--US Defense Secretary Says US is Prepared to Take Action (October 11 & 14, 2012)
US Defense Secretary Leon Panetta last week said that a recent campaign of cyberattacks on Middle East oil and gas companies "was probably the most destructive attack that the private sector has seen to date." While Panetta did not say that Iran was involved in those attacks, he did note that Iran is trying to "gain an advantage in cyberspace" and warned those who would consider launching cyberattacks against the US that the US is prepared to take action.
[Editor's Note (Assante): One must not lose sight of the big picture when considering the consequences of all cyber attacks on our productivity, competitiveness, and national security. The challenge with the emerging attacks referred to by the Secretary of Defense is in the development of doctrines that are flexible enough to apply the right response to manage the death by a thousand cuts while deterring specific attacks that can directly impact economic and nation security. Cyber defense is a job too big for any one organization we all play an important part in safeguarding our information and critical systems.
(McBride): McBride: The tone of Panetta's comments appears to support a stance of deterrence. He well might have said "the U.S. is prepared to take offensive or retaliatory action if and when it can positively attribute highly-destructive attacks to another nation-state." On the other hand, the tone of the comments does not build confidence that the U.S. is prepared to defend and restore. That makes his plea to executives of firms that own and operate critical infrastructure all the more imperative.]
--Flame Relative is a "High-Precision, Surgical Attack Tool" (October 15, 2012) Researchers have detected another piece of malware that targets systems used in the Middle East. It is being called mini Flame because it appears to be built on the same platform as the Flame malware, which was detected earlier this year. While Flame focuses on stealing information, miniFlame acts as a backdoor on infected machines to allow attackers access. It also appears to be able to act as a modulefor both Flame and Gauss, lending more credence to the theory that the two pieces of malware are related. miniFlame can download files from a command-and-control server. It is being called a "high-precision, surgical attack tool."
[Editor's Note (McBride): From an analytical perspective the fact that a sinkhole designed for Flame found miniFlame is a nice windfall (but not necessarily great opsec). Is the fact that Kaspersky continues to find state sponsored malware (allegedly belonging to the United States) surprising - or is the awe wearing off? Is it concerning that the U.S. appears to be a leader in offensive cyber operations? Is the real difference between APT and APF (advanced persistent friendliness) summed up in the amount of trust you have for the motives of the sponsoring nation-state?
An adviser to Republican presidential nominee Mitt Romney says that part of the former Massachusetts governor’s debate strategy on Tuesday night will be to ask President Barack Obama to “man up” and “accept his responsibility” for the terrorist attacks in Libya.
“There should be an effort to get transparency from President Obama on what he knew and when he knew it,” Romney foreign policy adviser Amb. William Richardson told Fox News host Bill Hemmer on Tuesday. “This was evidence that his so-called success on the war on terror wasn’t so successful. Targeted killings alone can not solve this problem.”
“This helps provide a choice to the American people between more of the same and strong, optimistic, bold leadership under President Romney.”
He continued: “I think Gov. Romney will, quite properly, be asking questions, probing. And trying to ask the president to man up, accept his responsibility and explain to the American people the failure that resulted in four American deaths.”
If Richardson’s preview of Tuesday night’s debate is correct, it could signal part of a broader tactic of subtlety questioning the president’s manhood.
During the first debate, Romney had compared the president to his sons when they were “boys” and didn’t tell the truth.
Last week, one of Mitt Romney’s son even likened Obama’s debate performance to “an obstinate child.”
“I don’t know if you guys saw the debate last week,” Josh Romney told a crowd in Van Meter, Iowa. “I take a lot of pride in that, because — I don’t know if you noticed, but I was — me and my brothers were responsible for my dad doing so well. We were the ones, as kids, that kept saying the same thing over and over. And we’d say the same lie over and over. And my dad learned then, not to believe it. While we didn’t go to any of the formal debate preparation, we did the real hard stuff.”
“So as a father, he learned how to debate an obstinate child,” the younger Romney added. “We had a lot of fun, we had a lot of fun watching the debate.”
Wow, I was just getting ready to post and ask about the possible dates for the Tribal Gathering? Was just checking flights from Hawaii to LA and the prices are really good right now, LOL. I understand it takes some time to figure out. Not sure what will be required of me, the last gathering I attended was the spring gathering at The Monster Garage with Kahuna Dog. Maybe I can get DogZilla to put in a good word for me.
There is a Bandalan school here in Hawaii. I do not have any personal experience with their system they kind of stick to their own, I know one of the guys from the Hawaii group is a WEKAF champ who participated in contests in the PI. I have some interaction with the student and they are good peeps. Sorry I couldn't provide any useful info.
Web attacks on big US banks originated in Iran, unconfirmed reports say Two reports say a series of denial-of-service attacks were launched from Iran. by Dan Goodin - Sept 21 2012, 1:30pm +1000
Black Hat33 Iranians have mounted a series of denial-of-service attacks over the past year that target major US banks and other companies, according to two published reports that cite unnamed US officials.
The reports, published on Friday by The Washington Post and Reuters, came a few days after websites for both Bank of America and JPMorgan Chase experienced unexplained service disruptions. US Senator Joseph Lieberman, chairman of the Senate Homeland Security Committee, said on Friday that he believes a unit of Iran's Revolutionary Guard Corps is behind the disruptions, but provided no evidence to support the claim. Neither bank has confirmed that the disruptions were the result of attacks, so it's possible equipment failure or other internal causes are responsible.
According to the Washington Post, US officials suspect that Iran was behind similar denial-of-service attacks, which bring websites to a crawl or make them completely unavailable by overwhelming them with garbage traffic. One such attack was carried out in August, and was aimed at disrupting the websites of oil companies in the Middle East "by routing their efforts through major US telecommunications companies, including AT&T and Level 3," the publication reported, citing US intelligence and industry officials. It was the largest attempted DoS attack against AT&T "by an order of magnitude," an industry official said. The sources spoke on condition of anonymity because they weren't authorized to speak to the press.
According to Reuters, Citigroup has also been targeted in the campaigns, which it said are likely in retaliation for their enforcement of Western economic sanctions against Iran. Reuters also said while the attacks originated in Iran "it is not clear if they were launched by the state, groups working on behalf of the government, or 'patriotic' citizens." The attacks may be intended to distract victims from other, more destructive breaches, the news organization added.
Security experts have long said that it's difficult or impossible to determine the origin or source of many DoS and other computer-based attacks. In the absence of technical evidence that supports claims attacks are coming from Iran, it's not possible to verify them.
By Amber Corrin Sep 05, 2012 In their respective platforms, the Republicans and Democrats each briefly touch on what they both describe as a paramount threat facing the U.S.: cybersecurity. In keeping with the partisan divides that prevented lawmakers from passing cybersecurity legislation this year, each side offers a different – but decidedly familiar – take on the issue.
While neither party goes in-depth in its platform summary addressing cybersecurity, they both include plans that include basic tenets that were part of cybersecurity bills that failed in Congress. While there isn’t much in the way of cyber-policy revelations, there are hints of action that could come – including a possible executive order.
The platforms include a handful of similarities: Both sides recognize the significance of the issue, the importance of collaboration within government and with industry, and the need for investment in cyber research and development.
Like proposed legislation that came before, that’s about where the parallels end.
The Republicans call for a hands-off approach that echoes the SECURE IT Act championed by Sen. John McCain (R-Ariz.) earlier this year. The emphasis is on the public and private sectors working together, allowing for “the free flow of information” between network managers and the within industry. It also places the onus on the government to better protect their own systems.
The GOP platform also takes swipes at the current cybersecurity policies, saying that the Barack Obama administration is “overly reliant on the development of defensive capabilities and has been unsuccessful in dissuading cyber-related aggression.” The Republican plank criticizes Obama’s approach as “costly and heavy-handed” and says it will “increase the size and cost of the federal bureaucracy and harm innovation in cybersecurity.”
On the other hand, the Democrats’ platform notes some of the cybersecurity steps taken in Obama’s term, and includes vows to continue by investing in research and development, promoting awareness and strengthening public-private partnership.
“The President and the administration have taken unprecedented steps to defend America from cyber attacks, including creating the first military command dedicated to cybersecurity and conducting a full review of the federal government's efforts to protect our information and our infrastructure,” the Democrats’ platform states.
The platform also notes that “going forward, the president will continue to take executive action to strengthen and update our cyber defenses.”
Many, including cybersecurity expert Jim Lewis, say the statement is a strong suggestion of an executive order in the works.
Lewis, director and senior fellow at the Center for Strategic and International Studies, said a presidential directive from Obama likely would aim to compensate for the Congress’s failure to pass legislation protecting critical infrastructure.
But which party’s approach would be more effective? Lewis had criticism for both sides, noting that neither offers any novel ideas.
“The Democratic plank says the right things; it just doesn't say anything new other than the [executive order] hint. The Republican plank also doesn't say anything new, but we know what they propose won't work,” Lewis said, noting that the Republican references to deterrence and information-sharing, among others, are particularly troublesome.
“Cyber deterrence doesn’t work. This is a creaky retread from the Cold War,” he said. As for voluntary information-sharing, central to the Republican approach, “it’s legislation, not regulation, that blocks sharing, and Congress failed to fix it.”
But the Democratic approach could be costly – and not necessarily effective, given the government’s notorious bureaucracy and the rapidly evolving nature of cyber.
“The Democratic platform calls for greater government engagement and involvement, but the imposition of mandates would be less effective because the government is not nimble enough to regulate in this area,” said Paul Rosenzweig, visiting fellow at the Heritage Foundation. “How much would the Democratic platform cost? Nobody knows. The Democrats couldn’t tell you before when [the bipartisan Cybersecurity Act of 2012] was being considered, and the same questions are being asked now.”
Danger within: Insider threat David CotrissJuly 02 2012The theft or misuse of corporate assets by a trusted individual poses challenges, but there are strategies and tools to put in place, reports David Cotriss.
How big a problem is the threat from insiders?
“Bigger than most people realize because many times they can't tell if they have an issue,” says Craig Shumard, principal of Philadelphia-based Shumard and Associates, a strategic security consulting firm, and former vice president of security at Cigna Insurance. Insider threats are often under-reported, he says, because companies do not want it known that they've become victims of such attacks. At other times, an enterprise may be unaware it has been compromised.
There's a widely reported mythology that insider-spawned breaches occur far less frequently than external attacks, says James Quin, lead research analyst at Ontario, Canada-based Info-Tech Research Group. When his organization interviewed companies about the issue, the survey found that the accepted wisdom proved not to be true. Quin says that while the prevalence of malicious insider incidents is indeed quite low, erroneous or accidental breaches are “happening with alarming frequency.” That is, although insiders are to blame for some malicious activity, add to that the high rate of employees unintentionally causing a data leakage incident, and the tally for insider culpability mounts.
The problem is exacerbated by the fact that companies are not prepared or equipped to deal with such incidents. “We're finding that organizations don't have an insider threat program in place,” says Dawn Cappelli, technical manager at the Computer Emergency Response Team (CERT) Insider Threat Center, a research-and-development entity at Carnegie Mellon University's Software Engineering Institute in Pittsburgh. CERT is working with the federal government and private companies to design a prevention and mitigation program. Most corporations, she says, are focused on protecting their networks from outside threats, but they don't yet have anyone in charge for insider threat mitigation. This situation must change, with one person given authority and responsibility for dealing with insider threats. To succeed, that person must have the backing of general counsel because of privacy issues, and they must work well with IT and human resources.
Cappelli adds that in last year's “Cyber Security Watch” survey from Deloitte, 46 percent of respondents said insider attacks were more costly to their organization than external attacks. Yet most companies that have purchased software tools that are marketed as internal attack mitigation solutions are using them only to address external attacks.
“What you need to worry about is how to keep your employees happy.”
– Andy Ellis, CSO, Akamai Technologies
While the incidence of insider incidents has stabilized over the past few years, the opportunities have increased because of greater use of third-party contractors, the bring-your-own-device (BYOD) phenomenon, and the co-mingling of personal and business data spurred by the popularity of smartphones and tablets. Today, attacks can be launched at handheld devices, and this vector has become a major source of data leakage. Furthermore, despite all the new tools that have been developed over the past few years, “25 to 30 percent of threats cannot be controlled by technology,” says Shumard.
It is not feasible to completely stop malicious data leakage, agrees Quin. “Technology cannot address everything,” he says. “You can't stop people writing things down with a pencil and a piece of paper.”
As well, privileged users can insert malicious code almost anywhere without it being flagged as anomalous activity, he says. They have the ability to override system controls without detection.
“You can't stop insider threats,” says Andy Ellis, CSO at Cambridge, Mass.-based Akamai Technologies, which provides a platform for conducting business online. “What you need to worry about is how to keep your employees happy. What are you doing for employee retention? A lot of insider threats come from unhappy employees. How do you prevent the trusted insider from doing something that threatens the company?”
For Ellis, the threat fell close to home. Akamai was the victim of a foiled attempt by a former employee to spy on the company. Elliot Doxer pleaded guilty last year to a charge of foreign economic espionage for providing trade secrets to an FBI agent posing, over a two-year period, as an Israeli intelligence officer. When Doxer contacted the Israeli consulate and offered to give it confidential information in exchange for money, the consulate contacted the FBI. To best thwart the malicious attacker, Shumard recommends looking at anomalous behavior. “Take people who hold the same position who have the same job rules and access,” he says. “Why does one employee log-on at 4 in the morning and log-off at 10 at night, while other employees log on at 8 in the morning and log off at 4 in the afternoon? Why would one person download 2,400 documents in a day while the others are downloading 20 or 30? There might be a valid reason for this, such as a special project, but these are indicators of possible malicious behavior.”
Meanwhile, many companies tend to ignore accidental data leaks, even though they can prove costly. Two-thirds of all insider threats are unintentional, says Quin. For example, sending an email to an entire list instead of one intended recipient, or hitting “reply all” instead of “reply,” could have severe consequences.
“Companies have to start contemplating solutions to correct this,” he says. “We haven't done a good job of educating employees about appropriate custodial care of data.”
Shumard agrees. “Sometimes it's just people not understanding proprietary information or a highly sensitive piece of information,” he says. He recommends that companies hold security awareness training for all employees. “Education is important because people have to understand the rules and abide by them.”
Be proactive, says Ellis. He follows Akamai employees on LinkedIn because if there is suddenly a flurry of new connections, it's likely that an individual is looking for a new job. Depending on the access that person has to sensitive information, he says the prudent approach is to take some preventative action.
However, Ellis also says organizations must weigh the cost of prevention tools versus the value of the potentially leaked information. And, he says sometimes a corporation is paying for technology that slows down the speed of innovation.
The sensible methodology, according to CERT, is to use a combination of technical and non-technical potential indicators of malicious activity to identify individuals who may be more likely to commit an unauthorized act. By monitoring and controlling outbound traffic, an organization can greatly increase its chances of mitigating malicious activity.
Data leakage: Prevention
To thwart the inevitability of attacks from within, CERT recommends that companies log all downloads and set alerts when critical information is copied to removable media. Other recommended actions are:
■Implement continuous logging ■Audit individual actions in logs for privileged accounts ■Audit logs for activity of resigning or terminated employees ■Log anytime a device or peripheral is attached; alert if an unidentified device is attached, i.e., a keystroke logger ■Alert of suspicious traffic ■Monitor for unauthorized accounts ■Review user accounts on a regular basis to ensure that active accounts are valid and configured properly ■Monitor privileged users ■Don't give users more privileges than they need
Photo: Inside the network operations command center at Akamai in Cambridge, Mass., Nicole Fusco, network operations engineer, looks for anomalous activity, perhaps indicating inappropriate employee practice.
What does the nation's first cyber security coordinator do for an encore on leaving government service?
First, one would believe that Howard Schmidt (right), a 40-year veteran of the discipline, will be penning another book, this one detailing the three years he spent serving in the Obama administration as the United States' top computer security adviser. He stepped down at the end of May.
One knows for a fact, however, that he has joined the board of security and compliance firm Qualys, where his main role will be advising on governance, strategic direction for the company and providing guidance to Philippe Courtot, the chairman and CEO. “It's all about being part of a team as opposed to an individual effort,” Schmidt said.
And, it's more than simply contacts in the government that Courtot expects. “Howard is technical enough, he knows the problems very well,” he said. “It's more about, ‘How do you present and package, where should we focus our energy so we can essentially play a bigger role with the federal government.' So, having Howard, it's very welcome and timely.”
The two also plan to revive an initiative they co-founded in 2004, the CSO Interchange, which brings security chiefs together from all sectors to discuss problems they are facing. “It's really an environment to bring CSOs together to make things move forward, as opposed to a meeting where people just want to sell something,” Schmidt said.
When they first began the international series of roundtables and breakfasts, there was a lot of resistance from the government sector in applying cloud technologies, as they wanted to control the data, Courtot recalled. “But today, we're at the point where necessity and the growth of attacks have become more pervasive,” he said. “They are now looking for solutions that work and that are cost effective as well, because you can't throw millions of dollars at the problem.”
Speaking of his time at the White House, Schmidt said, “Like any security position, it takes a lot of work. There's a lot of stuff that needs to be discussed. What works for one company, may have less than a positive impact on another one.”
His role, he said, was to bring everybody together to look for solutions. He points to the National Strategy for Trusted Identities in Cyberspace, or NSTIC, a White House initiative to foster collaboration between the government and private sector to better the privacy, security and convenience of online transactions, as one of the administration's major successes. The point, he said, was to look at ways to move away from an environment of user IDs and passwords and get something the private sector can build – an ecosystem where users can migrate to systems that are less likely to be compromised.
He also oversaw advancements in international cyber strategy. “Working with a great team across the government and with international partners, the International Strategy for Cyberspace [a policy document that sets an agenda for partnering with other nations] was looking at several things – from prosperity to economics to military action to peaceful activity,” he said.
It's very difficult to stop the threats, Schmidt said. “What you can do is stop the threats from being successful. And that's making sure everything that you're doing – in the cloud, on the desktop, browser, server environment – you can reduce the vulnerabilities so that no matter what someone throws at you, it's less likely to be successful.”
NSA chief asks hackers at Defcon for help securing cyberspace NSA Director General Keith B. Alexander called the Defcon attendees the world's best cybersecurity community By Lucian Constantin July 29, 2012 12:20 AM ET3 Comments. .IDG News Service - National Security Agency Director General Keith B. Alexander addressed the attendees of the Defcon hacker conference in Las Vegas on Friday and asked for their help to secure cyberspace.
"This is the world's best cybersecurity community," said Gen. Alexander, who also heads the U.S. Cyber Command. "In this room right here is the talent our nation needs to secure cyberspace."
Hackers can and must be part, together with the government and the private industry, of a collaborative approach to secure cyberspace, he said.
Hackers can help educate other people who don't understand cybersecurity as well as they do, the NSA chief said. "You know that we can protect networks and have civil liberties and privacy; and you can help us get there."
Gen. Alexander congratulated the organizers of Defcon Kids, an event dedicated to teaching kids how to be white-hat hackers, and described the initiative as superb. He called 11-year-old Defcon Kids co-founder CyFi to the stage and said that training young people like her in cybersecurity is what the U.S. needs.
The NSA director stressed the need for better information sharing between the private industry and the government and noted that the Congress is currently debating legislation to address this.
NSA's and U.S. Cyber Command's roles are to protect the nation from cyberattacks and foreign intelligence, Gen. Alexander said. The issue is that if you don't see a cyberattack you can't defend against it and at the moment, the NSA has no insight if Wall Street is going to be attacked, for example, he said.
Gen. Alexander pointed out that if the industry could share some limited pieces of information from their intrusion detection systems in real time, the NSA could take it from there.
The next step from information sharing is jointly developing standards that would help secure critical infrastructure and other sensitive networks, he said.
He encouraged hackers to get involved in the process. "We can sit on the sidelines and let others who don't understand this space tell us what they're going to do, or we can help by educating and informing them" of the best ways to go forward.
"That's the real reason why I came here. To solicit your support," he said. "You have the talent. You have the expertise."
At the Aspen Security Forum conference on Thursday, Gen. Alexander revealed that there's been a 17-fold increase in cyberattacks against U.S. infrastructure between 2009 and 2011, the New York Times reported.
The hacker community has built many of the tools that are needed to protect cyberspace and should continue to build even better ones, he said during his keynote at Defcon. He gave the example of Metasploit and other penetration testing tools.
"Sometimes you guys get a bad rap," he said. "From my perspective, what you're doing to figure out vulnerabilities in our systems is great. We have to discover and fix those. You guys hold the line," he said.
Gen. Alexander's presence at Defcon was a rare event. Before introducing him to the stage, Defcon founder Jeff Moss, who is the chief security officer of ICANN and a member of the U.S. Homeland Security Advisory Council, revealed that he has tried for the past 20 years to get a high-ranking NSA official to speak at the conference.
"Like magic, on our 20th anniversary and NSA's 60th anniversary it's all come together," Moss said. "For me it's really eye-opening to see the world from their [NSA's] view."
Taking the Cyberattack Threat Seriously In a future conflict, an adversary unable to match our military supremacy on the battlefield might seek to exploit our computer vulnerabilities here at home..
Last month I convened an emergency meeting of my cabinet and top homeland security, intelligence and defense officials. Across the country trains had derailed, including one carrying industrial chemicals that exploded into a toxic cloud. Water treatment plants in several states had shut down, contaminating drinking water and causing Americans to fall ill.
Our nation, it appeared, was under cyber attack. Unknown hackers, perhaps a world away, had inserted malicious software into the computer networks of private-sector companies that operate most of our transportation, water and other critical infrastructure systems.
Fortunately, last month's scenario was just a simulation—an exercise to test how well federal, state and local governments and the private sector can work together in a crisis. But it was a sobering reminder that the cyber threat to our nation is one of the most serious economic and national security challenges we face.
CloseAssociated Press .So far, no one has managed to seriously damage or disrupt our critical infrastructure networks. But foreign governments, criminal syndicates and lone individuals are probing our financial, energy and public safety systems every day. Last year, a water plant in Texas disconnected its control system from the Internet after a hacker posted pictures of the facility's internal controls. More recently, hackers penetrated the networks of companies that operate our natural-gas pipelines. Computer systems in critical sectors of our economy—including the nuclear and chemical industries—are being increasingly targeted.
It doesn't take much to imagine the consequences of a successful cyber attack. In a future conflict, an adversary unable to match our military supremacy on the battlefield might seek to exploit our computer vulnerabilities here at home. Taking down vital banking systems could trigger a financial crisis. The lack of clean water or functioning hospitals could spark a public health emergency. And as we've seen in past blackouts, the loss of electricity can bring businesses, cities and entire regions to a standstill.
This is the future we have to avoid. That's why my administration has made cybersecurity a priority, including proposing legislation to strengthen our nation's digital defenses. It's why Congress must pass comprehensive cybersecurity legislation.
We all know what needs to happen. We need to make it easier for the government to share threat information so critical-infrastructure companies are better prepared. We need to make it easier for these companies—with reasonable liability protection—to share data and information with government when they're attacked. And we need to make it easier for government, if asked, to help these companies prevent and recover from attacks.
Yet simply sharing more information is not enough. Ultimately, this is about security gaps that have to be filled. To their credit, many of these companies have boosted their cyber defenses. But many others have not, with some lacking even the most basic protection: a good password. That puts public safety and our national security at risk.
The American people deserve to know that companies running our critical infrastructure meet basic, commonsense cybersecurity standards, just as they already meet other security requirements. Nuclear power plants must have fences and defenses to thwart a terrorist attack. Water treatment plants must test their water regularly for contaminants. Airplanes must have secure cockpit doors. We all understand the need for these kinds of physical security measures. It would be the height of irresponsibility to leave a digital backdoor wide open to our cyber adversaries.
This approach stays true to our values as a society that cherishes free enterprise and the rights of the individual. Cybersecurity standards would be developed in partnership between government and industry. For the majority of critical infrastructure companies already meeting these standards, nothing more would be expected. Companies needing to upgrade their security would have the flexibility to decide how best to do so using the wide range of innovative products and services available in the marketplace. Moreover, our approach protects the privacy and civil liberties of the American people. Indeed, I will veto any bill that lacks strong privacy and civil-liberties protections.
This is exactly the kind of responsible, collaborative approach to an urgent national-security challenge that Americans expect but that Washington too rarely provides. It reflects the insights and ideas of industry and civil libertarians. It is sponsored by a bipartisan group of senators. It is supported by current and former homeland security, intelligence and defense leaders from both Republican and Democratic administrations.
Today we can see the cyber threat to the networks upon which so much of our modern American lives depend. We have the opportunity—and the responsibility—to take action now and stay a step ahead of our adversaries. For the sake of our national and economic security, I urge the Senate to pass the Cybersecurity Act of 2012 and Congress to send me comprehensive legislation so I can sign it into law.
It's time to strengthen our defenses against this growing danger.
Mr. Obama is president of the United States.
A version of this article appeared July 20, 2012, on page A11 in the U.S. edition of The Wall Street Journal, with the headline: Taking the Cyberattack Threat Seriously.
Forgive me the moment of Captain Obvious but "It is difficult to know who is attacking a network. Once the identity of the attackers is verified, and if they are indeed a nation-state, then the (attacked state) must decide if retaliation is necessary."
So, thanks to Pravda on the Hudson working in conjunction with CiC Obama and his inner circle, the Iranians now have confirmation stuxnet was us AND they have been publicly humiliated
There could be a day when the United States decides to retaliate in cyberspace for a computer-based attack on its networks or infrastructure.
Normally, two nations at war would garner 24-hour news coverage, boldface headlines and Pentagon briefings. But this would be a conflict waged with “ones” and “zeros” across computer networks. The damage may be unseen, and even “fixed” within a few short hours. The public may not even realize that it’s occurring.
It’s fashionable to use the same lexicons and to make comparisons, but cyberwar is nothing like real “kinetic” war, said Martin C. Libicki, a researcher and author of a new Rand Corp. book, Cyberdeterrence and Cyberwar, which takes an in-depth look at what would have to occur for two state actors to engage in such a conflict. (Correction: The book was initially published in 2009).
“Cyberwar is not simply kinetic war in another dimension. It’s got a different set of rules, a different set of parameters, a different set of questions, a different set of answers,” he said at a Capitol Hill briefing Feb. 22.
That’s one reason why a cyberwar could play out unseen by most people. The shutting down of electrical grids would be noticed, but the manipulation of data on other systems may not immediately come to light. It took one full year for Iranian scientists to realize that the software had been compromised by the Stuxnet virus, Libicki noted.
There have only been four known acts of cyberwar, Libicki said. The denial of service attacks on Estonia in 2007 and on Georgia during its war with Russia in 2008, an Israeli attack on Syrian air defense radars in 2007, and the Stuxnet virus that was aimed at damaging Iranian centrifuges associated with its nuclear energy program.
Cyberattacks cannot be confused with cyberespionage, he noted. Nations do not go to war over spying, he said. The book examines large-scale, tit-for-tat cyber-assaults between two nations. It does not ponder the implications of an attack by terrorists because there are few opportunities for retaliation. If al-Qaida were to shut down a U.S. electrical grid, the United States could not respond in kind because the group has no infrastructure, he said.
Libicki also does not address tactical actions, or what he calls an “operational cyberwar” during a real-world conflict where an adversary may try to take down networked-enabled systems to gain an advantage on the battlefield. “In the context of a physical war, that makes a certain amount of sense,” he said.
Attribution is one of the keys to retaliating against a cyberattack, he noted. It is also one of the hardest aspects. It is difficult to know who is attacking a network. Once the identity of the attackers is verified, and if they are indeed a nation-state, then the United States must decide if retaliation is necessary.
In the event of a cyberwar, there is unlikely to be long-term damage. An attack or counter-attack can only occur if there is a vulnerability in a computer system. Vulnerabilities can be patched up quickly, or traffic can be rerouted away from the system — in most cases within hours and days. In regular warfare, the ability to hit the same target several times, known as “serial reapplication,” is a part of warfare and can be a deterrent. But once a counter-attack occurs, it tips the adversary off and subsequent attacks may not be as effective, he said.
Battle damage assessment is hard to determine. The decision to launch a counter-attack may hinge on knowing how much harm to the opponent’s system could be inflicted. That is difficult to assess, he added.
“Are the effects obvious to the public?” is a question that needs to be asked. “If the effects are not obvious to the public, you don’t lose public face by not retaliating,” he said. However, the United States could launch a counter-attack in ways that are not obvious to the opponent’s public. There needs to be a message conveyed to the leadership “about the lack of wisdom in attacking the United States in cyberspace.”
Another reason why the public may not be informed of a cyberwar is the risk that a third party could insert itself into the conflict. If the United States and China were engaged in such a war, for example, a hacker — someone sitting on a couch in a basement somewhere — or a third nation interested in seeing a prolonged conflict, could surreptitiously launch computer assaults and escalate the war.
“An exchange of cyber-attacks between states may also excite the general interest of superpatriot hackers or those who like to dogpile — particularly if the victim of the attack or the victim of retaliation, or both, are unpopular in certain circles,” Libicki wrote in the book, which was commissioned by the Air Force. The two adversaries may blame each other for the attacks, and not be aware that they are being manipulated.
A cyberwar that flies under the radar of the general public is possible, but unlikely, simply because these incidents tend to bubble to the surface despite the best efforts of the government, he said.
“There is a tendency in some communities to believe that every thing they do is covert, and no one is ever going to hear about it, and then mistakes get made,” he said.
Deterrence worked well in the nuclear age. The Soviet Union and the United States never engaged in a nuclear conflict. “The best defense is a good offense,” is one of the axioms U.S. leadership has said about thwarting a large-scale cyber-attack. So how good is the United States? It’s cyber-offense capabilities have been largely kept out of the public eye. Libicki didn’t want to reveal much in a nonclassified setting, saying only that, “We’re really good. ... In fact, I think we’re better than anybody else. We’re also very professional about this. The state of our tradecraft is very good.”
A cyberwar is not something that keeps Libicki up at night. Like nuclear war, it is a low probability, high-consequence scenario. The number of potential adversaries that have the ability to carry out such an attack, as well as the desire to pull the trigger and risk the ire of the United States, are few, he noted.
“This is one of these cases where you have to look at defense and offense and somehow come up with a happy medium,” he said. Shoring up defenses in the nation’s electrical grids would be a good place to start, he noted. But to not have a good offense would result in “ a hollow deterrence policy,” he noted.
Anonymous, a loosely organized group of hackers that has targeted big businesses and governments, could be co-opted by nation states and terrorist groups that want to use it for their own ends, cybersecurity experts said May 17.
Anonymous reportedly has some 50,000 members. It is generally believed to not have a central leadership. That leaves it open for infiltration by hackers affiliated with nations such as China, Russia or Iran. They could surreptitiously use or manipulate the organization to carry out attacks on their behalf, said Lewis Shepherd, director of the Microsoft Institute for Advanced Technology in Governments.
"There is evidence of this, but it is classified," Shepherd said at the Counter Terror Expo in Washington, D.C. Al-Qaida in its literature has also expressed interest in using the group, he added.
Anonymous has been called everything from hacktavists, to terrorists, and has attacked governments of all types. The group is also well known for going after child pornographers. On Tuesday, it was reported in the Indian press, that Anonymous was suspected of taking down the nation's Supreme Court website after the Indian government announced some new Internet policies. About three dozen of its members have been arrested.
There is precedence for such groups being infiltrated, Shepherd said. The Soviet Union and China in the 1950s and 1960s were adept at infiltrating and sometimes taking over home grown national liberation movements in developing nations and using them in their global rivalry against the West.
"They didn't always have complete control of the operations of these national liberation movements, but strategically they were certainly able to exploit their activities," he said.
The degree of state sponsored influence or guidance in Anonymous' ranks is unknown, and hasn't received a lot of attention yet, he added. Companies who find themselves the target of Anonymous should take responsibility for protecting their own data, he said. But stopping a nation state from an attack is something different. In that case, there has to be a close partnership between industry and government.
David J. Smith, director of the Potomac Institute Cyber Center, said Anonymous' greatest strength is also its greatest weakness: it is leaderless, it is amorphous and nobody knows who they are.
"If somebody decides they are going to be Anonymous, they are anonymous. So you could get Russians, Chinese, Iranians. You could start getting a nation-state threat, or ... an Al-Qaida getting into the business of masquerading, literally, as Anonymous," Smith said. "I think that is something we really need to take a look at.
TOP OF THE NEWS --US Senators Draft Proposed a Cybersecurity Bill Compromise (June 7, 2012) US Senators Sheldon Whitehouse (D-Rhode Island) and John Kyl (R-Arizona) are circulating a draft proposal for a cybersecurity bill that aims at satisfying legislators on both sides of the aisle. Democrats support legislation that would impose mandatory cybersecurity standards on systems that are part of the country's critical infrastructure, while Republicans support legislation that encourages threat information sharing but does not compel the utility companies to comply with requirements. The draft legislation treads a middle ground, offering incentives for companies that meet established "baseline performance goals" of cybersecurity. The incentives would include liability protections, edges in acquiring government funding, and they would receive technical cybersecurity assistance. http://thehill.com/blogs/hillicon-valley/technology/231601-senators-float-compromise-on-cybersecurity-mandates-
If this is the case we might begin looking for evidence of more code from Operation Olympic Games floating around in cyberspace. Flame provides a framework for future warfare in cyberspace, as proposed by eScan Blog here. (Link ref: http://blog.escanav.com/2012/05/31/flame/ )
According to the report:
"Its only objective is to gather intelligence i.e. data . Usernames, password hashes, url-cache, network drives, Cached passwords, Bluetooth devices, Instant Messenger traffic, Browser traffic et al. And it also comes with its own SQLLite database."
Flame appears to capture information useful for future exploits, much like hacking 101, but on steroids.
It does not appear that Flame is used to feed information to Stuxnet, so for what is the information obtained by Flame used?
Ah, that is the $64,000 dollar question. There appears to be other programs floating around therefore, using the information obtained by Flame. We know the information obtained by Flame comes from systems connected with the internet, so offline facilities, such as Natanz, should not provide any information.
I can speak only for the US, where the vast majority of military equipment is not connected to the internet, they are on separate networks. I am assuming Iranian systems are the same. This leaves critical infrastructure, such as electrical facilities, power sources, transportation and such, which can all have military applications.
As I am careful to state, time and again, the targets must be used solely by the military to comply with the Laws of Armed Conflict. From experience we have seen that Iran might not apply their targeting criteria so studiously, especially when they have proclaimed their nuclear program is entirely for civilian use.
When targeting electrical systems that supply power to the military, it is difficult to avoid civilian bleedover. It will be interesting to observe what the Iranians will target.
Last week the Wall Street Journal reported that the FBI opened an investigation into the source of recently leaked information regarding covert operations conducted by the U.S. government.
Now Attorney General Eric Holder has appointed two federal prosecutors to lead the investigation into leaks concerning the government's use of a sophisticated cyber weapon known as Stuxnet and a foiled attack by al Qaeda in the Arabian Peninsula.
“These two highly-respected and experienced prosecutors will be directing separate investigations currently being conducted by the FBI. I have every confidence in their abilities to doggedly follow the facts and the evidence in the pursuit of justice, wherever it leads,” Holder said.
Previously, FBI Director Robert Mueller had announced an investigation into the leaking of information surrounding the disruption of the a planned attack using a bomb concealed in under garments.
With the appointment of special investigators by Holder, the probe has widened to include the disclosure of the development of the Stuxnet virus, which infected systems that provided operations control for Iranian production networks, and was most likely produced to stifle Iran's nuclear weapons program.
“Leaks such as this threaten ongoing operations, puts at risk the lives of sources, makes it much more difficult to recruit sources, and damages our relationships with our foreign partners.” Mueller said last month.
Stuxnet, which emerged in 2010, targeted Siemens Programmable Logic Controllers (PLCs) and is thought to have caused severe damage to equipment at Iranian uranium enrichment facilities, setting back the nation's weapons program by as much as several years.
Stuxnet is largely considered to be a game changer in the world of information security, as the infection did not merely cause problems with the tainted systems, but actually affected kinetic damage on the equipment those systems controlled.
The leaked information about the development of the Stuxnet virus was revealed in an article by New York Times' writer David Sanger, which prompted Holder's move to appoint special investigators.
“Leaks such as this have … a huge impact on our ability to do our business, not just on a particular source and the threat to the particular source, but your ability to recruit sources is severely hampered,” Mueller said.
“In cases such as this, the relationship with your counterparts overseas are damaged and which means that an inhibition in the willingness of others to share information with us where they don’t think that information will remain secure. So it also has some long-term effects, which is why it is so important to make certain that the persons who are responsible for the leak are brought to justice," Mueller maintains.
Senator John McCain of Arizona suggested that the leaks may have been intentional on the part of the White House in "an attempt to further the president's political ambitions for the sake of his re-election at the expense of our national security."
White House spokesman Josh Earnest rebutted the speculation, stating "It's classified for a reason, because publicizing that information would pose a significant threat to national security."
President Obama also denied there was an intentional leak emanating from the White House, stating that “the notion that my White House would purposefully release classified national security information is offensive. It’s wrong."
The investigation could result in multiple subpoenas, including those directed at White House officials and Time reporter Sanger.
“[The reporters] are going to fight you tooth and nail but, eventually … you can actually subpoena them - but there are strict guidelines," said former federal prosecutor Peter Zeidenberg.
The people behind the Flame malware network appear to have responded to recent publicity by sending out a command that has caused it to self-destruct. Some of the command-and-control servers in Flame's infrastructure sent out a file that is essentially a Flame uninstaller, which also overwrites the disk with random characters to help disguise its footprint.
“I have met the enemy of information security, and that enemy is us.”
With the new spate of malware attacks (alleged by nation state actors) as well as other attacks by the likes of Anonymous on down to the usual cast of criminal characters, I have been taking stock of the “bigger picture” What I have come to the conclusion of, is that we, out of all things, the creators of the internet, the computers, the code, and the universe in general (probabilistic, newtonian, quantum, etc if you believe we in fact create our consensual reality) are the one common flaw in security.
Take that statement in a bit… I’ll be back in a moment while you ponder….
Ok, thought that through a bit? For me, the statement us an ultimate truth. We create all these things (for me universe included by perception) and in the case of the security over or within the systems that we make and use, are it’s core failing. We, for a lack of a better term, are “flawed” and thus, our systems will always be so. In the case of security today, we can see this from many angles, not just within the realm of computer security or data security, but also our efforts in war or protection from terror (ala DHS and the TSA) There are inherent flaws and unpredictable outcomes vis a vis human nature that really have to be taken account of before we can really even consider something to be more secure than not.
This is an issue that I think many are overlooking as they seek to make the better mousetrap cum Rube Goldberg device that will then sit blinking in your rack at the NOC. Boiling it all down to the sum total of security issues, we have the human being and their “nature” to consider as the driver of the ill as well as the arbiter of demise in any security scenario we can think up here. This is why I have decided to write this post, I want you all to stop, take a look around you, and see the problem from the macroverse instead of the microverse of code and hardware.
It’s all in the wetware man.
Human Nature, It’s Anathema To Security
Human nature… What a many splendored thing huh? It gives us so much latitude as a species to be dominant on this planet and yet, we still seem to be unable to overcome it and protect ourselves from it’s down side. Of course it isn’t just that our natures precludes us from attempting to secure things today, it’s also that we are using technologies that we built, us, fallible beings who tend to code in error and without foresight into how it could be abused. On that note, the abuse of the code itself is also human nature, we are always pushing the bounds trying to outdo others or just test the bounds of our realities so, it’s a natural progression really. Of course then there is also criminality, and the darker tendencies that we all have… We are just a pile of trouble aren’t we?
On the other hand, there is also the tendency for laziness today that we all have, whether that be intellectual or other slothly behaviors that can be and often times, are the cause for security failures. It is laziness in coding and a desire to work faster and maximize profits for example, that lead many people down the path of sloppy code and massive vulnerabilities therein. Couple this with the need for speed that today’s work environment (time is money calculations aside) demands, and we have the mix for epic failure much of the time. Oh, and lest we forget hubris, like that of Microsoft. coming so late to the security game in their coding and testing of operating systems, that, in effect are the most frequently vulnerable as well as the biggest target from user base perspectives.
Oh, and there are also the basics of human nature such as being helpful, or other more base desires that often are the unraveling of security measures. You can have all the defenses in the world, but all it takes is one person saying “Gee! Look! A USB stick in the parking lot! ITS ALL MINE!!! I MUST PLUG IT IN NOW!” How often have you pentesters out there reading this now have used that very exploit? Over and Over and Over again and had success each time. How many of us have had the door held for us even when we don’t have a badge? Yeah, I know, many have and though have been warned on the perils of doing so, still do it out of instinct or perhaps social programming.
It’s human nature that is the undoing of the best laid plans of mice and men…
What I am getting at is a simple truth, we are the problem. If we aren’t creating the poorly coded software, then we are the ones opening the gates to the Hun hoard, or worse, we are in fact that Hun hoard and are exploiting those weaknesses for our own gains (whether it be nation state, pentester as a job, or criminal to make a buck) it’s all driven by our nature.
HUMINT and The Push Of Social Media
So enters the era of “Social Media” and wow, we are a social animal aren’t we? We have Facebook, where we seemingly just expose all of our foibles, secrets, and other trivia daily, no, wait, by the second, every day. Who knew we would be so in need of telling everyone (not to mention showing everyone screen shots of our meals) about every little thing we do? Our location at that time, or perhaps that little Timmy took his first solid dump. *shudder* It’s little wonder that you see how much the government is interested in our “social” data huh? We are so willing to just give it up without a thought to it.
It’s our nature I guess… Tribes around a digital fire now…
Back to social media and HUMINT though, you see, this is the next wave. Since everyone wants to communicate on the Internet, then its easier to communicate with everyone and everyone in a way that, as we have seen, allows for a lot of data gathering, and manipulation. See, now we have the infrastructure populated, we will now use it, subvert it, for goals other than just befriending someone. Hell, we now have bots that do it for us right? How do you know that that person you are talking to on Twitter is a person or a heuristically adept bot? Give it some pause…
Think about the potentials here for every kind of abuse or manipulation. Anything from online advertising using Turing bots to intelligence agencies and others gathering data on you all for whatever purpose serves their needs, and you, you are the commodity.. The “asset” So, yes, as the technologies advance and the human nature side of things continues to allow for strides in security as well as the inevitable setbacks, you, will become the ultimate target of the easy score for data that could lead to compromise. After all, what do you think the real persistent threats rely on? Human nature, our nature and proclivities for social interaction, which, really, is what the Internet is all about huh?
Now, as you go to post on Facebook about your last meal.. Ponder this…
So, How Do We Remediate All of This?
Is remediation possible? Can we change the vagaries of human nature to the point where we can actually not only secure systems adeptly, but also secure the end users to disallow the lowest of the low hanging fruit? Can we get coding initiatives that work and for God’s sake, come up with non Turing complete machines and code? One wonders if it ever really a possibility, and frankly, the sense I get of things lately in the security community is no. We will never win the battle, the war will rage on forever and at least we will have jobs, but, we must get used to failure in the grander scheme of things.
Once again, human nature is the arbiter here and, well, we are human aren’t we? I guess the answer is no, we will never be able to remediate it all. As we move forward with an uncertain digital world, one where we have put all our eggs in one digital basket (yes, power, light, water, control) we all must look at the nature of it all and ponder what have we done to ourselves here? Has our nature and a propensity for laxity in thought and deed placed us in greater jeopardy? Will we ever learn from the things we have seen already and try to remedy the situations? Or will we just go on blithely until such time as there is an epic failure that causes us pain?
This is not to say it will happen, nor that I believe it will be as epic as some on capitol hill would have you think, nor those in the shadows selling them the digital snake oil in the first place. What I see though is that unless we get smarter and try to manage our natures here, some will end up exploiting them to our collective detriment. Whether it be the laws around our privacy, or lack thereof, or the connecting of systems upon systems that, should one fail in a cascade, we really could have an problem, we all have to take a step back and look in the mirror.
Scene: POTUS stands silhouetted in the doorway of the SITROOM looking intently at a small tablet screen. Around him his cyber generals sit shifting uncomfortably from time to time in the long pregnant pause.
POTUS: “Clarke, so, you say this is the only way that we can get into and destroy their capability?”
Clarke: “Yes,” he says lugubriously
POTUS: “Well then, let’s send them the stick... Someone will be stupid enough to plug it in.”
Scene: The generals all rise and leave single file out the door falling into the darkness of the hallway in the bowels of the White House. POTUS looks up at Clarke who is fixing his one black leather glove.
POTUS: “You know, if this goes wrong we’ll just blame it on Israel right?”
Clarke: “That contingency has already been taken care of, I have primed the veep… He’ll fbomb that stuff like a Torrettes patient off his meds.”
POTUS: “God love that crazy mick”
Cut scene: Screen goes dark
Stuxies Midnight Emissions
Well, it’s been a crazy week or so in the news cycle. With the revelations that POTUS personally had a hand in the destruction of Iranian nuclear centrifuges with malware, the floodgates of stupid have opened up and we have a wave as high as the biblical one that wiped the earth clean of people (if you believe that kind of crap).
Since this came to light in the NY Times, we have had all sorts of characters pontificating on the subject. Everyone has their opinion and unfortunately, all of them mean nothing to anyone of note because the real decisions of state have already been made haven’t they?
Onward we will sally forth though, with vigorous words on how we are the pre-eminent power on earth and how we are blessed by God him/her/itself and looking back be damned. We had the coders and we had the will so we did it.
Now, don’t get me wrong, I agree with the end result of the Stuxnet malware itself. I think though we could have been more subtle and manipulated their product instead of just causing the centrifuges to eat themselves, but, that is another story. No, we did what I think was a nice little piece of work against a regime that is unstable enough to do more with nuclear weapons than just stockpile them.
Frankly, one way or another, Iran will eventually get the nuclear bomb, but, we seem to have slowed them down a bit at the very least with this attack. Or, I should say, did slow them down, for a little while. Now though, after this report in the Times and the non attributable crowing of the administration that was behind it attributing themselves as the culprits, I think that Iran will just redouble their efforts on this issue as well as the development of Stuxnet II “This Time It’s Personal” as the movie poster will declare.
Nope, for me the issue I have with all of this is that the admin is using this as a cudgel to win an election. This and this alone is the bone of contention I have with POTUS and company. A POTUS that ostensibly is SOOOOOO upset over leakers and prosecutes them to the fullest of the law...That is, until it serves their personal or political needs that is.
I find it comical now that there are calls in the senate to investigate the “leaks and leakers” within the White House who talked to Sanger about their digital daring do. All you really need to do Mr. senator is walk up to 1600 Pennsylvania Ave and knock on the oval office door. You can find the leaker there I can assure you.
Hubris, thy name is “Politician”.
Politics, Pedantry, and Hucksterism
So, there you have it, we created Stuxnet with much secrecy, so much secrecy that it got leaked to the New York Times! Well, not so much leaked as much as planted in the Times by the spinmeisters as a political pogramme on us all to sway our vote.
The Times story is rife with allegory on how the admin was taking care with this operation and that they wanted as little collateral damage as possible. The program was tested on an analogous testbed with equipment that we got from Libya, the results of which were the destroyed remains of the centrifuges, all was in preparation. All we need then do was get an asset on the ground to plug in a USB stick and viola! Instant PWNAGE!
I’m sure there will be a full length feature film soon and it will be fueled by the leaks that this Times article and subsequent book were as well. Do you suppose they will be filming at Ft. Meade? Will Mike Hayden make a guest appearance? We all want to know! Suffice to say, that the media, the pundits and the other nations of the world will be taking note and working out their responses to all of the revelations from POTUS and company. For me though, my response is already quite clear…
This whole escapade was ruined by the need of the admin to tattle on itself. I personally highly doubt that this was leaked by one person and all by themselves outing a whole clandestine operation. No, this was a political move, one that will I think, have some blowback on us all. Some will make the argument that the US wanted the Iranians to know, so we could be the “Babe Ruth” pointing at the backfield as if to say “That’s right muthafrakers… We are the shit and we will frak you up.”
I do not ascribe to that being the case as a tactic, hell, Biden then throws the Israeli’s under the bus twice in that article! It was the equivalent of verbal chaff and anyone with half a brain can see that.
“Well we did this because we wanted to settle the Israeli’s down, or they would have gone in hot.”
Uhh yeah, nice way to say we did it “only because we had to.”
Say, didn’t I see an ad by you offering a sweet price on a bridge somewhere?
Tell the truth, you wanted this out on that particular Friday because the jobs numbers were EPIC SUCK ok? Just please, admit it! C’mon, somewhere in your addled minds you know you want to tell the truth sometime!
FLAME ON YOU CRAZY DIAMOND!
Meanwhile, the FLAME debacle came into focus. An uber malware designed in the future by mad scientists and SKYNET with a 18 meg LUA decoder! This little gem has been perfectly timed to coincide with the STUXNET. Well, maybe, since it was Eugene Kaspersky ringing the bell on this one, perhaps not.
However, the FLAME seems to be all about stealing every conceivable piece of data it can get its hands on. It was a welll run operation that has been going on since at least 2010 and bears the hallmarks of an intelligence agency running it. The use of cutout accounts with multiple names and locations as well as payment schemes shows that it wasn’t just Joe botnet herder. No, this one also was nation state most likely, but who’s?
More importantly, how many of you out there would like to take odds on just when POTUS will leak the details of how we did this one to the Times? Takers? Anyone? C’mon I can bet bitcoins! Aww shucks… Guess you are all too smart and know that soon enough we will be reading about this “super secret black operation” in the papers. Even today more facts have come out of the reverse engineers saying that FLAME has a novel MD5 attack that has been known about since 2008 was it?
Be assured, that the FLAME will burn on as will the stupid around it from all sides.. Media.. Pundits… Politicians... Malware vendors… I don’t care if FLAME is LAME, I only care that this escalation is getting out of proportion and those running the programs are leaking the details to effect their political efforts.
Let’s CYBER Like It’s 1999
Now on to the word “CYBER” and its unfortunate tagging with “WAR” right after it. I have railed against this word for some time now but even with the best of my efforts, the douchery abounds. In fact, the douchery seems to know NO bounds frankly. I remember a time when CYBER was only followed by SEX and really wish it would just go back to being that.
Instead, we now have doctrine being written for “Cyberspace” and plans being made to militarize it all. All the while though not many really understand the space or the technology that they want to “CYBER” in! I can smell the fail now and it smells of cheap political and capitalist cologne.
Aside from the nomenclature issues here, I feel like others I have seen, that this has all been one giant mistake. We have opened “Pandora’s Box” as Mikko put it, and we are not ready for the consequences. I am damn sure that our infrastructure isn’t never mind the people and companies that run and own it all.
Try getting all of these players to secure their shit even on a microcosmic scale and you will see my pain. We in the business have known all too well that too many times within the mental calculus that management makes, security is a lesser understood or cared about concern over the bottom line in the world of black ink in the books.
So, my prognosis for this patient is “you’re fraked” but, with the caveat that we have been for a long long time. Will all the antics with the declaration of “CYBERWAR” by the Obama administration really make a difference in the tempo of battle already ongoing? Will nation states and others speed up their efforts to bring down parts of our grid? To what end? What are we producing that is equivalent to a small vector like Natanz and nuclear fuel? I guess what I am asking is, just what are the odds of the first great CYBERWAR being brought to our digital shores? Can I expect to turn on the light switch soon to find that there is no power?
Or even worse… Will they STUXNET Apple’s facilities so the kiddies can’t get their new shiny MacBooks?
OH THE HUMANITY!
I guess this is all being mapped out, kinda like the PROJECT X that plans on mapping the whole of the internet... So they can attack it. Time will tell I suppose, but, in the meantime, your fool forecast is for a high probability of foolishness at levels never before seen. So wear your rubbers kids.
But seriously, I think that we are doomed. Not the kind of doom where the world will end in a zombie apocalypse though. Hell, I would love to have that instead of what we are going to get. Instead we will have more stupidity, more controls being placed on the internet, and a slew of half baked ideas that will only serve to make us all more constrained in our daily affairs online.
Oh, and we will also live every day more in fear that some nation state, corporation, or crazy group of terrorists, will attempt to destroy something in our infrastructure… Because they can and feel the need to.
Welcome to the CYBERWARS! Please keep all hands and feet inside the ride at all times.
Barf bags will be available for fifty cents at the ride’s end.
(June 5 & 6, 2012) Saying that she is "deeply disturbed by the continuing leaks of classified information to the media, most recently regarding alleged cyber efforts targeting Iran's nuclear program," US Senator Dianne Feinstein (D-California) is calling for legislative hearings about the leaks regarding the US's involvement with the Stuxnet worm. Senator Feinstein is not asking for the hearings to address the actual attacks. Senator Carl Levin (D-Michigan), who chairs the Senate Armed Services Committee, has agreed to hold a hearing on the matter. The FBI has reportedly launched an investigation into the leaks. There is concern that the revelation will encourage copycat attacks against the US.
The Information Assurance Directorate (IAD) at NSA recently released a new technical guide entitled, Best Practices for Securing a Home Network. This is one of many guidance documents IAD freely provides to customers outlining practical tips for improving the security of all kinds of applications, operating systems, routers, databases and more. IAD has been providing unclassified security guidance to customers for over ten years. This guidance could not be timelier in light of the increasing threats to U.S. government networks. This latest guide will go a long way in helping our customers protect both their public and private networks. Click here to view the Guide.
(If you follow the link there are some interesting links in the "related stories" sidebar along with a quiz about Cyber Security.)
Obama ordered Stuxnet cyberattack, reports say. Did it leave US vulnerable? A New York Times report claims that President Obama used the Stuxnet cyberweapon to set back Iran's nuclear program. But experts caution that the worm could be reverse-engineered.
Stuxnet, the world's first publicly identified cyber superweapon, was unleashed against Iran's nuclear fuel-enrichment facility as part of a joint US-Israel cybersabotage operation, according to press reports Friday citing anonymous administration officials.
The news reports, which seem to remove any fig leaf of plausible deniability, could in the near term undermine ongoing nuclear talks with Iran. It could even provide Iran with internal justification for a cyber counterstrike against the US.
In the longer run, however, it also raises questions about how a US national policy of using powerful digital weapons could impact American security. Of particular concern is the possibility that such attacks could provide a digital copy of the cyberweapon to rogue nations or that hacktivists could reverse-engineer the weapon for use against the power grid or other key US infrastructure.
"Certainly we have thought Stuxnet was very likely to be a US-Israel operation – and that assumption has now turned out to be the case," says Stewart Baker, a lawyer and former senior official at the National Security Agency and the Department of Homeland Security. "In some ways, I do feel as though we've been living in a glass house for years and now we've decided we're going to invent rocks."
In the New York Times account, the cyberweapon was developed under a program initiated by President George W. Bush. President Obama then gave the go-ahead for a cyberweapon dubbed "the bug" to be unleashed in an attempt to derail Iran's bid to make nuclear-weapons fuel. The thrust of the account was separately confirmed by administration officials in a Washington Post report Friday.
But in summer 2010, after it became clear to the White House that "the bug" had inadvertently escaped the isolated network of Iran's Natanz uranium-enrichment plant and spread to computers worldwide, top administration officials held a "tense meeting" in the White House Situation Room, the Times said.
“Should we shut this thing down?” Obama asked, according to sources. It was unclear how much the Iranians knew about the code, and there was evidence that it was still vexing the Iranians, he was told. "Mr. Obama decided that the cyberattacks should proceed," the Times reported
By late summer 2010, cybersecurity companies and the trade press were actively analyzing and debating the purpose of the strange piece of malicious software, dubbed "Stuxnet" after a file name inside the software. On Sept. 21, 2010, Ralph Langner, a German industrial-control systems cybersecurity expert from Hamburg, publicly identified Stuxnet as the world's first cyberweapon and named its likely target as Iran's nuclear facilities, as first reported and confirmed with other systems experts by the Monitor. Not long after, he postulated that the US and likely Israel, too, were behind the attacks.
Although Stuxnet is estimated to have eventually destroyed as many as 1,000 high-speed Iranian gas centrifuges designed to enrich uranium, its importance was far larger than that, Mr. Langner warned. It demonstrated that a cyberweapon could physically destroy critical infrastructure, and that process could also work in reverse.
"One important difference between a cyber offensive weapon and some kind of advanced bomb, for example, is that when the bomb blows up you can't examine or reverse-engineer it," says Joel Brenner, a former national counterintelligence executive in the Office of the Director of National Intelligence.
"Once you find the malware, on the other hand, once you find the code, you can see how it was done," he says. "So we are going to see more operations of this kind – and the US's critical infrastructure is undoubtedly going to be targeted. I still don't think that the owners and operators of most of that infrastructure understand the gravity of this threat."
According to the Times, participants in the many Situation Room meetings say Obama "was acutely aware that with every attack he was pushing the United States into new territory, much as his predecessors had with the first use of atomic weapons in the 1940s, of intercontinental missiles in the 1950s and of drones in the past decade. He repeatedly expressed concerns that any American acknowledgment that it was using cyberweapons – even under the most careful and limited circumstances – could enable other countries, terrorists or hackers to justify their own attacks."
In the end, Obama concluded the US had little choice, the presidential aides told the Times. The alternative could be a nuclear Iran. But the attacks could also provoke Iran to retaliate.
"There are real risks here," Mr. Baker says. "The most immediate and obvious one is that the Iranians will feel even more motivated to respond in kind. This is not a particularly restrained Iranian administration. It's used terrorists and terrorist proxies for years. It may feel that [Stuxnet] gives them one free shot at the American industrial-control system of their choice. And the consequences might not be 10 years down the road either. It might be next week."
Another key takeaway is that cyberwar is unlikely to remain anonymous.
"The world we're moving into is one where attribution for such attacks will not be a problem," says James Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies in Washington. "A nation might not be able to block an attack immediately, but you will be able to find out who's responsible."
RECOMMENDED: From the man who discovered Stuxnet, dire warnings one year later
How much do you know about cybersecurity? Take our quiz. Beyond Stuxnet: massively complex Flame malware ups ante for cyberwar Stuxnet malware is 'weapon' out to destroy ... Iran's Bushehr nuclear plant? Cybersecurity: How US utilities passed up chance to protect their networks Previous
Exactly six weeks from today, Anonymous will pull off its greatest and most destructive stunt of all time: Taking down the 13 servers that act as the core address book for everything from the Web to email, essentially blacking out the Internet in a protest of copyright law and Wall Street greed.
Or far more likely, six weeks and one day from today, the hackers will announce via a very-much-still-working Internet that it was all a highly provocative April Fool’s joke, another example of the dare-you-to-react trolling that Anonymous has refined to an art form.
Earlier this week, the loose movement of hackers announced in an online statement a new collective action it’s calling “Operation Global Blackout.” On March 31, it says it plans to attack the thirteen root Domain Name Service (DNS) servers that act as the Internet’s authority on how domain names (like Google.com) are translated to the IP addresses (like 220.127.116.11) of the computers that host those sites and mail servers. If Anonymous can successfully take those root servers down for long enough, DNS could cease to function, and the Web would become at least temporarily inaccessible for most users.
“To protest [the Stop Online Piracy Act], Wallstreet, our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun, On March 31, anonymous will shut the Internet down,” reads the statement. “Remember, this is a protest, we are not trying to ‘kill’ the Internet, we are only temporarily shutting it down where it hurts the most…It may only lasts one hour, maybe more, maybe even a few days. No matter what, it will be global. It will be known.”
But the security industry’s DNS gurus say it’s not time to start downloading your backup archive of Icanhazcheezburger just yet. Rob Graham, a researcher for the security consultancy Errata Security, lists in a blog post a slew of reasons why Anonymous’ DNS attack plan won’t work. Anonymous plans to use a technique it’s calling Reflective DNS Amplification to flood the root servers with spoofed requests from the lower-level DNS servers that look to the root servers for updates. But the thirteen DNS root servers, which are hosted variously by the Pentagon, Verisign, ICANN, Maryland University, NASA and others, each use different policies and hardware, and would each respond to that technique differently, Graham says.
“A technique that might take out one of them likely won’t affect the other twelve. To have a serious shot at taking out all 13, a hacker would have to test out attacks on each one,” he writes. “But, the owners of the systems would notice the effectiveness of the attacks, and start mitigating them before the coordinate attack against all 13 could be launched.”
Moreover, there are actually many more than 13 physical servers acting as the DNS root system. A load-balancing system called Anycast means that as many as thousands of computers share the load of those servers. Taking them all out will be extremely difficult, says Graham. And since most DNS servers cache the information they receive from the root servers for as long as a day, the root servers would have to be kept offline for many hours to have any effect on users.
By announcing its attack so far in advance, Anonymous has given the administrators of the DNS system plenty of time to prepare for the attack and react as it occurs, adds Dan Kaminsky, a well-known researcher who found and helped fix a major flaw in DNS in 2008. ”Most denial of service attacks aren’t proceeded by a warning,” he says. “I’ve talked to various network engineers who are responsible for keeping these servers up, and they’re aware of the threat. They have resources already in place. Anyway, [Anonymous'] disclosure is appreciated.”
Anonymous isn’t the first to try to take down DNS–in fact, it seems to happen every five years or so. In 2002, a similar denial of service attack hit the DNS root servers. A portion of the 13 were taken offline, but without visible results for users. In 2007, a pair of attacks on the root servers struck back-to-back, affecting six servers and taking two offline. But the other servers’ load-balancing technology stood up to the attacks.
All of this isn’t to say Anonymous has no chance of taking out DNS for any period of time–only that it’s extremely unlikely. It’s far more probable, says Kaminsky, that the announcement of ”Operation Global Blackout” is simply the kind of highly provocative, attention-grabbing stunt that often characterizes Anonymous’ actions. “It doesn’t go unnoticed that Anonymous is talking about this the day before April Fool’s,” he says.
He compares the hackers’ announcement to the flurry of attention around the Conficker Worm, which infected 10 million computers in 2009 and was widely reported to be set to launch some sort of attack on the Internet on April 1st of that year. The fact that Anonymous chose nearly the same date may be more than a coincidence. “When you set a deadline, the press gets all ‘doomsday is coming,’ and that’s more disruptive than any actual outage,” says Kaminsky. “Anonymous doesn’t need to do anything on March thirty-first. The mere threat is enough to keep people talking about them and what they represent.”
Many small-business owners fall below what some people call the “security poverty line." Bootstrapping entrepreneurs can be especially vulnerable to hackers because they don’t have the money or personnel to buy, install and maintain the fancy security products large companies take for granted.
On the hunt for easy pickings, hackers are attacking these security-poor businesses, typically with indiscriminate, automated assaults that could be stopped by basic security tools and computer hygiene. Seven in 10 of the cyber break-ins analyzed in Verizon’s 2012 Data Breach Investigations Report occurred at organizations with 100 employees or less.
The good news is that it can be surprisingly easy and inexpensive to mount a quality defense on a budget. We spoke with Grady Summers, a vice president at Mandiant Corp., an Alexandria, Va.-based information-security firm, and former chief information security officer at General Electric Co., to assemble a list of easy-to-use, free tools that any company -- including those without a technology staff -- can use to create a comprehensive security program to protect its network, computers and data.
While no security program is perfect, applying these free tools can defend against the most common attacks. “A small business with a part-time IT person could probably do this in a day," Summers says.
Defend your network. Most of the threats to company networks come over the Web, Summers says. He recommends using filtering software to block dangerous websites, including “phishing” sites designed to trick unwitting employees into falling for a scam or infect their computers with malware.
San Francisco-based OpenDNS offers a free, cloud-based Web filtering product that can protect a single PC or mobile device, or an entire network, from known phishing sites. OpenDNS’s paid services offer more security features and the ability to block porn and other sites companies may not want people to access while in the office.
Related: How to Avoid One of the Biggest Email Hacking Threats
To find any weak spots on your network, run a scan. Lumension Security of Scottsdale, Ariz., offers a free vulnerability scanner for checking networks of 25 or fewer computers. It can identify software vulnerabilities and misconfigurations that could put you at risk.
Also, scan your website for security vulnerabilities. Hackers often break into customer databases by striking company websites or hack sites to plant malware that will infect visitors. Qualys, a Redwood Shores, Calif., security company, offers FreeScan, a free tool for detecting security vulnerabilities in Web applications and finding malware infections and threats in websites. Users are limited to five free scans.
If you have a capable in-house technology staff, you also may want to consider using Security Onion, a compilation of free tools for intrusion detection and network monitoring.
Related: 7 Tips for Upgrading IT Security
Secure your computers. Protecting computers on your network starts with firewalls and antivirus software. Free basic firewalls now come with Windows and Mac computers, so make sure they’re turned on. Antivirus protection will require a download.
Among the most popular free antivirus programs is one from AVG. Another is Microsoft's free basic security product Microsoft Security Essentials. It's made for consumers and businesses with 10 PCs or fewer. And firewall giant Check Point Software of Redwood City, Calif., has a free security suite that includes antivirus and a ZoneAlarm firewall that monitors traffic leaving your computer, as well as standard inbound traffic. In addition, U.K.-based Sophos offers free antivirus software for Macs.
Eliminate security vulnerabilities by applying the free fixes software makers regularly issue. To make that easy, use automatic update features for Microsoft, Apple, Adobe and other products you use. Windows users can make sure all their programs are current by using the free tool FileHippo.
Related: Three Low-Cost Ways to Keep Data Safe When Traveling for Business
Protect your data. Full disk encryption software can make company and customer data on your devices unreadable to unauthorized people. Free open-source software TrueCrypt is available for Windows, Mac and Linux machines and can be used to secure data on thumb drives and other storage devices. For Mac, Apple offers free full disk encryption dubbed FileVault2 to users with the Lion operating system.
If you have particularly sensitive information, Summers recommends creating a special encrypted area for that data with its own password. You can create this sort of encrypted “volume” with TrueCrypt and a similar Apple feature.
Also back up the data on your computers in case of loss, theft or damage. With Mozy, you can backup two gigs of data for free offsite and encrypted in Mozy’s data centers.
Iran says it has developed tools that can defend against the sophisticated cyber attack tool known as Flame.
The country is believed to have been hit hard by the malicious programme which infiltrates networks in order to steal sensitive data.
Security companies said Flame, named after one of its attack modules, is one of the most complex threats ever seen.
Iran says its home-grown defence could both spot when Flame is present and clean up infected PCs.
Hard work Iran's National Computer Emergency Response Team (Maher) said in a statement that the detection and clean-up tool was finished in early May and is now ready for distribution to organisations at risk of infection.
Flame was discovered after the UN's International Telecommunications Union asked for help from security firms to find out what was wiping data from machines across the Middle East.
An investigation uncovered the sophisticated malicious programme which, until then, had largely evaded detection.
An in-depth look at Flame by the Laboratory of Cryptography and System Security at Hungary's University of Technology and Economics in Budapest, said it stayed hidden because it was so different to the viruses, worms and trojans that most security programmes were designed to catch.
Continue reading the main story “ Start Quote
Flame is not a widespread threat”
Graham Cluley Sophos In addition, said the report, Flame tried to work out which security scanning software was installed on a target machine and then disguised itself as a type of computer file that an individual anti-virus programme would not usually suspect of harbouring malicious code.
Graham Cluley, senior technology consultant at security firm Sophos, said the programme had also escaped detection because it was so tightly targeted.
"Flame isn't like a Conficker or a Code Red. It's not a widespread threat," he told the BBC. "The security firm that talked a lot about Flame only found a couple of hundred computers that appeared to have been impacted."
Mr Cluley said detecting the software was not difficult once it had been spotted.
"It's much much easier writing protection for a piece of malware than analysing what it actually does," he said. "What's going to take a while is dissecting Flame to find out all of its quirks and functionality."
It is not yet clear who created Flame but experts say its complexity suggests that it was the work of a nation state rather than hacktivists or cyber criminals.
Iran suffered by far the biggest number of Flame infections, suggest figures from Kaspersky Labs in a report about the malicious programme.
Kaspersky said 189 infections were reported in Iran, compared to 98 in Israel/Palestine and 32 in Sudan. Syria, Lebanon, Saudia Arabia and Egypt were also hit.
In April, Iran briefly disconnected servers from the net at its Kharg island oil terminal as it cleared up after a virus outbreak - now thought to be caused by Flame.
In the same statement that announced its home-grown detection tool, Iran said Flame's "propagation methods, complexity level, precise targeting and superb functionality" were reminiscent of the Stuxnet and Duqu cyber threats to which it had also fallen victim.
Stuxnet is widely believed to have been written to target industrial equipment used in Iran's nuclear enrichment programme.
A complex targeted cyber-attack that collected private data from countries such as Israel and Iran has been uncovered, researchers have said.
Russian security firm Kaspersky Labs told the BBC they believed the malware, known as Flame, had been operating since August 2010.
The company said it believed the attack was state-sponsored, but could not be sure of its exact origins.
They described Flame as "one of the most complex threats ever discovered".
Research into the attack was carried out in conjunction with the UN's International Telecommunication Union.
They had been investigating another malware threat, known as Wiper, which was reportedly deleting data on machines in western Asia.
In the past, targeted malware - such as Stuxnet - has targeted nuclear infrastructure in Iran.
Others like Duqu have sought to infiltrate networks in order to steal data.
This new threat appears not to cause physical damage, but to collect huge amounts of sensitive information, said Kaspersky's chief malware expert Vitaly Kamluk.
"Once a system is infected, Flame begins a complex set of operations, including sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and so on," he said.
More than 600 specific targets were hit, Mr Kamluk said, ranging from individuals, businesses, academic institutions and government systems.
Iran's National Computer Emergency Response Team posted a security alert stating that it believed Flame was responsible for "recent incidents of mass data loss" in the country.
The malware code itself is 20MB in size - making it some 20 times larger than the Stuxnet virus. The researchers said it could take several years to analyse.
Iran and Israel Mr Kamluk said the size and sophistication of Flame suggested it was not the work of independent cybercriminals, and more likely to be government-backed.
Continue reading the main story Analysis
Professor Alan Woodward Department of Computing, University of Surrey This is an extremely advanced attack. It is more like a toolkit for compiling different code based weapons than a single tool. It can steal everything from the keys you are pressing to what is on your screen to what is being said near the machine.
It also has some very unusual data stealing features including reaching out to any Bluetooth enabled device nearby to see what it can steal.
Just like Stuxnet, this malware can spread by USB stick, i.e. it doesn't need to be connected to a network, although it has that capability as well.
This wasn't written by some spotty teenager in his/her bedroom. It is large, complicated and dedicated to stealing data whilst remaining hidden for a long time.
Prof Alan Woodward on Twitter He explained: "Currently there are three known classes of players who develop malware and spyware: hacktivists, cybercriminals and nation states.
"Flame is not designed to steal money from bank accounts. It is also different from rather simple hack tools and malware used by the hacktivists. So by excluding cybercriminals and hacktivists, we come to conclusion that it most likely belongs to the third group."
Among the countries affected by the attack are Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia and Egypt.
"The geography of the targets and also the complexity of the threat leaves no doubt about it being a nation-state that sponsored the research that went into it," Mr Kamluk said.
The malware is capable of recording audio via a microphone, before compressing it and sending it back to the attacker.
It is also able to take screenshots of on-screen activity, automatically detecting when "interesting" programs - such as email or instant messaging - were open.
'Industrial vacuum cleaner' Kaspersky's first recorded instance of Flame is in August 2010, although it said it is highly likely to have been operating earlier.
Prof Alan Woodward, from the Department of Computing at the University of Surrey said the attack is very significant.
"This is basically an industrial vacuum cleaner for sensitive information," he told the BBC.
He explained that unlike Stuxnet, which was designed with one specific task in mind, Flame was much more sophisticated.
"Whereas Stuxnet just had one purpose in life, Flame is a toolkit, so they can go after just about everything they can get their hands on."
Once the initial Flame malware has infected a machine, additional modules can be added to perform specific tasks - almost in the same manner as adding apps to a smartphone
Another holiday here in upstate New York, another roll of the fire trucks while some were supposed to be kicking back and enjoying a barbeque.
It's times like this when I'm glad I'm not in the antivirus business anymore and doubly relieved that none of our machines run Windows. No flames here.
Computer security people however may have to reach for the extinguisher this morning as the latest conflagration in the news bounces across their desk, the discovery of yet another "super virus" called "FLAME" as reported by this BBC article.
Only problem is that according to Kaspersky, who made the discovery in coordination with the U.N.'s International Telecommunications Union (ITU), this one's been in the wild since at least December of 2010 and has only been detected now.
Here we go... again.
FLAME is described by Kaspersky as "one of the most complex threats ever discovered". And it's a huge mother. 20 modules and 20 megabytes worth.
Stranger yet is that the infector is an ActiveX control in the form of an OCX (OLE Control Extensions) file which apparently has run completely undetected for years. The worm runs as a Windows service, and most of the files are visible when running, making this even more of a surprise.
The Maher Center and Iran's CERTCC published this report identifying the worm and its components. What I find amusing from a researcher's standpoint is Kaspersky's theory that this too is a "state-sponsored" worm, but when you look at the code snippets which Kaspersky published, in addition to the various use of the word "flame" in the code, there are also variables called "gator" and "frog" in there as well.
When I've examined "officially" produced malware, such names for variables published within the code just do not happen. Another thing that doesn't smell right is that Israel has also been a target of this worm in numbers only exceeded by Iran as shown in this article in Australia's Herald Sun newspaper.
Kaspersky shared their find on Monday with the other antivirus companies and so hopefully it will be detected by the other antiviruses out there soon. I'll be enjoying the rest of the lemonaide from yesterday myself, that stuff can't run on our own stuff here.
About the author: Kevin McAleavey is the architect of the KNOS secure operating system ( http://www.knosproject.com ) in Albany, NY and has been in antimalware research and security product development since 1996.
When I joined Mandiant earlier this year, I was given the opportunity to help write our annual M-Trends report. This is the third year Mandiant has published the report, which is a summary of the trends we’ve observed in our investigations over the last twelve months. I remember reading Mandiant’s first M-Trends report when it came out in 2010 and recall being surprised that Mandiant didn’t pull any punches. They talked about the advanced persistent threat or APT (they had been using that term for several years…long before it was considered a cool marketing, buzz word), and they were open about the origin of the attacks. The report summarized what I’d been seeing in industry, and offered useful insights for detection and response. Needless to say, I enjoyed the opportunity to work on the latest version. In this year’s report it details six trends we identified in 2011. We developed the six trends for the report very organically. That is, I spent quite a few days and nights reading all of the reports from our outstanding incident response team and wrote about what we saw—we didn’t start with trends and then look for evidence to support them. If you haven’t picked up a copy of the report yet, you can do so here. I will be blogging on each of the six trends over the next two weeks; you can even view the videos we’ve developed for each trend as each blog post is published:
Malware Only Tells Half the Story. Of the many systems compromised in each investigation, about half of them were never touched by attacker malware. In so many cases, the intruders logged into systems and took data from them (or used them as a staging point for exfiltration), but didn’t install tools. It is ironic that the very systems that hold the data targeted by an attacker are probably the least likely to have malware installed on them. While finding the malware used in an intrusion is important, it is impossible to understand the full scope of an intrusion if this is the focal point of the investigation. We illustrate actual examples of this in the graphical spread on pages 6-7 of the report. What does this mean for victim organizations? You could start by looking for malware, but don’t end there! A smart incident response process will seek to fully understand the scope of compromise and find all impacted systems in the environment. This could mean finding the registry entries that identify lateral movement, traces of deleted .rar files in unallocated space, or use of a known compromised account. It turns out that Mandiant has a product that does all of this, but the footnote on page 5 is the only mention you’ll see in the entire report (and even that was an afterthought).
The discovery of a malicious computer program that appears to be collecting sensitive information from Iran and others indicates the global cyberwar has moved to a new level, warn security experts. Kaspersky Labs, the Russian internet security company that discovered the malware, codenamed Flame, said it was more complex and sophisticated than any of the cyberweapons it has seen to date. “The Flame malware looks to be another phase in this war,” said Eugene Kaspersky, co-founder of Kaspersky Lab.
Cyber espionage is an issue whose time has come. In this second report from the Information Warfare Monitor, we lay out the findings of a 10-month investigation of alleged Chinese cyber spying against Tibetan institutions. The investigation, consisting of fieldwork, technical scouting, and laboratory analysis, discovered a lot more. The investigation ultimately uncovered a network of over 1,295 infected hosts in 103 countries. Up to 30% of the infected hosts are considered high-value targets and include computers located at ministries of foreign affairs, embassies, international organizations, news media, and NGOs. The Tibetan computer systems we manually nvestigated, and from which our investigations began, were conclusively compromised by multiple infections that gave attackers unprecedented access to potentially sensitive information. But the study clearly raises more questions than it answers. From the evidence at hand, it is not clear whether the attacker(s) really knew what they had penetrated, or if the information was ever exploited for commercial or intelligence value. Some may conclude that what we lay out here points definitively to China as the culprit. Certainly Chinese cyber-espionage is a major global concern. Chinese authorities have made it clear that they consider cyberspace a strategic domain, one which helps redress the military imbalance between China and the rest of the world (particularly the United States). They have correctly identified cyberspace as the strategic fulcrum upon which U.S. military and economic dominance depends. But attributing all Chinese malware to deliberate or targeted intelligence gathering operations by the Chinese state is wrong and misleading. Numbers can tell a different story. China is presently the world’s largest Internet population. The sheer number of young digital natives online can more than account for the increase in Chinese malware. With more creative people using computers, it’s expected that China (and Chinese individuals) will account for a larger proportion of cybercrime. Likewise, the threshold for engaging in cyber espionage is falling. Cybercrime kits are now available online, and their use is clearly on the rise, in some cases by organized crime and other private actors. Socially engineered malware is the most common and potent; it introduces Trojans onto a system, and then exploits social contacts and files to propagate infections further. Furthermore, the Internet was never built with security in mind. As institutions ranging from governments through to businesses and individuals depend on 24-hour Internet connectivity, the opportunities for exploiting these systems increases.
JR02-2009 Tracking GhostNet - FOREWORD Ron Deibert, Director, the Citizen Lab, Munk Centre for International Studies, University of Toronto. JR02-2009 Tracking GhostNet - FOREWORD Rafal Rohozinski, Principal and CEO, The SecDev Group, Ottawa, Canada.
This report serves as a wake-up call. At the very least, a large percentage of high-value targets compromised by this network demonstrate the relative ease with which a technically unsophisticated approach can quickly be harnessed to create a very effective spynet…These are major disruptive capabilities that the professional information security community, as well as policymakers, need to come to terms with rapidly. These are major disruptive capabilities that the professional information security community, as well as policymakers, need to come to terms with rapidly.
In a new report from Carnegie Mellon's CyLab, the energy and utilities sector rankis lowest in IT government and security in comparison to other industries.
The study, titled “The Governance of Enterprise Security: CyLab 2012 Report”, found that cyber security as a priority was lowest among those organizatons who administer aspects of the nation's critical infrastructure.
The report provides a side-by-side analysis of governance and security oversight across several industries including utiliities, the financial and industrial production sectors, and was co-sponsored by Forbes and security provider RSA.
“Of the critical infrastructure respondents, the energy/utilities sector had the poorest governance practices. When asked whether their organizations were undertaking six best practices for cyber governance, the energy/utilities sector ranked last for four of the practices and next to last for the other two,” wrote the study's author Jody Westby.
The findings reported by Forbes are as follows:
71 percent of their boards rarely or never review privacy and security budgets. 79 percent of their boards rarely or never review roles and responsibilities. 64 percent of their boards rarely or never review top-level policies. 57 percent of their boards rarely or never review security program assessments. “What is disturbing about these findings is that the energy/utilities sector is one of the most regulated industry sectors and one of the most important to business continuity,” Westby said.
She also noted that Industrial Control Systems (ICS) and SCADA controls "were not designed for security and have no logging functions to enable forensic investigations of attacks."
Also of concern was the finding that the energy and utility sector “placed the least value on IT experience when recruiting board members,” Westby noted.
While the energy and utility sector rated poorly in the study, the other sectors surveyed did not fare much better, and the report further iterates the disconnect between the Board of Directors and organizational security.
In March, CyLab issued the third in a series of reports examining information security governance from the standpoint of corporate Boards.
The report, which utilized a data pool selected from the Forbes Global 2000 list, shows that little has changed in the way of a concerted focus on cyber security by those at the highest levels of leadership in some of the world's largest corporate entities.
"Boards and senior management still are not exercising appropriate governance over the privacy and security of their digital assets. Even though there are some improvements in key “regular” board governance practices, less than one-third of the respondents are undertaking basic responsibilities for cyber governance. The 2012 gains against the 2010 and 2008 findings are not significant and appear to be attributable to slight shifts," the report noted.
The findings showed that around half of the respondents indicated that the Boards of Directors rarely or never engage in policy reviews for IT security, assessments of the roles and responsibilities for senior level security managers, or actively exercise oversight of annual security budgets.
In addition, only about a third of respondents regularly or occasionally receive and review reports regarding the state of enterprise information security risk management.
The report also found that on average less than two-thirds of the corporations examined did not have senior level security and privacy personnel in place, such as a CSO or CISO, and only about thirteen percent had a Chief Privacy Officer in place.
Overall, the report did show slight improvements over the results from the 2008 and 2010 studies, but the long and short of it is that corporate Boards of Directors have still not embraced privacy and security matters adequately, even in the wake of well publicized and obviously damaging security events.
The lack of urgency in addressing enterprise security issues ultimately leaves companies and their stakeholders at risk of impact from a catastrophic data loss event.
Alexandria, Virginia (CNN) – A few hundred Mormons filed into a chapel just outside the Washington Beltway one recent Sunday to hear a somewhat unusual presentation: an Obama administration official recounting his conversion to Mormonism.
“I have never in my life had a more powerful experience than that spiritual moment when the spirit of Christ testified to me that the Book of Mormon is true,” Larry Echo Hawk told the audience, which stretched back through the spacious sanctuary and into a gymnasium in the rear.
Echo Hawk’s tear-stained testimonial stands out for a couple of reasons: The White House normally doesn’t dispatch senior staff to bare their souls, and Mormons hew heavily Republican. It’s not every day a top Democrat speaks from a pulpit owned by the Church of Jesus Christ of Latter-day Saints.
And yet the presentation by Echo Hawk, then head of the U.S. Bureau of Indian Affairs, is also a perfect symbol of a phenomenon that could culminate in Mitt Romney’s arrival at 1600 Pennsylvania Avenue next year: The nation’s capital has become a Mormon stronghold, with Latter-day Saints playing a big and growing role in the Washington establishment.
The well-dressed crowd gathered for Echo Hawk’s speech was dotted with examples of inside-the-beltway Mormon power.
In one pew sits a Mormon stake president – a regional Mormon leader – who came to Washington to write speeches for Ronald Reagan and now runs a lobbying firm downtown.
Behind him in the elegant but plain sanctuary – Mormon chapels are designed with an eye toward functionality and economy – is a retired executive secretary of the U.S. Supreme Court.
A few pews further back, the special assistant to the U.S. Special Representative for Afghanistan and Pakistan sits next to a local Mormon bishop who came to Washington to work for Sen. Orrin Hatch of Utah and now leads a congressionally chartered foundation.
Mitt Romney, who would be the first Mormon president if elected, is the son of a cabinet secretary under Richard Nixon. “In a Republican administration, there will be even more Mormons here,” whispers the bishop, Lewis Larsen, pointing out prominent Washingtonians around the chapel. “Every Republican administration just loads up with them.”
Regardless of which party controls the White House, Mormonism in Washington has been growing for decades.
When Larsen arrived in Washington in the early ’80s, there were a just handful of Mormon meetinghouses in northern Virginia, where he lives. Today, there are more than 25, each housing three separate congregations, or wards, as they’re known in the LDS Church.
“There’s been an absolute explosion in Mormon growth inside the beltway,” Larsen says before slipping out of the pew to crank the air conditioning for the swelling crowd.
The LDS Church says there are 13,000 active members within a 10-mile radius of Washington, though the area’s Mormon temple serves a much larger population – 148,000 Latter-day Saints, stretching from parts of South Carolina to New Jersey.
Signs of the local Mormon population boom transcend the walls of the temple and meetinghouses.
Crystal City, a Virginia neighborhood just across the Potomac River from Washington, has become so popular with young Mormons that it’s known as “Little Provo,” after the Utah city that’s home to church-owned Brigham Young University.
Congress now counts 15 Mormon members, including Senate Majority Leader Harry Reid, according to the Pew Forum on Religion and Public Life. That means the 2% of the country that’s Mormon is slightly overrepresented on Capitol Hill.
Senate Majority Leader Harry Reid, a Democrat, is the highest-placed elected Mormon in Washington. Even many Latter-day Saints joke about Washington’s “Mormon mafia” – referring to the number of well-placed LDS Church members across town – though they cringe at the thought of being seen as part of some cabal. (Echo Hawk, for his part, left the Obama administration a few weeks after his chapel presentation for a job in the LDS Church hierarchy).
“No one talks about Washington being an Episcopalian stronghold or a Jewish stronghold,” says Richard Bushman, a Mormon scholar at Columbia University. Talk of “Mormon Washington,” he says, “represents a kind of surprise that people who were thought of as provincial have turned up in sophisticated power positions.”
Bushman and other experts note that, despite Mormons’ growing political power, the official church mostly steers clear of politics. It’s hard to point to federal legislation or a White House initiative that bears distinctly Mormon fingerprints, while it’s easy to do the same for other faiths.
For example, the White House’s recent “compromise” on a rule that would have required religious groups to fund contraception for employees was mostly a reaction to pressure from Roman Catholic bishops.
Nonetheless, Mormon success in Washington is a testament to distinctly Mormon values, shedding light into the heart of one of America’s fastest-growing religions.
And though the official church is mostly apolitical, most rank-and-file Mormons have linked arms with the GOP. Romney’s own political evolution mirrors that trend.
Such forces help explain why Mormons’ beltway power is poised to grow even stronger in coming years, whether or not Romney wins the White House.
‘A ton of Mormon contacts’
For many Washington Mormons, religion plays a key role in explaining why they’re here.
Larsen, who sports a brown comb-over and tortoise shell glasses, arrived in Washington in the early 1980s as an intern for Hatch, also a Mormon.
He landed the internship courtesy of Brigham Young University, his alma mater. The Mormon school owns a four-story dorm on Pennsylvania Avenue, not too far from the White House, which houses 120 student interns each year. It’s the school’s largest such program in the nation.
“Part of our church’s tradition is to be connected with civic life, to make our communities better,” says BYU’s Scott Dunaway, who helps place students on Capitol Hill, at the Smithsonian and other Washington institutions. “We don’t believe in being reclusive.”
It’s a perfect characterization of Larsen. He grew up in Provo, in the shadow of BYU, and wanted to prove he could make it outside of Utah.
“Kids growing up in the LDS Church have been told, ‘Go ye out in the world and preach the gospel of Christ - don’t be afraid to be an example,’ ” Larsen said, sitting in the glass-doored conference room of the foundation he runs on K Street.
“So we are on our missions, converting people to Christianity,” he continued. “And coming to Washington, for me and probably for a lot of people, came out of that interest. We see it as our career, but also we’re going out to preach the word of Christ.”
For Larsen, that usually means correcting misinformation about Mormonism or explaining Mormon beliefs and practices – you really don’t drink coffee, ever? – over lunch with co-workers or at business functions, rather than on-the-job proselytizing.
He learned about integrating work and faith from Hatch. He was initially shocked to discover that the senator prays in his office each morning. Larsen and Hatch developed what the bishop calls a “father-son” relationship, with the intern rising up through the ranks to become Hatch’s chief Washington fundraiser.
“We would go on trips, and I’d quiz him on the plane: Why did the church do this? Why didn’t the church do this?” Larsen said. “He was like a tutor to me.”
Now, as the head of a foundation that educates teachers about the U.S. Constitution, the bishop helps other young Mormons with job leads and introductions. Larsen was appointed to the role by Hatch and the late U.S. Sen. Ted Kennedy.
Much of Washington’s Mormon professional network is still anchored by BYU, which operates a handful of big, well-connected alumni groups with major Washington chapters. The most prominent is BYU’s Management Society, a global organization whose biggest chapter is in Washington.
At the chapter’s recent alumni dinner, former Secretary of State Condoleezza Rice was the guest of honor. She has strong ties to the Mormon community and has hired Mormons as top aides. Says Larsen: “Condi’s got a ton of Mormon contacts.”
Patrice Pederson also knows how to work a Rolodex. A lifelong political activist, she moved from Utah to Washington last year and soon tapped into BYU’s local network.
Pederson served as the U.S.-based campaign manager for Yeah Samake, a Mormon running for president in the West African nation of Mali.
Samake traveled frequently to the U.S. to raise money and build political support, so Pederson enlisted the help of BYU’s Management Society and other groups to host events for the candidate.
Both in Washington and across the U.S., many Mormons are watching his candidacy.
“Members of the church on Capital Hill were anxious to introduce the candidate to other members of Congress,” says Pederson, sipping an herbal tea (Mormons eschew black leaf teas) in a strip mall Starbucks near her apartment in Alexandria, Virginia.
“It’s cool to have a member of the church running for president in Africa.”
Beyond making connections, many Washington Mormons say the LDS Church provides an ideal proving ground for careers here.
Unlike most churches, it has no professional clergy; from the bishop to the organist, each role is filled by everyday Mormons, most of whom have other day jobs. As a result, Mormons take church leadership roles at an early age, speaking publicly at Sunday services almost as soon they learn to talk.
“My kids grew up in the church, and we get together for three hours on Sundays, and each member needs to get up and speak,” says U.S. Rep. Jason Chaffetz, R-Utah. “By the time they graduate, they have all these speaking assignments that other teenagers just don’t have.
U.S. Rep. Jason Chaffetz, a Utah Republican, says Mormonism provides ideal training for aspiring politicians. “For those who grow up in the Mormon church, they are taught skills that allow them to be successful in a tough city like Washington,” says Chaffetz, who converted to Mormonism shortly after college.
Young Mormons also hone leadership skills by serving missions away from home. The missions last from one and half to two years and happen when Mormons are in their late teens and early 20s and often include intensive foreign language training.
“Young Mormons are more formidable in public settings and international settings than others,” says Terryl Givens, a Mormon scholar at the University of Richmond. “Normally you would have to acquire more age and work experience before you feel comfortable and useful at NGOs and think tanks.”
Chaffetz, whose son is serving a mission in Ghana, says the experience is the perfect preparation for political careers.
“They learn rejection early on,” he says. “If you’re going to be in politics, that’s a pretty good attribute.”
Christina Tomlinson served her mission in nonexotic Fresno, California. But working with the Laotian community there, she acquired the foreign language skills that landed her first internship at the U.S. State Department.
“I look back at that and it’s nothing but divine providence,” Tomlinson says one night at an office building-turned-chapel in Crystal City, after a weekly discussion about Mormon teachings. “I would have never made those choices.”
When she arrived at her foreign service orientation in the late 1990s, Tomlinson was surprised to find that a half-dozen of her State Department colleagues were also Mormon. The thriving LDS community at State even runs its own e-mail list server so Latter-day Saints can find each other wherever in the world they’re stationed.
Like former presidential candidate Jon Huntsman, who used the Mandarin language skills acquired through a Mormon mission to Taiwan to help secure his job as President Barack Obama’s previous ambassador to China, Tomlinson leveraged her mission to get ahead at State, where she now serves as special assistant to the U.S. Special Representative for Afghanistan and Pakistan.
“I’m basically the chief of staff for the president’s representative charged with implementing U.S. foreign policy towards Afghanistan and Pakistan,” she e-mailed on a recent plane ride back from the region.
Language skills acquired on a Mormon mission helped Christina Tomlinson get her start at the State Department. At the point of a bayonet
Like many Mormons, Tomlinson says her professional life is driven by a faith-based patriotism that sounds old-fashioned to modern ears: “I just really wanted to serve my country.”
But that distinctly Mormon patriotism was hard-won. From their very beginning, Mormons had tried to forge a special relationship with Washington. And for decades, they failed.
Joseph Smith, who founded Mormonism in the 1830s, petitioned the U.S. government to protect his fledgling religious community from the violent persecution it was experiencing, even meeting repeatedly with President Martin Van Buren.
But Washington refused, provoking Smith – who Mormons consider their founding prophet – to run for president himself in 1844. He was assassinated by an anti-Mormon mob in Missouri well before Election Day.
In the face of such attacks, Mormons fled west, to the territory that’s now Utah. But they continued to seek ties with Washington, dispatching representatives to the capital to lobby for statehood.
Congress refused to grant it. Instead, Uncle Sam disincorporated the LDS Church and sent the U.S. Army to police Mormon territory.
In the eyes of Washington, Latter-day Saints were flouting federal law by practicing polygamy. The feds saw the LDS Church as an undemocratic rival government that threatened Washington’s power.
Joseph Smith, Mormonism’s founding prophet, ran for president in 1844 but was killed before Election Day. Mormons would eventually ban polygamy, paving the way for Utah statehood in 1896. But Congress nonetheless refused to seat the new state’s Mormon senator, who also served as a top church official.
For four years, the U.S. Senate held hearings to grill U.S. Sen. Reed Smoot and other church leaders, alleging that Mormons continued to practice polygamy despite promises to the contrary.
“The political trial was as much a galvanizing cultural moment as was Watergate,” says Kathleen Flake, a scholar of Mormonism at Vanderbilt University in Tenneessee.
When Smoot was eventually seated – after the LDS Church took further steps to stamp out polygamy – he managed to become a Washington powerbroker. He would chair the Senate Finance Committee and act as a presidential adviser.
“He was Mr. Republican,” says Flake. “For a while there, he was the Republican Party.”
Smoot’s unflagging pursuit of legitimacy in Washington, despite the city’s bias against him and his faith, symbolizes what many call a uniquely Mormon appreciation for American civic life. It helps explain the Mormon fascination with Washington to this day.
It may seen counterintuitive, but Mormons’ early exposure to persecution at the hands of other Americans – aided, Mormons say, by the U.S. government – wound up strengthening their patriotic streak.
In the face of attacks, Mormons clung to the U.S. Constitution and its unprecedented guarantee of religious freedom. They distinguished between the document and those charged with implementing it.
Mormon scripture goes so far as to describe the U.S. Constitution as divinely inspired, establishing a unique environment in which Mormonism could emerge.
“Mormons are superpatriots,” says Columbia University’s Bushman. “Joseph Smith said that if the government was doing its job as laid out in the Constitution, it would protect Mormons from their enemies.”
Mormons began to shed their Utah-only siege mentality and fanned out in the early part of the 20th century. Their patriotic streak, which translated into military enlistments and applications for government jobs, led many to Washington.
That wave included J. Willard Marriott, the hotel chain founder, who launched his business career by opening an A&W root beer stand here. He would go on to forge the kind of deep political connections that would help make Willard “Mitt” Romney his namesake.
Washington’s Mormon community got another boost in the 1950s when President Dwight Eisenhower appointed a top church official, Ezra Taft Benson, as his agriculture secretary.
“Mormons took it as a sign of maybe, just maybe, we’re being accepted,” says Flake. “It signified a cultural acceptance of Mormonism. People thought Mormons believed weird things, but also that they were self-reliant, moral and good neighbors.”
As Mormons became more accepted, they became more upwardly mobile, landing in parts of the country that could sustain careers in commerce, academia and government - another reason Washington was a big draw.
By the time there were enough Mormons in the eastern U.S. to justify the construction of the first Mormon temple east of the Mississippi River, the church chose a site just outside Washington.
The temple opened in 1974, shortly after another high-profile Mormon – George Romney, Mitt’s father – left his post as Richard Nixon’s secretary of Housing and Urban Development.
“The Washington temple served as a symbol of the triumphant return of Mormonism to the east,” says Givens, the University of Richmond professor. “Mormons left from the point of a bayonet in the 1800s and the temple is this gigantic symbol that says ‘We’re back – and we’re back in the nation’s capital.’ ”
The Mormon temple outside Washington was the first such temple built east of the Mississippi River. Unlike Mormon meetinghouses, where members meet for Sunday worship, temples are grander buildings reserved for certain rites, such as proxy baptisms for the dead.
To this day, the first monument many Washington visitors see isn’t a federal landmark. It’s the massive Mormon temple, its Georgian marble towers and gold-leafed spires looming above the trees on the Washington Beltway like an otherworldly castle.
The temple houses a J. Willard Marriott-financed mural of Jesus Christ’s second coming, which features a picture of the Washington temple itself in the background.
“Are you implying that the millennium will begin in Washington?” a temple visitor once asked Marriott, referring to Jesus’ return.
Replied Marriott: “What better place is there?”
Good at organizing
These days, the Mormon impulse toward Washington is often as much political as patriotic.
Patrice Pederson - the campaign manager for the Mormon running for president in Mali - made her first foray into politics at 15, hopping the bus from her home in the suburbs of Salt Lake City into town to intern with a Republican candidate for the U.S. House.
“I remember that when Bill Clinton was elected, I wore all black to school that day,” says Pederson, who was in junior high at the time. “I was mourning the death of liberty.”
When then-Vice President Al Gore visited Utah, Pederson protested his speech with a homemade poster that said “Blood, Guts & Gore – Healthcare’94.” (She can’t recall the poster’s exact meaning).
Pederson’s activism as a “total hardcore right-winger” continued into her 20s. She put off college at BYU to start a “pro-family” advocacy group aimed at lobbying foreign governments and the United Nations. The work brought her to Washington so frequently that she decided to relocate last year: “I had more friends here than in Utah.”
Pederson’s path to D.C. speaks to the growing Mormon/Republican alliance since the 1960s, driven largely by the emergence of social issues such as abortion and gay marriage and the rise of the Christian Right.
“In the 1950s and ’60s, Utah became Republican,” says Bushman. “It’s partly about being anti-communist, but it’s also a response to the 1960s and the decay of old-fashioned moral virtues. It’s an anti-1960s movement, and the Republicans seemed to be the party of old-fashioned virtues.”
Pederson’s roommate, Kodie Ruzicka, grew up squarely in that movement, with her mom heading the Utah chapter of Eagle Forum, a conservative Christian group founded by rightwing icon Phyllis Schlafly.
In the 1970s, when the Catholic Schlafly led a successful grassroots campaign against the Equal Rights Amendment, which would have made gender-based discrimination unconstitutional, she enlisted the help of Mormons.
To its opponents, including the LDS Church, the ERA was the work of radical feminists who wanted to upend traditional gender roles.
Much of Schlafly’s organizing was among evangelicals, and “given the sometimes hostile evangelical line on Mormons, [Schlafly’s] Mormon outreach was kind of revolutionary,” says Ruzicka, who now works at the Justice Department. “But we’re good at organizing, and we have a lot of useful structures for it, so that was useful to her.”
Today, Mormons head Eagle Forum chapters across the West, including California, Arizona and Nevada, as well as Utah.
Bridge-building between Mormons and the conservative movement helps explain the Reagan administration’s push to hire many Mormons into the White House - which further cemented the alliance. That bond continues to lure Mormons to D.C.
Ruzicka, for one, continued in the political footsteps of her mother, arriving in Washington in her mid-20s to lead a nonprofit that promotes safe haven laws, which allow young mothers to legally abandon young children at fire stations.
Beyond hot-button social issues, U.S. Rep. Chaffetz says the Mormon faith engenders support for limited government.
“The church is very adamant about personal responsibility, and for people to voluntarily participate in service,” the Utah Republican says. “There’s this feeling that service is not something that should be mandated by government.”
The LDS Church, for its part, insists it is politically neutral and that it avoids pressuring Mormon elected officials to tow a church line. “The church’s mission is to preach the gospel of Jesus Christ, not to elect politicians,” the church’s website says.
Mormon experts say the church’s support for a relatively strict separation of church and state is born of the U.S. government’s refusal to help Mormons in the face of early persecution.
And after being accused of setting up a rival government around the turn of the last century, the church is loath to be seen giving marching orders to LDS politicians.
The church did, however, play a leading role in passing Prop 8, California’s gay marriage ban, in 2008. Church officials called it a moral cause, not a political one.
Plenty of critics disagree. But neither Mormon bishops nor church officials are known to lead the kind of church-based legislative lobbying efforts that Catholic bishops or evangelical leaders do.
Mitt Romney himself embodies the reluctance of Mormon politicians to connect their religion and their public policy positions, in contrast to politicians of other faiths.
That reluctance also appears to be born of anxiety over Americans’ lingering questions and doubts about Mormonism. When Pew asked Americans last year what word they associated with the Mormon faith, the most common response was “cult.”
In recent weeks, Romney’s newfound position as the presumptive Republican presidential nominee has produced a mix of excitement and worry among Mormons. That’s especially true in Washington, where politically savvy Latter-day Saints send out frequent e-mail round-ups of Mormon media coverage to their LDS networks.
“A lot of us know it’s ultimately a good thing, but it’s hard to feel like it’s a good thing because so much of the publicity is about things you wouldn’t talk about in polite company, like my underwear,” says Pederson, referring to the enduring fascination with Mormon undergarments.
Like many conservatives, Pederson is suspicious of Romney.
“I don’t like his waffling, to put it gently, on life and family issues,” she says. “But if it comes down to Romney versus Obama, hand me the pom-poms. I’ll be president of the Romney-Is-the-Best-We-Can-Come-Up-With-for-President Club.”
For now, Pederson is working with the National Right to Life Committee’s political action committee to raise money for the Romney effort, even as she makes up her mind about how actively she wants to promote his candidacy.
Some of her calculus is about weighing political reality against her conservative idealism. And some of it is about her next professional move. It’s a very Washington place to be.
Dan Gilgoff - CNN Belief Blog Co-Editor
Filed under: 2012 Election • Barack Obama • Church of Jesus Christ of Latter-day Saints • DC • Jon Huntsman • Mitt Romney • Mormonism • Politics
WASHINGTON D.C. – Teresa M. Takai, Acting Assistant Secretary of Defense for Networks and Information Integration, the Department of Defense’s Chief Information Officer, said in an interview that cyber defense is a major part of the DOD’s technology agenda. But she declined to characterize the current climate of often state-sponsored cyber attacks as cyber war. “The whole question of advanced persistent threats and the kinds of threat we face at the Department is something we’re very focused on,” Takai told MITechNews.Com Editor Mike Brennan. ”Cyber is a domain much like air, sea and space that we have to be prepared to defend.” Takai, the former state CIO for Michigan and then California, was recruited 18 months ago to serve as the principal advisor to the Secretary of Defense for Information Management, Information Technology and Information Assurance as well as non-intelligence Space systems, critical satellite communications, navigation, and timing programs, spectrum and telecommunications. She provides strategy, leadership, and guidance to create a unified information management and technology vision for the Department and to ensure the delivery of information technology based capabilities required to support the broad set of Department missions, including technology delivered to the battlefield for war fighters. “I advise Defense Secretary Leon Panetta as well as senior staff on how we should be spending $37 billion a year on IT,” she said. “In the simplest form, those duties, if we compare and contrast, in Michigan on an annual basis we were spending $500 million on IT. The biggest difference on what we do at the state level and now at the DOD is the kinds of systems we use are not traditional business support systems. Instead, we’re responsible for oversight of the military version of a police radio system. We’re responsible for everything up to where the information is shared. We manage the Department’s use of the spectrum. We are responsible for technologies that read out to the battlefield and for those individuals dealing with technology in the theater. So my responsibilities are more operational.” But in this digitally connected world where state and local governments reach out online to their respective constitutes, trying to reach back into their networks are hackers, organized crime, and state-driven cyber spies. These bad guys want to tap the treasure trove of rich intellectual data and financial information inside. Among her many former duties, Takai is the Past-President of the National Association of State Chief Information Officers so she knows first-hand the cyber threats state and local CIOs and CISOs deal with. “I think the states are concerned around privacy protection,” she said. “At the DOD, we deal with all aspects of cyber security. How to defend all our information. We have a lot of R&D to protect. There are those who want to get in and maliciously disable or damage or change information. We’re so heavily dependent on our network for a national security role.” As such, she works closely with Gen. Keith B. Alexander, who runs United States Cyber Command (USCyberCom), an armed forces sub-unified command subordinate to U.S. Strategic Command. Alexander also runs the National Security Agency, a crypto logic intelligence agency at the Pentagon. While CyberCom is developing cyber defense strategies, NSA collects and analyzes foreign – and some say domestic – communications. Both also try to protect their respective computer networks from cyber intrusion, an increasingly difficult problem. Lately, Cyber Command has been in the headlines as the government tries to redefine its role and transform the roughly 1,400 person command into a cyber war fighting unit, on par with the armed services. This week, there were reports U.S. Cyber Command has been using special, classified briefings with private sector CEOs to scare them into greater vigilance about the threat of cyber attacks. The briefings are part of a three year-old program dubbed the "Enduring Security Framework" that was designed to foster closer coordination between private sector executives and Washington, so they predate Takai’s arrival at the Defense Department. “One way to describe cyber command is we have regional combatant commands, such as the Pacific Region, who understands the Pacific region,” Takai said. “When you compare that to CyberCom, they have the unique understanding of cyber space and they have the responsibility to take actions, and advise the Defense Secretary on all cyber activities. CyberCom protects the Department and is responsible for directing activities as they relate to cyber security.” Takai also confirmed published reports that the Pentagon has carved out a new secret spy group that press reports called the Defense Covert Intelligence unit. She, however, clarified those reports by calling the new unit, a function, instead. “One of the things we do is to look at the challenges and threats and organize to address them,” Takai said. “There wasn’t the establishment of a new agency or department at the Pentagon, but organizing around a new function they thought was important. It was the establishment of a specific group that focused on a problem we anticipate happening in the future. One example is looking at a specific time for draw-down in Afghanistan. It also performs future planning activities - how to do intelligence - and then restructures how to use these new resources. “ Other duties include interfacing with the North Atlantic Treaty Organization (NATO) on their cyber preparedness. She will fly to Brussels, Belgium, later this month for the semiannual NATO board meeting to talk directly with her NATO counterparts. “I’m the U.S. rep to the NATO board that oversees all the technology that NATO develops,” she said. “If we think we move slowly at the Defense Department, try getting multiple nations together on technology. It is a challenging job.” Another challenging job is making the Defense Department’s IT management more centralized, she said. Right now DOD is very decentralized. When she was CIO in Michigan, IT management was just the opposite, very centralized. While In California, she said, she had to deal with 130 CIOs all with different agendas. “I think the challenge here is because the Department is so much bigger, that going to a completely centralized strategy does not make sense,” she said. “But we do want a level of centralization. War fighters want to operate across the Navy, Marines, Air Force and Army using the same technology base. The way we’re structured now is each service has the money to put out technology. We have to figure out a way to do it so when there is a joint operation. We have to figure out how to provide the right services so a war fighter has what he needs?” Another big difference is at the state level, the interaction is with citizens. At the Defense Department, the bulk of the interaction is internal. But one things remains the same in both worlds: Information silos. “It’s just different silos,” she said. “Each individual service has its own CIO. They don’t report to me, but they are required to follow the direction and policy I put out.” Also at the federal level, politicians are much more involved in IT policy than in the states, she said. “Politicians here like to know how we are spending their money,” Takai said. “And sometimes they want to get into the middle of it, but usually just for doing good accountability. The military folks are skilled technologists. It’s a little different with staff people and political appointees, whose philosophy is more, ‘Just go make it run and call me if you need me.’ “ She declined to say much about the Cyber Intelligence Sharing and Protection Act (CISPA), which would allow for the sharing of internet traffic information between the U.S. government and certain technology and manufacturing companies. The stated aim of the bill is to help the U.S Government investigate cyber threats and ensure the security of networks against cyber attack. “We are supportive of the president’s agenda and do feel this legislative action is important going forward,” she said “Based on what we see at the Defense Department, there needs to be more action to protect our critical infrastructure. There are both military and civilians aspects to this.” What has been her biggest surprise at the Pentagon? “You can’t grasp the enormity of what the Department does until you get here,” Takai said. “It just has so many nuisances and cultures about it; I’m learning something new every day. “The most rewarding part of the job is when you see the areas you’re working in make a difference to the men and woman actually protecting this country,” she said. “It is the most phenomenal feeling to talk with people about what their needs are and work on things that will make a difference for those young men and woman who are away from their families’ months at a time. They do the work without complaining. And the level of dedication is just phenomenal. You can see the passion.” What advice does she have for somebody graduating from college with a degree in computer science who wants to get into government cyber security? “First of all, there are multiple jobs in cyber security,” Takai said. “It isn’t just about cryptologist, writing software, or monitoring networks. Second, it is good to have a technical background. Some engineering background would be preferable. Three, look around and see how many universities are developing cyber security curriculums. Some offer degree programs. Lastly, companies are looking for bright young people with engineering or computer science background to get into this field.” What about experienced security professionals. How can they get involved helping the government? “We all post our jobs on our government web sites,” she said. “Someone like Dan Lohrmann (Michigan CISO) has a lot of opportunities at the state level. If someone wants to come to Washington, there are jobs here, too. I would encourage people to go online and look at military base postings. We also are heavily dependent on our defense industrial base. General Electric has a large presence in Michigan. So there are any number of ways an individual can take a look at what opportunities exist within government or companies that do business with the government. “ Both the DOD and NSA also are actively recruiting cyber security and technology specialists, and educating the present work force on the dangers posed by the Internet today. “We think we’ll have to grow in a couple ways at the Department of Defense,” she said. “We plan to train our entire workface to be cognoscente of the cyber threats and we need more specialists to monitor and defend our networks.” This interview was conducted by MITechNews.Com Editor & Publisher Mike Brennan. To read more about Assistant Secretary Takai, click on CIO.Gov
Author: Mike Brennan Source: Editor, MITechNews.Com