Dog Brothers Public Forum
Return To Homepage
September 16, 2014, 12:01:16 AM
Login with username, password and session length
Welcome to the Dog Brothers Public Forum.
Dog Brothers Public Forum
Politics, Religion, Science, Culture and Humanities
Politics & Religion
Cyberwar and American Freedom
Topic: Cyberwar and American Freedom (Read 40402 times)
Stratfor on the Wang Dong 5
Reply #300 on:
May 21, 2014, 10:26:27 PM »
Washington's decision to indict officers of China's People's Liberation Army over alleged state-sponsored industrial espionage marks an important change in Washington's relations with Beijing. The move highlights growing concerns over intellectual property rights and industrial spying, but it also shows the intensified attention being paid to the challenges that state-to-state competition in the cyber domain creates.
Indictments have real consequences. Washington did not place largely unenforceable sanctions on individuals or bring a lawsuit to an international body that would take years to resolve, and those indicted risk extradition if they travel to a country with extradition treaties with the United States. A step such as this is not frequently taken in minor diplomatic spats, particularly between such important countries.
Washington has specifically accused the indicted officers of industrial espionage. The move follows warnings made by U.S. President Barack Obama during his State of the Union address regarding state-backed cyber-espionage and intellectual property theft. However, it speaks to a much deeper issue: the management of international relations in cyberspace, from espionage to sabotage to warfare. The discussion inside China already equates actions in cyberspace as potential weapons of mass destruction, on par with nuclear, biological and chemical weapons. There are concerns that hostile actors could use cyberspace to sabotage power grids; trigger industrial equipment to operate outside of its parameters and break down, perhaps catastrophically; or even trigger explosions or a meltdown at conventional and nuclear power plants.
In standard military action and in more traditional forms of espionage, there are commonly shared rules -- but no such standards govern cyber-espionage. Furthermore, it is difficult to distinguish between lone actors carrying out some form of protest or defacement, those engaged in commercial industrial espionage or state-led espionage and cyber activities that are directed toward a more concrete and sinister end, such as sabotage or the destruction of critical infrastructure. Cyberspace is not just a domain where information can be stolen -- it is a place where sabotage and disruption could be geared toward a strategic end.
This is a concern in the United States and in other countries, including China. Determining the perpetrator's identity and intent is next to impossible, and the initial actions of thrill-seeking hackers and strategic saboteurs are similar or even identical. This leaves little time to determine the most effective counter and how far to take it. In some ways, this is not entirely unique to the cyber domain -- debate persists over whether cyberspace really is its own domain as air, sea, land and space are. States often act through proxies to instigate or facilitate spying, infiltration, disruption and destruction. But the cyber domain has several unique characteristics, including the ability to work from a distance, to deploy large numbers of individuals on discreet missions, and the ability (at least in theory) to spy, destabilize and disable without physical risk to the operatives.
By offering the ability to operate from a distance, the cyber domain allows for a much greater use of human resources against a target that would not be vulnerable to traditional espionage techniques. Regimes and individuals have also always sought plausible deniability -- the ability to dissociate oneself from a hostile action -- and the cyber domain allows a deeper level of anonymity. This has altered the balance between risk and reward. In traditional espionage, the risk is always high, so the reward needs to be high as well. Cyber-espionage is low risk, so operatives can seek lower-level rewards, increasing the frequency of action and making the target set too broad to effectively defend. If states can increase the potential cost of action, the target set should shrink, thus enabling states to concentrate their resources to defend their most critical assets.
An Attempt to Set the Rules
By prosecuting a case that targets specific Chinese officials, the United States is trying to break the element of plausible deniability and increase the amount of risk involved in cyber-espionage. Washington is also removing the veil that covers government involvement in cyber-espionage, disruptions and sabotage. The Chinese have reacted sharply, declaring a cessation of talks with the United States on the management of cyberspace issues. And the United States clearly knew such a reaction was not just possible but likely. Yet Washington not only made the indictment but also warned that numerous others would follow.
In part this is about U.S. competitiveness, as statements attached to the indictments assert. But it may also be a way to force China into a more serious discussion of the rules of the cyber domain, or at least to lay out the rules the United States wants to impose. Until now, China has deflected criticism by claiming that since the United States has a Cyber Command and the Chinese do not, Washington is alone in owning state-sponsored cyberwarfare capabilities. Now that accusations and leaks from investigations are being backed up with prosecutorial evidence, that defense, from Washington's point of view, is tossed aside.
Beijing will probably issue a strong response. The Chinese government is likely to arrest or deport individuals it has identified as involved in espionage in China, or even those in the business sphere that fall within China's ambiguous regulations on corporate espionage. Beijing will probably also appeal to global public opinion by repeating information revealed in the Snowden leaks, distracting from the issue by shifting attention to U.S. cyber activities. But for the United States, this is more than just an attempt to briefly influence Chinese behavior. It is part of a broader reassessment of the strategic issues surrounding the question of cyber activities and of the general rules of conduct in the offense-defense balance, and it is an effort to find ways to avoid significant strategic miscalculations.
Read more: Washington Shows It Is Serious About Cyber-Espionage | Stratfor
Follow us: @stratfor on Twitter | Stratfor on Facebook
WSJ: US to rev up hacking fight
Reply #301 on:
May 24, 2014, 09:08:52 AM »
I must say I am intrigued , , ,
The U.S. plans to "keep up the pressure" on China as it gauges that nation's response to this week's indictment of five Chinese military officials for allegedly hacking into American corporate computers, a senior administration official said Friday. If China doesn't begin to acknowledge and curb its corporate cyberespionage, the U.S. plans to start selecting from a range of retaliatory options, other officials said. They include releasing additional evidence about how the hackers allegedly conducted their operations, and imposing visa, business and financial restrictions on those indicted or people or organizations associated with them. Beyond that, some officials are advocating more stealthy moves. These could include the government working with a U.S. company that has been breached to feed hackers bad data, said one person familiar with the discussions.
U.S. Attorney General Eric Holder announced the charges Monday, alleging the five men hacked into five U.S. companies, including Alcoa Inc. AA +2.19% and U.S. Steel Corp. X +0.96% , as well as the United Steelworkers union, to take sensitive information. U.S. officials said they expected the Chinese would strike back.
But so far, China's response has been fairly restrained: denying the accusations, canceling the nation's participation in cybersecurity talks and signaling that U.S. technology companies may face greater scrutiny in trying to do business in China. A senior administration official said the Chinese response is as expected, and the U.S. will tie any retaliation to Beijing's longer-term reaction.
"It has to be calibrated some to what the Chinese government chooses to do," the senior administration official said. "This is a long-term process."
U.S. officials expect it will take a few more weeks to discern the true Chinese response.
"If the Chinese don't re-engage, they [U.S. officials] have more things in their bag of tricks," said James Lewis, a cybersecurity specialist at the Center for Strategic and International Studies who frequently consults with the Obama administration.
Chinese officials in Washington didn't immediately respond to a request for comment.
The indictment in federal court in Pittsburgh is part of a much broader strategy to counter a growing cyber assault against the U.S. government and companies, which intelligence officials have said tops their list of national security threats. The indictment seems to be in direct response to a challenge Chinese officials issued more than a year ago, when U.S. officials launched a public shaming campaign to try to press China to stop hacking U.S. companies. Chinese officials called on the Americans to put forward the kind of evidence that would hold up in court.
Monday's indictment, in effect, is aimed at providing a foundation on which the U.S. government could build an array of punishments. It sets out evidence in detail—naming alleged actors and affected U.S. companies and organizations—that could be used to support additional penalties.
"Criminal charges can justify economic sanctions from our colleagues in the Treasury Department, sanctions that prevent criminals from engaging in financial transactions with U.S. entities and deny access to the U.S. financial system,'' said John Carlin, the head of the Justice Department's national security division, in a speech Wednesday at the Brookings Institution think tank. "They can facilitate diplomacy by the State Department."
On the prosecutorial side, follow-on steps may include releasing more evidence about the hacking cases, or filing new charges in other hacking cases in which investigators have collected a critical mass of evidence, officials say. Officials were mum on the nature of the additional evidence. But a person familiar with U.S. probes into Chinese hacking said investigators often collect video evidence of hackers.
"Some of these actors are not real good about turning off the Skype camera on their machines while they are working," this person said.
A more controversial response advocated by some Federal Bureau of Investigation officials is to work with companies under cyber siege to feed bad information to hackers, said a person familiar with the discussions. The goal would be to cast doubt on the quality of the data being stolen, and in addition raise questions about information taken from other companies.
If executed as a counter-spying campaign, advocates of the approach say it would force Chinese officials to spend much time trying to separate bad information from good and lead them to centralize their diffuse operations, which could slow the pace of their cyberspying.
The idea is "getting a lot of traction, both on the commercial and government sides," said the person familiar with the discussions. "The dilemma has always been finding companies willing to cooperate."
Another option government officials are considering is putting individuals or organizations linked to hacking, such as Chinese universities or government contractors, on Department of Commerce lists of "parties of concern." People or entities on the lists are essentially red-flagged by the U.S. government and can't trade with Americans or conduct financial transactions in the U.S. The move also could bar faculty or graduate students at listed universities from fellowships or conferences in the U.S.
In the past, it has been difficult to use the lists in hacking cases, because evidence pointing to specific responsible entities was limited. Monday's cases now provide that kind of evidence. Government officials are also weighing actions at the Treasury Department, such freezing assets or imposing individual sanctions, according to two people familiar with the discussions. Those penalties could take a form similar to those levied against Russian business people in the wake of Russia's annexation of Crimea.
Officials in addition are assessing whether and how they might impose visa restrictions to prevent Chinese hackers from attending popular hacker conferences in the U.S., such as the annual Defcon conference in Las Vegas. Another option under consideration is whether to take action at the World Trade Organization. Monday's indictment focuses on trade-secret theft, and some U.S. officials believe they can make the case that Chinese hacking represents intellectual-property theft in violation of the WTO's trade-related aspects of intellectual-property rights.
U.S. officials also are looking to allies to both endorse the U.S. cases outlined Monday and take action of their own. Investigations "can lead other governments to take action, even when the United States doesn't end up doing so," Mr. Carlin noted.
Hackers will fight our next big war
Reply #302 on:
June 01, 2014, 09:54:51 AM »
Grid down scenario
Reply #303 on:
July 07, 2014, 12:29:05 PM »
Chinese hackers hit US personnel networks
Reply #304 on:
July 10, 2014, 08:50:31 AM »
Reply #305 on:
August 12, 2014, 01:35:16 AM »
Open Question: How would you repurpose a Spam Bot for info warfare?
Posted: 11 Aug 2014 11:06 AM PDT
My last post on spam bots openned up an interesting question: how would you repurpose them for info warfare?
Spam bots can interact with us via:
Add your ideas to the discussion below.
The IRS Bot Scam from Pakistan
Posted: 11 Aug 2014 07:32 AM PDT
I just got a call from the IRS bot today. It threatened me in a computerized voice with an audit and prompted me to call it back to take with an agent.
Of course, the call I got wasn't the IRS. The IRS doesn't initiate an audit that way (it mails you).
It was from scam bot from Pakistan.
In this case, the bot used an Internet connection to the US to dial my number. That provided it with the number of 1-202-241-0331 which resolved to an official looking caller ID for the "District of Columbia".
If you haven't noticed already, most of the calls we get on our phones now are spam. Why?
Mismanaged phone companies. The idiots running the phone companies look the other way when it comes to phone scams because of the $ they pump into the system. Apparently, being a regulated monopoly wasn't enough.
Backward technology. The phone companies don't use Baysean spam filters and customer ratings/feedback to weed out phone scammers like g-mail etc. do. This specific scam has been using this number for weeks without any action being taken to block it.
A broken law enforcement/national security system. Our security system now treats us as the criminals which is why IRS scams are a multi-billion dollar business every year. Worse, it completely ignores a constant onslaught of frauds and scams that damage us, from Wall Street's multi-trillion dollar "too big to prosecute" frauds to daily telephone/e-mail bot hacks like this one.
Why is this important?
What's interesting to me is how easily this type of bot attack can be adopted by global guerrillas for large scale and very effective attacks on the US.
I'll have more detail on this in my upcoming e-booklet: iWar.
Hopefully, I'll get it up on Amazon/etc. this week.
Electromagnetic warfare is here
Reply #306 on:
August 26, 2014, 09:32:07 AM »
Re: Cyberwar and American Freedom
Reply #307 on:
August 26, 2014, 11:29:18 AM »
Mystery cell towers
Reply #308 on:
September 03, 2014, 02:29:55 AM »
Re: Cyberwar and American Freedom
Reply #309 on:
September 03, 2014, 07:51:29 AM »
What is our take on the implications there?
Last Edit: September 03, 2014, 07:54:46 AM by Crafty_Dog
WSJ: A New Threat Grows Amid Shades of 911
Reply #310 on:
September 11, 2014, 01:58:01 PM »
A New Threat Grows Amid Shades of 9/11
The nation remains largely unaware of the potential for disaster from cyberattacks.
By Tom Kean and Lee Hamilton
Sept. 10, 2014 7:03 p.m. ET
Ten years ago, the 9/11 Commission Report triggered the most significant reorganization of the U.S. intelligence community since 1947. Two months ago, the former members of the commission—we are among them—issued a new report assessing where national security stands, 13 years after the most devastating attacks on America's homeland.
Most of the new report's observations focused on counterterrorism, the central focus of the 9/11 Commission. But in speaking with many of the nation's most senior national-security leaders, we were struck that every one of these experts expressed concern about another issue: daily cyberattacks against the country's most sensitive public and private computer networks.
A growing chorus of national-security experts describes the cyber realm as the battlefield of the future. American life is becoming evermore dependent on the Internet. At the same time, government and private computer networks in the U.S. are under relentless cyberattack. This is more than an academic concern—attacks in the digital world can inflict serious damage in the physical world. Hackers can threaten the control systems of critical facilities like dams, water-treatment plants and the power grid. A hacker able to remotely control a dam, pumping station or oil pipeline could unleash large-scale devastation. As terrorist organizations such as the Islamic State grow and become more sophisticated, the threat of cyberattack increases as well.
On a smaller scale, but equally unsettling, ordinary building systems like electronic door locks, elevators and video-surveillance cameras (today, present in many homes) are also vulnerable to penetration by hackers. Even life-sustaining medical devices, many of which contain embedded computer systems connected to the Internet, could be disabled by cyberattacks.
Others steal Americans' sensitive personal information and sell it to organized crime rings. The theft of credit- and debit-card numbers from tens of millions of Target customers last year is the most prominent example, but this happens every day. Home Depot HD -0.25% confirmed on Monday that it had been hit by a massive data breach.
Meanwhile, state-sponsored cyber intruders have stolen the plans to top-secret U.S. weapons systems, reducing America's technological advantage and putting military personnel and the homeland at risk. For example, Chinese hackers have used cyber infiltration to gain access to plans for the F-35 Joint Strike Fighter, the Global Hawk surveillance drone and other advanced systems. State-sponsored hackers have also made off with reams of American companies' intellectual property—business secrets worth hundreds of billions of dollars. Keith Alexander, the former National Security Agency director and retired Air Forcegeneral, has described the continued ransacking of American companies as "the greatest transfer of wealth in history."
We are at war in the digital world. And yet, because this war lacks attention-grabbing explosions and body bags, the American people remain largely unaware of the danger. That needs to change. Only public attention can create the political momentum for needed reform.
There are a number of cyber-related legislative initiatives pending in Congress. One of the most promising is legislation in the House and Senate that would encourage companies to share information about cyberattacks with the government, so that national-security agencies can analyze the attacks and respond to them. The former 9/11 commissioners' recent report endorsed such legislation, and it is an important first step. Given the dimension of the problem, however, a larger-scale effort is needed to elevate public awareness and get out in front of this rapidly changing threat. Simply put, the country needs a national cyber strategy, covering all aspects of the problem. This could be accomplished by taking two essential steps.
First, Congress should pass legislation creating a National Cyber Commission. The commission should be empowered to evaluate the cyber threat to the U.S., both to the government and private entities. It should also assess the capabilities that national-security agencies and the private sector possess today, and measure those capabilities against what will be needed as the threat grows. The commission should conduct its work as transparently as possible and should deliver unclassified findings and recommendations to Congress and the American people. The commission should be nonpartisan and should include experts in technology, law and national security.
Second, Congress should create a National Cyber Center, which would bring together government and private experts to ensure unity of effort on this crosscutting problem. The National Counterterrorism Center, created 10 years ago in response to a 9/11 Commission recommendation, is working well. At the NCTC, counterterrorism experts from federal, state and local law-enforcement agencies sit side-by-side, share terrorism-threat information and coordinate responses. There is no counterpart to this proven model for information-sharing in the cyber realm—a major gap in America's cyber defenses.
In recent months, we have heard time and again from leading experts that the cyber threat is serious—and that the government is not doing enough. One lesson of the 9/11 story is that, as a nation, we didn't awaken to the gravity of the terrorist threat until it was too late. We must not repeat that mistake in the cyber realm.
Messrs. Kean and Hamilton served as chairman and vice chairman of the 9/11 Commission, respectively. They are co-chairmen of the Bipartisan Policy Center's Homeland Security Project.
Just revealed Yahoo faced big US fines over user data demands from NSA in 2008
Reply #311 on:
September 12, 2014, 03:19:34 AM »
Yahoo Faced Big U.S. Fines Over User Data
Government Wanted to Charge Internet Firm $250,000 a Day Fine If It Didn't Comply With NSA Request
By Danny Yadron
Updated Sept. 11, 2014 8:52 p.m. ET
The government wanted to charge Yahoo $250,000 a day if it didn't comply. Getty Images
A secret legal battle between the U.S. government and Yahoo Inc. YHOO +0.29% over requests for customer data became so acrimonious in 2008 that the government wanted to charge the Internet company $250,000 a day if it didn't comply.
Yahoo made the threat public Thursday after a special federal court unsealed 1,500 pages of legal documents from a once-classified court battle over the scope of National Security Agency surveillance programs. The documents shed new light on tensions between American technology companies and the intelligence community long before former NSA contractor Edward Snowden began leaking in 2013.
The requests, and the long battles that can follow at the Foreign Intelligence Surveillance Court, traditionally are secret. Until last summer, Yahoo wasn't allowed to say that it had challenged government surveillance efforts—even without adding any other details. Google Inc. GOOGL -0.39% and Microsoft Corp. MSFT +0.34% have also challenged government records requests in court.
"The issues at stake in this litigation are the most serious issues that this nation faces today—to what extent must the privacy rights guaranteed by the United States Constitution yield to protect our national security," Marc Zwillinger, an outside counsel for Yahoo wrote in a legal brief in May 2008.
Court documents don't reveal exactly what the government wanted from Yahoo. In one brief, Yahoo states the main issue of the case is whether the Constitution protects the communications of U.S. citizens or legal residents believed to be outside the U.S.
Even after the documents were unsealed, portions were redacted, including the number of requests the government made of Yahoo.
The bulk collection of Internet records from U.S. companies can lead to the collection of data on people in the U.S.
In its legal response, the Justice Department said the government "employs extensive procedures to ensure that the surveillance is appropriately targeted."
Beginning in November 2007, the government began requesting "warrantless surveillance" of certain Yahoo customers, according to court records. Yahoo objected and asked the surveillance court to block the government request. A judge refused, and threatened Yahoo with a fine. The Justice Department had asked for at least $250,000 a day, though the judge was less specific. Yahoo complied with the order in May 2008.
"We refused to comply with what we viewed as unconstitutional and overbroad surveillance and challenged the U.S. Government's authority," Ron Bell, Yahoo's general counsel, said in a written statement. "Our challenge, and a later appeal in the case, did not succeed."
The dispute revolved around the Protect America Act, a 2007 law that allowed the government to eavesdrop, without a warrant, on people believed to be connected to terrorist groups. The law expired in 2008, but was replaced by other laws that grant the government essentially the same powers.
In a joint blog post, the Justice Department and the Office of the Director of National intelligence said the court found that the government "has sufficient procedures in place to ensure that the Fourth Amendment rights of targeted U.S. persons are adequately protected" and that the requests were "reasonable."
The disclosure comes as some intelligence officials are pushing to declassify more of the legal reasoning for controversial surveillance programs. That doesn't mean the government has backed down in the use of such programs.
From January to June 2013, the most recent period for which Yahoo has released the data, the company previously said it fielded between zero and 999 foreign intelligence requests for user content covering between 30,000 and 30,999 accounts. It is unclear how many of those requests Yahoo fulfilled.
Yahoo and other tech firms have pushed to make public more information about government requests for user data.
Privacy advocates have long engaged in similar legal debates with the government. Until Mr. Snowden's leaks revealed details of government surveillance efforts, those debates were largely theoretical.
As Reggie Walton, an FISC judge, noted after his threat of a fine to Yahoo in 2008, "This order is sealed and shall not be disclosed by either party."
—Douglas MacMillan contributed to this article.
Please select a destination:
DBMA Martial Arts Forum
=> Martial Arts Topics
Politics, Religion, Science, Culture and Humanities
=> Politics & Religion
=> Science, Culture, & Humanities
=> Espanol Discussion
Powered by SMF 1.1.19
SMF © 2013, Simple Machines