Dog Brothers Public Forum
Return To Homepage
Welcome, Guest. Please login or register.
July 04, 2015, 03:38:26 AM

Login with username, password and session length
Search:     Advanced search
Welcome to the Dog Brothers Public Forum.
86829 Posts in 2278 Topics by 1069 Members
Latest Member: ctelerant
* Home Help Search Login Register
+  Dog Brothers Public Forum
|-+  Politics, Religion, Science, Culture and Humanities
| |-+  Politics & Religion
| | |-+  Cyberwar, Cyber Crime, and American Freedom
« previous next »
Pages: 1 ... 5 6 [7] Print
Author Topic: Cyberwar, Cyber Crime, and American Freedom  (Read 61114 times)
Crafty_Dog
Administrator
Power User
*****
Posts: 33614


« Reply #300 on: May 21, 2014, 10:26:27 PM »


Summary

Washington's decision to indict officers of China's People's Liberation Army over alleged state-sponsored industrial espionage marks an important change in Washington's relations with Beijing. The move highlights growing concerns over intellectual property rights and industrial spying, but it also shows the intensified attention being paid to the challenges that state-to-state competition in the cyber domain creates.

Indictments have real consequences. Washington did not place largely unenforceable sanctions on individuals or bring a lawsuit to an international body that would take years to resolve, and those indicted risk extradition if they travel to a country with extradition treaties with the United States. A step such as this is not frequently taken in minor diplomatic spats, particularly between such important countries.
Analysis

Washington has specifically accused the indicted officers of industrial espionage. The move follows warnings made by U.S. President Barack Obama during his State of the Union address regarding state-backed cyber-espionage and intellectual property theft. However, it speaks to a much deeper issue: the management of international relations in cyberspace, from espionage to sabotage to warfare. The discussion inside China already equates actions in cyberspace as potential weapons of mass destruction, on par with nuclear, biological and chemical weapons. There are concerns that hostile actors could use cyberspace to sabotage power grids; trigger industrial equipment to operate outside of its parameters and break down, perhaps catastrophically; or even trigger explosions or a meltdown at conventional and nuclear power plants.

In standard military action and in more traditional forms of espionage, there are commonly shared rules -- but no such standards govern cyber-espionage. Furthermore, it is difficult to distinguish between lone actors carrying out some form of protest or defacement, those engaged in commercial industrial espionage or state-led espionage and cyber activities that are directed toward a more concrete and sinister end, such as sabotage or the destruction of critical infrastructure. Cyberspace is not just a domain where information can be stolen -- it is a place where sabotage and disruption could be geared toward a strategic end.

This is a concern in the United States and in other countries, including China. Determining the perpetrator's identity and intent is next to impossible, and the initial actions of thrill-seeking hackers and strategic saboteurs are similar or even identical. This leaves little time to determine the most effective counter and how far to take it. In some ways, this is not entirely unique to the cyber domain -- debate persists over whether cyberspace really is its own domain as air, sea, land and space are. States often act through proxies to instigate or facilitate spying, infiltration, disruption and destruction. But the cyber domain has several unique characteristics, including the ability to work from a distance, to deploy large numbers of individuals on discreet missions, and the ability (at least in theory) to spy, destabilize and disable without physical risk to the operatives.

By offering the ability to operate from a distance, the cyber domain allows for a much greater use of human resources against a target that would not be vulnerable to traditional espionage techniques. Regimes and individuals have also always sought plausible deniability -- the ability to dissociate oneself from a hostile action -- and the cyber domain allows a deeper level of anonymity. This has altered the balance between risk and reward. In traditional espionage, the risk is always high, so the reward needs to be high as well. Cyber-espionage is low risk, so operatives can seek lower-level rewards, increasing the frequency of action and making the target set too broad to effectively defend. If states can increase the potential cost of action, the target set should shrink, thus enabling states to concentrate their resources to defend their most critical assets.
An Attempt to Set the Rules

By prosecuting a case that targets specific Chinese officials, the United States is trying to break the element of plausible deniability and increase the amount of risk involved in cyber-espionage. Washington is also removing the veil that covers government involvement in cyber-espionage, disruptions and sabotage. The Chinese have reacted sharply, declaring a cessation of talks with the United States on the management of cyberspace issues. And the United States clearly knew such a reaction was not just possible but likely. Yet Washington not only made the indictment but also warned that numerous others would follow.

In part this is about U.S. competitiveness, as statements attached to the indictments assert. But it may also be a way to force China into a more serious discussion of the rules of the cyber domain, or at least to lay out the rules the United States wants to impose. Until now, China has deflected criticism by claiming that since the United States has a Cyber Command and the Chinese do not, Washington is alone in owning state-sponsored cyberwarfare capabilities. Now that accusations and leaks from investigations are being backed up with prosecutorial evidence, that defense, from Washington's point of view, is tossed aside.

Beijing will probably issue a strong response. The Chinese government is likely to arrest or deport individuals it has identified as involved in espionage in China, or even those in the business sphere that fall within China's ambiguous regulations on corporate espionage. Beijing will probably also appeal to global public opinion by repeating information revealed in the Snowden leaks, distracting from the issue by shifting attention to U.S. cyber activities. But for the United States, this is more than just an attempt to briefly influence Chinese behavior. It is part of a broader reassessment of the strategic issues surrounding the question of cyber activities and of the general rules of conduct in the offense-defense balance, and it is an effort to find ways to avoid significant strategic miscalculations.

Read more: Washington Shows It Is Serious About Cyber-Espionage | Stratfor
Follow us: @stratfor on Twitter | Stratfor on Facebook
Logged
Crafty_Dog
Administrator
Power User
*****
Posts: 33614


« Reply #301 on: May 24, 2014, 09:08:52 AM »

I must say I am intrigued , , ,

==============================

The U.S. plans to "keep up the pressure" on China as it gauges that nation's response to this week's indictment of five Chinese military officials for allegedly hacking into American corporate computers, a senior administration official said Friday.   If China doesn't begin to acknowledge and curb its corporate cyberespionage, the U.S. plans to start selecting from a range of retaliatory options, other officials said. They include releasing additional evidence about how the hackers allegedly conducted their operations, and imposing visa, business and financial restrictions on those indicted or people or organizations associated with them.  Beyond that, some officials are advocating more stealthy moves. These could include the government working with a U.S. company that has been breached to feed hackers bad data, said one person familiar with the discussions.

U.S. Attorney General Eric Holder announced the charges Monday, alleging the five men hacked into five U.S. companies, including Alcoa Inc. AA +2.19% and U.S. Steel Corp. X +0.96% , as well as the United Steelworkers union, to take sensitive information. U.S. officials said they expected the Chinese would strike back.


But so far, China's response has been fairly restrained: denying the accusations, canceling the nation's participation in cybersecurity talks and signaling that U.S. technology companies may face greater scrutiny in trying to do business in China.  A senior administration official said the Chinese response is as expected, and the U.S. will tie any retaliation to Beijing's longer-term reaction.

"It has to be calibrated some to what the Chinese government chooses to do," the senior administration official said. "This is a long-term process."

U.S. officials expect it will take a few more weeks to discern the true Chinese response.

"If the Chinese don't re-engage, they [U.S. officials] have more things in their bag of tricks," said James Lewis, a cybersecurity specialist at the Center for Strategic and International Studies who frequently consults with the Obama administration.

Chinese officials in Washington didn't immediately respond to a request for comment.

The indictment in federal court in Pittsburgh is part of a much broader strategy to counter a growing cyber assault against the U.S. government and companies, which intelligence officials have said tops their list of national security threats.  The indictment seems to be in direct response to a challenge Chinese officials issued more than a year ago, when U.S. officials launched a public shaming campaign to try to press China to stop hacking U.S. companies. Chinese officials called on the Americans to put forward the kind of evidence that would hold up in court.

Monday's indictment, in effect, is aimed at providing a foundation on which the U.S. government could build an array of punishments. It sets out evidence in detail—naming alleged actors and affected U.S. companies and organizations—that could be used to support additional penalties.

"Criminal charges can justify economic sanctions from our colleagues in the Treasury Department, sanctions that prevent criminals from engaging in financial transactions with U.S. entities and deny access to the U.S. financial system,'' said John Carlin, the head of the Justice Department's national security division, in a speech Wednesday at the Brookings Institution think tank. "They can facilitate diplomacy by the State Department."

On the prosecutorial side, follow-on steps may include releasing more evidence about the hacking cases, or filing new charges in other hacking cases in which investigators have collected a critical mass of evidence, officials say.  Officials were mum on the nature of the additional evidence. But a person familiar with U.S. probes into Chinese hacking said investigators often collect video evidence of hackers.

"Some of these actors are not real good about turning off the Skype camera on their machines while they are working," this person said.

A more controversial response advocated by some Federal Bureau of Investigation officials is to work with companies under cyber siege to feed bad information to hackers, said a person familiar with the discussions. The goal would be to cast doubt on the quality of the data being stolen, and in addition raise questions about information taken from other companies.

If executed as a counter-spying campaign, advocates of the approach say it would force Chinese officials to spend much time trying to separate bad information from good and lead them to centralize their diffuse operations, which could slow the pace of their cyberspying.

The idea is "getting a lot of traction, both on the commercial and government sides," said the person familiar with the discussions. "The dilemma has always been finding companies willing to cooperate."

Another option government officials are considering is putting individuals or organizations linked to hacking, such as Chinese universities or government contractors, on Department of Commerce lists of "parties of concern." People or entities on the lists are essentially red-flagged by the U.S. government and can't trade with Americans or conduct financial transactions in the U.S. The move also could bar faculty or graduate students at listed universities from fellowships or conferences in the U.S.

In the past, it has been difficult to use the lists in hacking cases, because evidence pointing to specific responsible entities was limited. Monday's cases now provide that kind of evidence.  Government officials are also weighing actions at the Treasury Department, such freezing assets or imposing individual sanctions, according to two people familiar with the discussions.  Those penalties could take a form similar to those levied against Russian business people in the wake of Russia's annexation of Crimea.

Officials in addition are assessing whether and how they might impose visa restrictions to prevent Chinese hackers from attending popular hacker conferences in the U.S., such as the annual Defcon conference in Las Vegas.  Another option under consideration is whether to take action at the World Trade Organization.  Monday's indictment focuses on trade-secret theft, and some U.S. officials believe they can make the case that Chinese hacking represents intellectual-property theft in violation of the WTO's trade-related aspects of intellectual-property rights.

U.S. officials also are looking to allies to both endorse the U.S. cases outlined Monday and take action of their own. Investigations "can lead other governments to take action, even when the United States doesn't end up doing so," Mr. Carlin noted.
Logged
Crafty_Dog
Administrator
Power User
*****
Posts: 33614


« Reply #302 on: June 01, 2014, 09:54:51 AM »



http://betabeat.com/2014/05/next-gen-warfare-hackers-not-the-government-will-fight-our-next-big-war/
Logged
G M
Power User
***
Posts: 12508


« Reply #303 on: July 07, 2014, 12:29:05 PM »

http://www.dailymail.co.uk/sciencetech/article-2675798/Hundreds-European-US-energy-firms-hit-Russian-Energetic-Bear-virus-let-hackers-control-power-plants.html
Logged
G M
Power User
***
Posts: 12508


« Reply #304 on: July 10, 2014, 08:50:31 AM »

http://www.khou.com/news/national/266552361.html
Logged
Crafty_Dog
Administrator
Power User
*****
Posts: 33614


« Reply #305 on: August 12, 2014, 01:35:16 AM »



Open Question: How would you repurpose a Spam Bot for info warfare?
Posted: 11 Aug 2014 11:06 AM PDT
My last post on spam bots openned up an interesting question:  how would you repurpose them for info warfare?
Spam bots can interact with us via:
   e-mail,
   phonecalls, and
   text messages.
Add your ideas to the discussion below. 
 

The IRS Bot Scam from Pakistan
Posted: 11 Aug 2014 07:32 AM PDT
I just got a call from the IRS bot today.  It threatened me in a computerized voice with an audit and prompted me to call it back to take with an agent. 
Of course, the call I got wasn't the IRS.  The IRS doesn't initiate an audit that way (it mails you). 
It was from scam bot from Pakistan.
In this case, the bot used an Internet connection to the US to dial my number.  That provided it with the number of 1-202-241-0331 which resolved to an official looking caller ID for the "District of Columbia".
If you haven't noticed already, most of the calls we get on our phones now are spam.   Why?
   Mismanaged phone companies.  The idiots running the phone companies look the other way when it comes to phone scams because of the $ they pump into the system.  Apparently, being a regulated monopoly wasn't enough.
   Backward technology.  The phone companies don't use Baysean spam filters and customer ratings/feedback to weed out phone scammers like g-mail etc. do.  This specific scam has been using this number for weeks without any action being taken to block it.
   A broken law enforcement/national security system.  Our security system now treats us as the criminals which is why IRS scams are a multi-billion dollar business every year.  Worse, it completely ignores a constant onslaught of frauds and scams that damage us, from Wall Street's multi-trillion dollar "too big to prosecute" frauds to daily telephone/e-mail bot hacks like this one.
Why is this important?
What's interesting to me is how easily this type of bot attack can be adopted by global guerrillas for large scale and very effective attacks on the US. 
I'll have more detail on this in my upcoming e-booklet: iWar. 
Hopefully, I'll get it up on Amazon/etc. this week.
 
 
 

Logged
G M
Power User
***
Posts: 12508


« Reply #306 on: August 26, 2014, 09:32:07 AM »

http://spectrum.ieee.org/aerospace/military/electromagnetic-warfare-is-here
Logged
Crafty_Dog
Administrator
Power User
*****
Posts: 33614


« Reply #307 on: August 26, 2014, 11:29:18 AM »

 shocked shocked shocked shocked shocked shocked shocked shocked shocked
Logged
G M
Power User
***
Posts: 12508


« Reply #308 on: September 03, 2014, 02:29:55 AM »

http://www.popsci.com/article/technology/mysterious-phony-cell-towers-could-be-intercepting-your-calls
Logged
Crafty_Dog
Administrator
Power User
*****
Posts: 33614


« Reply #309 on: September 03, 2014, 07:51:29 AM »

 shocked shocked shocked  What is our take on the implications there?
« Last Edit: September 03, 2014, 07:54:46 AM by Crafty_Dog » Logged
Crafty_Dog
Administrator
Power User
*****
Posts: 33614


« Reply #310 on: September 11, 2014, 01:58:01 PM »

A New Threat Grows Amid Shades of 9/11
The nation remains largely unaware of the potential for disaster from cyberattacks.
By Tom Kean and Lee Hamilton
Sept. 10, 2014 7:03 p.m. ET

Ten years ago, the 9/11 Commission Report triggered the most significant reorganization of the U.S. intelligence community since 1947. Two months ago, the former members of the commission—we are among them—issued a new report assessing where national security stands, 13 years after the most devastating attacks on America's homeland.

Most of the new report's observations focused on counterterrorism, the central focus of the 9/11 Commission. But in speaking with many of the nation's most senior national-security leaders, we were struck that every one of these experts expressed concern about another issue: daily cyberattacks against the country's most sensitive public and private computer networks.

A growing chorus of national-security experts describes the cyber realm as the battlefield of the future. American life is becoming evermore dependent on the Internet. At the same time, government and private computer networks in the U.S. are under relentless cyberattack. This is more than an academic concern—attacks in the digital world can inflict serious damage in the physical world. Hackers can threaten the control systems of critical facilities like dams, water-treatment plants and the power grid. A hacker able to remotely control a dam, pumping station or oil pipeline could unleash large-scale devastation. As terrorist organizations such as the Islamic State grow and become more sophisticated, the threat of cyberattack increases as well.
Enlarge Image

Getty Images

On a smaller scale, but equally unsettling, ordinary building systems like electronic door locks, elevators and video-surveillance cameras (today, present in many homes) are also vulnerable to penetration by hackers. Even life-sustaining medical devices, many of which contain embedded computer systems connected to the Internet, could be disabled by cyberattacks.

Others steal Americans' sensitive personal information and sell it to organized crime rings. The theft of credit- and debit-card numbers from tens of millions of Target customers last year is the most prominent example, but this happens every day. Home Depot HD -0.25% confirmed on Monday that it had been hit by a massive data breach.

Meanwhile, state-sponsored cyber intruders have stolen the plans to top-secret U.S. weapons systems, reducing America's technological advantage and putting military personnel and the homeland at risk. For example, Chinese hackers have used cyber infiltration to gain access to plans for the F-35 Joint Strike Fighter, the Global Hawk surveillance drone and other advanced systems. State-sponsored hackers have also made off with reams of American companies' intellectual property—business secrets worth hundreds of billions of dollars. Keith Alexander, the former National Security Agency director and retired Air Forcegeneral, has described the continued ransacking of American companies as "the greatest transfer of wealth in history."

We are at war in the digital world. And yet, because this war lacks attention-grabbing explosions and body bags, the American people remain largely unaware of the danger. That needs to change. Only public attention can create the political momentum for needed reform.

There are a number of cyber-related legislative initiatives pending in Congress. One of the most promising is legislation in the House and Senate that would encourage companies to share information about cyberattacks with the government, so that national-security agencies can analyze the attacks and respond to them. The former 9/11 commissioners' recent report endorsed such legislation, and it is an important first step. Given the dimension of the problem, however, a larger-scale effort is needed to elevate public awareness and get out in front of this rapidly changing threat. Simply put, the country needs a national cyber strategy, covering all aspects of the problem. This could be accomplished by taking two essential steps.

First, Congress should pass legislation creating a National Cyber Commission. The commission should be empowered to evaluate the cyber threat to the U.S., both to the government and private entities. It should also assess the capabilities that national-security agencies and the private sector possess today, and measure those capabilities against what will be needed as the threat grows. The commission should conduct its work as transparently as possible and should deliver unclassified findings and recommendations to Congress and the American people. The commission should be nonpartisan and should include experts in technology, law and national security.

Second, Congress should create a National Cyber Center, which would bring together government and private experts to ensure unity of effort on this crosscutting problem. The National Counterterrorism Center, created 10 years ago in response to a 9/11 Commission recommendation, is working well. At the NCTC, counterterrorism experts from federal, state and local law-enforcement agencies sit side-by-side, share terrorism-threat information and coordinate responses. There is no counterpart to this proven model for information-sharing in the cyber realm—a major gap in America's cyber defenses.

In recent months, we have heard time and again from leading experts that the cyber threat is serious—and that the government is not doing enough. One lesson of the 9/11 story is that, as a nation, we didn't awaken to the gravity of the terrorist threat until it was too late. We must not repeat that mistake in the cyber realm.

Messrs. Kean and Hamilton served as chairman and vice chairman of the 9/11 Commission, respectively. They are co-chairmen of the Bipartisan Policy Center's Homeland Security Project.
Logged
Crafty_Dog
Administrator
Power User
*****
Posts: 33614


« Reply #311 on: September 12, 2014, 03:19:34 AM »

Yahoo Faced Big U.S. Fines Over User Data
Government Wanted to Charge Internet Firm $250,000 a Day Fine If It Didn't Comply With NSA Request
By Danny Yadron
WSJ
Updated Sept. 11, 2014 8:52 p.m. ET

The government wanted to charge Yahoo $250,000 a day if it didn't comply. Getty Images

A secret legal battle between the U.S. government and Yahoo Inc. YHOO +0.29% over requests for customer data became so acrimonious in 2008 that the government wanted to charge the Internet company $250,000 a day if it didn't comply.

Yahoo made the threat public Thursday after a special federal court unsealed 1,500 pages of legal documents from a once-classified court battle over the scope of National Security Agency surveillance programs. The documents shed new light on tensions between American technology companies and the intelligence community long before former NSA contractor Edward Snowden began leaking in 2013.

The requests, and the long battles that can follow at the Foreign Intelligence Surveillance Court, traditionally are secret. Until last summer, Yahoo wasn't allowed to say that it had challenged government surveillance efforts—even without adding any other details. Google Inc. GOOGL -0.39% and Microsoft Corp. MSFT +0.34% have also challenged government records requests in court.

"The issues at stake in this litigation are the most serious issues that this nation faces today—to what extent must the privacy rights guaranteed by the United States Constitution yield to protect our national security," Marc Zwillinger, an outside counsel for Yahoo wrote in a legal brief in May 2008.

Court documents don't reveal exactly what the government wanted from Yahoo. In one brief, Yahoo states the main issue of the case is whether the Constitution protects the communications of U.S. citizens or legal residents believed to be outside the U.S.

Even after the documents were unsealed, portions were redacted, including the number of requests the government made of Yahoo.

The bulk collection of Internet records from U.S. companies can lead to the collection of data on people in the U.S.

In its legal response, the Justice Department said the government "employs extensive procedures to ensure that the surveillance is appropriately targeted."

Beginning in November 2007, the government began requesting "warrantless surveillance" of certain Yahoo customers, according to court records. Yahoo objected and asked the surveillance court to block the government request. A judge refused, and threatened Yahoo with a fine. The Justice Department had asked for at least $250,000 a day, though the judge was less specific. Yahoo complied with the order in May 2008.

"We refused to comply with what we viewed as unconstitutional and overbroad surveillance and challenged the U.S. Government's authority," Ron Bell, Yahoo's general counsel, said in a written statement. "Our challenge, and a later appeal in the case, did not succeed."

The dispute revolved around the Protect America Act, a 2007 law that allowed the government to eavesdrop, without a warrant, on people believed to be connected to terrorist groups. The law expired in 2008, but was replaced by other laws that grant the government essentially the same powers.

In a joint blog post, the Justice Department and the Office of the Director of National intelligence said the court found that the government "has sufficient procedures in place to ensure that the Fourth Amendment rights of targeted U.S. persons are adequately protected" and that the requests were "reasonable."

The disclosure comes as some intelligence officials are pushing to declassify more of the legal reasoning for controversial surveillance programs. That doesn't mean the government has backed down in the use of such programs.

From January to June 2013, the most recent period for which Yahoo has released the data, the company previously said it fielded between zero and 999 foreign intelligence requests for user content covering between 30,000 and 30,999 accounts. It is unclear how many of those requests Yahoo fulfilled.

Yahoo and other tech firms have pushed to make public more information about government requests for user data.

Privacy advocates have long engaged in similar legal debates with the government. Until Mr. Snowden's leaks revealed details of government surveillance efforts, those debates were largely theoretical.

As Reggie Walton, an FISC judge, noted after his threat of a fine to Yahoo in 2008, "This order is sealed and shall not be disclosed by either party."

—Douglas MacMillan contributed to this article.
Logged
G M
Power User
***
Posts: 12508


« Reply #312 on: September 17, 2014, 05:25:02 PM »

http://www.popsci.com/article/gadgets/who-running-phony-cell-phone-towers-around-country?dom=PSC&loc=slider&lnk=1&con=who-is-running-phony-cell-phone-towers-around-the-country
Logged
Crafty_Dog
Administrator
Power User
*****
Posts: 33614


« Reply #313 on: September 17, 2014, 05:29:03 PM »

 shocked shocked shocked angry angry angry

May I ask you to post this on the Privacy thread as well?  TIA.
Logged
G M
Power User
***
Posts: 12508


« Reply #314 on: September 24, 2014, 03:28:58 AM »

http://www.dailymail.co.uk/news/article-2763664/How-home-hackers-spy-children-YOUR-webcam-The-shocking-evidence-shows-private-lives-snooped-streamed-live-web.html
Logged
Crafty_Dog
Administrator
Power User
*****
Posts: 33614


« Reply #315 on: October 08, 2014, 02:17:14 PM »



http://dealbook.nytimes.com/2014/10/08/cyberattack-on-jpmorgan-raises-alarms-at-white-house-and-on-wall-street/?emc=edit_na_20141008&nlid=49641193

A lot of military capabilities become Maginot Lines in such a world , , ,
Logged
Crafty_Dog
Administrator
Power User
*****
Posts: 33614


« Reply #316 on: December 20, 2014, 03:11:28 PM »

U.S. Asks China to Help Rein In Hackers From North Korea
The Obama administration has sought China’s help in recent days in blocking North Korea’s ability to launch cyberattacks, the first steps toward the “proportional response” President Obama vowed to make the North pay for the assault on Sony Pictures — and as part of a campaign to issue a broader warning against future hacking, according to senior administration officials.
“What we are looking for is a blocking action, something that would cripple their efforts to carry out attacks,” one official said.
So far, the Chinese have not responded. Their cooperation would be critical, since virtually all of North Korea’s telecommunications run through Chinese-operated networks.
It is unclear that China would choose to help, given tensions over computer security between Washington and Beijing since the Justice Department in May indicted five hackers working for the Chinese military on charges of stealing sensitive information from American companies.
READ MORE »
http://www.nytimes.com/2014/12/21/world/asia/us-asks-china-to-help-rein-in-korean-hackers.html?emc=edit_na_20141220


Logged
G M
Power User
***
Posts: 12508


« Reply #317 on: December 20, 2014, 03:34:34 PM »

Pathetic.


U.S. Asks China to Help Rein In Hackers From North Korea
The Obama administration has sought China’s help in recent days in blocking North Korea’s ability to launch cyberattacks, the first steps toward the “proportional response” President Obama vowed to make the North pay for the assault on Sony Pictures — and as part of a campaign to issue a broader warning against future hacking, according to senior administration officials.
“What we are looking for is a blocking action, something that would cripple their efforts to carry out attacks,” one official said.
So far, the Chinese have not responded. Their cooperation would be critical, since virtually all of North Korea’s telecommunications run through Chinese-operated networks.
It is unclear that China would choose to help, given tensions over computer security between Washington and Beijing since the Justice Department in May indicted five hackers working for the Chinese military on charges of stealing sensitive information from American companies.
READ MORE »
http://www.nytimes.com/2014/12/21/world/asia/us-asks-china-to-help-rein-in-korean-hackers.html?emc=edit_na_20141220



Logged
Crafty_Dog
Administrator
Power User
*****
Posts: 33614


« Reply #318 on: December 20, 2014, 06:29:15 PM »

The Chinese fly the stealth plane with the tech they stole from us while either Obama or Hegel was in town-- bitch slap!  And now we ask them for help with the norks?

Look out!  They've crossed the red line and now temblingly await our proportional response , , ,

 cry cry cry
Logged
G M
Power User
***
Posts: 12508


« Reply #319 on: December 21, 2014, 09:47:45 AM »

When the Chinese are openly mocking your impotence, you know you are fcuked.
Logged
Crafty_Dog
Administrator
Power User
*****
Posts: 33614


« Reply #320 on: January 06, 2015, 11:27:00 AM »

Cyberdefense Is a Government Responsibility
The Navy fought Barbary pirates to protect U.S. commerce. Digital pirates have much less to fear.
By
Alan Charles Raul
Jan. 5, 2015 7:09 p.m. ET


In 1794 when the commerce of the United States was threatened by “the depradations” of the Barbary pirates, Congress created a Navy. And it sent the Marines to fight our country’s battles on “the Shores of Tripoli.” Today U.S. commerce is threatened by digital Barbary pirates.

The most sophisticated companies with every incentive to protect their crown jewels—intellectual property, confidential business information or customer records—are being ransacked and held hostage by cyberterrorists, state-sponsored hackers and highly effective organized cybercriminals. No corporation today is immune or can realistically believe itself adequately protected.

The government’s response, hobbled by a misguided view as to who is responsible for protecting U.S. commercial interests and how, is not up to 1794 standards. Regulatory agencies including the Federal Trade Commission, the Securities and Exchange Commission and state attorneys general think that investigating the corporate victims of cyberattacks for putative violations of consumer and investor protection laws is the best way to shore up the economy’s cyberdefenses. There is little evidence this approach is effective.

While every enterprise can do better, the big banks, big retailers and big media companies whose hacks make the front pages are not being penetrated because they’ve skimped on security out of sloth, stupidity or greed. There is very little these companies could reasonably have done to detect or prevent some of these attacks, as the FBI and the Secret Service have acknowledged. Any more so, in fact, than the White House, Air Force, Postal Service, Commerce and State Departments, FTC, or countless other federal hacking victims, could guarantee their own cybersecurity.

The current blame-the-corporate-victim mentality relieves the government of any responsibility. Instead, Congress and the executive branch must recognize that the battle for cyberspace must be waged by latter day cyber Marines, and cyberdiplomats who can more effectively defend U.S. commerce.

Currently the federal government has a network-inspection tool, called EINSTEIN, to protect certain federal communications. If EINSTEIN is in fact working, the government should make it available more broadly. New technologies also need to be developed and deployed, and the government should make the investments in the necessary research as well as in so-called “active” defense and intelligence measures designed to protect private networks before they are successfully compromised. This means aggressively tracking, tracing, deceiving, disrupting and punishing the cyber bad guys and their state-sponsors or protectors.

Any such aggressive program will provoke legitimate privacy concerns about government surveillance, just as airport screening, NSA programs and other antiterrorism measures have done. To address this, Congress should expand the mandate of the Privacy and Civil Liberties Oversight Board, a federal agency, to cover cybermeasures in addition to the board’s current focus on government activities to combat terrorism.

The president should also designate a senior policy official to manage the relevant privacy concerns and ensure that the government’s new cyberdefense force focuses strictly on the technical side of the computer networks, and not on the private contents of any communications. This will entail difficult judgment calls and intense oversight. But ferreting out and destroying malicious computer code is not inherently privacy invasive, whereas malware that exfiltrates our personal-account information and private emails certainly is.

To take on this responsibility, Congress and the president need to do more than merely offer “real time” “information sharing” that fosters “public-private partnerships.” These half measures have been the focus of recent cybersecurity legislation and administration policy, but they are not nearly sufficient. “Tougher” regulatory standards for the private sector are also not the answer.

President Obama has said that cyberattacks are “one of the most serious challenges we face as a nation,” and “America’s economic prosperity in the 21st century will depend on cybersecurity.” Thus Congress and the president must immediately order the Department of Homeland Security, FBI and Secret Service—and the State Department—to protect American commerce from attacks, as the Navy and Marines protected U.S. maritime trade off the coast of Tripoli 200 years ago. And the public needs to hold our national leaders accountable to fight and win this battle.

Mr. Raul is a partner in the law firm Sidley Austin LLP. He previously served as vice chairman of the Privacy and Civil Liberties Oversight Board, a federal agency established by Congress after 9/11.
Logged
Crafty_Dog
Administrator
Power User
*****
Posts: 33614


« Reply #321 on: January 12, 2015, 12:52:05 PM »

http://www.washingtontimes.com/news/2015/jan/12/us-central-command-twitter-account-hacked/
Logged
Crafty_Dog
Administrator
Power User
*****
Posts: 33614


« Reply #322 on: January 15, 2015, 11:57:32 AM »


https://www.youtube.com/watch?v=7_OcyWcNi_Y
« Last Edit: January 15, 2015, 11:59:03 AM by Crafty_Dog » Logged
Crafty_Dog
Administrator
Power User
*****
Posts: 33614


« Reply #323 on: January 25, 2015, 09:59:31 PM »

http://freebeacon.com/national-security/nsa-details-chinese-cyber-theft-of-f-35-military-secrets/
Logged
Crafty_Dog
Administrator
Power User
*****
Posts: 33614


« Reply #324 on: January 26, 2015, 11:05:55 AM »

JOURNAL: Attack leaves 140 million people w/o power in Pakistan.
Posted: 25 Jan 2015 01:32 PM PST
 
Militants toppled two transmission pylons causes a cascade of failure that plunged most of Pakistan (140 out 190 m people) into a blackout.  Here's some insight into this:
   Apparently, the attackers found a systempunkt.  A systempunkt is the node in any network (physical or social) where it is the most vulnerable.  An attack on a systempunkt can generate cascades of failure that take down the entire network. Its possible, although unlikely, the attackers knew this was the network's systempunkt when they destroyed it.
   The success of this attack was largely due to the strain on Pakistan's grid.  Pakistan's demand for electricity stands an estimate 14,000 MW, but it only produces 7,000 MW due to gross mismanagement, high debt, theft, fuel shortages, regulatory failure, etc.  You name it.  This shortfall has led to load shedding of up to ~15 hours a day already.  As we know, when a complex network is operating at or near its capacity, it is many times more vulnerable to collapse and thereby much easier to attack. 
   This attack will prompt more attacks on the grid as other groups attempt to replicate the success it had. The reason is that militant groups in Pakistan (and across the world) use open source development to improve themselves.  When an attack this simple and inexpensive yields outsized results, other groups will copy it in an attempt to do the same. 
Attacks like these can be very damaging.  How so?  People don't blame the attackers for blackouts.  They blame the government.  In fact, the inability of a government to deliver the basics of energy and fuel is more damaging to its legitimacy than problems with security (it routinely led the list of reasons Iraqis were angry at the government).
JR
PS:  It's easy to find systempunkts like this in the KSA as well as the USA.
Logged
Crafty_Dog
Administrator
Power User
*****
Posts: 33614


« Reply #325 on: February 02, 2015, 01:53:40 AM »

A US Phone Systempunkt
Posted: 01 Feb 2015 12:28 PM PST
Here's an interesting US systempunkt -- a systempunkt is the point in a big network where even a small attack would cause the entire network to fail. This systempunkt would enable a prepared individual the unique ability to shut down a large part of the US without shedding a drop of blood. For example, this attack has the ability to:
   Put any company into a complete panic in less than an hour.
   Generates hundreds of false arrests and armed police searches -- all done with a high risk of fatal injury.
   It even has the ability (with some careful planning) to shut down all US schools (k-12 and colleges), hundreds of airline flights, and many government offices for a couple of days.
Auto-dialing Panic
How is an attack like this possible?   It's possible due to a flaw in the US communications system (due to corporate corruption), new tech (not really new, but cheaper and more ubiquitous), and an overly sensitized population.  These combine to make it possible for anyone to send threats and other misleading messages to thousands of specific people and organizations in a very short period of time, and in a way that minimizes capture.  Here's more detail:
1.   Robocalls with voice threats/misinformation.  The attacker uses phone based marketing software to auto-dial hundreds of target numbers to deliver threatening and misleading audio messages (bomb threat, impending attack, shots fired, armed intruder seen).  NOTE: This software is highly configurable so specific voice messages (human voice) can be delivered to specific numbers.  Also, since it costs almost nothing to make these calls (rates and software cost) and this software can deliver messages (hundreds per phone per hour), it's possible to tackle targets of nearly any scale.
2.   Economic Corruption (amoral companies).  Fortunately for the attacker, there's no system in place to stop this from happening.  The phone system is completely open to short term manipulation. NOTE:  We see this every day.  Most US households (particularly elderly households) get slammed with a half dozen robocalls (many of them are dangerous scams from abroad that attempt to defraud them of every penny they have) every single day.  Despite the damage this does, the US phone monopolies won't do anything about it.  Worse, the system is so badly managed, it's even possible for robocalling software to manipulate the "caller ID."  This makes it possible for attackers to spoof targets with fake "Police Department" to "local" caller IDs.
3.   Extreme reactions.  Based on a phone threat alone, nearly all US schools and all government offices will evacuate and send home their personnel.  Further, the ability to configure threats to specific locations and attach fake caller IDs provides the ability amplify and extend the duration of these evacuations and armed responses.
What does this mean?
Warfare is in transition.  New tech and new threats are emerging every day.  In many cases, simply doing the right thing (in this case, protecting US households from phone scams/spam), can blunt the effectiveness of the attack.  In others, it takes an understanding of where modern warfare is going (not where it has been) in order to anticipate these threats and tweak the system in ways that blunts their potential for damage. 
Unfortunately, I don't see this happening.  The governmental and economic system we have isn't that good at doing the right thing.  Worse, the security system we pay so much for, is only good at stopping the repetition of the types of attack that have already happened, not the attack that will happen.  Why?  Our national security system is simply unwilling to study warfare seriously. 
 
PS:  Robocalling software is very easy to acquire and run now.  There are even smartphone apps that can do this on stolen phones.
Logged
G M
Power User
***
Posts: 12508


« Reply #326 on: February 02, 2015, 11:26:55 AM »

I'm not seeing this as a serious threat. A minor disruption at most.
Logged
Crafty_Dog
Administrator
Power User
*****
Posts: 33614


« Reply #327 on: February 07, 2015, 03:11:50 PM »



http://www.bloomberg.com/news/articles/2015-02-05/signs-of-china-sponsored-hackers-seen-in-anthem-attack
Logged
Crafty_Dog
Administrator
Power User
*****
Posts: 33614


« Reply #328 on: February 09, 2015, 02:24:09 PM »

http://www.cbsnews.com/news/darpa-dan-kaufman-internet-security-60-minutes/
Logged
Crafty_Dog
Administrator
Power User
*****
Posts: 33614


« Reply #329 on: April 05, 2015, 09:09:45 PM »

https://m.whitehouse.gov/blog/2015/04/01/our-latest-tool-combat-cyber-attacks-what-you-need-know
Logged
Crafty_Dog
Administrator
Power User
*****
Posts: 33614


« Reply #330 on: April 08, 2015, 11:04:43 AM »

Investor’s Business Daily published a long article on Tuesday night, collecting the opinions of current and former intelligence officials about the national security threat posed by Hillary Clinton’s private email server.

It feels like a floodgate bursting open.  These experts are absolutely beside themselves over Clinton’s irresponsible conduct as Secretary of State.  Former NSA officer John Schindler called it “a counterintelligence disaster of truly epic proportions.”

“She may have deleted 30,000 emails before turning her files over to the State Department,” observed former U.S. National Counterintelligence Executive Michelle Van Cleave, “but that doesn’t mean that the Russians and the Chinese don’t have them.”

Ever since Clinton began destroying subpoenaed evidence and refusing to hand her server over for analysis, it’s been a running joke among Internet wags that if Congress wants to see her email, they should ask the Russians and Chinese for copies.

But that’s not really a joke.  The intelligence community has to assume, based on the weak security of Clinton’s secret server — slipshod even by private corporate standards — that every piece of sensitive information she ever handled has been compromised.  Her server was called “clintonemail.com” — it was easy to find.  Her email was completely unencrypted for three months after she became Secretary of State.

“It’s a disaster for U.S. policy.  It’s a huge boon for the former KGB and the Iranians,” said a veteran intelligence officer who spoke to IBD anonymously.  The officer found Clinton’s claims that she never handled classified information through her private server laughable — “how the hell could she do her job without it?”

Also, as Schindler pointed out to IBD, we have to assume there was “bleed-over” into her private email as well, since we’ve discovered instances of Clinton mistakenly replying to official messages as if they were personal correspondence.

The IBD piece was most likely put together before news broke about Russian hackers penetrating White House systems; one suspects these intelligence experts are even more apprehensive about the risks Clinton took in light of those developments.  There is some discussion in the Investors’ Business Daily piece about how foreign spies might have used Clinton’s vulnerable server as a launching pad for attacks on other government systems.  The sort of “spear phishing” attack used to get into the White House system would be especially potent if malware-laced emails were ostensibly coming from the Secretary of State.

“It would be possible for a hostile service to use the server as a platform to deliver other malware to other targets of their choosing, based on their knowledge of whom the former secretary and president were communicating with,” said Paul Joyal, the former director of security for the Senate Select Committee on Intelligence.

A senior former Defense Department official seconded that notion: “If they’re getting into her server, they’re not just extracting stuff.  They’re going to do things that could be planted from other sources.”

Most of these experts called for the sort of extensive independent analysis of her server that Clinton has adamantly refused to allow — in fact, she’s still tampering with the machine, as it became known last week that she deleted everything she didn’t decide to turn over to the State Department.  Given her manipulation of the data, it might already be impossible to learn everything counterintelligence experts need to assess the possible penetration of the system.  (You can bet she did a lot more to destroy the emails she doesn’t want security experts, Congress, or the American people to see than merely click the “Delete” buttons in her email program.)

“Why Clinton hasn’t offered to turn over the server to the FBI, or why the FBI has not seized it to assess the damage to national security, is unclear,” IBD writes.

Is it?  There are a lot of questions swirling around this debacle, including the extent to which Hillary Clinton jeopardized national security, but her motivation really isn’t one of them.  There’s nothing mysterious or unprecedented about the Obama Administration’s belief that Democrat royalty is above the law, either.  Did anyone seriously expect agents of this politicized Justice Department to raid Hillary’s mansion in Chappaqua and seize that computer?
Logged
Crafty_Dog
Administrator
Power User
*****
Posts: 33614


« Reply #331 on: April 08, 2015, 12:20:54 PM »

A more complete version

http://news.investors.com/politics/040715-746883-hillary-clinton-email-server-vulnerable-to-china-russia-iran.htm?p=full

Hillary Clinton's private email server was a spy magnet for the Russian, Chinese, Iranian and other intelligence services, say current and former intelligence officials.
As secretary of state, Clinton routed all her government-related email through the server, based in her house in Chappaqua, New York. She reportedly hired a Cablevision (NYSE:CVC) subsidiary to run the server, with antivirus protection from Intel's (NASDAQ:INTC) McAfee. And she registered her domain name, clintonmail.com, through Network Solutions.

Intelligence professionals fear that the use of the privately installed server, free of certified government defenses against foreign interception, has been a boon to foreign cyberspies.
"By using her own private server with email — which we now know was wholly unencrypted for the first three months of Hillary Clinton's tenure as secretary of state — she left this easily interceptable by any decent 21st century SIGINT service," said John Schindler, a former National Security Agency counterintelligence officer. SIGINT is shorthand for signals intelligence, or electronic spying.
"The name Clinton right on the email handle meant this was not a difficult find," Schindler said. "We should assume Russians, Chinese and others were seeing this."

'Epic' Counterintelligence Disaster
"In all, this is a counterintelligence disaster of truly epic proportions, not to mention that, since Clinton admitted she did not use higher-classification email systems at all" — systems like SIPR and JWICS, Schindler said — "we have to assume some bleed-over into her unsecured private email too, which makes this even worse."
SIPR is the Secret Internet Protocol Router network that the Department of Defense runs to ensure secret communications for the U.S. military, other agencies and certain allies. JWICS is the Joint Worldwide Intelligence Communications System for top-secret government communication. Both provide secure communications for the State Department and secretary of state. Clinton's private server was not protected by the Department of Homeland Security's Einstein intrusion detection system, which relies on NSA systems, for official State Department emails.

"She may have deleted 30,000 e-mails before turning her files over to the State Department, but that doesn't mean that the Russians and the Chinese don't have them," said Michelle Van Cleave, former U.S. National Counterintelligence Executive.
Others say that the potential damage to U.S. national security is so grave that the FBI should seize the server and conduct a forensic analysis to determine the extent of foreign penetration. That analysis would be part of what is called a damage assessment, which is routine after any suspected security breach.

FBI Forensic Analysis
However, the FBI might not find anything now, according to Rep. Trey Gowdy, R-S.C., chairman of a House investigative panel, who says that Clinton had the server wiped clean. Still, the forensic analysis by trained personnel could yield valuable clues about foreign spies gaining access to America's most fiercely guarded secrets. Gowdy has called on Clinton to appear before his committee for what he called a "transcribed interview regarding her use of private email and a personal server for official State Department business."
Rep. Ken Buck, R-Colo., a former prosecutor, said that the FBI should conduct a forensic analysis of any attempted foreign penetrations, to determine which foreign intelligence services might have hacked into Clinton's email server.
"Denying a legitimate request by the Bureau to examine her computer would certainly suggest that America's security is not Clinton's highest priority," Buck said.
"The FBI investigated a sitting CIA director for intentionally disclosing classified information. The Bureau can certainly investigate whether a former secretary of state unintentionally disclosed classified information," Buck said. "The motive may be different, but the potential damage to national security is similar."

Why Clinton hasn't offered to turn over the server to the FBI, or why the FBI has not seized it to assess the damage to national security, is unclear. A Clinton spokesperson declined to comment.
In a question-and-answer sheet provided to reporters, Clinton did not address the issue. The FBI won't say whether or not it made a request or took possession of the server. The Bureau does not have the device, according to a highly placed FBI source. That source is not cleared to speak to the press and could not speak on the record.

The lure of reading a secretary of state's emails would exert a pull on any foreign spy, intelligence officials say.

Where, on a scale of one to 10, would any sitting secretary of state rank as a target of foreign spies? "10, of course," said Van Cleave. "That being the case, all of her e-mails would have been potentially of interest to any number of foreign parties."
"A target like this would be at least a 10, maybe 10-plus if the enemy knew the email address and server," said Robert W. Stephan, a former counterintelligence analyst at the Defense Intelligence Agency who also served 19 years in the CIA. "If a foreign intelligence service determines that it is indeed the secretary of state's private communications/e-mail/server and even given the security measures that were set up, it would still be a top target for some sophisticated services," Stephan said. "Obviously Chinese, Russian, and Cuban, and possibly Iranians and North Koreans."

That statement presumes that the server was strongly protected against outside penetration, which does not seem to be the case. News reports indicate that the server's security configurations were done improperly, protecting Clinton's personal privacy and not national security, and that, even if everything was done by the book, that type of server and software package remains vulnerable to a good hacker.
"A 16-year-old can break into a server, and certainly a government sophisticated enough to break into the Sony (NYSE:SNE) system can break into Hillary Clinton's system," said Rep. Buck. "That's a no-brainer."
How would adversary spy services exploit this intelligence? "The positions, the interests, the communications between the secretary of state and her staff are of great interest to any foreign intelligence service, whether hostile or friendly," said Paul Joyal, former director of security of the Senate Select Committee on Intelligence.

"The American secretary of state using an open, unprotected server? That's an invitation to a party," said a veteran intelligence officer who asked for anonymity because he still holds active clearances. "All of her private musings. There's no secretary of state who doesn't communicate with classified information. How the hell could she do her job without it?"

Gateway To Government Systems?
"From a counterintelligence perspective, (for) anyone with any responsibility for intelligence, counterintelligence and security, this thing is a monumental disaster," the longtime senior intelligence officer said. "It's a disaster for U.S. policy. It's a huge boon for the former KGB and the Iranians."
Some experts are concerned that foreign spies could have penetrated the server as a gateway to breaking into other government systems, including classified communications.
"The real question is, what if any intelligence collection was being done on a private server somewhere?" Joyal said. "The only way to know is for the proper federal authorities to impound the server and do a forensic analysis."
"It would be possible for a hostile service to use the server as a platform to deliver other malware to other targets of their choosing, based on their knowledge of whom the former secretary and president were communicating with," Joyal said.
'Vast Deception Potential'

Foreign spies could use their access to Clinton's server to warp or distort information that government officials rely on. "If they're getting into her server, they're not just extracting stuff," said a senior former Defense Department official who spoke on condition of anonymity. "They're going to do things that could be planted from other sources."
"The denial and deception potential here is vast," said John Schindler, referring to intelligence tradecraft in which a spy service denies or conceals information, and seeks to deceive other countries. "Not to mention that any shady games played" by the Obama Administration "would be known to Moscow and Beijing — but not to the American public."
"It could affect a number of people within the U.S. government and, for that matter, people around the world," Joyal said. "It would behoove the federal government to conduct a forensic analysis of the server itself."
Until such a forensic analysis is done, he said, authorities simply will not know the answer.
"This should not be politicized," said Joyal. "It should be done with hard-nosed national security interests driving the forensic analysis."

• Waller is a senior reporter at the American Media Institute, a nonprofit news service.


Read More At Investor's Business Daily: http://news.investors.com/politics/040715-746883-hillary-clinton-email-server-vulnerable-to-china-russia-iran.htm#ixzz3Wjj4n2YJ
Follow us: @IBDinvestors on Twitter | InvestorsBusinessDaily on Facebook
Logged
Crafty_Dog
Administrator
Power User
*****
Posts: 33614


« Reply #332 on: May 12, 2015, 11:03:11 PM »

http://www.zdnet.com/article/anonymous-targets-isis-social-media-recruitment-drives-in-opisis-campaign/#ftag=RSSbaffb68
Logged
Crafty_Dog
Administrator
Power User
*****
Posts: 33614


« Reply #333 on: June 04, 2015, 02:20:45 PM »

Analysis
Forecast

    Though the U.S. Department of Defense leads in understanding and exploiting cyberspace vulnerabilities abroad, it will struggle to defend the same vulnerabilities domestically without assistance from other agencies and the private sector.
    The Pentagon will continue to lack the visibility and organizational structure to defend the range of networks upon which it relies.
    Any efforts to expand U.S. law enforcement or military jurisdiction or authority over the Internet's infrastructure likely would face significant domestic opposition.
    The Defense Department has accepted that it must share the domain of cyber defense and thus will continue to work as a partner in defending U.S. economic interests that reside in cyberspace.

The U.S. Department of Defense Cyber Strategy, a report released April 23, highlights the government's efforts thus far in realizing its role in cyberspace since the publication of its first formal strategy in 2011. The United States already has clearly demonstrated its technological edge in conducting espionage and sabotage online, as with the Stuxnet attack against Iranian centrifuges in 2008. However, the U.S. military's capabilities in the potential war-fighting domain of cyberspace do not equal its land, sea and air dominance. The Pentagon's cyber strategy focuses on this reality as much as it does on further incorporating cyberspace capabilities into its military structure. While the Department of Defense recognizes cyberspace as an operational domain, it also recognizes that it must share this domain to safeguard U.S. interests.
U.S. Cyber Capabilities

The U.S. government, with the Department of Defense leading the way principally through the National Security Agency, began developing and employing offensive cyber capabilities — acts of espionage and industrial sabotage — years before formally defining cyberspace as an operational domain. The scope of past U.S. intelligence operations in cyberspace was revealed by Edward Snowden's leaks and the demonstrable efforts to sabotage Iran's nuclear program. However, the Pentagon's capabilities do not safeguard its own information technology infrastructure and have generally been ineffective in defending U.S. interests in cyberspace.

To discourage cyber attacks, the U.S. government has used the threat of economic sanctions, criminal prosecution of foreign state officials, and the prospect of physical military action stemming from its 2011 declaration that cyber attacks constitute an act of war. Yet, aside from the prospect of physical military action or economic sanctions, the U.S. government still lacks any effective deterrence to cyber attacks. These breaches continually cause financial losses for the U.S. private sector, and state and non-state actors continue targeting government institutions. To defend in cyberspace (rather than engaging strictly in espionage), the military must play an auxiliary role in a domain it must share with other government organizations and the private sector.

The private sector owns and operates roughly 90 percent of the physical infrastructure that constitutes the abstract world of cyberspace. Though the Pentagon has proven resourceful in researching and exploiting new vulnerabilities in cyberspace, it lacks the authority to ensure that U.S. interests are protected against such exploits. In other words, the United States' ability to conduct espionage and sabotage in cyberspace depends on the same types of vulnerabilities that threaten its own economic interests. To rectify this, the Pentagon's top priorities in developing its cyberspace strategy focus on defense — namely partnering with domestic government agencies and the private sector to ensure that U.S. interests are safeguarded from cyber attacks by foreign state and non-state actors.

Not all countries that employ offensive capabilities and espionage in cyber space — such as China, Russia, Iran or North Korea — face the same dynamics in defending their own information technology infrastructure. The Chinese government, for instance, maintains strict control over the network infrastructure and the information passing through it within its borders. This allows for much greater control over its security of the network technology, though it stems from China's particular concern for social control.
The Pentagon's Limitations

Protecting U.S. economic interests abroad has been one of the U.S. military's tasks since its inception. However, defending commercial activity that takes place on the Internet involves a different skill set and political constraints than, say, safeguarding international sea lanes. Both the U.S. military and law enforcement face a complex landscape in cyberspace, where their jurisdictions are complicated by the global nature of the Internet's infrastructure and the U.S. distinction between private and public ownership. This situation is not likely to change much, because any efforts to expand law enforcement or military jurisdiction or authority likely would face significant opposition in the United States.

This lack of authority over infrastructure is just one barrier for the military in dominating cyberspace. Though the Internet's inception was rooted in defense research and development, the increasing importance of the Internet to global commerce and the abstract landscape of cyberspace are shaped by both the private sector and popular use. In 2000, 400 million people were using the Internet; that number will grow to some 3.2 billion by the end of 2015. The very nature of the Internet — once a collection of a few networked computer terminals — has rapidly evolved to encompass nearly every facet of life through an increasing number of different devices that communicate over the global network as part of the Internet of Things. New technologies, and thus new vulnerabilities, are constantly emerging in cyberspace — innovations around which the Department of Defense must continually adapt.

By partnering with the private sector, the Department of Defense can help maintain stronger situational awareness of the ever-changing landscape. The Pentagon may lack the authority to enforce security compliance in the private sector, but it is in an advantageous position, particularly given the power of the intelligence community, to advise the private sector about the current technical vulnerabilities that permit cyber attacks. This kind of cooperation requires the will of individual actors in the private sector and large corporations that also often rely on overseas infrastructure, which can complicate partnerships. However, the Pentagon's own communications rely on numerous networks, many of which can fall victim to malware propagated on the Internet. In its latest cyber strategy report, the Department of Defense admits it lacks the "visibility and organizational structure" to defend such networks, furthering the need for partnerships in defending its cyberspace interests. The dynamics behind this need are not likely to change in the foreseeable future.
The Challenging Nature of Cyber Attacks

In cyberspace, attacks and espionage are conducted independent of geographic range, and expenses are often negligent compared to physical spying or acts of aggression. For example, a distributed denial of service attack against a U.S. company relying on its Internet presence for business can be organized by a small group of individuals at little expense, particularly compared to the resources necessary to even investigate the authorship of such an attack. The impact of cyber attacks is far greater on developed countries with greater reliance on the Internet — a fact that gives state actors in the developing world and non-state actors a significant advantage. On Dec. 22, 2014, for example, an unidentified actor isolated North Korea from the global network via the country's weak link in China, possibly in retaliation for the 2014 cyber attack on Sony Pictures Entertainment, which the U.S. government publicly attributed to North Korea. Whether or not the incident was tied to the Sony attack, the effect of isolating North Korea — which only retains around 1,000 unique Internet Protocol addresses — was minimal.

The asymmetric nature of threats in cyberspace, including potential attacks by non-state actors, makes employing an effective deterrence more challenging for the Department of Defense. Economic sanctions and military responses are less useful against common threats from lone hackers, organized crime and activists. Even distinguishing attribution of a specific attack between state and non-state actors can be a daunting task. For example, though the U.S. government appears confident in blaming North Korea for the Sony hack, many cyber security analysts still question the validity of the accusations.

There is no doubt that the Pentagon has been aggressively seeking ways to improve its capabilities in cyberspace. Its latest cyber strategy report highlights how the Department of Defense wants to further integrate its growing capabilities within its traditional combatant command structure. As the U.S. military continues to embrace cyberspace as a domain, it will find that its traditional role in other operational areas does not necessarily translate to this new and increasingly critical territory. Thus, the military will share cyberspace defense duties with other government agencies and the private sector in an effort to protect U.S. economic interests and the military's own networks.
Logged
Crafty_Dog
Administrator
Power User
*****
Posts: 33614


« Reply #334 on: June 04, 2015, 02:22:36 PM »

second post

N.S.A. Secretly Widens Cross-Border Internet Spying to Find Hackers

Without public notice or debate, the Obama administration has expanded the National Security Agency’s warrantless surveillance of Americans’ international Internet traffic to search for evidence of malicious computer hacking, according to classified N.S.A. documents.

In mid-2012, Justice Department lawyers wrote two secret memos permitting the spy agency to begin hunting on Internet cables, without a warrant and on American soil, for data linked to computer intrusions originating abroad — including traffic that flows to suspicious Internet addresses or contains malware, the documents show.

READ MORE »
http://www.nytimes.com/2015/06/05/us/hunting-for-hackers-nsa-secretly-expands-internet-spying-at-us-border.html?emc=edit_na_20150604

Logged
Crafty_Dog
Administrator
Power User
*****
Posts: 33614


« Reply #335 on: June 10, 2015, 10:41:09 AM »

Spy Virus Linked to Israel Targeted Hotels Used for Iran Nuclear Talks
Cybersecurity firm Kaspersky Lab finds three hotels that hosted Iran talks were targeted by a virus believed used by Israeli spies

Members of the media await the arrival of Iranian and other nations’ delegates at the Beau-Rivage Palace Hotel in Lausanne, Switzerland in March 2014. The hotel is one of several that served as a site for nuclear talks. A Beau-Rivage spokeswoman said the hotel was unaware of being hacked. Photo: BRENDAN SMIALOWSKI/PRESS POOL
By
Adam Entous And
Danny Yadron
June 10, 2015 8:00 a.m. ET

When a leading cybersecurity firm discovered it had been hacked last year by a virus widely believed to be used by Israeli spies, it wanted to know who else was on the hit list. It checked millions of computers world-wide and three luxury European hotels popped up. The other hotels the firm tested—thousands in all—were clean.
Researchers at the firm, Kaspersky Lab ZAO, weren’t sure what to make of the results. Then they realized what the three hotels had in common. Each was targeted before hosting high-stakes negotiations between Iran and world powers over curtailing Tehran’s nuclear program.

The spyware, the firm has now concluded, was an improved version of Duqu, a virus first identified by cybersecurity experts in 2011, according to a Kaspersky report reviewed by The Wall Street Journal and outside security experts. Current and former U.S. officials and many cybersecurity experts believe Duqu was designed to carry out Israel’s most sensitive intelligence-collection operations.

Senior U.S. officials learned Israel was spying on the nuclear talks in 2014, a finding first reported by The Wall Street Journal in March. Officials at the time offered few details about Israel’s tactics.

Kaspersky’s findings, which the Moscow-based company is expected to disclose publicly Wednesday, shed new light on the use of a stealthy virus in the spying efforts. The revelations also could provide what may be the first concrete evidence that the nuclear negotiations were targeted and by whom.

No intelligence-collection effort is a higher priority for Israel’s spy agencies than Iran, including the closed-door talks which have entered a final stage. Israeli leaders say the emerging deal could allow Iran to continue working toward building nuclear weapons, a goal Iran has denied having.

Kaspersky, in keeping with its policy, doesn’t identify Israel by name as the country responsible for the hacks. But researchers at the company indicate that they suspect an Israeli connection in subtle ways. For example, the company’s report is titled “The Duqu Bet.” Bet is the second letter of the Hebrew alphabet.

Researchers at the company acknowledge that many questions remain unanswered about how the virus was used and what information may have been stolen. Among the possibilities, the researchers say, the intruders might have been able to eavesdrop on conversations and steal electronic files by commandeering the hotel systems that connect to computers, phones, elevators and alarms, allowing them to turn them on and off at will to collect information.

Israeli officials have denied spying on the U.S. or Israel’s other allies, although they acknowledge conducting close surveillance on Iranians generally. Israeli officials declined to comment specifically on the allegations relating to the Duqu virus and the hotel intrusions.

The Federal Bureau of Investigation is reviewing the Kaspersky analysis and hasn’t independently confirmed the firm’s conclusions, according to people familiar with the discussions. U.S. officials, though, said they weren’t surprised to learn about the reported intrusions at the hotels used for the nuclear talks.

A senior congressional aide briefed on the matter said Kaspersky’s findings were credible. “We take this seriously,” the aide said.

Kaspersky, which protects hundreds of millions of computers from intruders, didn’t realize its own computers were compromised for more than six months after the 2014 breach. Hackers and intelligence agencies have long targeted security companies, given the valuable information they can learn about the Internet’s defenses.  Costin Raiu, director of the global research and analysis team at Kaspersky, said the attackers first targeted a Kaspersky employee in a satellite office in the Asia Pacific region, likely through email that contained an attachment in which the virus was hidden.

By opening the attachment, the employee inadvertently would have allowed the virus to infect his computer through what Kaspersky believes was a hacking tool called a “zero day exploit.” Such tools take advantage of previously unknown security holes—giving software companies no opportunity to prevent hackers from sneaking in through them. Kaspersky says the hackers used up to two more “zero day exploits” to work further into Kaspersky’s system.

That alone, Kaspersky and outside experts say, offers evidence of the hackers’ sophistication. These kinds of tools are expensive to create and are guaranteed to work only the first time they are used. After that, companies can build up digital antibodies through software patches.

Security researchers such as Kaspersky’s Mr. Raiu often strive not just to find hackers, but also to find links between breaches through digital detective work. It is a mix of computer science, instinct and luck. In this case, Mr. Raiu saw links between this new virus and Duqu.

U.S. intelligence agencies view Duqu infections as Israeli spy operations, former U.S. officials said. While the new virus bore no overt links to Israel, it was so complex and borrowed so heavily from Duqu that it “could not have been created by anyone without access to the original Duqu source code,” Kaspersky writes in its report.
To check his conclusions, Mr. Raiu a few weeks ago emailed his findings to a friend, Boldizsár Bencsáth, a researcher at Budapest University of Technology and Economics’ Laboratory of Cryptography and System Security. Mr. Bencsáth in 2011 helped discover the original Duqu virus.

“They look extremely similar,” Mr. Bencsáth said in an interview Tuesday. He estimated a team of 10 people would take more than two years to build such a clean copycat, unless they were the original author.

In the early spring, Kaspersky found itself on the other side of the countless digital intrusions it investigates.

A Kaspersky employee in Moscow discovered the virus while testing a new security program on a company computer he assumed was bug-free. Rather than try to kick the hackers out, the company set up a special team to monitor the virus in action to figure out how it worked and what it was designed to do.

The way the virus operated took the team by surprise. It jumped from one system to another, slowly attacking an increasing number of computers. The virus sought to cover its tracks, abandoning machines the attackers deemed of no additional interest, while leaving a small file that would allow them to return later.

Mr. Raiu said the company had been bracing for cyberintrusions but didn’t expect anything this sophisticated. The attackers moved slowly through Kaspersky’s systems to avoid attracting attention. Mr. Raiu concluded that they probably valued stealth more than anything else. The company dubbed the new-and-improved virus Duqu 2.0.
In a written statement with the report that was reviewed by the Journal, Kaspersky said it didn’t expect the incident to make customers more vulnerable to hackers. “Kaspersky Lab is confident that its clients and partners are safe and that there is no impact on the company’s products, technologies and services,” it said.

The company ran tests to determine if any of its 270,000 corporate clients world-wide had been infected. Kaspersky’s list of corporate clients includes big energy companies, European banks and thousands of hotels.

It found infections on a limited number of clients in Western Europe, Asia and the Middle East. None of Kaspersky’s clients in the U.S. were targeted. A targeted cyberattack against a hotel struck researchers as unusual but not unprecedented.

The first hotel with Duqu 2.0 on its computers piqued Mr. Raiu’s interest right away, in light of the revelations he read in the Journal about Israeli spying efforts, he said. The hotel, he said, was a well-known venue for the nuclear negotiations. But he wasn’t sure if it was an isolated case.

Soon thereafter, Kaspersky found the same virus at a second luxury hotel. Initially, Mr. Raiu didn’t see a connection between the hotel and the nuclear talks. Then, a couple of weeks after the discovery of the second hotel, he learned that the nuclear negotiations would take place there. His team was “shocked,” Mr. Raiu recalled. In both cases, the hotels were infected about two to three weeks before the negotiators convened.

Kaspersky provided information about Duqu 2.0 to one of its partners, which did its own round of tests. That search turned up a third infected hotel which hosted the nuclear talks. Mr. Raiu said the third hotel was discovered last but appeared to have been infected first, sometime in 2014.

Kaspersky declined to identify the three hotels.

Hotels that served as venues for the talks include: the Beau-Rivage Palace in Lausanne, Switzerland, the Intercontinental in Geneva, the Palais Coburg in Vienna, the Hotel President Wilson in Geneva, the Hotel Bayerischer Hof in Munich and Royal Plaza Montreux in Montreux, Switzerland.

A Beau-Rivage spokeswoman said the hotel was unaware of being hacked. A manager on duty at the Intercontinental said he also was unaware of such an incident. The management team at the Royal Plaza said, “Our internal policy doesn’t allow us to deliver any information.”

The others didn’t respond to requests for comment.

In addition to the three hotels reported to have been hacked, the virus was found in computers at a site used to commemorate the 70th anniversary of the liberation of the Nazi death camp at Auschwitz. Some world leaders had attended events there.

A former U.S. intelligence official said it was common for Israel and other countries to target such international gatherings. “The only thing that’s unusual now is you hear about it,” the official said.

Mr. Raiu said Kaspersky doesn’t know what was stolen from the three hotels or from the other venues. He said the virus was packed with more than 100 discrete “modules” that would have enabled the attackers to commandeer infected computers.

One module was designed to compress video feeds, possibly from hotel surveillance cameras. Other modules targeted communications, from phones to Wi-Fi networks. The attackers would know who was connected to the infected systems, allowing them to eavesdrop on conversations and steal electronic files. The virus could also enable them to operate two-way microphones in hotel elevators, computers and alarm systems.

In addition, the hackers appeared to penetrate front-desk computers. That could have allowed them to figure out the room numbers of specific delegation members.
The virus also automatically deposited smaller reconnaissance files on the computers it passed through, ensuring the attackers can monitor them and exploit the contents of those computers at a later date.

Write to Adam Entous at adam.entous@wsj.com and Danny Yadron at danny.yadron@wsj.com
Logged
G M
Power User
***
Posts: 12508


« Reply #336 on: June 19, 2015, 04:13:56 PM »

http://hotair.com/archives/2015/06/19/reuters-opm-hack-tied-to-chinas-intelligence-operations-and-other-hacks/

Remember when we were told how smart and competent Obama was?
Logged
Body-by-Guinness
Power User
***
Posts: 2808


« Reply #337 on: June 25, 2015, 07:26:17 PM »

Whose Fault is the OPM Hack Really?

Everyone's mad at the Office of Personnel Management, and I totally get why. The hack is awful, the magnitude staggering. The consequences will be big, both for the country and for lots of individuals. It's a very ugly situation, and OPM has certainly not handled it competently, let alone well. And the more we learn, the worse it gets.

But here's my question: Is this really OPM's fault?

OPM, after all, is not an intelligence agency or a counterintelligence agency. Even had it behaved competently, it had no chance of protecting data that a professional adversary intelligence service wanted to go after. It also does not have the expertise to identify which data it is holding that are—individually or collectively—likely of interest to foreign intelligence powers. To put the matter simply, protecting sensitive data from foreign spies is not within the wheelhouse of an agency whose job is "to recruit, retain, and honor a world-class workforce for the American people."

It is very much within the wheelhouse of some other federal agencies, however.

Let's start with the FBI, whose mission includes "Protect[ing] the United States against foreign intelligence operations and espionage" and "Protect[ing] the United States against cyber-based attacks and high-technology crimes." I don't know whose job, if anyone's, it is to identify large aggregations of data outside the security sector that would be of foreign intelligence interest and to protect them from espionage, but it seems to me that the agency tasked with foreign counterintelligence would be the place to start. So here's a question: Did anyone at the bureau ever flag for OPM that this material might have a giant bullseye painted on it?

Then there's NSA, which has the government's Information Assurance portfolio, and also has a huge cybersecurity capacity. NSA describes its information assurance mission as follows: "NSA's Information Assurance Directorate (IAD) protects and defends National Security Information and Information Systems, in accordance with National Security Directive 42. National Security Systems are defined as systems that handle classified information or information otherwise critical to military or intelligence activities." The OPM systems were not classified, but any database that potentially exposes millions of federal workers—including defense and intelligence workers—to potential recruitment, blackmail, or other bad conduct at the hands of a foreign intelligence service could certainly be regarded as "critical to military or intelligence activities." So here's another question: Did anyone at NSA ever flag for OPM that this material might have a giant bullseye painted on it or offer to help secure it?

Or maybe the problem lies with DHS. DHS, after all, proudly boasts that it "has the lead for the federal government for securing civilian government computer systems"—something that clearly did not happen here. So here's a third question: Did anyone at DHS ever work with this civilian agency to security its government computer systems?

If this all sounds like an interagency mess of authorities, well, there are also agencies whose job is to work through those. What, one might ask, about what role the DNI has played in this area? His mission statement starts with the broad aim: to "lead Intelligence Integration." In other words, if it was someone's job to imagine that there are a lot of non-classified systems around the government that have extraordinarily sensitive data an intelligence service would want to steal, and that this data is being housed at agencies that probably don't understand that fact and don't have the capacity to defend that data, perhaps having that imagination was the DNI's job. And if it was some office's job to reach out across the government and assess what datasets would be catastrophic to lose and to set up programs to protect that material, perhaps that was the DNI's job too.

Taping Rational Security this morning, I mentioned all this to the Hoover Institution's Kori Schake—a defense analysts and former NSC staffer—who joked with gentle bitterness that it's a good thing this country does not have a National Security Council, whose job is to coordinate the activities of the various agencies engaged in national security activity to make sure questions like this get addressed. The NSC describes its mission as including "serv[ing] as the President's principal arm for coordinating these policies among various government agencies." So here's a fourth question: Was anyone at the DNI's office or the NSC serving as the President's principal arm for securing data of intelligence value at OPM?

I'm sure it will make a lot of people feel good to beat up on OPM, and I'm sure some folks there probably deserve it. But after we've gone through the political ritual of extracting our pound of Washington flesh, let's ask the serious question: Whose job is this really? And whose do we want it to be?

http://www.lawfareblog.com/whose-fault-opm-hack-really
Logged
Pages: 1 ... 5 6 [7] Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!