websites, which are largely government controlled.
The first time it’s known that a government ordered a nationwide internet blackout was Jan. 28, 2011. Internet trackers call it a turning point. The popular revolts of the Arab Spring were spreading to Egypt, and protests against then-President Hosni Mubarak were growing. Twitter, Facebook and messaging apps were being widely used to share information and coordinate protests. The government ordered all internet providers to disconnect, and almost immediately, 80 million people were offline.
Egypt’s internet shutdown in 2011, during protests of the Arab Spring, was the first known nationwide web blackout.
PHOTO: MARCO LONGARI/AGENCE FRANCE-PRESSE/GETTY IMAGES
After services were out, soldiers armed with machine guns barged into the office of Mobinil—majority owned by French telecom company Orange SA —and demanded that they blast out a text message praising the president’s glory, according to Yves Nissim, a corporate social responsibility officer at Orange. Staff sent out the message, at gunpoint, but insisted that it be attributed to the army.
“This was just unheard of before,” Mr. Nissim said. “We decided after that we couldn’t face this alone.”
Over the next two years, seven multinational telecom companies, including Orange, Telenor and Vodafone, formed a group to compare their experiences and align arguments used to negotiate with authorities. They said they established standards to disclose government requests, and that they have made some orders less severe through negotiations.
But the practice is more widespread than ever. On Nov. 16, Iran switched the entire nation offline as authorities carried out a deadly crackdown on antigovernment protesters. Iraq did the same in October, and again a few weeks later. Sudan did it in June. Zimbabwe in January 2019.
India’s government has faced criticism for blocking the internet in Kashmir after its decision in August to end the region’s partially autonomous status. Officials argue the move is required for public security, which they said trumps the right to internet access. Critics said the shutdown is aimed at blocking protesters.
India’s Supreme Court ruled in January that the blackout was unconstitutional. Authorities have restored limited fixed-line services while leaving mobile data and social media cut off.
India’s Supreme Court ruled in January that the internet blackout of Kashmir was unconstitutional. The government has restored limited services.
PHOTO: MUZAMIL MATTOO/NURPHOTO/ZUMA PRESS
“India is a swing state in the future of democratic governance of the internet,” said Adrian Shahbaz, research director for technology and democracy at Freedom House, a U.S.-based human rights group. “When a massive democracy like India resorts to such a blunt tool, it normalizes the approach of shutting down the internet.”
In Myanmar, the internet only became widespread over the past five years, after the country’s telecom sector opened up as part of a transition from military rule toward democracy. Mobile towers sprang up across the countryside, and the price of SIM cards—the chips that connect phones to a mobile network—dropped from about $250 to $1.50 almost overnight.
Going Dark
Researchers documented a sharp drop in network connectivity among Iran's telecoms that began Nov. 16 and lasted a week, a sign the government had intervened amid last year's protests.
Number of network blocks, each of which contains 256 IP addresses, determined to be connected.
ITC
IranTelecomCo
Shatel
ParsOnline
PTE
6,000
5,000
4,000
3,000
2,000
1,000
0
Nov. 16
4 p.m.
8 p.m.
Midnight
Source: Internet Outage Detection and Analysis, a project of the Center for Applied Internet Data Analysis
In rural Ponnagyun, in the western state of Rakhine, residents said the internet’s arrival had just started to transform their impoverished communities. E-commerce and digital services such as money transfers were trickling in, and travel operators and farmers had adopted new ways of working.
San Naing, a 40-year-old rice farmer, said he could communicate with buyers more efficiently, send them photographs and arrange large deliveries. Since the shutdown, he has returned to his old practice of bringing huge hauls of rice to the nearest town by boat, hoping to unload it at the market. “It’s like we suddenly went blind,” he said.
In this part of the country, Myanmar’s military, which has been widely criticized for its violent operations against the country’s many insurgent groups, is fighting a group of ethnic rebels called the Arakan Army. Clashes intensified in early 2019 and surged again in recent weeks.
The shutdown affects areas that are home to both Rakhine Buddhists and a few hundred thousand Rohingya, a persecuted Muslim minority. Myanmar is facing genocide allegations at the U.N.’s top court after military operations in 2017 forced more than 700,000 Rohingya to flee to Bangladesh.
It was after hours on June 20 when the Myanmar subsidiary of Telenor, Norway’s state-owned telecom firm, received the government’s email. It had until 10 p.m. the next day to turn off the internet in nine townships, including Ponnagyun, according to Mr. Martin, Telenor’s chief corporate affairs officer in Myanmar.
The order, parts of which were read to the Journal, cites the country’s telecommunications law, which allows the government to suspend services “when an emergency situation arises.”
The company’s regulatory officer had already begun quiet preparations after a heads-up from a government source a few days earlier, according to the company’s head of technology operations, Abdur Raihan. Over two days, a small team of engineers identified the towers whose antennae transmit signals into the relevant townships. An engineer wrote a piece of code that would instantly disable the antennae, Mr. Raihan said.
Mr. Martin said his first thought on the morning after the order arrived was that obeying it could set a bad precedent, signaling to authorities that they would face little resistance if they tried to do the same elsewhere. The Arakan Army is only one of more than 20 armed groups in Myanmar, which is home to one of the world’s longest and most complex civil wars.
The company’s legal and sustainability officers weighed in with concerns that the order was too open-ended and might disproportionately affect civilians. Telenor representatives communicated with the telecom ministry several times throughout the day, pressing for details on why the shutdown was necessary and how long it would last. They were told the government had nothing to add.
Despite its concerns, Telenor decided to comply because the company’s lawyers found the order to be legal, Mr. Martin said. But it told a top bureaucrat in the telecom ministry, Soe Thein, that the company would alert customers with a text message and a public statement. Mr. Thein was clearly displeased, according to Telenor, but didn’t try to forbid it.
At 10 p.m., service went down. Telenor customers’ mobile phones in the blackout zone lit up with a message saying the government had ordered the disruption, and service would be restored “as soon as possible.”
The government order was also addressed to the country’s three other telecom providers—state-owned Myanmar Posts and Telecommunications, state-controlled MyTel and Qatar-based Ooredoo—who also complied. The companies didn’t respond to requests for comment.
In September, the government lifted restrictions in five townships, while four remained offline. In early February, the government reimposed the blackout in the five townships, citing “security requirements and public interest,” Telenor said.
Locals said that within days of the renewed blackout a major offensive against the rebels was under way in the region. On Feb. 18, the U.N. expressed grave concern over a surge in civilian casualties and urged the government to end the internet shutdown.
—Myo Myo in Yangon contributed to this article.
Write to Feliz Solomon at feliz.solomon@wsj.com
-
https://blog.cryptographyengineering.com/2020/03/06/earn-it-is-an-attack-on-encryption/
-
https://www.defenseone.com/technology/2020/03/russia-has-new-tool-massive-internet-shutdown-attack-leaked-documents-claim/163983/?oref=defense_one_breaking_nl
-
do not google apple msft amzn fb and the rest tell us the cloud is safe?
https://www.tomshardware.com/news/a-mysterious-database-exposed-200-million-americans-personal-info
someone(s) and some companies need to be held accountable.
and not a 2 cent fine
-
https://truepublica.org.uk/united-kingdom/are-we-on-the-cusp-of-the-first-ever-cyber-world-war/
-
he makes some good point .
noted:
"In its quest for global economic and geopolitical domination, America has made many enemies."
"America’s enemies are in no position to fight a hot war – for the time being. They know that. In the meantime, President Trump has continually stepped up trade wars and financial sanctions that some countries are now finding too much and are soon to fight back."
"Nouriel Roubini, Professor of Economics at New York University was Senior Economist for International Affairs in the White House’s Council of Economic Advisers during the Clinton Administration. He has worked for the International Monetary Fund, the US Federal Reserve, and the World Bank."
Well he is a globalist , child of Iranian jews , grew up in Turkey, influenced by the Reagan hater , Carter loving JEff Sachs, prof of economics at NYU,graduated from Havard, so let me guess ,
he is a democrat......
-
"In its quest for global economic and geopolitical domination, America has made many enemies."
- Nonsense. Our quest is for peace, liberty, prosperity and excellence, not domination of ANYONE. Do we run Germany or Japan who we defeated? Did we take Iraq's oil when we deposed their bloody tyrant? Do we "dominate" the South China Sea? Are we too harsh on rogue nations who openly threaten and terrorize us?
"Nouriel Roubini, Professor of Economics at New York University was Senior Economist for International Affairs in the White House’s Council of Economic Advisers during the Clinton Administration. He has worked for the International Monetary Fund, the US Federal Reserve, and the World Bank."
Post his resume under definition of failure. See WRM today. Past governance by people like this is why we have Trump. A resume is supposed to list what you accomplished, not just where you parked you rear end.
-
Doug,
I "mistyped"
I meant he made a few good points BUT he also is quoted as saying what I wrote in parenthesis.
He is obviously of the America is to blame for everything lib school.
I notice he had no problem leaving Iran Turkey to come here .
Yet the USA is baaaaaaaaad
-
ccp, I understood that from the rest of your comments.
These academics like to make deep study on false assumptions. If they think America is the problem, cf. Prof Obama, they really aren't paying attention. They start with a (false) narrative / conclusion, then find the exception data to support it.
We could have just said, we need to do a lot more as a country on cybersecurity. But no...
We spend too much on defense? Right as China is passing us up in major categories and making offensive, militaristic moves?
"American taxpayer spent $620 billion on defence, $69 billion for ‘war-funding’ and $10billion on cybersecurity."
Interesting observation or warning, but does he really know for certain none of the mentioned defense spending goes to the 'protection of computer systems and networks'? Part of what we do in defense isn't effective if you tell it to your enemy, so there are expenditures and capabilities I hope we are developing that we cannot disclose.
"America’s enemies are in no position to fight a hot war – for the time being. They know that. In the meantime, President Trump has continually stepped up trade wars and financial sanctions that some countries are now finding too much and are soon to fight back. The cold war between China and America is just one. Russia, North Korea and Iran are obvious allies of China, so are a number of other countries across the Mid-East, Africa and Asia – weary of endless American intervention in their affairs."
Good grief. On the first part, that is the exact "peace dividend" thinking Clinton, who he advised, used in the aftermath of the cold war to cut our intelligence around the globe, directly resulting in 9/11 and the massive spending that followed that he whines about now.
On the second part, they steal from us, we try to stop them, and WE are intervening in THEIR affairs? How do I say nicely, what a dickhead. He and his ilk are why we have Trump. The 'intellectuals, the establishment, the insiders... they didn't fail, they turned against us.
Coincidentally, it was the blame America, de-fund defense crowd that left us vulnerable and hacked in the last election.
Professor of Economics at New York University: Oddly, the more time you spend in the upper levels of "higher education", the less able you are to see what is clearly in front of you.
-
https://uk.pcmag.com/antispam/125528/zooms-encryption-keys-are-sometimes-being-sent-to-china-report-finds
-
https://www.wired.com/story/confessions-marcus-hutchins-hacker-who-saved-the-internet/#intcid=recommendations_wired-homepage-right-rail-popular_f7873e41-ed9d-4ffa-b4ef-55a55709b329_popular4-1
-
Israeli and Iranian cyberattacks. The Washington Post reports that Israel was responsible for a May 9 cyberattack on private operating systems in the Iranian port of Shahid Rajaee. The attack disrupted the port’s computer systems, leading to major backups on waterways and roads leading to it. The move was reportedly made in response to an Iranian cyberattack on water distribution systems in rural Israel in April. It’s a notable development because Israel and Iran tend to attack each other through proxy forces in Syria rather than directly.
The incident comes as Israel undertakes a security campaign that has led to the arrest of several Palestinians after they protested the Israeli government’s plans to annex large portions of the West Bank this summer. Iran's supreme leader has thrown fuel on the fire, taking to Twitter to encourage Palestinians to arm themselves and to criticize the Israel-backed U.S. peace plan that he says destroys Palestinian identity. Watch for more direct attacks, rhetorical or otherwise.
-
https://www.forbes.com/sites/robtoews/2020/05/25/deepfakes-are-going-to-wreak-havoc-on-society-we-are-not-prepared/
-
It's been while...... (since I've posted anything....)
This is from the SANS Newsletter found at:
https://www.sans.org/newsletters/newsbites/xxii/44
Lots of good stuff in there but this may be of more interest.
--Georgia (US) Bureau of Investigation Found No Evidence of Hacking in Voter Registration System
(May 29, 2020)
An investigation into allegations of hacking targeting the US state of Georgia's voter registration system found "no evidence of damage to (the Secretary of State's office) network or computers, and no evidence of theft, damage, or loss of data." The Georgia Bureau of Investigation recently released the case files from the closed investigation.
Read more in:
Pro Publica: Law Enforcement Files Discredit Brian Kemp's Accusation That Democrats Tried to Hack the Georgia Election
https://www.propublica.org/article/law-enforcement-files-discredit-brian-kemps-accusation-that-democrats-tried-to-hack-the-george-election (https://www.propublica.org/article/law-enforcement-files-discredit-brian-kemps-accusation-that-democrats-tried-to-hack-the-george-election)
The Register: Remember when Republicans said Dems hacked voting systems to rig Georgia's election? There were no hacks
https://www.theregister.com/2020/05/29/georgia_voting_hacking/ (https://www.theregister.com/2020/05/29/georgia_voting_hacking/)
-
More cool info via the SANS newsletters
https://www.sans.org/newsletters/newsbites/xxii/43 (https://www.sans.org/newsletters/newsbites/xxii/43)
--Open Letter Calls on Governments to Work Together to Stop Cyberattacks Targeting Healthcare Organizations
(May 25, 26, & 27, 2020)
In a joint statement, the International Committee of the Red Cross and the Cyber Peace Institute have called for governments to take steps to help prevent cyberattacks against healthcare organizations. The signatories of an open letter "call on the world's governments to take immediate and decisive action to stop all cyberattacks on hospitals, healthcare and medical research facilities, as well as on medical personnel and international public health organizations."
Read more in:
ICRC: Call to governments: Work together to stop cyber attacks on health care
https://www.icrc.org/en/document/governments-work-together-stop-cyber-attacks-health-care (https://www.icrc.org/en/document/governments-work-together-stop-cyber-attacks-health-care)
Cyber Peace Institute: A Call to All Governments: Work Together Now to Stop Cyberattacks on the Healthcare Sector
https://cyberpeaceinstitute.org/campaign/call-for-government (https://cyberpeaceinstitute.org/campaign/call-for-government)
The Register: If someone could stop hackers pwning medical systems right now, that would be cool, say Red Cross and friends
https://www.theregister.co.uk/2020/05/26/red_cross_coronavirus_hacking/ (https://www.theregister.co.uk/2020/05/26/red_cross_coronavirus_hacking/)
ZDNet: Cyberattacks against hospitals must stop, says Red Cross
https://www.zdnet.com/article/cyberattacks-against-hospitals-must-stop-says-red-cross/ (https://www.zdnet.com/article/cyberattacks-against-hospitals-must-stop-says-red-cross/)
SC Magazine: Execs, dignitaries call on nations to help end cyberattacks on health care orgs
https://www.scmagazine.com/home/government/execs-dignitaries-call-on-nations-to-help-end-cyberattacks-on-health-care-orgs/ (https://www.scmagazine.com/home/government/execs-dignitaries-call-on-nations-to-help-end-cyberattacks-on-health-care-orgs/)
-
Just in case yall are running blogs on WordPress.
Attacks on WordPress sites have soared in recent days to more than 30 times the normal volume. This week researchers from WordPress firewall provider Defiant reported observing attack attempts on more than 900,000 websites since April 28.
Read more @
https://www.darkreading.com/attacks-breaches/attacks-on-wordpress-sites-surge/d/d-id/1337755 (https://www.darkreading.com/attacks-breaches/attacks-on-wordpress-sites-surge/d/d-id/1337755)
Our Threat Intelligence Team has been tracking a sudden uptick in attacks targeting Cross-Site Scripting(XSS) vulnerabilities that began on April 28, 2020 and increased over the next few days to approximately 30 times the normal volume we see in our attack data.
Read more @
https://www.wordfence.com/blog/2020/05/nearly-a-million-wp-sites-targeted-in-large-scale-attacks/ (https://www.wordfence.com/blog/2020/05/nearly-a-million-wp-sites-targeted-in-large-scale-attacks/)
-
Trump’s War Against Taxing Tech Goes Global
8 MINS READ
Jun 16, 2020 | 10:00 GMT
An image depicting the global economy.
An image depicting the global economy.
(Pushish Images/Shutterstock.com)
With international negotiations stalled, many governments are choosing to unilaterally implement digital services taxes (DSTs). The United States — which is home to the majority of tech giants that would be subject to such taxes, including Amazon, Apple and Google — is using the threat of tariffs to both limit the global expansion of DSTs and push international negotiations toward the proposed reforms it backs. But with so many countries against Washington's preferred outcome, which critics say would allow U.S. tech companies to opt out of tax obligations in international markets, the risk of negotiations failing to reach an agreement this year is high, as is the risk of the United States implementing tariffs on its growing number of trade partners implementing DSTs.
Washington vs. the World
On June 2, the administration of U.S. President Donald Trump announced it was launching investigations into the European Union and nine countries that have implemented or are considering implementing DSTs to determine whether or not they unfairly target U.S. tech companies.
The targeted countries include Austria, Brazil, the Czech Republic, India, Indonesia, Italy, Spain, Turkey and the United Kingdom.
The investigations will be conducted under Section 301 of the Trade Act of 1974, which gives the White House the ability to impose significant tariffs on imported goods (the tariffs deployed by the Trump administration in its trade war with China are also reliant on Section 301).
The U.S. investigations are open-ended and may take months to complete, but will almost certainly find that each national DST treats American tech companies unfairly. The vast majority of the DSTs that are being introduced only target internet and digital services companies with a large global and domestic revenue. France’s new DST, for example, only applies to companies that generate at least 750 million euro ($850 million) and 25 million euro ($28.3 million) a year in global revenue. Washington’s 2019 investigation into the French tax already found that it unfairly targeted the U.S. companies, noting that of 27 companies that would be subject to France’s DST, 17 were American while just one was French. Many of the other countries introducing DSTs are using revenue benchmarks similar to France, meaning their taxes will disproportionately target U.S. tech companies as well, and will thus similarly risk drawing Trump’s ire.
Over the last decade, however, most countries have realized that existing global norms around corporate taxes are inadequate in taxing the digital economy and allocating profits between different jurisdictions. Today's international tax system is rooted in policies established long before the existence of a "digital" economy. It focuses heavily on a company's physical presence in order to allocate profit margins between different jurisdictions for tax purposes. But while it works well for physical goods, this view is outdated for DST proponents because many digital companies create "value" from the data that they collect from their online user base. Thus, their user base itself plays a role in adding value to the corporation and therefore the jurisdiction(s) where the user base is located should have the ability to tax that the value added by their citizens.
The different views on how to tax tech companies have created a sharp divide between the United States — which is home to the majority of the world's tech giants — and the rest of the world. Amid the rising global political backlash against major tech companies due to issues such as privacy, it should be no surprise that most countries without large tech companies of their own have supported adopting a DST, as it increases their tax base. Equally, it should be no surprise that the United States has taken a more narrow view on the matter in an effort to protect both U.S. companies from unilateral taxes overseas, as well as the size of the U.S. government’s tax base through limiting foreign tax credits. After President Emmanual Macron signed France’s DST into law in 2019, U.S. President Donald Trump famously tweeted that, "France just put a digital tax on our great American technology companies” and that if “anybody taxes [those companies], it should be their home country, the [United States].”
Fighting Taxes With Tariffs
The United States hopes that the threat of tariffs will force countries to wait until international negotiations before moving forward with unilateral DSTs. France and other countries have all argued that their national DSTs are meant to be temporary and will be repealed as soon as an international agreement is reached. But the protracted negotiations to reach such an agreement means that these DSTs may remain in place for several years — thus resulting in higher taxes for U.S. companies in the meantime, as well as an inefficient system where U.S. companies are taxed multiple times for the same activities. The United States has also expressed concerns that these national digital taxes may still become permanent regardless of whether an international agreement is reached, since many countries’ DSTs lack sunset clauses that would allow them to expire.
The split between the United States and virtually every other country over how to tax the digital economy — and in particular, how to handle the allocation of profits — means reaching a new global consensus on the matter by the end of the year is highly unlikely. Negotiations are being led by the Group of 20 (G-20) and the Organization for Economic Cooperation and Development (OECD)’s 137-member Inclusive Framework on Base Erosion and Profit Shifting (BEPS). The Inclusive Framework aims to meet one final time in October before sending over a proposed framework for approval at this year’s G-20 leaders summit in November.
Countries with proposed or adopted digital services taxes could soon face U.S. tariffs, should the White House’s fight against taxing U.S. tech companies impede progress in international negotiations.
Current negotiations are centered around two pillars:
Pillar 1: A unified global approach on defining a global reallocation of digital profits and what types of activities are subject to such taxes.
Pillar 2: A global minimum tax for digital companies.
To protect U.S. companies from having their revenue disproportionately targeted, the United States has proposed that multinational companies opt-in, on a global basis, to be subject to Pillar 1. Opponents of Washington’s approach, however, have argued that if given the choice, most companies would simply avoid taxes. But to that end, the United States has argued that companies would still, in fact, opt-in to Pillar 1 because it gives them tax certainty as opposed to the uncertainty that the current system has created.
While the approval of both pillars is unlikely, it is entirely possible that the Inclusive Framework and the G-20 are able to make limited progress by the end of the year. Pillar 2 is far less controversial to the United States conceptually, as it is similar to tax reforms for global multinationals that the United States introduced in its 2017 tax reform to limit tax avoidance overseas. But international negotiations thus far have focused more on Pillar 1 and the proposals for Pillar 2 are less concrete. To ensure companies can continue to implement DSTs without prompting the United States to impose tariffs, the Inclusive Framework may back a narrow proposal for Pillar 1 that largely leaves the details unresolved and up for continued negotiations in order to have something G-20 members can sign in November. But countries will likely continue to move forward with unilateral DSTs, regardless of whether or not progress is made on Pillar 1 in the next six months. France, for example, has already announced that it will move forward with implementing its DST as planned at the end of 2020 if an international agreement is not reached.
The Battle Continues
If an international agreement over Pillar 1 is delayed and talks continue into 2021, and if Trump is re-elected in November, the United States will likely move forward with its threatened tariffs. Countries that agree to delay implementing their DSTs or the tax payments tech companies have to make beyond 2021 may be spared of the Trump administration’s economic wrath. But the willingness of countries to make such a compromise in order to avoid U.S. tariffs will likely vary.
If former Vice President and Democratic candidate Joe Biden wins the U.S. presidential election, it would reduce the immediate threat of tariffs, though the impasse in international negotiations would likely still continue. Trump would be far more willing to impose retaliatory tariffs against DSTs than Biden. Given his campaign pledge to reassert the United States’ status as the overseer of international order, Biden may also be more open to compromise. At the end of the day, however, a Biden administration would still steek to protect U.S. interests in international tax negotiations. But instead of deploying tariffs, he’s more likely to challenge national DSTs that have already been implemented through WTO and other dispute mechanisms.
-
Source: https://www.sans.org/newsletters/newsbites/xxii/48 (https://www.sans.org/newsletters/newsbites/xxii/48)
--Cybersecurity Bills Introduced in US Senate
(June 15, 2020)
US Senator Gary D. Peters (D-Michigan) has introduced two bills aimed to improving the country's cyber security defenses. The Continuity of Economy Act would direct the White House to "develop a plan to ensure essential functions of the economy are able to continue operating in the event of a cyberattack." The bill grew out of a recommendation made by the Cyber Solarium Commission. The National Guard Cybersecurity Interoperability Act of 2020 would help ensure that the National Guard could provide remote cybersecurity support in the event of a cyber incident.
Read more in:
MeriTalk: Two Bills to Bolster Cyber Defenses Introduced in the Senate
https://www.meritalk.com/articles/two-bills-to-bolster-cyber-defenses-introduced-in-the-senate/ (https://www.meritalk.com/articles/two-bills-to-bolster-cyber-defenses-introduced-in-the-senate/)
-
SOURCE: https://www.sans.org/newsletters/newsbites/xxii/47 (https://www.sans.org/newsletters/newsbites/xxii/47)
--Senate Report: Chinese Telecoms Were Allowed to Operate in US with Minimal Oversight
(June 9, 2020)
A staff report from the US Senates Permanent Subcommittee on Investigations found that the Federal Communications Commission (FCC) and other US agencies failed to adequately oversee Chinese telecommunications companies operating in the US for more nearly 20 years. The report notes that the team of officials from the Departments of Justice, Homeland Security, and Defense who were supposed to monitor the Chinese-owned carriers had scant resources and no statutory authority.[Editor Comments][Pescatore] Over this same time frame, back in 2003 British Telecom selected Huawei for the UK national network upgrade, and the British government dedicated resources to (and required Huawei to help fund) the Huawei Cyber Security Evaluation Centre to test all software and firmware from Huawei before allowing in on production systems. The UK has mitigated the risk successfully for 17 years with that supply chain security approach.Read more in:
Senate: Portman, Carper: Bipartisan Report Reveals How Three Chinese Government-Owned Telecoms Operated in the U.S. for Nearly 20 Years with Little-to-No Oversight from the Federal Government
https://www.hsgac.senate.gov/subcommittees/investigations/media/portman-carper-bipartisan-report-reveals-how-three-chinese-government-owned-telecoms-operated-in-the-us-for-nearly-20-years-with-little-to-no-oversight-from-the-federal-government (https://www.hsgac.senate.gov/subcommittees/investigations/media/portman-carper-bipartisan-report-reveals-how-three-chinese-government-owned-telecoms-operated-in-the-us-for-nearly-20-years-with-little-to-no-oversight-from-the-federal-government)
HSGAC: Threats to U.S. Networks: Oversight of Chinese Government-Owned Carriers (PDF)
https://www.hsgac.senate.gov/imo/media/doc/2020-06-09%20PSI%20Staff%20Report%20-%20Threats%20to%20U.S.%20Communications%20Networks.pdf (https://www.hsgac.senate.gov/imo/media/doc/2020-06-09%20PSI%20Staff%20Report%20-%20Threats%20to%20U.S.%20Communications%20Networks.pdf)
Ars Technica: FCC failed to monitor Chinese telecoms for almost 20 years: Senate report
https://arstechnica.com/tech-policy/2020/06/fcc-failed-to-monitor-chinese-telecoms-for-almost-20-years-senate-report/ (https://arstechnica.com/tech-policy/2020/06/fcc-failed-to-monitor-chinese-telecoms-for-almost-20-years-senate-report/)
Cyberscoop: Shoddy US government review of Chinese telcos endangered national security, Senate panel finds
https://www.cyberscoop.com/chinese-telecommunications-national-security-team-telecom-senate/ (https://www.cyberscoop.com/chinese-telecommunications-national-security-team-telecom-senate/)
FNN: Investigation finds interagency group lacked authority to oversee Chinese telecom companies
https://federalnewsnetwork.com/technology-main/2020/06/investigation-finds-interagency-group-lacked-authority-to-oversee-chinese-telecom-companies/ (https://federalnewsnetwork.com/technology-main/2020/06/investigation-finds-interagency-group-lacked-authority-to-oversee-chinese-telecom-companies/)
GovInfosecurity: Senate Report: Chinese Telecoms Operated Without Oversight
https://www.govinfosecurity.com/senate-report-chinese-telecoms-operated-without-oversight-a-14409 (https://www.govinfosecurity.com/senate-report-chinese-telecoms-operated-without-oversight-a-14409)
-
Source: https://www.sans.org/newsletters/newsbites/xxii/46 (https://www.sans.org/newsletters/newsbites/xxii/46)
--Researchers Find Serious Security Issues in OmniBallot Online Voting System
(June 7 & 8, 2020)
Researchers from the Massachusetts Institute of Technology (MIT) and the University of Michigan have released a report detailing their findings about the security of the OmniBallot Internet voting and ballot delivery system. OnmiBallot, which is produced by Democracy Live, has been used in the past to let voters print ballots, complete them by hand, and return them by mail. For the 2020 election, the system will include online ballot return. The researchers, J. Alex Halderman and Michael Specter, write that the safest option is to avoid using OmniBallot. They note that OmniBallot is vulnerable to vote manipulation by malware on the voters device and by insiders or other attackers and that it appears not to have a privacy policy.[Editor Comments][Pescatore] Two analogies here: (1) A few years ago, I had rotator cuff surgery and the morning of the operation the surgeon came to the prep room with a black marker and wrote This arm and his signature on my right arm; (2) I have never seen, and never want to see, a traffic light that is showing green in all four directions. Errors in presidential elections are pretty much up there with operations on the wrong body part or cars colliding at intersections. There needs to be both manual mechanisms and auditing and safety interlocks built-in to any software-based voting system, just as it is built into surgical procedures even though we have Electronic Health Records, and in traffic signal controller hardware even though we have online light control systems. Every state has rigorous control of traffic lights and there are national standards for them, as well. Since election systems are considered part of the critical national infrastructure, they should be treated just as rigorously.[Neely] If you must use OmniBallot, the most secure option for remote voting remains printing, hand marking, and then returning a paper ballot by mail. The electronic ballot return mechanisms dont include sufficient anti-tampering protections, and even when printing paper ballots, if youre using the application to mark your ballot, OmniBallot collects and sends privacy information from the voters for tabulation. As electronic voting continues to move forward, rigorous testing and validation of security is essential to election integrity and voter confidence.[Murray] There is a fundamental flaw in all such systems. If one makes the ballot unique, even though it would require collusion between the issuer and the counter of ballots, the voter cannot be sure that it cannot be identified with him. Read more in:
Internet Policy: How to Protect Your Vote
https://internetpolicy.mit.edu/omniballot-advice/ (https://internetpolicy.mit.edu/omniballot-advice/)
Internet Policy: Security Analysis of the Democracy Live Online Voting System (PDF)
https://internetpolicy.mit.edu/wp-content/uploads/2020/06/OmniBallot.pdf (https://internetpolicy.mit.edu/wp-content/uploads/2020/06/OmniBallot.pdf)
Statescoop: Researchers say OmniBallot online voting platform is vulnerable to manipulation
https://statescoop.com/researchers-say-omniballot-online-voting-platform-is-vulnerable-to-manipulation/ (https://statescoop.com/researchers-say-omniballot-online-voting-platform-is-vulnerable-to-manipulation/)
NYT: Amid Pandemic and Upheaval, New Cyberthreats to the Presidential Election
https://www.nytimes.com/2020/06/07/us/politics/remote-voting-hacking-coronavirus.html (https://www.nytimes.com/2020/06/07/us/politics/remote-voting-hacking-coronavirus.html)
-
It's not a bug, it's a feature.
Source: https://www.sans.org/newsletters/newsbites/xxii/46 (https://www.sans.org/newsletters/newsbites/xxii/46)
--Researchers Find Serious Security Issues in OmniBallot Online Voting System
(June 7 & 8, 2020)
Researchers from the Massachusetts Institute of Technology (MIT) and the University of Michigan have released a report detailing their findings about the security of the OmniBallot Internet voting and ballot delivery system. OnmiBallot, which is produced by Democracy Live, has been used in the past to let voters print ballots, complete them by hand, and return them by mail. For the 2020 election, the system will include online ballot return. The researchers, J. Alex Halderman and Michael Specter, write that the safest option is to avoid using OmniBallot. They note that OmniBallot is vulnerable to vote manipulation by malware on the voters device and by insiders or other attackers and that it appears not to have a privacy policy.[Editor Comments][Pescatore] Two analogies here: (1) A few years ago, I had rotator cuff surgery and the morning of the operation the surgeon came to the prep room with a black marker and wrote This arm and his signature on my right arm; (2) I have never seen, and never want to see, a traffic light that is showing green in all four directions. Errors in presidential elections are pretty much up there with operations on the wrong body part or cars colliding at intersections. There needs to be both manual mechanisms and auditing and safety interlocks built-in to any software-based voting system, just as it is built into surgical procedures even though we have Electronic Health Records, and in traffic signal controller hardware even though we have online light control systems. Every state has rigorous control of traffic lights and there are national standards for them, as well. Since election systems are considered part of the critical national infrastructure, they should be treated just as rigorously.[Neely] If you must use OmniBallot, the most secure option for remote voting remains printing, hand marking, and then returning a paper ballot by mail. The electronic ballot return mechanisms dont include sufficient anti-tampering protections, and even when printing paper ballots, if youre using the application to mark your ballot, OmniBallot collects and sends privacy information from the voters for tabulation. As electronic voting continues to move forward, rigorous testing and validation of security is essential to election integrity and voter confidence.[Murray] There is a fundamental flaw in all such systems. If one makes the ballot unique, even though it would require collusion between the issuer and the counter of ballots, the voter cannot be sure that it cannot be identified with him. Read more in:
Internet Policy: How to Protect Your Vote
https://internetpolicy.mit.edu/omniballot-advice/ (https://internetpolicy.mit.edu/omniballot-advice/)
Internet Policy: Security Analysis of the Democracy Live Online Voting System (PDF)
https://internetpolicy.mit.edu/wp-content/uploads/2020/06/OmniBallot.pdf (https://internetpolicy.mit.edu/wp-content/uploads/2020/06/OmniBallot.pdf)
Statescoop: Researchers say OmniBallot online voting platform is vulnerable to manipulation
https://statescoop.com/researchers-say-omniballot-online-voting-platform-is-vulnerable-to-manipulation/ (https://statescoop.com/researchers-say-omniballot-online-voting-platform-is-vulnerable-to-manipulation/)
NYT: Amid Pandemic and Upheaval, New Cyberthreats to the Presidential Election
https://www.nytimes.com/2020/06/07/us/politics/remote-voting-hacking-coronavirus.html (https://www.nytimes.com/2020/06/07/us/politics/remote-voting-hacking-coronavirus.html)
-
https://www.defenseone.com/technology/2020/07/defense-bill-could-rewrite-how-us-does-cyber-defense/166806/?oref=defenseone_today_nl
-
https://www.businessinsider.com/nearly-half-of-reopen-america-twitter-accounts-are-bots-report-2020-5
-
n a Win for the U.S., the U.K. Moves to Oust Huawei From Its 5G Rollout
Jul 15, 2020 | 10:00 GMT
A view of Huawei’s U.K. headquarters in Reading, England.
A view of Huawei’s U.K. headquarters in Reading, England.
(Leon Neal/Getty Images)
The United Kingdom's move to oust Chinese tech giant Huawei from its telecommunications networks in the coming years will not only impede the country's 5G rollout, but will further dim hopes for a U.K.-China trade deal that could help London expand its economic relationships beyond Europe post-Brexit. But the decision nonetheless marks a significant victory for the United States, which has been pressuring its European allies to purge Huawei from their 5G infrastructure -- especially if the British ban ends up being replicated elsewhere on the Continent. ...
-
https://news.yahoo.com/secret-trump-order-gives-cia-more-powers-to-launch-cyberattacks-090015219.html
-
By Nathaniel Popper and Kate Conger
July 17, 2020
Updated 8:35 p.m. ET
OAKLAND, Calif. — A Twitter hacking scheme that targeted political, corporate and cultural elites this week began with a teasing message between two hackers late Tuesday on the online messaging platform Discord.
“yoo bro,” wrote a user named “Kirk,” according to a screenshot of the conversation shared with The New York Times. “i work at twitter / don’t show this to anyone / seriously.”
He then demonstrated that he could take control of valuable Twitter accounts — the sort of thing that would require insider access to the company’s computer network.
The hacker who received the message, using the screen name “lol,” decided over the next 24 hours that Kirk did not actually work for Twitter because he was too willing to damage the company. But Kirk did have access to Twitter’s most sensitive tools, which allowed him to take control of almost any Twitter account, including those of former President Barack Obama, Joseph R. Biden Jr., Elon Musk and many other celebrities.
Despite global attention on the intrusion, which has shaken confidence in Twitter and the security provided by other technology companies, the basic details of who were responsible, and how they did it, have been a mystery. Officials are still in the early stages of their investigation.
But four people who participated in the scheme spoke with The Times and shared numerous logs and screen shots of the conversations they had on Tuesday and Wednesday, demonstrating their involvement both before and after the hack became public.
The interviews indicate that the attack was not the work of a single country like Russia or a sophisticated group of hackers. Instead, it was done by a group of young people — one of whom says he lives at home with his mother — who got to know one another because of their obsession with owning early or unusual screen names, particularly one letter or number, like @y or @6.
The Times verified that the four people were connected to the hack by matching their social media and cryptocurrency accounts to accounts that were involved with the events on Wednesday. They also presented corroborating evidence of their involvement, like the logs from their conversations on Discord, a messaging platform popular with gamers and hackers, and Twitter.
Playing a central role in the attack was Kirk, who was taking money in and out of the same Bitcoin address as the day went on, according to an analysis of the Bitcoin transactions by The Times, with assistance from the research firm Chainalysis.
But the identity of Kirk, his motivation and whether he shared his access to Twitter with anyone else remain a mystery even to the people who worked with him. It is still unclear how much Kirk used his access to the accounts of people like Mr. Biden and Mr. Musk to gain more privileged information, like their private conversations on Twitter.
The hacker “lol” and another one he worked with, who went by the screen name “ever so anxious,” told The Times that they wanted to talk about their work with Kirk in order to prove that they had only facilitated the purchases and takeovers of lesser-known Twitter addresses early in the day. They said they had not continued to work with Kirk once he began more high-profile attacks around 3:30 p.m. Eastern time on Wednesday.
“I just wanted to tell you my story because i think you might be able to clear some thing up about me and ever so anxious,” “lol” said in a chat on Discord, where he shared all the logs of his conversation with Kirk and proved his ownership of the cryptocurrency accounts he used to transact with Kirk.
“lol” did not confirm his real-world identity, but said he lived on the West Coast and was in his 20s. “ever so anxious” said he was 19 and lived in the south of England with his mother.
Investigators looking into the attacks said several of the details given by the hackers lined up with what they have learned so far, including Kirk’s involvement both in the big hacks later in the day and the lower-profile attacks early on Wednesday.
The Times was initially put in touch with the hackers by a security researcher in California, Haseeb Awan, who was communicating with them because, he said, a number of them had previously targeted him and a Bitcoin-related company he once owned. They also unsuccessfully targeted his current company, Efani, a secure phone provider.
The user known as Kirk did not have much of a reputation in hacker circles before Wednesday. His profile on Discord had been created only on July 7.
But “lol” and “ever so anxious” were well known on the website OGusers.com, where hackers have met for years to buy and sell valuable social media screen names, security experts said.
For online gamers, Twitter users and hackers, so-called O.G. user names — usually a short word or even a number — are hotly desired. These eye-catching handles are often snapped up by early adopters of a new online platform, the “original gangsters” of a fresh app.
Users who arrive on the platform later often crave the credibility of an O.G. user name, and will pay thousands of dollars to hackers who steal them from their original owners.
Image
A conversation between “ever so anxious” and Kirk regarding Twitter accounts for sale. A cryptocurrency account address has been redacted from the screenshot.
A conversation between “ever so anxious” and Kirk regarding Twitter accounts for sale. A cryptocurrency account address has been redacted from the screenshot.
Kirk connected with “lol” late Tuesday and then “ever so anxious” on Discord early on Wednesday, and asked if they wanted to be his middlemen, selling Twitter accounts to the online underworld where they were known. They would take a cut from each transaction.
In one of the first transactions, “lol” brokered a deal for someone who was willing to pay $1,500, in Bitcoin, for the Twitter user name @y. The money went to the same Bitcoin wallet that Kirk used later in the day when he got payments from hacking the Twitter accounts of celebrities, the public ledger of Bitcoin transactions shows.
The group posted an ad on OGusers.com, offering Twitter handles in exchange for Bitcoin. “ever so anxious” took the screen name @anxious, which he had long coveted. (His personalized details still sit atop the suspended account.)
“i just kinda found it cool having a username that other people would want,” “ever so anxious” said in a chat with The Times.
As the morning went on, customers poured in and the prices that Kirk demanded went up. He also demonstrated how much access he had to Twitter’s systems. He was able to quickly change the most fundamental security settings on any user name and sent out pictures of Twitter’s internal dashboards as proof that he had taken control of the requested accounts.
The group handed over @dark, @w, @l, @50 and @vague, among many others.
ImageA screenshot, sent out by Kirk after he gave a customer access to an account, showing Twitter’s back end for the @R9 account.
A screenshot, sent out by Kirk after he gave a customer access to an account, showing Twitter’s back end for the @R9 account.
One of their customers was another well-known figure among hackers dealing in user names — a young man known as “PlugWalkJoe.” On Thursday, PlugWalkJoe was the subject of an article by the security journalist Brian Krebs, who identified the hacker as a key player in the Twitter intrusion.
Discord logs show that while PlugWalkJoe acquired the Twitter account @6 through “ever so anxious,” and briefly personalized it, he was not otherwise involved in the conversation. PlugWalkJoe, who said his real name is Joseph O’Connor, added in an interview with The Times that he had been getting a massage near his current home in Spain as the events occurred.
“I don’t care,” said Mr. O’Connor, who said he was 21 and British. “They can come arrest me. I would laugh at them. I haven’t done anything.”
Mr. O'Connor said other hackers had informed him that Kirk got access to the Twitter credentials when he found a way into Twitter’s internal Slack messaging channel and saw them posted there, along with a service that gave him access to the company’s servers. People investigating the case said that was consistent with what they had learned so far. A Twitter spokesman declined to comment, citing the active investigation.
All of the transactions involving “lol” and “ever so anxious” took place before the world knew what was going on. But shortly before 3:30 p.m., tweets from the biggest cryptocurrency companies, like Coinbase, started asking for Bitcoin donations to the site cryptoforhealth.com.
“we just hit cb,” an abbreviation for Coinbase, Kirk wrote to “lol” on Discord a minute after taking over the company’s Twitter account.
The public ledger of Bitcoin transactions shows that the Bitcoin wallet that paid to set up cryptoforhealth.com was the wallet that Kirk had been using all morning, according to three investigators, who said they could not speak on the record because of the open investigation.
In several messages on Wednesday morning, “ever so anxious” talked about his need to get some sleep, given that it was later in the day in England. Shortly before the big hacks began, he sent a phone message to his girlfriend saying, “nap time nap time,” and he disappeared from the Discord logs.
Kirk quickly escalated his efforts, posting a message from accounts belonging to celebrities like Kanye West and tech titans like Jeff Bezos: Send Bitcoin to a specific account and your money would be sent back, doubled.
Shortly after 6 p.m., Twitter seemed to catch up with the attacker, and the messages stopped. But the company had to turn off access for broad swaths of users, and days later the company is still piecing together what happened.
When “ever so anxious” woke up just after 2:30 a.m. in Britain, he looked online, saw what had happened and sent a disappointed message to his fellow middleman, “lol.”
“i’m not sad more just annoyed. i mean he only made 20 btc,” he said, referring to Kirk’s Bitcoin profits from the scam, which translated to about $180,000.
Kirk, whoever he was, had stopped responding to his middlemen and had disappeared.
-
https://www.reuters.com/article/us-cyber-deepfake-activist-idUSKCN24G15E?utm_source=pocket-newtabDeepfake
-
UK, Canada, and US Say Russian Hackers are Targeting COVID-19 Vaccine Research
(July 16, 2020)
In a joint advisory, government officials from the UK, Canada, and the US said that hackers with ties to Russia have been targeting organizations conducting research on COVID-19 vaccines. Suggestions for mitigating the risk of attack include keeping devices and networks up-to-date; implementing multi-factor authentication; and preventing and detecting lateral movement in networks.
Read more in:
- www.ncsc.gov.uk (http://www.ncsc.gov.uk): Advisory: APT29 targets COVID-19 vaccine development (introduction)
- www.ncsc.gov.uk (http://www.ncsc.gov.uk): Advisory: APT29 targets COVID-19 vaccine development (full advisory: PDF)
- duo.com: Russian Attackers Target COVID-19 Vaccine Research
- www.vice.com (http://www.vice.com): Russia Is Trying to Hack COVID-19 Vaccine Development
- www.meritalk.com (http://www.meritalk.com): U.S., UK, Canada Warn Against Russian-Led COVID R&D/Vaccine Attacks
- www.theregister.com (http://www.theregister.com): FYI Russia is totally hacking the West's labs in search of COVID-19 vaccine files, say UK, US, Canada cyber-spies
- www.cyberscoop.com (http://www.cyberscoop.com): Russian government hackers targeting coronavirus vaccine research, UK, US and Canada warn
-
Two hackers from Chengdu who worked under the guidance of a Ministry of State Security handler to steal military technology, PII, medical research, and, starting in February 2020, COVID-19 related research.
Chinese "COVID-19" Hackers indicted after 11 year hacking spree
http://garwarner.blogspot.com/2020/07/chinese-covid-19-hackers-indicted-after.html (http://garwarner.blogspot.com/2020/07/chinese-covid-19-hackers-indicted-after.html)
Two Chinese Hackers Working with the Ministry of State Security Charged with Global Computer Intrusion Campaign Targeting Intellectual Property and Confidential Business Information, Including COVID-19 Research
https://www.justice.gov/opa/pr/two-chinese-hackers-working-ministry-state-security-charged-global-computer-intrusion (https://www.justice.gov/opa/pr/two-chinese-hackers-working-ministry-state-security-charged-global-computer-intrusion)
Indictment
https://www.justice.gov/opa/press-release/file/1295981/download (https://www.justice.gov/opa/press-release/file/1295981/download)
-
Too Interconnected to Fail
The next systemic crisis may start not in a bank or other financial institution but in the cloud.
By Jonathan Welburn and Aaron Strong
July 23, 2020 12:55 pm ET
SAVE
PRINT
TEXT
27
ILLUSTRATION: CHAD CROWE
The 2007-08 financial crisis made regulators and lawmakers acutely aware that some financial institutions had become too big to fail. The next big economic crisis may arise outside the financial sector, in highly networked companies that are too interconnected to fail.
In January, we published a report that examined the connections between all types of enterprises in the U.S. economy. We discovered many nonfinance firms whose failure could cause major economic fallout.
Economists have previously modeled networks at the level of sectors or looked at networks within the financial sector. But firm-to-firm networks haven’t gotten much study, probably because there isn’t much readily accessible data. Our analysis addressed this challenge with a two-step process. First, we downloaded the long Securities and Exchange Commission Form 10-K filings of all public companies. On that form, each firm must list every other firm that represents more than 10% of its revenue as either a customer or supplier. We extracted all those data. Then, we used statistical inference techniques to estimate the likely unobserved connections.
This mix of traditional economics and data science let us see how firms are connected within a network across sectors—and thus which ones represent central hubs of the economy. The most-connected companies, if hit with a seemingly isolated revenue shock, could cause outsize losses to the whole U.S. economy. Some are banks, but most aren’t. In fact, businesses in tech ( Amazon, Apple ) and telecom ( Comcast, AT&T ) topped the list.
OPINION LIVE Q&A
Are the U.S. and China Headed for a New Cold War?
Join WSJ Opinion’s Paul Gigot, Jillian Melchior and Jason Willick for a live online discussion and Q&A on China-U.S. relations on Thursday, July 30. Register Now with WSJ+
This means systemic risks can pop up in new places, such as the hidden backbones of widely used services. A 2016 cyberattack on Dyn, a company that provides domain-name services for a large share of the internet, should have been the wake-up call. When Dyn went down, it took all its customers with it. For several hours, Netflix, PayPal, the BBC, parts of this newspaper’s website and many others were offline.
The consolidation of risks from many companies into a single point—Dyn’s domain-name system—might provoke some recession déjà vu. Those familiar with the minutiae of the 2007-08 financial crisis (or fans of “The Big Short”) remember the importance of derivative securities, securitization and perhaps collateralized debt obligations. CDOs consolidated and repackaged risky household loans into financial products that, through the magic of aggregation, were less risky than the individual loans themselves. At least so it appeared. In reality, these risks were correlated—leading to cascading effects when things started to go bad.
Amazon Web Services is a prime example of a networked firm and is, through the same mechanism, creating new systemic risks. AWS has millions of customers, including Verizon, BP and Facebook ; each mitigate their own cyber and data risks by relying on AWS. For small risks—fires or floods that harm a single data center, cyberattacks that take down a single website—the large distributed network behind AWS’s cloud-computing service provides a more robust solution.
Just like CDOs, however, the cascading network effects present a much larger risk to the whole economy. A single disruption to AWS, perhaps due to a large-scale cyberattack, would instantly be a cross-sector problem, potentially shutting down swaths of the economy. And private enterprises wouldn’t be the only ones affected: GovCloud, a tailor-made version of AWS, provides cloud services for the Defense and Justice departments and the Internal Revenue Service.
Covid-19 caused many people to adopt new routines for working and socializing from home. Concurrently, Amazon’s importance to the economy has soared. Consider a typical day in the pandemic economy: working from home, collaborating with colleagues via Slack, holding meetings through Zoom, ordering food via DoorDash, watching a show on Netflix. Each of these activities represents the new business success story of the post-Covid-19 economy. Each relies on Amazon services to do so.
These types of heavily interconnected enterprises will drive the global economy in the next decade. Our analysis found that companies such as Workday, a provider of human-resource and payroll services, provide essential background services and are central to keeping the economy running. But they may also be consolidating risk, becoming the CDOs of today.
The highly networked nature of the economy has the potential to amplify known sources of systemic risks and add new ones. The novel coronavirus is the current example. The next might be a severe weather event or a major cyberattack.
Although no one can predict the next crisis, we can anticipate how shocks ripple through the economy. Advanced economic modeling can locate the central nodes in the network—those that, if disrupted, will lead to significant economic damage. After the Covid-19 pandemic, which is accelerating the transition to a virtual economy, policy makers need to broaden their definition of systemic risk.
Mr. Welburn is a researcher in operations research and computational economics and Mr. Strong is an economist at the RAND Corp. Both are also professors at the Pardee RAND Graduate School.
-
Long serious read, despite some glib passages-- what I get is that China Joe will be a pussy:
SolarWinds Will Spur Biden Into Action on State-Backed Cyber Threats
10 MINS READ
Dec 30, 2020 | 21:25 GMT
A poster showing six Russian intelligence officers charged with carrying out global cyberattacks is displayed before a news conference at the U.S. Department of Justice on Oct. 19, 2020, in Washington D.C.
HIGHLIGHTS
The recent SolarWinds hack will prompt U.S. President-elect Joe Biden to increase Washington’s cyber resources and, potentially, its offensive capabilities in order to better deter against future cyberattacks by Russia, as well as other state actors. This intensified focus on state-backed cyber threats will likely include more U.S. investments into cyber defense over the next four years. The Biden White House will also continue to deploy sanctions against assailant countries, though such sanctions will likely be narrow in scope for fear of stoking aggressive retaliatory measures against U.S. entities and causing significant economic damage to countries like Russia and China that are essential to the global economy. ...
The recent SolarWinds hack will prompt U.S. President-elect Joe Biden to increase Washington’s cyber resources and, potentially, its offensive capabilities in order to better deter against future cyberattacks by Russia, as well as other state actors. This intensified focus on state-backed cyber threats will likely include more U.S. investments into cyber defense over the next four years. The Biden White House will also continue to deploy sanctions against assailant countries, though such sanctions will likely be narrow in scope for fear of stoking aggressive retaliatory measures against U.S. entities and causing significant economic damage to countries like Russia and China that are essential to the global economy.
U.S. Adversaries Take Their Fight Online
The SolarWinds breach has exposed the United States’ vulnerability to large-scale supply chain hacks. The suspected Russia-linked attack also highlights the escalation of state-sponsored cyber activities against U.S. interests. Top security officials and independent experts alike have indicated that Russia was involved in the attack, which used “trojanized” updates to SolarWinds’ Orion IT monitoring and management software that were posted on the company’s website. Once uploaded, the trojanized update would run code creating a backdoor into the compromised systems that hackers could then exploit for credential theft and other malicious activities.
The hackers also took multiple steps in trying to remain hidden, such as removing the backdoors once they had established legitimate remote access to servers.t.
In its initial study of the breach, Microsoft suggested that the use of a digitally signed file suggested that the hackers likely had entry to early builds of the software, as well as access to SolarWinds software development and/or distribution process.
This approach illustrates how a state actor, such as Russia, can leverage comprehensive technical expertise, along with intelligence collection and operation resources, to gain sustained access to systems employing compromised software.
Like Russia, China, North Korea and Iran are all investing heavily in ramping up their cyber activity and capabilities. China also remains very active in cyber industrial espionage, as evidenced by the increase in cyber activity targeting COVID-19 vaccine research and the U.S. Department of Justice (DOJ)’s July indictment of two Chinese officials over that activity in July. Iranian-backed cyber activity showcased a leap in capabilities and intent this year as well, when it conducted an attack targeting Israeli water infrastructure. Iran has been trying to target industrial control systems for years, but the 2020 hack was the first publicly known successful attack linked to Iran that resulted in affecting industrial control systems.
Biden’s Response to State-Backed Threats
The magnitude of the SolarWinds attack and President Donald Trump’s reticence to assign responsibility to Russia will probably prompt Biden to act swiftly upon taking office. In the wake of the SolarWinds hack, Trump posted a series of tweets between Dec. 18-19 in which he downplayed the threat posed by attack, as well as Russia’s involvement. The Biden administration, however, will likely at least sanction Russian entities and individuals involved in the planning and carrying out of the attack, if they can be identified and linked to it. Under Biden, the DOJ will also likely press legal charges against those involved. A retaliatory U.S. cyberattack against Russia could be reviewed as an additional option to signal a firm resolve against such activities. Such actions alone would not necessarily set a new precedent, as Trump has also signed off on several rounds of sanctions and retaliatory attacks in response to Russian cyberattacks during his term. But Biden will be more aggressive in publicly blaming Russia for such attacks, as well as swifter in his response.
Under Trump, the U.S. Treasury Department has sanctioned more than 30 Russian entities and individuals involved in Russian cyber activity, interference in the 2016 election, the 2017 NotPetya attack and the global deployment of the Triton malware.
The New York Times reported in 2019 that the Trump administration had stepped up cyber activity against the Russian power grid.
On Dec. 17, Biden said there would be “financial repercussions” on “individuals as well as entities” involved in the SolarWinds attack. On Dec. 20, his incoming chief of staff Ron Klain said that the U.S. response would not involve “just sanctions.”
Biden will likely review federal institutional capacity in search of ways to increase the defensive cyber capabilities, as well as inter-agency coordination. Biden will probably reverse decisions made by his predecessor’s administration, which included removing the cybersecurity coordinating position on the National Security Council. The original 2021 National Defense Authorization Act — which was vetoed by Trump on Dec. 23 — creates a Senate-confirmed position for coordinating U.S. cybersecurity policy. It is not clear whether Biden will consider any of the more aggressive and controversial proposals for reforms following the SolarWinds attack, which include splitting the United States Cyber Command from the National Security Agency.
The Biden administration will probably funnel additional budget resources toward cyber programs, while also seeking to increase private-public coordination and detection. Budget requests are likely to have bipartisan funding support in the wake of the SolarWinds attack. Such support has already increased following concern over Russian interference in the 2016 election, resulting in actions such as the 2018 creation of the Cybersecurity and Infrastructure Security Agency (CISA) under the Department of Homeland Security. Biden is likely to push for more bipartisan legislation to boost CISA funding, strengthen its independent status and possibly its statutory role. Bipartisan efforts will likely also be able to overcome gridlock in Congress that will otherwise limit most of Biden’s legislative agenda.
Washington will also likely review offensive cyber operations and an aggressive cyber strategy to build deterrence. But substantial reform surrounding the way that the U.S. treats cybersecurity akin to that in the wake of 9/11 is unlikely. While the SolarWinds attack has been a wake-up call for the need to boost cyber defenses, it does not appear, at least now, to have had enough of an impact to necessitate such reforms. Biden will probably walk back some of the cyber freedoms Trump gave the U.S. military and intelligence community, but stop short of reverting to the cumbersome policy review process overseen by former U.S. President Barack Obama.
The Biden administration will continue to use targeted sanctions and DOJ investigations as a diplomatic response tool. The U.S. Congress and previous presidents have a long-standing history of using travel bans, diplomatic expulsions, asset freezes and other forms of sanctions against Russian, Iranian, North Korean and Chinese hackers carrying out cyberattacks against the United States. Such targets typically include fronts being used to carry out attacks, as well as individuals and specific government agencies behind attacks. The Biden administration will likely continue such practices, starting first with a response to the SolarWInds attack.
Limits to Deterring and Mitigating Cyberattacks
The rapid evolution of cyber capabilities, along with Washington’s reluctance to accept collateral economic and political damage associated with stringent sanctions, will limit Biden’s policy options for eroding cyber threats. Many of the individuals and entities involved in carrying out attacks have limited assets in the United States and the West, making the impact of financial sanctions relatively small. In order to cause significant economic harm, U.S. sanctions would thus need to target the assailant country’s broader economy, like those the Trump administration has imposed against Iran’s oil exports. These sanctions, however, are typically only reserved for what the United States views as rogue states: Iran, Venezuela, Cuba and North Korea. Imposing such sweeping sanctions against China — the United States’ largest trading partner — would have catastrophic repercussions for the U.S. economy. And imposing such sanctions against Russia would have similarly severe political repercussions for U.S. foreign policy, given Moscow’s place as a permanent member of the U.N. Security Council.
For Iran and North Korea, there are few significant areas of economic activity that the United States hasn’t already sanctioned. Further sanctions on both countries would thus have a limited impact on their respective cyber strategies.
Offensive cyber strategies also have yet to prove successful in actually deterring state-backed cyberattacks like the SolarWinds hack, which have only increased in scope, sophistication and frequency in recent years. The United States and other Western countries have been increasing their offensive cyber operations over the last five years. But this has yet to result in any noticeable decrease in cyber activities by their adversaries. It is possible that deterrence through or the displayed threat of offensive operations has been more effective in dissuading attacks against critical infrastructure and sensitive military targets like nuclear command and control. But it appears financially damaging attacks, as well as intrusive attacks targeting information theft, remain undeterred by the threats and retaliatory actions Western governments have so far deployed.
Beyond deterrence through cyber operations, other U.S. policy frameworks have only reinforced other states’ willingness to launch attacks against the United States. For China, in particular, Washington’s overall economic strategy of cutting off its access to U.S. technology has augmented Beijing’s need to carry out cyberattacks related to industrial espionage.
The United States is also more constrained in the types of cyber activity that it is willing to take due to legal norms at home and potential domestic blowback if such activity provokes a more significant response by Russia or China. This reduces the United States’ risk tolerance in any attacks that could be aimed at boosting deterrence.
The growth of digitized industries in the world’s largest economies also increases the number of potential targets and vulnerabilities that state-backed hackers can exploit. Hardening certain infrastructure from cyberattacks will raise the cost of successfully penetrating them, but only certain systems can be hardened significantly. And most of the United States’ economically important potential targets, such as those related to internet services and technology, are also some of the most connected to cyberspace. New technologies on the horizon, such as the use of artificial intelligence to more swiftly and effectively penetrate systems, will provide yet more opportunities for state-backed hackers to exploit as well.
The New Normal of Constant Cyberattacks
The failure to deter or prevent future state-sponsored cyber threats will drive up the costs of mitigating and dealing with attacks, which is likely to increase global pressure for multilateral consensus to address such activity. The inability to deter state-backed cyber attacks will also increase Russia and China’s efforts to use such strategies to access intelligence and, increasingly, conduct industrial espionage. Trade secret theft through cyber means will, in turn, become a growing threat, particularly from China. Critical infrastructure and other strategic networks will also see significant intrusions, although it is unlikely that the most capable cyber actors (Russia and China) will attempt to inflict physical damage on such infrastructure.
According to a report released in November by cybercrime researcher Cybersecurity Ventures, the annual cost to the global economy of all cybercrime (including state-backed cyber activity) will grow 15 percent annually over the next five years, totaling $10.5 trillion by 2025.
The growing prevalence of cyberattacks, as well as the increase in the number of countries capable of conducting them, will continue to drive the United States, Russia, Europe and China to establish norms governing the global cyber domain. Such cyber norms could limit escalation risks by more clearly delineating the different kinds of cyber activity and what qualifies as an appropriate response to each. Previous efforts to negotiate global cybersecurity standards, however, have failed to gain backing from the United States, Russia, Europe and China – the four biggest economies and cyber actors. The scope of current U.N.-led talks on cyber threats is not conducive to a deal as it includes aspects of cyberspace governance well beyond cyberattacks. But narrower talks may be possible in the future as attacks continue to mount. The prospect of an arms control-type treaty or pact around cyber activity, meanwhile, will continue to gain momentum outside Russia, China and the United States as well. But negotiations regarding such a treaty are unlikely unless a significant and economically damaging cyber attack occurs.
-
https://www.theepochtimes.com/us-turns-tide-on-huawei-ending-ccps-5g-master-plan_3636682.html?utm_source=morningbrief&utm_medium=email&utm_campaign=mb-2020-12-30
-
https://video.foxbusiness.com/v/6217260158001/#sp=show-clips
Seems like most claim it is from Russia
not clear why Trump is not saying
who is thought to have done it or why he silent about it in public
I am assuming they will make moves rather then tip our hat ahead of time
and of course formulating battle response plans as we speak
-
https://www.collegemagazine.com/a-bitter-memory-holocaust-survivors-and-their-tattoos/
https://nerdist.com/article/invisible-tattoos-vaccination-records-tracking/
http://ace.mu.nu/archives/393392.php
-
India reaches out. India is reportedly concerned about major vulnerabilities in its defense infrastructure to potential Chinese cyberattacks. As a result, it’s been reaching out to the U.S. for help, holding talks on the matter during U.S. Defense Secretary Lloyd Austin’s visit to New Delhi last month. China sees asymmetric cyberattacks as critical to leveling the military playing field with the U.S. and its friends.
-
https://www.zerohedge.com/markets/massive-shadowy-darpa-linked-company-took-over-chunk-pentagons-internet-inauguration-day?utm_campaign=&utm_content=Zerohedge%3A+The+Durden+Dispatch&utm_medium=email&utm_source=zh_newsletter
-
https://krebsonsecurity.com/2021/05/darkside-ransomware-gang-quits-after-servers-bitcoin-stash-seized/
-
https://washingtontimes-dc.newsmemory.com/?token=9a5d44f3a3dc36069d8ccf990f061708_60d08f55_6d25b5f&selDate=20210621
-
https://www.foxbusiness.com/politics/microsoft-exec-details-frightening-doj-abuse-of-secret-requests-for-americans-data-in-hearing?fbclid=IwAR0Jvst44hgpX_qmKHxOo3hHsspQE-RoTTPZ6xIxj6t-oPCxkUg1jsh6R8Q
-
Crime and Technology, Part I: Secure Communication Platforms
undefined and Global Security Analyst
Ben West
Global Security Analyst, Stratfor
15 MIN READJun 30, 2021 | 10:00 GMT
(Shutterstock)
Editor's Note: Criminals have always been relatively quick to adopt new technology. From bootleggers assembling fleets of motorized vehicles in the 1930s for the transport of illegal alcohol to drug traffickers exploiting commercial airliners to transport cocaine from South America in the 1960s, technology has always created opportunities for criminals. The current era is no exception, and criminals are quickly adopting technology to help them communicate in secrecy, sell their illicit wares in virtual marketplaces, and send and receive payments through new forms of currency. The technologies are helping criminal organizations conduct traditional activities (such as drug trafficking) more efficiently and creating entirely new fields of criminal activity, such as ransomware attacks and off-the-shelf tools to facilitate cyberattacks.
But with new technology comes new vulnerabilities, and law enforcement agencies around the world are demonstrating that they can also harness the efficiencies of new technology to counter criminal activity. In this three-part series on crime and technology, we will explore how criminals are adopting new forms of communication to coordinate criminal activity, new marketplaces for selling illicit wares and new ways to facilitate payments that cater to a more virtual market. Each analysis will explore how criminals use the technology in question, how it makes them vulnerable to detection and what to expect in the future. First, we consider how criminals use secure communication platforms to coordinate activity across organizations and around the world, and how those same platforms can make them vulnerable.
Secure, private communications platforms are proliferating as more people around the world seek out ways to stay connected to others while also being discreet about what information they share with whom. Every week seemingly brings new revelations about ostensibly private information being compromised in a data breach, hostile cyberattack, government surveillance operation or from private companies gleaning personal details about their users. Concern for privacy has driven demand for mainstream platforms like WhatsApp and iMessage, which allow individuals and groups to share information through encrypted channels. Encrypted messaging platforms are attractive in business and commercial dealings, allowing users to hash out details on a transaction, share invoices and arrange transfers of goods and services in a convenient and relatively secure fashion.
The privacy provided by mainstream services like WhatsApp and iMessage is not sacrosanct. Such platforms are operated by major companies — in these cases, Facebook and Apple, respectively — that fall under U.S. legal jurisdiction. If law enforcement authorities have reason to suspect individuals are conducting illegal activity on the messaging platforms, they can file requests for information with the company in order to get details that could facilitate legal charges and arrests. While companies tout the privacy provided by their products, they also have a reputation to uphold and would not benefit from being associated with drug trafficking, child pornography, threats of violence or other illicit activities. In short, there is a limit to the privacy large companies tolerate on their services.
Just as encrypted messaging services benefit legitimate business and commercial activity, criminal and terrorist groups also stand to gain from them. Public debate over the legality of encrypted communications and secure electronic devices accelerated after the 2015 San Bernardino terrorist attack, when a husband and wife team slew 14 people before law enforcement killed them. Despite law enforcement appeals to Apple to help them unlock an iPhone belonging to one of the attackers, Apple refused, arguing that it would not compromise user privacy to help with the investigation. The FBI eventually gained access to the phone with the help of a third party.
The San Bernardino attack and resulting investigation elevated public awareness of encryption and the limits of personal privacy on electronic devices. Even though Apple held its ground on protecting user privacy, it became clear that U.S. authorities had legal avenues to try to compel compliance and/or break the encryption that supported that privacy. This development accelerated criminals' adoption of more niche apps and services to ensure security and privacy above and beyond the encrypted messaging service apps widely used by the general public.
How Criminals Use Encrypted Communication Tech
Criminals undoubtedly continue to use mainstream communication platforms, despite the security vulnerabilities, because they are cheap, easy to access and allow them to communicate with a wide audience. As of May 2021, WhatsApp had 2.5 billion users in over 100 countries, making it the most used encrypted communications app in the world. There are an estimated 1.3 billion active iMessage users; another popular encrypted messaging app, Telegram, has 500 million users. Criminals have exploited the huge markets they can access through popular messaging services to sell their illicit products.
A research group affiliated with Norton Cybersecurity published a report in 2021 outlining how criminals use Telegram to sell everything from counterfeit documents to personally identifiable information to cyber malware that facilitates online criminal activity such as distributed denial of service and ransomware attacks.
A federal investigation in 2020 dismantled an opioid and fentanyl trafficking operation on the East Coast that at least partially relied on iMessages for coordination.
In 2019, Insight Crime reported that street gangs in Mexico were using WhatsApp to advertise drug sales, list prices, availability and arrange delivery.
As demonstrated in the examples above, despite these apps' heightened privacy settings due to encryption, criminal activity is still fairly easily discoverable — by both independent researchers and legal authorities. Because apps like WhatsApp and iMessage are widely available, criminal actors conducting illegal activities over the platforms can never really be sure of who they are dealing with: police officers can pose as buyers or business partners on messaging apps more easily than they can in the physical world.
In order to provide a deeper level of security, a new group of encrypted messaging services has emerged over the past five years. Such services do not aim to be the next WhatsApp, iMessage or even Telegram, but instead, they work to remain unknown except to the small number of people who use them. Since 2018, law enforcement agencies have taken down three such services: Phantom Secure, EncroChat and Sky Global. They have all followed similar strategies to provide next-level security in electronic communications. Services used widely available electronic devices, stripped them down to only the most essential components (removing cameras, microphones, GPS devices or other components that could jeopardize the user's security) and installed a single app on the phone that only allowed the user to communicate with people who also had access to that app. The encryption technology behind the app itself wasn't necessarily new, but rather the single-purpose nature of the app and the device that hosted it that ensured communications remained isolated from other services that could compromise the user's security. The services also offered a feature that would destroy past messages and even shut down individual devices should they be seized or otherwise compromised. By sandboxing the service on a dedicated device and only allowing users to communicate with other users, these encrypted messaging platforms provided increased operational security.
While the services ostensibly helped business executives and celebrities ensure discretion in business dealings and/or personal matters, they were immensely popular with criminals. The messaging services' aggressive security features offered criminals a sense of comfort, leading them to discuss details of drug sales and shipments in plain terms instead of code. For example, British investigators charged a former Royal Marine with drug trafficking after intercepting messages from his EncroChat account openly discussing the price and delivery methods of marijuana, MDMA, heroin and other drugs, as well as pictures of the shipments to offer potential buyers proof of quality. The criminal activity wasn't just limited to drug trafficking — police accused Phantom Secure users of attempting to organize murders on the platform. Based on investigations into the services mentioned above, police were able to identify dozens of drug labs, interdict tons of drugs, seize illegal weapons and ultimately arrest thousands of criminals.
It is important to note that the enhanced security messaging platforms were primarily used to facilitate wholesale drug sales and shipments between criminal organizations. They are not practical when it comes to retail drug sales due to the limited number of users. Compared to the billions of users on mainstream messaging services such as WhatsApp, iMessage and Telegram, niche platforms like Phantom Secure, EncroChat and Sky Global measured their users in the tens of thousands. They were still, however, very successful financially. Each device cost several thousand dollars and access to the niche encrypted messaging services cost upward of $1,000 per month. One of the first companies discovered to be involved in such a business, Phantom Secure, earned an estimated $80 million in revenue over 10 years in business. When it comes to encrypted communications platforms, bigger is not always better. And based on the financial success of past companies in the market, more are sure to follow.
How Encrypted Communication Tech Has Made Criminals Vulnerable to Detection
All of the advantages of niche encrypted communications platforms have come at the price of increased police scrutiny and surveillance. The fact that the public is aware of companies like Phantom Secure, EncroChat and Sky Global is the first indication that their encrypted messaging platforms were not as secure as advertised. Phantom Secure collapsed after the FBI arrested its owner, Vincent Ramos, in 2018 for knowingly facilitating criminal activity. EncroChat shut down its services in 2020 after learning that French police were monitoring its servers and collecting intelligence on criminal communications on the platform. In early 2021, European authorities gained access to Sky Global's secure network and monitored the activity of 70,000 users before shutting the operation down.
The key vulnerability of these services is that they depended on servers to handle the encrypted traffic and make sure messages go where they are supposed to go. In all three cases, police found out about the services when they noticed suspected criminals carrying unusual electronic devices. Collecting evidence on individuals typically gives law enforcement agencies leverage over them that they use to turn suspects into informants, which can lead to further evidence and arrests. Investigators were eventually able to trace down the servers that supported those devices. When those servers are physically located in a law enforcement agency's jurisdiction — or that of a partner country — authorities can get legal approval to search or monitor those servers. Once investigators have access to the servers, they can intercept messages and start collecting evidence to make arrests. As demonstrated in the 2015 San Bernardino case, it is possible to break encryption, and law enforcement agencies appear to have been able to do that based on their access to plain text messages and images shared on the platforms.
A Timeline of Operation Trojan Shield
In the most recent case of police targeting criminal communication networks, authorities expanded their access from the servers to the devices themselves. In early June, police agencies around the world started announcing arrests linked to Operation Trojan Shield, a two-yearslong sting operation that tricked criminals into using supposedly the latest and greatest encrypted messaging service, called "Anom." While the devices followed similar protocols as their predecessors — stripped down handsets whose sole function was to send and receive secure texts through an app disguised as a calculator — there was one major, critical difference: Law enforcement authorities had inserted code into the messaging program that forwarded an unencrypted copy of all messages to a server they controlled. Over two years, the devices acted as honey pots to attract nearly 12,000 criminal actors around the world, yielding 20 million individual messages that authorities used to eventually arrest 800 people and counting.
The success of the operation relied on access to networks of criminals just as much as the piece of code that forwarded copies of all the messages. The FBI was able to carry out the operation by recruiting a confidential human source who had worked on the development of the Phantom Secure service. After the arrest of Vincent Ramos and the collapse of Phantom Secure in 2018, the CHS began developing the next-generation niche encrypted messaging service when the FBI arrested him. They worked out an arrangement whereby the confidential human source would continue with his plans to launch a new encrypted messaging service, but he would include the tracking code on devices and ship them out to criminals in order to help police monitor criminal activity. Having been closely involved in the success of Phantom Secure, the confidential human source not only had the technical expertise, but also the reputation and credibility within criminal organizations around the world so that when he sent out a device, they trusted him. As mentioned above, niche encrypted messaging services cannot become successful the same way mainstream services can through market saturation and scale. Instead, discretion and exclusivity are essential, and the confidential human source was able to convince his contacts that the devices he provided were secure and private.
A Chart Comparing Criminal-Linked Encrypted Messaging Services
While Operation Trojan Shield posted impressive figures when it comes to geographic scope, number of arrests, and seized criminal assets, perhaps its largest impact was on the credibility of niche encrypted messaging services — at least in the immediate future. In announcing the culmination of Operation Trojan Shield in early June, the FBI specifically noted that one of the objectives of the effort was to "shake the confidence in" messaging services catering to criminal actors. The success of this sting operation means that at least some criminal actors will be more cautious when it comes to adopting encrypted communications services moving forward. The next generations of service providers will face a considerable challenge in convincing users that their devices are secure following Operation Trojan Shield. Creating mistrust in the criminal world will make it that much harder to organize drug shipments, share intelligence or discuss other criminal matters openly. Any degradation in criminal communication networks makes them less efficient, less profitable and less able to expand operations in the near future. That said, at some point, this disruptive impact will wear off and, in the long run, Operation Trojan Shield and other similar law enforcement efforts targeting encrypted messaging services are unlikely to severely hamper global criminal activities as criminals adapt and adopt new communications practices.
What Lies Ahead for Secure Criminal Communications
The demand for secure communications reaches far beyond just criminal organizations and, given the success (albeit short term) of previous niche encrypted messaging platforms, more will certainly come. Legitimate businesses and multinational corporations want to be able to communicate without jeopardizing key technology or business decisions, celebrities and high-profile individuals similarly want to be able to discuss personal matters without it leaking to the public, and security-conscious individuals, in general, want to be able to communicate without having their information harvested and sold to marketers. To that end, researchers are constantly working on new technology and companies are constantly providing new services that offer secure, encrypted communications.
An Explainer of Block Chain Technology
One of those emerging technologies is blockchain messaging, which uses the same technology behind cryptocurrencies to send and receive secure messages. Proposed designs would mean that only users of the devices sending and receiving the messages would be able to view them. Network administrators, the messaging company providing the service and outside law enforcement investigators would not be able to intercept messages outside of the devices approved to view the messages — at least not without tipping off the author and recipient of the message.
An Explainer on Validating Blockchain Requests
The challenge of offering such a service in the long term is figuring out how to prevent it from becoming corrupted by criminals or terrorists. Police will eventually find out about communication services that facilitate criminal activity and the moment of truth would arrive for any such company when put in the position of either cooperating with authorities or resisting. Cooperating with authorities would cost a company its criminal clientele and resisting would likely result in criminal charges and a service shutdown.
One outcome could be that state-backed criminals facilitate encrypted communication platforms by hosting servers and other critical infrastructure in more permissive environments out of reach of foreign law enforcement agencies. This outcome would acknowledge that communication security is not so much a question of encryption technology, but the physical location of servers that support the service. Countries like Russia and North Korea have been known to tolerate and even support criminal activity so long as it targets their internal political rivals or external enemies and does not challenge their own political power.
Another outcome might be just to continue the cat-and-mouse game with police, where criminals and service providers accept a high rate of turnover in the development of new encrypted messaging apps (along with the risk of arrest) as the cost of doing business. New services will surface and shut down in the face of law enforcement scrutiny only to reemerge in different forms in an ever-repeating cycle.
Criminal organizations have immense access to resources and an even greater demand for secrecy in their daily operations. These two forces will ensure that secure communication services will run the risk of attracting a criminal clientele and that some companies will even cater to criminals in ways that help them avoid law enforcement detection. But just as these dynamics are inevitable, so it is that law enforcement agencies will continue to find ways into ostensibly secure platforms to identify and ultimately disrupt their users. This same process plays out in the shadowy world of online criminal marketplaces, which we will discuss in part two of this series.
Next: New Marketplaces for Selling Illicit Wares
-
https://www.washingtontimes.com/news/2021/jul/18/reminiscent-obama-administration-cyberattackers-ig/?utm_source=Boomtrain&utm_medium=subscriber&utm_campaign=morning&utm_term=newsletter&utm_content=morning&bt_ee=l3UffOiRReaQV5y68p%2FADHEEkHieTMOA6iOCiYq7ueoI7P9YIZcburyneN21VsEM&bt_ts=1626687942743
-
Accusations against China. A cybersecurity coalition involving NATO member states, the EU, Australia, New Zealand and Japan launched Monday. In its first joint action, the bloc accused China’s Ministry of State Security of collaborating with criminal organizations to conduct a slew of cyberattacks, including one targeting Microsoft that came to light in March. The Biden administration appears to be behind the campaign, releasing a trove of details about the allegations. The European Council said it backs the U.S. accusations.
-
https://www.washingtontimes.com/news/2021/jul/21/criminal-contract-hackers-china-iran-russia-enlist/?utm_source=Boomtrain&utm_medium=subscriber&utm_campaign=newsalert&utm_content=newsalert&utm_term=newsalert&bt_ee=mv33%2FSmcuMc62cnUvKXA%2BspwvcVXn9MM3Cs9HglAMjfMKeUi3Av0584YRYKvCM9r&bt_ts=1626876493628
-
Tough Biden Talk, Little Action
On Nord Stream and Chinese hacking, a message of weakness.
By The Editorial Board
July 21, 2021 6:42 pm ET
President Joe Biden speaks as Secretary of State Antony Blinken, left, listens during a cabinet meeting at the White House in Washington, D.C., U.S., on Tuesday, July 20, 2021.
PHOTO: AL DRAGO - POOL VIA CNP/ZUMA PRESS
A troubling pattern is emerging in President Biden’s foreign policy: Officials talk tough—then follow up with diplomacy that amounts to little. Two examples this week—on Chinese hacking and Russia’s Nord Stream 2 pipeline—underscore the point.
Barack Obama and Donald Trump opposed the $11 billion Nord Stream pipeline, which could double the amount of natural gas exported directly to Germany from Russia. But the Biden Administration has now blessed the project’s completion, handing Vladimir Putin a major strategic victory at the expense of Ukraine and Europe’s energy independence.
The White House says the pipeline was inevitable and improving America’s relationship with the Germans should come first. But the deal with Germany is embarrassing in its weakness. In a joint U.S.-German statement on Wednesday, Berlin pledges to impose sanctions in the future “should Russia attempt to use energy as a weapon or commit further aggressive acts against Ukraine.” We can hear them laughing in the Kremlin at that one.
The deal won’t go down well in Kyiv, which is struggling against Russian assaults on its territory. The country is set to lose billions in transit fees as Russian natural gas is diverted from routes that run through Ukraine. But at least “Germany commits to establish and administer a Green Fund for Ukraine to support Ukraine’s energy transition, energy efficiency, and energy security,” according to the joint statement. The U.S. and Germany say they’ll ask Russia to keep paying Ukraine. Are they kidding?
Giving a revisionist power more influence over Europe’s economy doesn’t help U.S. interests. The big win for Russian gas also comes as the Administration moves to restrict fossil-fuel production in the U.S. Angela Merkel, who negotiated the deal with President Biden, soon won’t even be Chancellor.
***
Meanwhile, on Monday the Administration called out China for cyber attacks and was joined by the European Union, NATO, the United Kingdom, Canada, Australia, New Zealand and Japan. Secretary of State Antony Blinken said “the United States and countries around the world are holding the People’s Republic of China (PRC) accountable for its pattern of irresponsible, disruptive, and destabilizing behavior in cyberspace, which poses a major threat to our economic and national security.”
Accountable how? The allied powers announced no sanctions or other repercussions. A coalition against Chinese cyber attacks is nice, but not if the result is a lowest-common-denominator response—i.e., nothing. Beijing may conclude that harsh words are all the U.S. can unite its allies behind.
Mr. Blinken also confirmed this week that “cyber actors affiliated with” China’s Ministry of State Security had conducted a “massive cyber espionage operation” earlier this year that “indiscriminately compromised thousands of computers and networks.”
He’s referring to an attack on entities that ran their on-premise email server through Microsoft Exchange. The Chinese hackers gained access to users’ email correspondence, attachments and contacts, then launched attacks that could compromise the organization’s networks and computer systems, says Steven Adair, president of the cyber security firm Volexity, which was among the first to detect the breach.
The hackers focused on traditional espionage targets, then broadened their efforts to include others in the private and public sectors, nonprofits and academia. The State Department confirms the operation “gave Chinese intelligence services the ability to access and spy on or potentially disrupt tens of thousands of computer systems worldwide.”
The U.S. response this past week was to unseal an indictment against four Chinese citizens involved in another hacking campaign. The feds say that from 2011 to “at least” 2018, a provincial arm of the Ministry of State Security set up a front company that stole intellectual property, trade secrets, and other confidential information “from companies and universities involved in virus and vaccine research of the Ebola virus,” among other topics.
Alas, all four are “nationals and residents” of China, and unlikely to be extradited, so the indictment’s utility as a deterrent is symbolic. Oh, and State did announce a reward of up to $10 million for information to identify cyber criminals who target the U.S. for a foreign government. No doubt that will impress the hard men at Zhongnanhai.
Biden officials, including the President, believe in the power of diplomacy almost for its own sake. But diplomacy that yields only talk achieves nothing against determined adversaries with malign intentions.
-
"Tough Biden Talk, Little Action"
threaten to tell the teacher on China ->. " we are going to discuss this with our friends and allies"
threaten to make them go stand in the corner ->. " we are going to threaten sanctions"
This was the Democrats foreign policy concerning adversaries ( Hillary would repeat this like a broken memorized record every time)
-
Projecting American weakness to our enemies is a feature, not a bug, of their plan.
These are not Henry Scoop Jackson Democrats running our country.
https://en.wikipedia.org/wiki/Henry_M._Jackson
Come election time, how do they defend stopping a pipeline of energy for Americans while giving the Russian German one their blessing?
-
Back when his name was being mentioned as a possible presidential nominee, my father sat next to him at some fund raiser dinner.
"Not bright enough" was my dad's assessment.
-
https://www.defenseone.com/ideas/2021/07/what-chinas-vast-new-cybersecurity-center-tells-us-about-beijings-ambitions/183933/
-
Dark Territory: The Secret History of Cyber War
By Fred Kaplan
A reader recommended Fred Kaplan's “Dark Territory: The Secret History of Cyber War” to me, and it turned out to be a timely suggestion. The book, which lays out an in-depth history of U.S. cyber policies dating back to just about as soon as Washington realized that with the great potential of the internet also came great peril, hits on a couple of repeated themes. One is the perhaps inevitable struggle to get the folks in charge to take cyber seriously. Computer stuff is complicated, after all, and path dependencies are enormously difficult for institutions to break. So time and again, it came down to a handful of figures who were astute enough to grasp the fantastic and fraught security environment that was emerging – and who happened to have the necessary bureaucratic knife-fighting chops – to get the machinery of government moving in a constructive direction. One maneuver in particular pulled off by former National Security Agency director and LBJ School of Public Affairs professor Adm. Bobby Inman will be studied in elite policy schools for a century to come. Another theme is the constant rediscovery that defense is much harder than offense – and that offensive cyber capabilities that the U.S. pioneered can be assumed to eventually land in the hands of potential adversaries.
These themes remain in play today. It's no longer necessary to persuade anyone in power that cyberattacks could be extraordinarily destructive, of course. But there still often seems to be a lack of appreciation for the true scale of destruction that's possible as the emerging technologies become integrated with nearly every dimension of U.S. vitality – as well as the near-impossibility of defensive innovations keeping pace with the offensive realm.
There are signs that a paradigm shift in D.C. has taken root, thanks to myriad high-profile attacks ranging from whatever Russia was up to in the 2016 election to the brief crippling of the Colonial Pipeline this spring. The new U.S.-led cybersecurity coalition involving dozens of allied countries shouldn't be sniffed at. But the reality is: It's easier than ever for state and non-state adversaries alike to do severe, tangible damage to U.S. infrastructure and myriad other critical systems without resorting to conventional weapons – to say nothing of threats to data, trade secrets, intellectual property, the information domain and so forth. This is leveling the balance of power and creating a new form of mutually assured destruction, the logic of which needs to be explored.
Phillip Orchard, analyst
A referral is the best compliment.
Feel free to forward this email to friends and colleagues.
Share this article on Facebook
-
https://www.youtube.com/watch?v=tSuCuoQxI20&t=3s
-
https://www.nationalreview.com/magazine/2021/08/16/defense-threats-in-cyberspace/?utm_source=recirc-desktop&utm_medium=homepage&utm_campaign=river&utm_content=featured-content-trending&utm_term=second
-
https://michaelyon.locals.com/upost/1008109/new-war-begins
-
ON GEOPOLITICS
Cyber Diplomacy Arrives at Another Fork in the Road
undefined and Senior Global Analyst
Matthew Bey
Senior Global Analyst, Stratfor
14 MIN READSep 2, 2021 | 16:56 GMT
(Shutterstock)
My colleague recently wrote that ransomware has so far undoubtedly been the “defining cyber threat” of 2021. I agree with that assessment, given the onslaught of major ransomware attacks we’ve seen this year. But it’s also important to note that there’s been meaningful progress in U.N. negotiations on cyberspace — much to the surprise of many observers, including myself.
In March, the Russia-backed Open-Ended Working Group (OEWG) reached a cybersecurity agreement reaffirming 11 non-binding norms for state-sponsored cyber activity. And then two months later, the U.S.-backed Group of Governmental Experts (GGE) followed suit. Merely reaffirming those norms, which were first established in 2015, may seem like only modest progress. The agreements, however, not only come after the GGE failed to reach a similar deal in 2017, but in the wake of several high-profile cyberattacks — including the SolarWinds, Microsoft Exchange and Colonial Pipeline hacks.
That said, fundamental differences in opinions and priorities between countries remain on what kind of cyber activities should be regulated and how. The diplomatic path forward for future rounds of international negotiations is also unclear, with the United States wanting to enforce current U.N. agreements as Russia proposes more. Thus, despite the progress seen so far this year, the chances of the world not only agreeing, but adhering, to a single set of ground rules are slim at best — with a future of fragmented internet policies still the most likely outcome.
The Core of the Cyber Divide: Sovereignty vs. Privacy
Russia, China and the United States have long had opposing views on cyberspace. From Russia’s perspective, most information technologies (including software and hardware) have been developed by the United States and its allies, giving Washington and Moscow’s other rivals in the West a clear advantage in cyber capabilities. For this reason, Russia — along with fellow U.S. adversaries like China, Cuba and Iran — wants to use cyber arms control and negotiations as a way to limit what the United States and its allies can do. And these concerns have only been hardened in recent years following Edward Snowden’s revelations about the U.S. National Security Agency’s reach, as well as the United States and Israel’s successful deployment of the Stuxnet worm against Iran’s nuclear program.
Russia has wanted to prioritize negotiations around what it has recently come to define as the “national security” of its “information sphere,” as outlined in its 2016 Information Security Doctrine. Compared with the West, Russia — along with China and other like-minded countries — take a more expansive view on cyber threats that also includes stopping the spread of dangerous information, in addition to preventing traditional malware or other attacks on networks and infrastructure. Through this viewpoint, these countries want to strengthen state control and oversight over information in cyberspace, particularly as it relates to issues like opposition groups, non-governmental organizations and other threats that could use the interconnected digital world as a tool against the state. Today, that position is embodied by China’s Great Firewall, Iran’s National Information Network and Russia’s Runet.
On the other hand, the United States and other liberal democracies believe individual rights and freedom of expression should be protected in the cyber world — rejecting Russia, Iran and China’s broader view.
Moreover, the United States has argued that any cyberspace negotiations focused on limiting online behavior or arms control were redundant, given the existing international law on cyber warfare and the application of the U.N. charter. Washington has stressed that the focus of such international talks should instead be on countries working together to root out the threats outlined in the 2004 Budapest Convention on Cybercrime, a treaty that has largely been only ratified by Western countries.
Over the last 15 years, the United States has become increasingly concerned about the digital realm becoming a Wild West for criminal activity. NATO’s increasing focus on cyber activity and the 2009 creation of U.S. Cyber Command also reflects Washington’s fears about the cyber domain becoming more integrated into its adversaries’ military strategies, which attacks by Russia, China and Iran on U.S. critical infrastructure, along with China’s cyber industrial espionage, have only underscored. To address these concerns, the United States has sought to focus international talks on establishing “norms” for state-sponsored cyber activity that, even if non-binding, would help provide a blueprint to judge perceived transgressions by Russia and China.
U.N. Cyber Negotiations: A Brief History
Russia has consistently tried to lead international negotiations on cybersecurity. Since 1998, Moscow has introduced a resolution each year at the United Nations on “developments in the field of information and telecommunications in the context of international security.” In 2001, Russia proposed the creation of a Group of Governmental Experts (GGE) panel to evaluate and discuss threats to information security. And in 2004, the first GGE was created, including experts from 15 countries, with Russia chairing the group. The first GGE panel failed to reach the consensus needed for an agreement on global cyber rules. But the three subsequent meetings held between 2009 and 2015 each adopted a report by consensus, with the 2015 GGE panel notably establishing the first-ever non-binding cyber norms.
The 2016-17 GGE, however, failed to build on the last meeting’s success and, for the first time in nearly a decade, ended without a consensus statement. The United States and the West wanted to explicitly state that International Humanitarian Law (which covers international law during armed conflicts) applies to cyberspace. But Cuba, Iran, China and Russia rejected this position, with Havana specifically arguing such an application would normalize cyber warfare. Looming questions around Russia’s alleged interference in the 2016 U.S. election, along with then-U.S.President Donald Trump’s abrasive stance toward China, also made the GGE process more politically difficult.
Parallel Talks Yield Unexpected Progress
Despite the failure of the 2016-17 GGE, however, the United States and Russia still had strategic interests in cyberspace that made diplomatic talks attractive. In 2018, Russia sponsored a U.N. resolution to replace the GGE with a new Open-Ended Working Group (OEWG). The OEWG would still operate on consensus, but unlike the GGE, would be open to all members of the United Nations.
The United States and its allies also participated in the OEWG, but were skeptical of Russia’s intent — namely, whether Moscow was using the new working as a vehicle to gain support for its own alternative to the Western-backed cybercrime guidelines in the Budapest Convention. These fears then seemed to be confirmed after Russia, in quick succession, proposed a new five-year successor OEWG (which started work in May 2021), updated its National Security Strategy (names information security a priority for the first time), and unveiled a draft treaty on international cybercrime in July.
The United States and other Western countries also expressed concerns that Russia would use the open access offered by the OEWG to get more countries interested in its version of information security in order to eventually adopt a different set of norms or expanded set of norms than those established by the 2015 GGE. But these fears did not materialize in the OEWG’s March 2021 consensus report. China, in fact, backed reaffirming the 2015 GGE norms, effectively eradicating any chance that Russia may have had in changing them. This, along with some language alluding to China’s concerns about supply chain reviews, was enough to reach a consensus that enshrined many of the GGE’s findings. While the OEWG agreement did not yield significant breakthroughs in terms of scope, it marked the first time a working group open to all U.N. member states resulted in a consensus report on cyber norms.
Amid concerns about the direction of the Russia-backed OEWG, the United States sponsored a resolution to create a new 25-member GGE in order to keep the smaller working group intact. The group met earlier this year and produced a consensus report that details exactly what is expected of countries to fulfill each of the norms established in the 2015 GGE report. U.S. negotiators described the 2021 GGE report, which also includes examples of what qualifies as critical infrastructure, as an effective guidebook on how to apply and interpret the cyber norms, with the understanding that no new rules needed to be created.
The report also explicitly states that International Humanitarian Law applies cyberspace (Cuba, the 2017 GGE member vetoing the inclusion, was not a member of the 2021 GGE). The inclusion of this may limit some of the development of potential cyber weapons due to the impact on civilians, though it is unclear to what degree that application of International Humanitarian Law will be respected. China and Russia are concerned about the fact that most of their critical infrastructure is operated by state-owned enterprises and the West's is operated by private companies, opening up questions as to what a “civilian” is in the context of war with a huge cyber component.
The GGE report does not, however, go into high detail around how to assess attribution cyberattacks — a major demand of Russia and China. Both Moscow and Beijing have criticized Western governments for accusing them of being behind cyberattacks without always providing substantial evidence (Western intelligence agencies frequently have detailed evidence on attribution, but avoid sharing it publicly for fear of exposing their sources and techniques). The United States and its allies, meanwhile, argue that Russia and China exploit the gray area around attribution to gain plausible deniability around attacks.
Enforcing vs. Expanding Cyber Rules
Differences in priorities between the West — led by the United States — and China and Russia over what to do next in international negotiations over cyberspace also appear to be widening.
The West’s Position
It seems the GGE process has run its course, with the West now signaling it wants to shift the conversation on how to apply norms, and not what they should be. The United States, in particular, wants to use the 11 norms established in 2015 to press China and Russia. During his meeting with Russian President Vladimir Putin in June, U.S. President Joe Biden focused largely on Russian cyber activity, including the SolarWinds supply chain hack, as well as Russia’s alleged harboring of ransomware gangs behind the 2021 Colonial Pipeline and JBS hacks. In July, the United States and its allies also publicly named and shamed China for its cyber activity, with China’s state-sponsored cyber industrial espionage campaigns being one of the key focuses.
In October 2020, France, Egypt and over 40 other primarily Western countries proposed launching a Programme of Action (PoA) to establish “a permanent U.N. forum to consider the use of ICTs [information and communication technologies] by States in the context of international security.” Although the United States was not a sponsor, presumably the focus of the new U.N. body and dialogue would focus more on enforcement, as opposed to advancing rules and standards.
It’s unlikely that Russia or China will ever fully scale back such activities. But since both are included in the cyber norms established, the United States hopes to at least use the rules as a benchmark to judge the behavior of Russian and Chinese cyber officials/entities, as well as justify potential retaliatory sanctions and/or legal action. Washington also hopes that offering more clarity on how it will respond to attacks will help at least keep Russian and Chinese cyber activity in check, even if it can’t prevent attacks altogether.
Russia and China’s Position
Meanwhile, China, Russia and other more authoritarian governments are far more concerned about how cyberspace is used in their countries and furthering their concepts of digital sovereignty. Russia appears interested in using the new five-year OEWG as a vehicle to do so, banking on nationalist data and internet sovereignty trends in countries like Brazil, India, Saudi Arabia, Turkey and the United Arab Emirates. In doing so, Moscow is seeking to bring these typically more Western-aligned countries closer to its view on information security concerns. Russia also hopes that further diffusing the physical infrastructure underpinning the global cyberspace (i.e. servers, networks, cables) could eventually help reduce Western hegemony by compartmentalizing the internet as well.
The aforementioned cybercrime treaty that Russia proposed in July may also find some support among other governments with similar sovereignty-focused approaches to the internet policy. The proposed treaty would expand upon the EU-backed Budapest Convention by increasing the number of cybercrimes from 9 to 23. Western officials have voiced concerns that the broader list of offensives — which include unauthorized access to personal data and extremism — could grant repressive regimes more power and more ways to manage dissent, public opinion and control information flows in their countries.
The new terrorism-related crimes added to the treaty, in particular, could immediately enable authoritarian governments to designate dissidents who share critical content as terrorists — a label Ethiopia’s govern
ment, for example, has used to justify its offensive against the Tigray People’s Liberation Front.
Russia’s draft treaty also criminalizes the creation and use of digital data intended to “mislead” the user, which governments could use to crack down on critical media coverage by labeling such content “ake news or disinformation.
In addition, the treaty’s section on extradition explicitly says that none of the 23 cybercrimes would be political crimes — meaning that they would not fall be subject to the carve-outs for political crimes in current extradition treaties.
The United States and the West are concerned that Russia’s ultimate intent is to replace that Budapest Convention. But what’s more realistic is that Moscow’s treaty garners support from a select handful of like-minded states, with Russia’s fellow Shanghai Cooperation Organization members (China, Kazakhstan, Kyrgyzstan, Tajikistan and Uzbekistan) among the most likely to do so. But even if only a small number of countries end up adopting it, the new cybercrime treaty nonetheless adds the litany of alternatives to Western frameworks that Russia and China have been backing, and would also put clearer regulations in place fragmenting the internet.
Disagreements on Data
Data transfer and privacy is one area where there is little room for substantial agreement between Europe, the United States and China. The United States and the European Union may eventually reopen bilateral negotiations on a new data transfer framework between them after the European Court of Justice struck down the EU-U.S. Privacy Shield Framework in 2020 over concerns about lax U.S. privacy rules and government intelligence agencies' access to personal and corporate information. But while the United States may make some reforms, it's unlikely to completely scale back some of the government’s access to information, making any hypothetical new deal potentially being struck down again.
China’s growing state oversight of data, meanwhile, makes collaboration on privacy and other data-related issues even more difficult. A number of new laws and regulations introduced in China over the last year have – including the Personal Information Protection Law and Data Security Law – focus on restricting companies’ ability to send Chinese data overseas. Beijing also has yet to introduce measures that would significantly reduce its own access to data.
A Fragmented Future
The chasm between the world’s four dominant cyber powers — the United States, Europe, Russia and China — on how cyberspace should be managed internationally and what types of behavior countries should engage in (and avoid) is only likely to widen — accelerating the fragmentation of the internet, online services, data transfer rules and cyber policies. This portends higher risks for Western companies trying to operate in countries that are increasingly able — both from a technical and diplomatic perspective — to expand control over the internet.
Such fragmentation would also make it more difficult for Western tech giants like Google, Twitter, Facebook and Amazon to be truly global by forcing them to focus their activities in Europe and North America where regulations are more consistent. This would, in turn, give an edge to alternative tech companies from Russia, China and elsewhere that are more willing to work in environments with stricter regulations. The absence of strict rules on government access to information in China may also give some of its state-backed companies more freedom to reap the benefits of emerging data processing technologies, like artificial intelligence, compared to their Western counterparts that will have to heed far more stringent requirements on privacy, equality and non-bias on algorithms.
-
https://www.gatestoneinstitute.org/17737/cyberwar-flipping-switches
-
It is tempting to blame US leftist partisans,
but I think this is more likely Chinese (or Russian hack)
who are are allies of the Democratic Party :
https://www.dailydot.com/debug/project-of-veritas-says-hackers-scammed-it-out-of-165000/
-
The U.S. Cracks Down on Exports of Hacking Tools and Spyware
5 MIN READOct 20, 2021 | 21:03 GMT
A woman checks the Pegasus spyware website at an office in Nicosia, Cyprus, on July 21, 2021.
A woman checks the Pegasus spyware website at an office in Nicosia, Cyprus, on July 21, 2021.
(MARIO GOLDMAN/AFP via Getty Images)
New U.S. export controls on hacking and cyber-surveillance software will limit the proliferation of such tools being developed in the West, though at the risk of at least temporarily undermining cybersecurity research. On Oct. 20, the U.S. Commerce Department’s Bureau of Industry and Security issued a new interim final rule that will tighten export restrictions on cyber tools used for surveillance, espionage and other malicious activities. The new export controls will take effect in 90 days, and there is a 45-day comment period.
Under the new rule, exports of hacking tools to government end-users in a select number of countries — including Bahrain, Israel, Saudi Arabia, Taiwan and the United Arab Emirates — will need a special license granted by the U.S. Commerce Department. Exports to non-government users in those countries for research and other cyber defensive purposes will not need a license.
Exports to all end-users who pose a national security threat to the United States or against which the United States has an arms embargo — including China, Russia and Vietnam — will require a special license.
Few U.S. companies are likely to be affected by the new rule because few U.S. firms develop spyware. The rule will probably have a more significant impact on foreign companies that sell hacking tools and surveillance software using U.S.-origin software, patents or workers.
The Commerce Department’s rule has been in the works for nearly a decade, but the Biden administration has come under pressure to introduce more spyware restrictions in response to authoritarian governments’ increased use of spyware tools against dissidents and opposition leaders. The Wassenaar Arrangement on export controls — a multilateral arms control regime with 42 participating countries — was amended in 2013 to include internet-based surveillance technology and intrusion software. The United States has been one of the slowest participants in the arrangement to adopt new export restrictions since the amendment. A proposed export control rule in 2015 garnered significant opposition among U.S. cyber experts, industry leaders and lawmakers over its broad scope, sending the Commerce Department back to the drawing board. But multiple spyware scandals over the last three years appear to have renewed the department’s push to finally implement the new export control rule.
Although far from the only spyware in use, the Israeli NSO Group’s Pegasus spyware first attracted major media attention when it was discovered on the phone of a UAE human rights activist in 2016. Since then, the spyware has been found on dozens of phones belonging to dissidents and opposition leaders, including the wife of murdered Saudi dissident Jamal Khashoggi before his 2018 death.
A Washington Post report from earlier this year found that over 50,000 phone numbers were targeted in campaigns to deploy Pegasus. While most numbers were clustered around countries like Bahrain, Rwanda and Saudi Arabia, traces of the spyware were found on the phones of five French Cabinet members and other targets in Western democracies.
New U.S. export controls will make it more difficult to transport Western spyware tools — especially Israeli spyware — to authoritarian governments, limiting those governments’ short- and medium-term opportunities to mount sophisticated cyber campaigns. The United States is home to the world’s largest cybersecurity industry, and U.S. researchers, developers, software and intellectual property are found in most corners of the global industry. The extraterritorial nature of U.S. export controls, which cover products that use U.S. workers and content, means that many tools will fall under the Commerce Department’s jurisdiction, potentially even Pegasus. When the United States applied similarly aggressive export controls to other industries, namely the oil and gas and semiconductor industries, the restrictions significantly curtailed transfers. The Israeli government, which had already promised to review the NSO Group’s exports of Pegasus, will be under even more pressure to take action against the company. In response to these future limitations, authoritarian governments will try to develop their own tools or use those publicly available. But they will face barriers in developing spyware that is equally sophisticated, as well as the intrusion methods to deploy it.
The new rule will also create challenges for researchers and the cybersecurity industry because of its secondary impacts on cybersecurity research and global collaboration. From a technical perspective, software and techniques used for hacking are often also used for defensive purposes. Cybersecurity researchers will often use such tools in order to find vulnerabilities to improve the cybersecurity of a product through subsequent patches. Spyware can also be used for other lawful purposes, such as against criminal or terrorist organizations. The large scope of U.S. export control laws and the importance of the U.S. cybersecurity industry means that the new rule risks limiting cybersecurity cooperation if broadly applied. This was the main concern of U.S. cyber experts, industry leaders and lawmakers when the original rule was announced in 2015. The difficulty of limiting the rule’s impact on cybersecurity research is also why the second drafting process took so long.
By separating government and non-government end-users, the United States hopes that the private sector and academic research will be only partially impacted. Moreover, many Western countries — including all participating countries in the Wassenaar Arrangement — do not fall under the new controls. There are also significant carve-outs for Israel and Taiwan, which both have significant cybersecurity industries, to cover things like “digital artifacts” when used in an incident response scenario.
Nonetheless, the inadvertent consequences of export control laws are always a risk, despite U.S. efforts to limit their effect on the private sector and academic research. It will likely take years to learn the extent of the rule’s secondary impacts, which could mean the Commerce Department will make future amendments.
-
The West Goes on the Offensive Against Ransomware Gangs
6 MIN READOct 22, 2021 | 20:05 GMT
A file photo taken on Aug. 4, 2020, shows a man monitoring global cyberattacks on his computer.
A file photo taken on Aug. 4, 2020, shows a man monitoring global cyberattacks on his computer.
(NICOLAS ASFOURI/AFP via Getty Images)
The United States and its partners are going on the offensive against ransomware groups, but there are limitations in replicating the success they’ve apparently had against the Russian-led gang REvil. And while this “whack-a-mole” approach may present some challenges to Russian authorities, it will ultimately risk playing into the Kremlin’s hands by distracting the West from other Russian cyber activities. An unnamed U.S. foreign partner successfully hacked into Russian-led ransomware group REvil’s systems, forcing the closure of several of its websites on Oct. 17, Reuters reported Oct. 22. The multi-country operation, which reportedly had been in the works since earlier this year, accelerated after REvil’s high-profile and sophisticated July Kaseya ransomware attack.
In the Kaseya attack, REvil demanded $70 million from the U.S. software company after its attack subsequently disrupted the cyber networks of more than 1,000 other global companies that rely on Kaseya’s services.
After the Kaseya attack, REvil took down its sites on July 13 for still unclear reasons. But the Oct. 22 Reuters report said that the United States and its partners’ intelligence and law enforcement agencies penetrated the group’s network beforehand, gaining control of some of its servers. Thus, when REvil restored its website from backups in September, it had already been compromised in an operation that remains ongoing.
The United States, like-minded countries and at least some private companies appear poised to go on a more aggressive campaign against ransomware groups, which is now a top U.S. priority in the wake of the May Colonial Pipeline hack. In June, the U.S. Justice Department raised ransomware’s priority to a level equal to terrorism. The elevation granted the department and other agencies the legal basis to work more closely with U.S. intelligence agencies and the Department of Defense on ransomware. Last week, President Joe Biden also hosted 30 governments for a Counter-Ransomware Initiative to align a global push against such cyber threats. And in what may be a sign of more cyber operations against cybercriminals in the future, U.S. information security company Zerodium announced Oct. 19 that it is looking for zero-day exploits for the Windows versions of ExpressVPN, NordVPN and Surfshark, which are virtual private network (VPN) tools that can help hide users’ IP addresses and bypass government restrictions.
Zerodium is a U.S.-based company that pays cybersecurity researchers who discover zero-day exploits, which are vulnerabilities that have not been made public and thus can be exploited, instead of turning them over to the developers of the compromised product. Zerodium then turns around and sells them to mainly government agencies.
All three VPN products Zerodium mentioned are consumer VPNs often used by cybercriminals to hide their online activity and carry out operations. This highlights the United States and its partners’ growing interest in identifying vulnerabilities that could be used for offensive, not just defensive, purposes — making it entirely possible that Western intelligence agencies want to use any exploits as a part of operations against ransomware gangs and other cybercriminals.
Western governments can probably disrupt individual ransomware groups, but they may face difficulty in undermining the entire ransomware ecosystem. It will take significant resources to individually go after the dozens of different ransomware groups. Moreover, many of the ransomware groups’ key developers are believed to be based in Russia — meaning that arrests are likely to be extremely rare, given that Russian authorities are loath to take aggressive action against those conducting financially motivated cyber-attacks that are key to the Kremlin’s overall asymmetric campaign against the West. But even with these constraints, degrading or merely slowing down the growth of ransomware can be beneficial, particularly when combined with other non-offensive policy measures, such as increasing cybersecurity defenses and policies and diplomatic pressure.
Operations against REvil and other individual groups will probably disrupt their activities for weeks or months at a time, only for their members to rebrand as another cybercriminal group. Even though the approach will not end the ransomware threat, it can increase the costs for high-profile disruptive attacks, as groups behind high-profile attacks like the Kaseya and Colonial Pipeline hacks are more likely to be targeted, thus disincentivizing the most disruptive ransomware attacks.
Aggressive Western actions can also slow down the pace of operations by ransomware groups. Even when groups rebrand, they often use much of the same infrastructure, such as command and control servers, or in the recent case of REvil online payment infrastructure. If those systems are compromised and ransomware groups know it, they will need to take the time to develop alternatives.
Greater action against cyber gangs will also increase internal fissures and intra-group conflicts as different members are worried that they and/or other members may have had their own identities uncovered or personal computers hacked. In rarer cases, some members may also be suspicious that their colleagues are working with law enforcement.
More aggressive operations against ransomware groups can divert Western resources away from other counter-Russian activities, potentially giving the Kremlin other benefits even as ransomware activity is disrupted. If the United States and its allies divert more of their offensive and other cyber resources towards combating Russian cybercriminals, they may lose some capacity to stop Russia’s state-sponsored cyber campaign, which centers more on intelligence gathering and disinformation.
The back-to-back-back high-profile ransomware attacks against Colonial Pipeline, meat processing company JBS and Kaseya diverted media attention away from the Russia-backed SolarWinds hack uncovered last December, which was arguably the largest cyber-espionage operation uncovered.
Moreover, Western pressure against cybercriminals may give the Kremlin greater ability to co-opt and have leverage over Russia-based cyber gangs by promising to protect them from Western law enforcement and intelligence agencies in exchange for a promise that some of their future attacks also achieve the Kremlin’s other cyber strategic goals; this could include handing over valuable data stolen in ransomware attacks to the Kremlin.
Still, greater Western pressure will cause significant challenges for the Kremlin and some of the West’s actions against cybercrime infrastructure may also harm Russia’s state-sponsored cyber activity. The continued threat of ransomware is only increasing the possibility that the West holds Russia directly accountable for the attacks to the point where sanctions or other aggressive actions against the Russian state itself, not just the criminals, are possible. Moreover, the threat is also increasing the resources the West is pouring into cybersecurity, including awareness programs, data breach reporting requirements and public-private cooperation.
Stronger Western cybersecurity practices will improve cyber defenses against all forms of cyberattacks, forcing Russia’s state-sponsored cyber activities to rely on more sophisticated operations, which cost both more money and more time to carry out.
Finally, many Russian cybercriminals often work directly with Russia’s own intelligence agencies to help carry out state-sponsored attacks. This means that in some cases, there is an overlap between the infrastructure used in state-sponsored attacks and cybercriminals’ financially motivated attacks. If groups that are doing double-duty are compromised, it could disrupt both kinds of Russian cyberattacks.
-
https://apnews.com/article/technology-business-europe-russia-united-states-8e2e6ead27e80e79482caf54111b4c3d
-
https://amgreatness.com/2021/11/15/fbi-looking-into-fake-emails-sent-from-real-fbi-account/
-
https://www.washingtontimes.com/news/2022/jan/1/fears-grow-cyber-chaos-will-spark-wars-hack-attack/?utm_source=Boomtrain&utm_medium=subscriber&utm_campaign=newsalert&utm_content=newsalert&utm_term=newsalert&bt_ee=vxfPfF%2BGdgNkuwi8aCN1wS%2BXVapUaR6TDb5wzBU7hfidQ9dvz%2F04hWlWdGqmRf5Y&bt_ts=1641067313297
-
https://www.bleepingcomputer.com/news/security/cisa-urges-us-orgs-to-prepare-for-data-wiping-cyberattacks/?fbclid=IwAR0LcqSUuJ3zKndrvj1JeddhFNQWbc7YhRWrlIaXtO-qluKNZrA5abT2h5E
-
Belarusian Hacktivists Claim Ransomware Attack on Nation's Railways
6 MIN READJan 25, 2022 | 21:09 GMT
The Delovoy Tsentr station of the Moscow Central Ring, a commuter rail line circling the Russian capital, on April 8, 2020.
(DIMITAR DILKOFF/AFP via Getty Images)
Editor's Note: This security-focused assessment is among many such analyses found at Stratfor Threat Lens, a unique protective intelligence product designed with corporate security leaders in mind. Threat Lens enables industry professionals and organizations to anticipate, identify, measure and mitigate emerging threats to people, assets and intellectual property the world over. Threat Lens is the only unified solution that analyzes and forecasts security risk from a holistic perspective, bringing all the most relevant global insights into a single, interactive threat dashboard.
Belarusian hacktivist group Cyber Partisans claimed in a Jan. 24 tweet that it had carried out a ransomware attack against Belarusian Railway because of the railway's use in moving Russian troops and military hardware into the country for Feb. 10-20 joint exercises. The Cyber Partisans claimed it encrypted some of Belarusian Railway's servers, databases and workstations to disrupt its activities, but it did not encrypt automation and security systems in order to avoid creating an emergency. The hacktivist group said it is prepared to release the keys to decrypt the systems, but demanded the release of 50 political prisoners and the end of Russian troops' presence in Belarus. Neither Belarusian Railway nor the government has confirmed the attack, but some train services, including passenger ticketing services, were reportedly disrupted Jan. 25. Since the 2020 Belarusian presidential election that led to nationwide pro-democracy protests, the Cyber Partisans — a group that claims to have about 15 self-taught hackers who have fled Belarus — has risen to prominence and carried out a number of different politically motivated cyberattacks against Belarusian government and state-owned targets.
While the Cyber Partisans initially focused on defacing government websites and leaking sensitive government information, it has now claimed a string of ransomware attacks that, if verified, represents a significant escalation that could lead to occasional disruptions of government-provided services in Belarus as well as disruptions to business at state-owned enterprises. On Nov. 17, the hacktivist group announced what it described as the largest "sabotage" campaign in Belarusian history, dubbing it "Operation Scorching Heat" or "Operation Inferno." As part of the campaign, it claimed ransomware attacks against Belarus' Academy of Public Administration, potash giant Belaruskali and a large state-owned automotive company, among other targets. Prior to Operation Inferno, the group carried out hacks against the country's police, Interior Ministry and other government offices leaking videos and information about the government's crackdowns against protesters — including some 5.3 million recordings of wiretapped phone calls and more than 6 terabytes of data — in what it called "Operation Heat."
The Cyber Partisans' apparent quick evolution from organizing data leaks to carrying out potentially disruptive ransomware attacks suggests that other hacktivist groups could make the same transition. Hacktivist groups like Anonymous and WikiLeaks have long been associated with hacking governments and corporations to leak sensitive data for political purposes, but most hacktivist groups' disruptive activities have focused more on denial of service or distributed denial of service attacks or defacing websites, not on disrupting and encrypting an organization's servers and/or workstations for a political cause. While we have seen other politically motivated ransomware attacks for disruption, most have been thought linked to governments, such as Iranian-linked MosesStaff — which has carried out attacks against Israeli targets — not nonstate actors like hacktivists.
It is likely only a matter of time before hacktivist groups start copying some of the Cyber Partisans' tactics to target Western organizations with ransomware-like sabotage; their persistent focus on single issues will elevate the threat beyond more common data leaks for high-profile organizations in certain sectors. Traditional hacktivist groups like Anonymous may target Western government and nongovernment organizations with ransomware attacks based on a host of issues — including privacy, racial discrimination and economic inequality issues — but Anonymous historically has been criticized for not having a true universal motive for its attacks, instead trying to make a name for itself through disruptive action. It is likely that other activist groups organized around single issues, such as climate change, eventually will carry out attacks against Western organizations over issues like climate change, such as disrupting oil and gas processing plants operations. A continued increase in political polarization in the United States and other democracies could also lead to more hacktivist attacks from different actors targeting political groups they oppose or organizations associated with them or their supporters (such as major campaign donors).
Single-issue hacktivists may be far more persistent than financially motivated hackers in targeting a specific prominent organization as a part of their cause, because they are driven by ideology rather than monetary gain while cybercriminals can quickly move on to another target. This dedication will make it crucial for organizations to monitor activist movements targeting their industry in other ways, such as demonstrations at corporate headquarters, for any signs that they are gaining hacktivist capabilities.
Hacktivists may never represent the same level of sophisticated cyberthreat as nation-states or sophisticated cybercriminals, enabling organizations to mitigate the risk through the same practices being undertaken to mitigate other cyber risks. But they do pose a different type of challenge to organizations that suffer an attack or breach. Despite the Cyber Partisans' rapid transition to carrying out ransomware attacks, there is no indication that they have become as sophisticated as elite ransomware gangs. And it is likely that hacktivist groups that copy their strategy, at least initially, will not be as sophisticated as ransomware gangs due to the latter's generally more extensive capabilities and larger financial resources gained through attacks. This means that organizations that are improving their overall cybersecurity efforts across the board to counter other rising cybersecurity threats (e.g., sophisticated ransomware attacks, nation-state supply chain hacks, etc.) will be better positioned to mitigate the threat from hacktivists even if the threat is more targeted and persistent. Nevertheless, unlike financially motivated threat actors, hacktivists would invariably see public disclosure of attacks and the reputational damage to an organization as an added benefit in almost all scenarios. This means that organizations that intend to pay ransoms as a part of their cyber incident response plans to quietly defuse the situation without the attack's becoming public may not wind up having that option.
-
How Russia Could Respond to Western Sanctions With Cyberattacks
7 MIN READFeb 3, 2022 | 19:00 GMT
Although a Russian invasion of Ukraine is not the most likely scenario at this point, it cannot be ruled out and organizations should start considering the risks they could face were such a conflict to break out. In the less likely but more impactful scenario where Russia conducts a full invasion of Ukraine, the United States and its European allies will likely respond with a myriad of financial and other sanctions that would in turn cause the Kremlin to respond with cyberattacks.
The United States and the West are likely to place sanctions on Russia's financial sector, export controls on technology exports to Russia (including semiconductors and green technology, and restrictions on new investment into Russia's oil and gas sector and, potentially, a U.S. (but not European) embargo of Russian energy supplies if Russia invades Ukraine. Such a sanctions strategy would be designed to maximize short-term and long-term economic pain on Russia and limit the short-term fallout to Europe by not cutting off Russian gas supplies. Nevertheless, the Kremlin would likely view such sanctions as significant economic warfare and retaliate accordingly, likely assessing that the sanctions are unlikely to be quickly removed.
Sanctions on Russia's natural gas and crude oil exports and cutting off Russian access to SWIFT are under discussion as potential options, but it is unlikely that the United States and Europe would go that far due to the blowback on Europe and potential escalation of the conflict beyond Ukraine.
In such an invasion and sanctions scenario, Russia's retaliation would focus heavily on carrying out cyberattacks aiming to disrupt U.S. and European economic activity and extract an economic cost for the sanctions strategy against Russia. Given past Russian activity targeting Ukraine and Georgia, we would anticipate the most dangerous Russian cyberattacks to be data wiping and encryption malware and worms targeting Western government organizations and leading companies operating in key sectors, including the financial sector, oil and gas, industry, and manufacturing. A massive cyber campaign akin to the 2017 NotPetya attacks, but on a larger scale and targeting U.S. and Western European organizations instead of primarily Ukrainian entities, is a realistic scenario, as the Kremlin could view it as a proportional response to Western sanctions. The 2017 NotPetya attacks initially looked like a ransomware attack before it became clear that the main aim was wiping data off of systems. There are already signs that Russia may be launching another data wiping and encryption campaign in Ukraine, as the Microsoft Threat Intelligence Center (MSTIC) said in mid-January that similar malware began appearing in Ukraine on Jan. 13 and the U.S. and U.K governments issued warnings about possible cyberattacks.
Russia's advanced persistent threat (APT) groups are less likely to carry out a series of cyberattacks that are primarily fraud and financially motivated to offset the economic impact of sanctions. Instead, Russia's primary objective will likely be widespread economic disruption aimed at breaking the West's resolve to maintain sanctions. Financial gain will be a secondary or tertiary objective. Although there is clearly a relationship between them and the government, Russia's financially motivated hackers are not directly under the control of the Kremlin's intelligence agencies and there is a degree of separation between the two, unlike in North Korea, where cybercrime groups like Lazarus Group are directly tied to the government. North Korea's primary objective is to earn hard cash (or cryptocurrencies) through fraud and cyberattacks that can offset the financial impact of U.S. sanctions and North Korea's limited access to foreign currency. In most North Korean cyberattacks, financial gain is the primary motive and disruption is a secondary or tertiary motive. By contrast, Russia is not in a position to meaningfully use cyberattacks to offset the economic impact of sanctions because of the sheer size of its $1.5 trillion economy, compared to North Korea's roughly $29 billion economy. North Korea's 2016 Bangladesh Central Bank heist cyberattack aimed to steal $1 billion would have been a meaningful amount of money for North Korea, but an insignificant amount for Russia.
Although Russia's APT groups may not engage in financially-motivated cyberattacks, Moscow would freeze all cooperation with the United States and the West over Russian cybercriminal groups and give the criminal groups more space to carry out ransomware and other cyberattacks against Western organizations. Facing a high level of U.S. and European sanctions, the Kremlin will have little incentive to rein in Russian criminal networks — both cybercriminal and organized criminal — targeting the West and may even work more closely with cybercriminals by sharing hacking tools, malware and command and control servers. Russia's cybercriminal networks remain prolific and various forms of fraud, including business email compromise attacks, banking Trojans, cyrptojacking malware, and botnets stealing credentials remain a part of their arsenal even as high-profile ransomware gangs that have gained notoriety over the last two years. Each of these risks will be more pronounced in the event of Western sanctions on Russia, but the risk will be more evolutionary from its current pattern as opposed to a largely new threat from Russia. By contrast, more escalatory state-sponsored data encrypting and wiping malware directly aimed at the West would be a new threat.
Russia may consider launching cyberattacks aiming to force offline or disrupt Western critical infrastructure, like power grids, financial transaction infrastructure and/or telecommunications, but those types of disruptions are more likely to be unintended fallout from other types of cyberattacks. Russia certainly has the capability to launch cyberattacks against Western power grids and will increase the rate at which it tries to hack into critical infrastructure if there are substantial sanctions on Russia in order to give itself the option of carrying out attacks against critical infrastructure in the future if tensions escalate. Actually carrying out attacks with the intent of disrupting or destroying critical infrastructure, however, is less likely due to the potential escalatory nature if Russian cyberattacks take substantial parts of the U.S. power grid offline for days, cause physical destruction of a German power plant, cause significant loss of life or something similar. Cyberattacks of that magnitude could be considered acts of war and result in proportional retaliation by the United States and Europe. Russia has been willing to carry out attacks on the Ukrainian power grid in recent years, but Ukraine does not have the same level of retaliatory options that the United States and Europe possess, making the costs of carrying out an attack against Ukraine's power grid much lower than an attack against the United States or a NATO member. Nonetheless, it is entirely possible that a Russian cyberattack results in accidentally disrupting Western critical infrastructure to a significant degree, either through the systems it affects or by an organization accidentally causing a crisis when responding to a breach of its systems by Russia, even if Russia's intent is reconnaissance and intelligence gathering, not disruption.
In a worst case (low likelihood, high impact) scenario, Russia may be willing to engage in more destructive and disruptive cyberattacks targeting critical U.S. and European critical infrastructure, but that would likely only occur in a scenario where either the United States and Europe adopt Iran- or North Korea-style sanctions on Russia or the conflict in Ukraine leads to direct military conflict between Russian and Western forces. Neither of these are particularly likely scenarios, but the consequences would be dramatic and while cyberattacks will be a primary risk that many Western organizations face, those are the types of triggers that could lead to broader conflict in Eastern Europe that goes beyond Ukraine's borders. Targeting Russia with SWIFT sanctions would also result in essentially blocking Russian energy exports to Europe without clear waivers. Even in that case, Russia could respond by cutting off exports regardless in order to cause a spike in energy prices and shortages in Europe. A scenario like this is extremely unlikely, but escalation can be a slippery slope. While Russia and the United States will seek to avoid such a scenario, a Russian invasion of Ukraine could trigger a series of events that bring the West and Russia to trade cyber, economic and military blows against each other to significant proportions.
-
Cyberattacks against government offices, banks rattle nerves
in Kyiv
ASSOCIATED PRESS
KYIV, UKRAINE | A series of cyberattacks on Tuesday knocked the websites of Ukrainian government offices and major banks offline, authorities here said, attacks that came amid strong tensions between Russia and the West over possible military action against Ukraine.
Nerves have been on edge for months in Ukraine’s capital, but it was too early to know, however, if the apparently low-level denial-of-service attacks Tuesday might be a smokescreen for more serious and damaging Russian-orchestrated cyber mischief.
At least 10 Ukrainian websites were unreachable due to so-called “denialof- service” attacks, including those of the Defense Ministry, the Foreign Ministry, the Culture Ministry and Ukraine’s two largest state banks. In such attacks, websites are barraged with a flood of junk data packets, rendering them unreachable.
Customers at Ukraine’s largest state-owned bank, Privatbank, and the state-owned Sberbank reported problems with online payments and the banks’ apps.
“There is no threat to depositors’ funds,” the Ukrainian Information Ministry’s Center for Strategic Communications and Information Security said in a statement. The deputy minister, Victor Zhora, confirmed the cyberattacks.
The ministry suggested Russia could be behind Tuesday’s incident, without providing details. “It is possible that the aggressor resorted to tactics of petty mischief, because his aggressive plans aren’t working overall,” the statement said.
Oleh Derevianko, a leading private sector expert and founder of the ISSP cybersecurity firm, said it was not immediately clear if Tuesday’s cyberattacks were limited to what officials had said publicly.
“That’s exactly the question we always ask,” he said.
Ukraine has been subject to a steady diet of Russian aggression in cyberspace since 2014, when Moscow annexed the Crimean Peninsula and backed pro-Russian separatists in eastern Ukraine. The Biden administration has also been warning that cyber attacks could be part of a larger Russian move against Kyiv.
The attacks follow a Jan. 14 cyberattack that damaged servers at Ukraine’s State Emergency Service and at the Motor Transport Insurance Bureau with a malicious “wiper” cloaked as ransomware. The damage proved minimal — some cybersecurity experts think that was by design, given the capabilities of Russian state-backed hackers. A message posted simultaneously on dozens of defaced Ukrainian government websites said: “Be afraid and expect the worst.”
Serhii Demediuk, the No. 2 official at Ukraine’s National Security and Defense Council, called the attack Tuesday “part of a full-scale Russian operation directed at destabilizing the situation in Ukraine, aimed at exploding our Euro-Atlantic integration and seizing power.”
Russia’s cyber warriors have been blamed for perhaps the most devastating cyberattack ever. Targeting companies doing business in Ukraine in 2017, the NotPetya virus caused over $10 billion in damage worldwide
-
https://therecord.media/iran-linked-muddywater-carrying-out-digital-attacks-worldwide-u-s-warns/
-
https://dailycaller.com/2022/02/24/russia-ukraine-cyber-attack-putin-zelensky/?utm_medium=email&pnespid=v7puDSVMaP9L0PTft2_.E8ictAK_UMZ5Jui50_J2ogNmR1deLOlJ3XGA7zrU4dK.PAmO6HLT
-
https://www.msn.com/en-us/news/technology/elon-musk-says-starlink-was-told-to-block-russian-news-sources-but-it-will-not-do-so-unless-forced-at-gunpoint/ar-AAUDUvI?ocid=msedgntp
-
https://www.foxnews.com/world/us-doesnt-stand-a-fighting-chance-if-russia-and-china-combine-cyber-tech-former-pentagon-official-says?fbclid=IwAR3URgxFL7XS7akQnODI--7OIWJPx7fbNbwKFNHgjirmM6puiXgt0IP_SME
-
https://www.foxnews.com/world/us-doesnt-stand-a-fighting-chance-if-russia-and-china-combine-cyber-tech-former-pentagon-official-says?fbclid=IwAR3URgxFL7XS7akQnODI--7OIWJPx7fbNbwKFNHgjirmM6puiXgt0IP_SME
Good thing we haven't forced Russia into China's camp!
-
Good thing we haven't forced Russia into China's camp!
Seems like just one President ago we were putting the screws to China.
-
Good thing we haven't forced Russia into China's camp!
Seems like just one President ago we were putting the screws to China.
Yeah, but MEAN TWEETS Doug.
MEAN TWEETS.
-
https://theintercept.com/2022/04/22/russia-hackers-leaked-data-ukraine-war/
-
"Yeah, but MEAN TWEETS Doug.
MEAN TWEETS."
me:
mean tweets = approval rating ~ 40 %
no problem :roll:
-
"Yeah, but MEAN TWEETS Doug.
MEAN TWEETS."
me:
mean tweets = approval rating ~ 40 %
no problem :roll:
What’s the approval rating for our sellout RINOS?
-
I agree he is better then a rino
but he is not great for us over the long term
we need someone else
not a man child
-
Ahem , , , beware thread drift , , , :-D
-
https://www.calcalistech.com/ctechnews/article/sk200ds1wc?utm_source=sendinblue&utm_campaign=Extremist%20Roundup%202022-06-30%20SIB&utm_medium=email
-
https://www.washingtontimes.com/news/2022/nov/22/report-beijing-deploys-10-times-more-operators-tha/?utm_source=Boomtrain&utm_medium=subscriber&utm_campaign=newsalert&utm_content=newsalert&utm_term=newsalert&bt_ee=U8WU%2BsZe%2FvuzE3yrlV%2FLRWlXIxdi8krc3xaLR6g%2BeJ5kjsqa%2B1o4xojUVj7R8YVJ&bt_ts=1669144479030
-
https://www.oodaloop.com/briefs/2023/02/28/major-cyberattack-compromised-sensitive-u-s-marshals-service-data/#:~:text=The%20US%20Marshals%20Service%20has%20suffered%20a%20major,%E2%80%9Cstand-alone%E2%80%9D%20system%20and%20was%20discovered%20on%20February%2017.
-
https://www.youtube.com/watch?v=IAWoSSKQtFM
-
"Yeah, its just a movie clip"
what if we had an apocalyptic war and not one nuc was exploded ?
lets see EMP
cyber war
bioweapon engineered so the Han are protected...
seems more relevant than threat of gas or oil to me
-
"Yeah, its just a movie clip"
what if we had an apocalyptic war and not one nuc was exploded ?
lets see EMP
cyber war
bioweapon engineered so the Han are protected...
seems more relevant than threat of gas or oil to me
We are probably going to get some of each.
-
A.k.a. "Full Spectrum War".
-
the bad news :
"Tens of thousands of Chinese military hackers are preparing for war against the United States. The report said China has 10 times more troops devoted to offensive cyberattacks than does U.S. Cyber Command."
the good news:
1) we have 2 new national parks
2) Springstein, who I don't like, is going to perform at the WH
3) we have more members in our military with GAD
4) and DJT to be arrested for a misdemeanor
5) we will bail out any Democrat *donors and wokesters*
-
https://www.defenseone.com/threats/2023/03/using-starlink-paints-target-ukrainian-troops/384361/
-
https://twitter.com/Fynnderella1/status/1640016692305711105?t=TjecOe0CeGrc6V2z0HRrww&s=19
-
https://www.msn.com/en-us/news/technology/new-restrict-act-could-mean-20-years-in-prison-for-using-a-vpn-to-access-banned-apps/ar-AA19exSd
-
https://www.gatestoneinstitute.org/19551/tiktok-america-do-or-die
Makes good points for both sides.
-
"Adi Robertson, The Verge's senior tech and policy editor, makes an impassioned plea to not ban TikTok, China's popular video-sharing app, on free speech grounds. Rand Paul (R-Ky.), speaking on the floor of the Senate on March 29, also raised First Amendment objections to a proposed TikTok prohibition."
They are wrong; bunch of BS
ban the damn thing
steal their algorithms and do our own
then create version and slip it into theirs
-
What of concerns that the pending legislation is a Patriot Act for the Deep State to control our access to the internet?
-
https://www.defenseone.com/defense-systems/2023/04/air-forces-electronic-warfare-wing-400-people-short/385404/
-
https://www.itbusiness.ca/news/five-eyes-countries-disable-russias-snake-malware-network/124994?fbclid=IwAR3Bmayr2-Qp6b8SwoEPYjErbQfMS-t76FLKoyIytg-VvalGktrjAa_Qfhc
-
https://townhall.com/tipsheet/leahbarkoukis/2023/05/23/tucker-carlson-pac-n2623583
-
https://www.washingtontimes.com/news/2023/jun/6/house-lawmakers-urge-biden-administration-defend-u/?utm_source=Boomtrain&utm_medium=subscriber&utm_campaign=morning&utm_term=newsletter&utm_content=morning&bt_ee=LnSMgdrEUY99%2FGz%2FfhPaD4W95MpwrjkpII8Si9rvoGNSMeLu5S74gWPm4zBrTC8G&bt_ts=1686134771177
-
https://www.theepochtimes.com/us-should-brace-for-aggressive-sabotage-from-chinese-hackers-top-cybersecurity-official-says_5334330.html?utm_source=China&src_src=China&utm_campaign=uschina-2023-06-15&src_cmp=uschina-2023-06-15&utm_medium=email
https://www.theepochtimes.com/us-government-hit-in-global-hacking-campaign_5336379.html?utm_source=Morningbrief&src_src=Morningbrief&utm_campaign=mb-2023-06-16&src_cmp=mb-2023-06-16&utm_medium=email
https://www.theepochtimes.com/chinese-hackers-breached-hundreds-of-public-and-private-networks-investigation-concludes_5336550.html?utm_source=China&src_src=China&utm_campaign=uschina-2023-06-16&src_cmp=uschina-2023-06-16&utm_medium=email
-
Here's something interesting floating on the internet. Put on your tin foil hat.
https://twitter.com/i/status/1670249394111741955 (https://twitter.com/i/status/1670249394111741955)
-
https://nypost.com/2023/07/01/nyc-doorman-brutally-slashed-saving-tenant-from-mugger/
new age defense:
mugger has a crack or other drug addiction
therefore he does NOT need jail
just treatment programs
and it is the fault of the system that did not help him
-
https://www.linkedin.com/posts/katie-arrington-a6949425_please-watch-and-share-ugcPost-7117912951902142464-uMbM/
-
https://www.theguardian.com/business/2023/dec/04/sellafield-nuclear-site-hacked-groups-russia-china
-
Countering North Korea. The United States, South Korea and Japan held their first working-level talks aimed at countering North Korea’s growing cyber threats. They discussed ways to address North Korea’s cryptocurrency theft and other cyber activities that help finance its nuclear and missile development programs. On Wednesday, a White House official said the national security advisers from the three countries will hold talks in Seoul this week.
-
https://www.dailymail.co.uk/news/article-12850109/china-hacking-taiwan-power-infrastructure-passwords.html
-
https://www.foxnews.com/tech/us-alarmed-china-hacks-critical-systems-what-you-can-do
https://www.washingtonpost.com/technology/2023/12/11/china-hacking-hawaii-pacific-taiwan-conflict/
https://www.foxbusiness.com/video/6342926239112
-
https://www.foxnews.com/us/us-water-utilities-targeted-foreign-hackers-prompting-calls-cybersecurity-overhaul
https://washingtontimes-dc.newsmemory.com/?token=fa0b1df5a98444eee5677945f4b93f7e_659577e1_6d25b5f&selDate=20240103
-
https://www.dailymail.co.uk/news/article-13098111/China-hack-infrastructure-FBI-warning.html
-
https://www.tomshardware.com/tech-industry/cyber-security/your-fingerprints-can-be-recreated-from-the-sounds-made-when-you-swipe-on-a-touchscreen-researchers-new-side-channel-attack-can-reproduce-partial-fingerprints-to-enable-attacks
-
"Your fingerprints can be recreated from the sounds made when you swipe on a touchscreen — Chinese and US researchers show new side channel can reproduce fingerprints to enable attacks"
WOW!OMG!
-
https://www.youtube.com/watch?v=SduCxslJf14&t=73s
-
we cannot even get a land line now where I live.
no longer offered.
-
https://washingtontimes-dc.newsmemory.com/?token=8acbbccbfcc195192d89ad85611ccf21_66133380_30a3
-
Russia Using Thousands of Musk’s Starlink Systems in War, Ukrainian General Says
Estimate of Russian use suggests Moscow is eroding a major Ukrainian battlefield advantage
By
James Marson
Follow
and
Thomas Grove
Follow
Updated Feb. 15, 2024 2:09 pm ET
Share
Resize
Listen
(2 min)
YOU MAY ALSO LIKE
TAP FOR SOUND
In an X Spaces forum on Monday night, Elon Musk spoke with Republican senators about the $95.3 billion aid bill that includes funding for Ukraine. He said there’s ‘no way in hell’ Russian President Vladimir Putin will lose the war in Ukraine. Photo: Gonzalo Fuentes/Reuters
KYIV—Ukraine’s top military-intelligence officer said Russian invasion forces in his country are using thousands of Starlink satellite internet terminals, and that the network has been active in occupied parts of Ukraine for “quite a long time.”
Lt. Gen. Kyrylo Budanov’s comments in an interview suggest that Russia is starting to acquire Starlink terminals, made by Elon Musk’s SpaceX, at a scale that could cut into a major Ukrainian battlefield advantage. Ukraine’s government said last year that around 42,000 terminals are used by the military, hospitals, businesses and aid organizations.
Starlink, which is more secure than cell or radio signals, is considered so vital to Ukrainian operations that the Pentagon struck a deal with SpaceX last year to help fund access for Kyiv’s forces. Up to now, Russian forces have had no similarly secure communications system.
Russian private firms buy the terminals off intermediaries who pass off purchases as for personal use and deliver the equipment to Russia via neighboring countries, including former Soviet republics, Budanov said. Russian army units down to company level were seeking to acquire Starlink terminals, often by collecting money for the purchases, he said.
Lt. Gen. Kyrylo Budanov, Ukraine’s top military-intelligence officer PHOTO: VALENTYN OGIRENKO/REUTERS
“It’s an open market,” said Budanov, who heads Ukraine’s military-intelligence agency, known as HUR. “It’s not a military item.”
A search for Starlink terminals on Russian search engine Yandex.ru yields numerous dealers in Moscow and outside the Russian capital who promise to install the systems across the country and the Russian-occupied territories of Ukraine.
One website, strlnk.ru, promised “tested performance” in the occupied areas of Crimea, Luhansk, Donetsk and Kherson with monthly fees starting at $100 a month. The website provided contacts for a dealer, including a Russian cellphone number and a Yandex email. A representative of the firm declined to speak to a Wall Street Journal reporter.
Another website that uses the name of a German appliance company sells Starlink terminals for nearly 300,000 rubles, or just over $3,000.
Like other space communications systems, Starlink relies on satellites in orbit, infrastructure called ground stations and terminals to allow people to tap in to its high-speed internet connections. Customers use a flat antenna array that needs an unobstructed view of the sky to connect with satellites.
A Starlink for sale in California. PHOTO: DAVID PAUL MORRIS/BLOOMBERG NEWS
SpaceX, which doesn’t want to provide connections to users in countries where regulators haven’t permitted its use, wields significant control over where it offers service and where it doesn’t.
Budanov said Starlink service has worked on occupied territory for “quite a long time,” without elaborating. Asked whether he knew from personal experience, he replied: “Of course.” HUR units often work behind enemy lines.
A spokesman for SpaceX didn’t immediately respond to a request for comment. Musk previously said SpaceX wasn’t selling to Russia. “To the best of our knowledge, no Starlinks have been sold directly or indirectly to Russia,” he wrote in a post on his social-media platform X on Sunday.
Neither Musk nor Starlink has responded directly to questions about whether the devices could be obtained in other countries and used in Russian-occupied parts of Ukraine. Starlink has said SpaceX takes steps to deactivate Starlink terminals if the company determines sanctioned or unauthorized parties are using them.
The Russian Defense Ministry didn’t respond to a request for comment. Kremlin spokesman Dmitry Peskov said earlier this week that officially Starlink was neither delivered to Russia nor used in the country.
Elon Musk has previously said SpaceX wasn’t selling to Russia. PHOTO: ALAIN JOCARD/AGENCE FRANCE-PRESSE/GETTY IMAGES
The Kremlin has steadily tightened its grip on Russia’s communications infrastructure over the last decade. Current regulations force any foreign satellite operator in Russia to pass traffic through one of several ground stations inside the country. It was unclear whether any Starlink traffic abided by those rules. Exceptions can be made only with permission of the country’s Federal Security Service, or FSB.
Access to Starlink has been a politically charged issue since early in the war, when Musk made the service available in Ukraine.
Sen. Ron Wyden (D., Ore.) said in a statement that reports of Russian military use of Starlink terminals were extremely concerning. “SpaceX needs to do everything in its power to ensure the Russian military isn’t using its technology as part of its invasion of Ukraine,” he said.
Sen. Ron Wyden (D., Ore.) PHOTO: MICHAEL REYNOLDS/SHUTTERSTOCK
Last year, when SpaceX said it could no longer fund access for Kyiv, the Pentagon agreed to pay to help keep the service running. Private donors, governments and other organizations also pay for terminals.
Musk said in September that earlier in the war, he had declined a request to activate Starlink service around Sevastopol in Crimea to avoid directly involving his space company with what he described as a plan to sink Russian ships there.
Musk said that if he had agreed to it, SpaceX would have been “complicit in a major act of war and conflict escalation.” He didn’t address how this was different from Ukraine’s use of Starlink in many other operations.
-
https://techcrunch-com.cdn.ampproject.org/c/s/techcrunch.com/2024/03/01/nsa-says-its-tracking-ivanti-cyberattacks-as-hackers-hit-us-defense-sector/amp/
-
(2) FEDERAL AGENCY OVERWHELMED BY CYBER VULNERABILITY REPORTS: The National Institute of Standards and Technology (NIST) said the agency will temporarily pause the National Vulnerability Database (NVD) to “regroup and reprioritize” because the agency is being overwhelmed with software vulnerability reports.
Censys researcher Emily Austin said security professionals across disciplines and organizations rely on the NVD, and they are at a major disadvantage due to issues with the database.
FBI Director Christopher Wray told the American Bar Association’s Law and National Security Committee last week that state-linked hacking groups are ramping up threat activity against the United States.
Why It Matters: NIST covers a broader spectrum of cybersecurity threats than the Cybersecurity and Infrastructure Security Agency (CISA), and is overwhelmed by reports on software vulnerabilities at the same time foreign adversaries are increasing cyberattacks against U.S. critical infrastructure. According to reports from industry groups, there were 420 million cyber incidents in 2023, a 30% jump from 2022, and about one-third of all attacks targeted operational technology in the industry and the energy sector. – R.C.
-
A warning shot of the full spectrum war that is coming:
https://www.dailymail.co.uk/news/article-13337445/russian-attack-cyber-cyberattack-texas-town-water-tower.html
-
Local company having trouble getting ransomwarers to keep their word.
https://www.upi.com/Top_News/US/2024/04/23/UnitedHealth-Group-cyberattack-blackcat/3951713899108/
They REQUIRE us to do business with one of these giant firms, require us to give them our social security numbers, birthdays, address, and everything else down to our blood sugar count and next of kin. Then THIS happens and all our alphabet agencies are too busy targeting conservatives on trumped up charges to give a rip.
In this ever polarizing world, why don't we go after these areas where we can all agree? But no...